Bob> On the other hand, it does not seem at all unreasonable that a
group of users could get together and agree on a common definition of
what is meant, in a legal sense, by a digital signature that appears on
a document. Those users could agree to sign something like my Affidavit
of Legal Mark, or the the companies that sponsor such efforts might form
a consortium that agrees to be bound by such signatures.
I disagree completely; this group of users could get together and decide
whatever they chose; it would have NO EFFECT on the digital signature;
that meaning will be defined in the courts.
Sorry, Tom. I should have been more explicit. I should have said that
it is my intent that the Policy established by the PCA and agreed to
by CAs and users under that PCA should EXPLICITLY STATE THAT
THEIR DIGITAL SIGNATURES MEAN ABSOLUTELY NOTHING AT ALL,
NOT EVEN "IDENTIFICATION ONLY", unless and until the recipient of the
allegedly signed document is in possession of the digitally signed and
witnessed Affidavit of Legal Mark or the notarized hard copy.
Otherwise I would agree with you, and I am very concerned that users
may casually use digital signatures thinking that they have relatively
little meaning, and therefore very limited liability in the event their
private keys were stolen. But I believe that such thinking would be
incorrect, and potentially dangerous.
Paradoxically, the more you intend the Policy of a PCA to be useful
for "commercial" purposes, the more danger is associated with the use
or abuse of your private key and digital signatures. Michael Baum
has proposed, in a very thorough legal analysis he presented at NIST
last year, that as the strength of the mechanisms used to protect
the digital signature increases, the more the burden of proof should,
and probably does, shift to the defendent who is trying to disavow
his signature. I believe that the courts would agree with him.
I belivee that you are quite right in one aspect, however. Unless
you use your digital signature ONLY as an ID card or badge to gain
entry to a building (in which case PEM is a serious overkill!),
claiming that it only implies identification just doesn't make sense.
If I sign something, and if I can be identified as the person who
signed it, then what I signed can be attributed to me.
And if a document can be attributed to me and a case can be made
the document was not just my private notes that were somehow
misappropriated, then there are a number of legal consequences that
could follow, certainly including lible and slander, and possibly
civil actions (tort) if it appeared that you made a promise or otherwise
committed yourself or your company and reneged on it.
Unfortunately, there is no reasonable way of saying within the
X.509 certificate "Null and void except when used in accordance
with the following 10 page legal notice or affidavit." Since that
seems to be the case, the ONLY option that I can see is to
insist that the PCA Policy be proactive in this regard. Since the
two (draft) policies that I have seen to date (RSA's Commercial
Hierarchy and Steve Crocker's recent posting for the TIS PCA)
don't meet this standard as yet, I am trying to mobilize users in the
old fashioned democratic (i.e., market driven) way to get these
policies changed, or to get new PCAs formed.
- - -
Bob> I am troubled by Steve Kent saying that he doesn't know what it
means to be a member or affiliated with a PCA. I also suddenly realize
that I haven't seen the word "scope" or "domain" in most of these
discussions. Presumably, it means that that CA, and therefore that user
agrees with and promises to comply with the POLICY of that PCA.
Presumably the word comply implies some level of conformance, auditing,
or even enforcement, which implies a contract somewhere. But if the PCA
wants to get paid for the various services it is performing, a contract
will be required in any case.
I do not expect that I will be the client of any PCA, nor do I expect to
have ANY say so as to which PCA I will be expected to use for
certification. You will have certain CA's which are available to you
for a certain price. These will be associated with your company, school
or some public agency or organization. Your choices will be EXTREMELY
limited. You will need to use the CA which is willing to identify you
- and I hope that they will at least insist on identifying you. Will I
agree with the policy of the PCA? -- If I want to keep my job or stay
in school, you bet I will have to agree -- but what will that mean?
I would certainly hope that you would not be required to sign anything
as all encompassing as my Affidavit of Legal Mark without having
convinced yourself that you agree with its contents. It ought to be
optional, and not a condition of employment. But given the way that
everyone has to disclose their Social Security number every time they
turn around, you may have a point. Can my company require that I have
and use a credit card? I hope not, but I'm not sure.
One other possible defense might be to put a notice in EACH and EVERY
message that you digitally sign, informing the recipient that your digital
signature is
not valid for any binding purpose. Hopefully, someone who forges your
signature will do the same thing, and if not you might have a case to
disavow the bogus document -- but don't count on it.
- - -
Bob> But if a signature can be used for attribution, then something I
sign can, and almost surely does, have some degree of legal weight. In
that case, how do I protect myself from unintended consequences? What
protection does my correspondent have when he or she tries to understand
the context of my comments, and whether I intend to be bound by them?
Sorry Bob; if you signed it, then you signed it. The meaning of the
signature will surely come from the document itself, and perhaps the
title (role) that you used when you signed it.
Well, maybe not. To play Devil's Advocate, the recipient of a document
which contains the result of a particular cryptographic algorithm would have
to prove that it was the user's intent to use that algorithm as the equivalent
of his signature or mark.There is a reasonable body of case law regarding marks
by illiterate persons, Chinese chops, corporate seals, company letterhead, etc.
If you didn't have a witness to corroborate the fact that the ser intended it
to be used as his signature, and/or that the use of that device was customary
within a certain group of people for such purposes, you (the plaintiff) might
have a hard time proving your case. The problem is that we keep calling
it a digital "SIGNATURE," and so a reasonable expectation might arise that
that is what we intended it to mean.
Yes, the meaning of the document may come from the document itself.
But what if it is a forgery?
There seems to be some presumption here that the standard will define
what a signature means. NOT VERY LIKELY. There will be stock legal
forms just as there are today, and unless you hire a very expensive
lawyer, your signature will mean what the UCC (Commercial Code) of your
state says that it means.
The UCC currently doesn't say anything about digital signatures, so we
are faced with a two-edged sword. First of all, the originator has a real
problem trying to control his potential liabilities, and secondly, the recipient
can't really be sure whether the signature means anything at all.
That's why I raised the concern earlier about
who owned my key. If my company owns my key, and can sign a document in
my absence, then the signature cannot be legally attributed to me.
I absolutely agree on this point. Without debating the merits of key escrow
technology in a commercial environment (e.g., for survivability if you die
and are the only person who knew your key), if the company can sign
a document you ought to be able to duck the attribution question.
However, if secret sharing were used to escrow your key between several
people (say the same people who created your certificate, and therefore can
impersonate you in any case) maybe a workable scheme could be devised.
But this is another reason for the Affidavit of Legal Mark -- it should make it
clear
that any digitally signed document should not benefit the people who
signed the certificate.
I would be willing to FAX a copy of the draft Affidavit to a small number
of people who are interested in persuing this further, but until it has had
at least some legal review I don't want to circulate it very widely.
Those who might like a copy, send me a private e-mail with your FAX number
and tell me why you want it and what you might do with it.
Bob