1 / 14

Digital Signatures Concepts and Regulation

Digital Signatures Concepts and Regulation. Rohit Khare Computer Law June 9, 1998. Digital Signatures: Concepts and Regulation. 1. Electronic and Digital Signatures 2. Legal Conception of Signature 3. Identifying & Apportioning Risk 4. Legal Models of Certification Authorities

yahto
Download Presentation

Digital Signatures Concepts and Regulation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital SignaturesConcepts and Regulation Rohit Khare Computer Law June 9, 1998

  2. Digital Signatures: Concepts and Regulation • 1. Electronic and Digital Signatures • 2. Legal Conception of Signature • 3. Identifying & Apportioning Risk • 4. Legal Models of Certification Authorities • 5. Deployment & Adoption Scenarios

  3. 1. Electronic and Digital Signatures • Digitized Signatures • Check imaging, Faxed contracts • Electronic Signatures • Stroke capture • Biometric data • System artifacts (email addresses) • Digital Signatures • Asymmetric-key cryptography

  4. 2.1 Legal Conception of Signature • “General Purposes of Signing” • Evidence: a distinctive mark of the signer • Ceremony: calls attention to the act • Approval: implies approval and binding intent • Efficiency: prima facie validation of the instrument • Laws cite unnecessarily specific means

  5. 2.2 Legal Conception of Signature • Requisite Attributes of Signatures • Signer Authentication: proof of identity • Document Authentication: proof of subject • Approval: nonrepudiable act should require conscious intervention • Efficiency: provide maximum assurance with reasonable effort

  6. 2.3 Legal Conception of Signature • A new need for a trusted 3rd party:Certification Authorities (CAs) • Certificates bind a key to a subject • Identity Certificates • Attribute Certificates • Transactional/Authorization Certificates • Requisite service: online verification/ Certificate Revocation Lists (CRLs)

  7. 3. Identifying & Apportioning Risk • Hierarchical trust management • Cross-certification and the Web of Trust • Purposes of an assertion and Liability • “Open” PKI can be unlimited liability • “Closed” PKI apportions by contract • Types of Fraud • Misrepresentation by subject • Negligent investigation of subject • Violation of terms of service (e.g. overbroad use)

  8. 4. Legal Models of Certification Authorities • Certificates as a hybrid good/service • Which portions of UCC Article 2 apply? • Rights of 3rd Parties • Privity: can they be parties to the contract? • Tort: is the CA liable to ‘forseeable’ users? • Fails the Ultramares test: public attestation • Jurisdiction • Can the means of publication affect controlling authority?

  9. 4.1 The “Utah Model” • Limits liability of ‘licensed’ CAs • None have petitoned such status to date • Reverses the presumption of authenticity • Signer must prove the signature was forged • Promulgates a hierarchical model • Coevolved with Key Escrow ideas • UK Trusted Third Parties conflates both roles

  10. 4.2 The “Massachusetts Model” • Merely undefines obsolete paper-only references • Silent on liability • Proposed for government use only • Allows Secretary of State / Chief Information Officer to approve various technologies • California law follows this model • Defined for a variety of public records since 1995

  11. 5. Deployment & Adoption Scenarios • CAs already out there (without benefit of legislation!) • Broad disclaimers like the Verisign Certification Practice Statement • unknown validity of ‘webwrap’ usage licenses • Larger market opportunity in “closed” or private-label CAs • Narrow certificates proliferating • Credit-card specific, corporate registration, mobile code testimonials

  12. 6. Resources (1/3) • C. Bradford Biddle, Esq. • http://www.acusd.edu/~biddle/LMW.htm • Prof. Michael Froomkin, Esq. • http://www.law.miami.edu/~froomkin/articles/trustedno.htm • Verisign’s Code Signing Certificates • http://www.verisign.com/developers/info.html

  13. 6. Resources (2/3) • Electronic Privacy Information Center • http://epic.org/crypto/dss/ • Computer Software Industry Association • http://www.SoftwareIndustry.org/issues/1digsig.html • W3J: Weaving a Web of Trust • http://www.w3j.com/7/

  14. 6. Resources (3/3) • ABA’s Digital Signature Guidelines • http://scratch.abanet.org/scitech/ec/isc/dsgfree.html • Proposed Massachusetts statue • http://www.magnet.state.ma.us/itd/legal/mersa.htm • Survey of States’ DigSig Legislation • http://www.magnet.state.ma.us/itd/legal/sigleg7.htm

More Related