From: Duncan Frissell <frissell@panix.com>
The Black Letter phrase from my Commercial Paper class in law school:
---------- Negotiable Instrument: A promise to pay to order or bearer a sum certain in money on or after a date certain. ----------
The other night at the library I had a chance to browse through the Uniform Commercial Code as enacted by the state of California. It had a large section on promissory notes and commercial paper in general. The basic definition of a promissory note did include a variation on what Duncan quoted. It would appear that the legal requirements and restrictions on the issuing and sale of such notes are pretty flexible. However, in the digital realm, it is not clear whether a promissory note would truly be enforceable, in the event that the debtor refused to pay. The main question is the digital signature. One thing I wonder about is this. Suppose I simply create a file saying that I promise to pay the bearer $100 on demand. I then sign this using my PGP public key, and give it to someone in exchange for $100. This would be the electronic analogue of the issuing of a paper promissory note. The problem is, "forgery" of such notes, in the sense of duplication, is both trivial and undetectable. With paper, someone could Xerox a note and end up with two, both claiming to be worth $100. But in practice we could distinguish the original from the copy. Better forgeries might be harder to detect but in principle experts should be able to tell the difference. But with the PGP-signed document, any copies made would be completely in- distinguishable from the original. How could the debtor know to honor such a note without being able to tell whether it was the original or not? How could the holder of the note sell it to someone without them kmnowing whether it is valid? Because of this uncertainty, it seems to me that in this simplest sense digitally-signed promissory notes do not work. Such a note, even though signed, cannot be considered to carry value in and of itself because it is too easy to forge. The digital signature is of no value in preventing forgeries since copies of valid notes are just as useful as plain forgeries. Now, the more elaborate technology of digital cash can actually go a long way towards solving this problem, at least in theory. With this approach, each note has a unique serial number, and part of the agreement is that only the first presentation of a note with any given serial number will be honored. Then if the holder of a note wants to sell it to someone else, they go through a protocol with the borrower in which he verifies that the note has not been spent, and a new note is issued with a new serial number that nobody has seen before. This way the buyer of the note is protected against being sold an already-sold note. Plus, the digital cash technology allows this to be done without the debtor finding out who is selling his old notes to whom. There is no reason for him to have this information; the holder of the note ought to be able to sell it privately, and this is a good way of preserving that aspect of the transaction. So, the digital cash technology works pretty well for this application. The problem is that there have to be many additional restrictions and rules in the handling of the notes - notes have to be transferred using the special protocol, and only previously-unseen notes will be honored. It is not clear to me how these additional contractual restrictions can be incorporated into the note without violating the simplicity that Duncan quoted above. Also, in the technical sense, the blinded signatures used in digital cash do not allow the signing of a textual document. Instead, what is signed is a simple number in a specified form, and the *exponent* used in the signature is what determines the "sum certain". So the formal structure of a piece of digital cash does not match the requirement for a promissory note. There would have to be some additional documents which, for example, map the signing exponents to the note values. But again, there is no place in the note itself to put pointers to such additional documents. It is possible that the note could consist in effect of two documents, one part which is a PGP-signed text document laying out the terms and conditions which are relevant, and which states that it only has value when accompanied by a digital-cash data item, signed with the proper exponent, not previously seen by the debtor, etc. Again, then, you have to worry about fraud by the debtor, in which he claims to have seen a note before when one is presented for redemption. In order for note holders to protect themselves against this fraud there would have to be some way for debtors to prove that various notes had been spent. This might be difficult, especially if the people presenting notes for redemption are anonymous to the debtor. It's going to be hard to distinguish between the twin frauds of a holder presenting the same note for redemption twice, possibly at almost the same time from two different addresses, and the debtor who receives a note for redemption, then quickly sends it to himself as though from another holder, back-dating it a few seconds so he claims that one arrived first. Perhaps some form of registered mail for note redemptions, plus a requirement that when a conflict like this arises both presenters must identify themselves, could address some of these problems. (These problems arise for digital cash just as much, by the way.) Hal