Digital Signatures & THE LAW???
-----BEGIN PGP SIGNED MESSAGE----- Has there been any concideration for the difference between a digital signature that is used only for authentication and one that is legally binding?? I would hate for these Digital Signature Laws make every e-mail message I sent a legally binding document. :( - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM7aBbI9Co1n+aLhhAQHsCwP/dUQ6jixcfYCkLLFkZomM5gzCysRjnlr3 rGjXMMDyVZ2OQn2ZjSJ+TmrocbmZy2yNolBquRN0w0PjnGbC8k8ZCFxW8C4xHX9B CBf7XNGijoFxi3DTVViTv/i+waLX6sfJM1fp9IpUe7Da5fOb6vqf0rXNDPwdVLIB Sn0rJodgqho= =+Bcp -----END PGP SIGNATURE-----
William Geiger <whgii@amaranth.com> writes:
Has there been any concideration for the difference between a digital signature that is used only for authentication and one that is legally binding??
I would hate for these Digital Signature Laws make every e-mail message I sent a legally binding document. :(
Not a complete solution, but one technical fix, if you're sending e-mail to an individual, rather than a post to a group such as this is to use repudiable signatures. These work by ensuring that the recipient and only the recipient can forge the signature. As the recipient can forge the signature it falls back to his word against yours, which is the situation without signatures. However he (the recipient) will be convinced that you wrote the signed document, or at least as convinced as he is that someone else hasn't covertly obtained a copy of his private key. If you're using a repudiable signature, it won't hold up in court, or at least it shouldn't, if you can get the jury to grok that. Personally I can't see any reason for individuals not to use repudiable signatures for email. Email is generally regarded as private, and to give someone a signed email allows them to not only post your email which you may not want, but to undeniably prove that you wrote it! Mathematically an easy way to create deniable signatures with RSA is: Alice sending Bob a signed email. We want: ( X ^ A_pub ) xor ( Y ^ B_pub ) = hash( message ) Alice chooses random Y, and computes X: X = [ ( Y ^ B_pub ) XOR hash( message ) ] ^ A_pri Now the repudiable digital signature is X and Y. To verify the signature the recipient checks that: X ^ A_pub XOR Y ^ B_pub = hash( message ) Repudation is possible because Bob could also produce that same signature with knowledge of B_pri, for Bob X is a random number, and Y is calculated: Y = [ ( X ^ A_pub ) XOR hash( message ) ] ^ B_pri (In practice you would have to store X and Y in random order, otherwise if the sender always comes first, it's no longer repudiable. As a result to check the signature you may have to swap X and Y if the signature fails first time). Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
-----BEGIN PGP SIGNED MESSAGE----- At 10:35 AM 6/29/97 -0500, William H. Geiger III wrote:
Has there been any concideration for the difference between a digital signature that is used only for authentication and one that is legally binding??
I would hate for these Digital Signature Laws make every e-mail message I sent a legally binding document. :(
Examples of signatures that have previously been tested as legal binding signatures include not only actual signatures, but an 'X' and 'Mickey Mouse'. The intention of "legally binding" is merely the proof of authentication. So yes, I would say that all digitally signed email in now legally binding, with one exception. There has been a move to make a digital writing a writing only when both parties agree to it's usage. There is a belief that some documents should not be digital. An example is an eviction notice. Stapling a diskette to the doorframe may not be acceptable notice for eviction, as compared with a paper notice. Since most internet users are ineffective at managing their email, a legal notice deposited in an inbox may not be a desirable way to serve notice. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQBVAwUBM7fIiUGpGhRXg5NZAQF59wIAvsnM/U9cs69KedfZzi7XuiF+U9KICWpz vbZkDVKSwJAFvVRcKT0HDqDUlKgIa8UFo/eGfQ2oiAx+Z0lqFOYFHQ== =ylgI -----END PGP SIGNATURE----- -- Robert Costner Phone: (770) 512-8746 Electronic Frontiers Georgia mailto:pooh@efga.org http://www.efga.org/ run PGP 5.0 for my public key
William Geiger III wrote:
Has there been any concideration for the difference between a digital signature that is used only for authentication and one that is legally binding??
I would hate for these Digital Signature Laws make every e-mail message I sent a legally binding document. :(
I realize I'm in danger of sounding like Tim here, but I remember writing a long message about this some months ago - perhaps it's available through the archives. "Legally binding" isn't a useful way to think about this sort of thing. Signatures serve at least two different purposes; sometimes they're required to form a contract (say, for the transfer of an interest in real estate, or a contract which cannot be performed in less than a year, or for the sale of goods worth more than $500) and sometimes they serve as evidence that a person has had access to or contact with a physical thing (like a paper copy of an agreement). Contract law does not revolve around signatures, it revolves around agreements. If you don't have an agreement with someone (and haven't acted in a way which would have led a reasonable person to think you had an agreement) then you don't have a contract with them. A signature can be evidence of an agreement, and it may be required to form certain agreements; but a signature is not an agreement. It's a pattern made with ink or with bits; an agreement is a legal relationship. The map is not the territory. If your e-mail doesn't seem to be proposing an agreement, or accepting an agreement, I don't think you need to worry that you're going to accidentally form a contract with someone. Other concerns (like, say, that a digitally signed message could be introduced as evidence in a criminal or civil trial) seem to stem from the assumption that unsigned messages won't be admissible .. and I think that assumption will prove to be false. Courts admit evidence whose origin is disputed or uncertain all of the time, and trust the jury to decide who they'll believe. There's no reason to assume that electronic evidence (as opposed to eyewitness accounts, or photographic evidence, or other falsifiable evidence) will be excluded because it's potentially suspect. The addition of a digital signature makes the spurious "But how do you know *I* sent that messsage?" argument less plausible - but I think that argument's a loser anyway, at least in most cases. If you're really worried about it, you could add "THIS KEY WILL NOT BE USED TO SIGN OR FORM CONTRACTS" to your ID string for your public key - but I'm not sure it really makes much difference. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto.
participants (4)
-
Adam Back -
Greg Broiles -
Robert A. Costner -
William H. Geiger III