CDR: Re: identity-as-bits vs. identity-as-meat

[Tim May]

At 11:14 AM -0800 11/16/00, Ray Dillinger wrote:
>According to current law in all nations (as far as I know),
>identity is meat.  One person has one identity, and the
>identity is persistent and lifelong.  All law is based on
>this assumption.

Not so fast. Corporations sign legally-binding contracts every day. 
Institutions enter into leases, contracts, agreements, and other 
legally-binding arrangements. And the issue of their "identity" is 
not a matter of _meat_.

We don't absolve Boeing of contracts because the guy who signed a 
contract, or even the N guys, are dead.

Q.E.D., signatures are more than just meat.

And Boeing's _identity_, vis-a-vis things it signs, is more than just meat.

Usually we say that Boeing's signing officers/authorities, those who 
enter the signatures on relevant documents, are authorized to do so 
by Boeing. There is much case law about all of this, I'm sure. (I've 
read anecdotal reports about how corporate mergers involve large 
teams of lawyers and officers of all parties signing a blizzard of 
documents, and in carefully controlled order so as to minimized 
chances for deadlock or fraud. A complicated protocol, one which 
crypto may _someday_ be part of.)

A guy somewhere in Boeing who uses his PGP signature on some document 
is neither assumed automatically to be committing Boeing to some 
contract ("...it depends") nor would his death (the meat is gone) 
mean that Boeing is free to ignore some contract ("...it depends").

I'm obviously not a lawyer. Some here are. But this is still a 
specialty area. Moreover, this is very little relevant case law.

Schneier's warnings are useful, but, as others have said, is obvious 
to nearly anyone. We on this list began talking about this issue in 
1992. There will be much case law, much role for the crypto 
equivalient of "handwriting experts," as the years go by.

And we can expect a spectrum of signing technologies and strengths. 
For example, the mundane auto-signing which someone may use for their 
e-mail is substantially less persuasive ("probative," I think the 
lawyers would say) than an ultra-high-security, backed-with-a-bond 
key which Boeing's Legal Department uses to digitally sign sensitive 
papers.

I believe Greg Broiles is still working for Signet Assurance, 
www.sac.net, which is one company tackling parts of this problem. 
Whether they will be a dominant player is of course unknown to me.

Anyway, lots of issues. But "meat" is one of the least important issues.


--Tim May

-- 
(This .sig file has not been significantly changed since 1992. As the
election debacle unfolds, it is time to prepare a new one. Stay tuned.)