CDR: Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)

Arnold G. Reinhold reinhold at world.std.com
Mon Oct 16 16:06:34 PDT 2000 

At 10:20 PM -0700 10/15/2000, Ed Gerck wrote:
>Arnold,
>
>Internet RFCs are technical specifications that use common English words  in
>a strictly defined manner. To suggest that the use of names in computer code
>or Internet RFCs might have legal implications ...  imagine lawyers examining
>some code and trying to attach meaning to variable names? Or  to UNIX
>commands? For example, to kill or killall?

I don't have to imagine it. I have been on the witness stand trying 
to explain terminology in technical documents that was quoted out of 
context by opposing council. (We won, but it cost a bundle in legal 
fees and management time.) I would also remind you of the _NSAKEY 
flap and countless product liability cases where minutia in 
engineering documents played a pivotal role.  Also there is a big 
difference between comments in source code or Unix command names and 
a technical specification, like an RFC, that undergoes a formal 
review and approval process.  The last will be given much more weight.

>
>Context dependent vocabulary can become highly amusing or disastrous
>if taken in a universal context, as was recently pointed out in the PKIX list
>by Peter Gien when someone complained about the legal implications of
>"good" as defined in RFC 2560.  Non-repudiation is not different. 
>In the crypto
>and RFC realm it means "a service that prevents the denial of an 
>act" [Handbook
>of Cryptography, X.509, PKIX]. Different lawyers in different countries may
>define whatever they want but I note that the legal use of 
>"non-repudiation" by
>banks worldwide is very similar to "a service that prevents the 
>denial of an act".

Even if your spec contained an explicit definition of 
"non-repudiation" that made clear its technical limitations, there is 
a high likelihood that the public and the legal system will be 
mislead. But the definition you cite dose not even do that. Here is 
what my "Random House Dictionary of the English Language" says about 
the meaning of "prevent:"

"... Prevent, hamper, hinder, impede refer to different degrees of 
stoppage of action or progress. To prevent is to stop something 
effectually by forestalling action and rendering it impossible: 'to 
prevent the sending of a message'..."

No cryptographic technology that I am aware of can fairly be said to 
render the denial of an act impossible.


Arnold Reinhold

More information about the cypherpunks-legacy mailing list