1997-02-06 - [RRE FWD] PKI: 10 Public Policy Questions

Header Data

From: Rick Osborne <osborne@gateway.grumman.com>
To: cypherpunks mailing list <cypherpunks@toad.com>
Message Hash: 2ab4b5729f6bdc6a13eb6cc55017d953cb532103221efb9d45b3e7c6e7d6dea9
Message ID: <199702060542.VAA13795@toad.com>
Reply To: N/A
UTC Datetime: 1997-02-06 05:42:52 UTC
Raw Date: Wed, 5 Feb 1997 21:42:52 -0800 (PST)

Raw message

From: Rick Osborne <osborne@gateway.grumman.com>
Date: Wed, 5 Feb 1997 21:42:52 -0800 (PST)
To: cypherpunks mailing list <cypherpunks@toad.com>
Subject: [RRE FWD] PKI: 10 Public Policy Questions
Message-ID: <199702060542.VAA13795@toad.com>
MIME-Version: 1.0
Content-Type: text/plain

Got this off of the Red Rock Eater list,
<http://communication.ucsd.edu/pagre/rre.html>, and figured those of you
not on it might like a read.

From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: PKI: 10 Public Policy Questions
X-Url: http://communication.ucsd.edu/pagre/rre.html

[The bottom line: State legislation on digital signatures presupposes an
overly centralized architecture and is weighted against victims of fraud.
Pursuing inherently national or global issues on the state level permits
interested parties to shop for a friendly legislature, who will then set
a precedent that other jurisdictions are likely to follow.  This system
is biased against less politically mobilized constituencies and favors
older technologies and more centralized business models.]

This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu

Date: Wed, 05 Feb 1997 09:48:01 -0800
From: Bradford Biddle <BIDDLECB@COOLEY.COM>
Subject: PKI: 10 Public Policy Questions


* * * * * * * * *

[Copyright 1997 C. Bradford Biddle; permission granted for
non-commercial electronic redistribution]




	Following the lead of the state of Utah, numerous states and
several foreign countries have enacted "digital signature" legislation
aimed at promoting the development of a public key  infrastructure
(PKI).  While PKI legislation has acquired significant momentum, it is
not clear that lawmakers have carefully considered the public policy
implications and long-term consequences of these laws.  This luncheon
session will explore certain policy questions related to a PKI, in an
informal "open discussion" format.  Ten questions we hope to address

1.	Is legislation necessary at all?	

	Proponents of digital signature legislation start with the
premise that the need for a PKI is clear: public key cryptography and
verifiable certificates offer the best hope for sending secure,
authentic electronic messages over open networks, thereby facilitating
electronic commerce. They argue that the reason that the commercial
marketplace has not produced a viable certification authority (CA)
industry is because of legal uncertainty (CAs are unable to determine
their potential liability exposure because of a confusing array of
applicable background law) or because existing law imposes too much
liability on CAs.  Thus, proponents argue, legislation is necessary in
order to provide certainty in the marketplace and allow a much-needed
industry to emerge, as well as to address other issues such as the legal
status of digitally signed documents.

	Opponents of this view assert that it is far too soon to
conclude that the market will not produce commercial CAs, and point to
the increasing numbers of commercial CAs emerging even in the absence of
legislation.  Time is solving the "uncertainty" problem, opponents
argue, and the "too much liability" problem is the product of flawed
business models, not a flawed legal system. Opponents of legislation
argue that the real danger is that a group of lawyers will impose a set
of flawed rules that will fundamentally skew a dynamic infant
marketplace and "lock in" a set of business models that the market would
otherwise reject.  The time for legislation and regulation is after
identifiable problems exist in a mature industry, opponents say, not
before an industry even exists.  Opponents of legislation further argue
that existing legal mechanisms can address the issue of the legal status
of digitally signed documents.

2.	Where should PKI legislation occur?

	Debate also occurs over the appropriate jurisdictional level for
digital signature legislation. Some observers cringe at the thought of
50 inconsistent state digital signature laws; others believe that CAs
and consumers will opt-in to the most sensible legislative scheme, and
thus believe that competition between the states is helpful.  Proponents
of uniformity and consistency argue for PKI legislation at the federal
or international level; opponents of this view point out that general
commercial law has long been the province of state legislatures.

3.	Is licensing of Certification Authorities the right approach?

	Under the Utah Digital Signature Act ("Utah Act") and much of
the subsequent PKI-related legislation CAs are licensed by the state. 
The Utah Act makes licensing optional: CAs that obtain licenses are
treated with favorable liability rules, but non-licensed CAs may exist
in Utah. Licensing is a highly intrusive form of government regulation
(other, less intrusive methods of regulation include mandatory
disclosure requirements, altering liability rules to avoid externalized
costs, bonding or insurance requirements, etc.).  Typically, licensing
as a form of regulation is reserved for circumstances where a market
flaw cannot be addressed by other, less intrusive means.   Does this
sort of dynamic exist with CAs?  Would consumers be able to make
informed, rational choices between CAs?  Could an incompetent CA cause
irreparable harm?  Could other types of regulation address any relevant
market flaws?  If unlicensed practitioners are allowed to exist, subject
to different liability rules, how will this affect the CA market?

4.	Should legislation endorse public key cryptography, or be
"technology neutral"?

	Most of the digital signature legislation to date has focused
specifically on digital signatures created using public key
cryptography.  Some legislation has also addressed the issue of
"electronic signatures" -- other, non-public key methods of
authenticating digital transmissions. Proponents of biometric
authentication methods argue that it is foolish to legislatively
enshrine public key cryptography as the only technology capable of
authenticating an electronic document. They argue that biometric methods
can currently accomplish many of the same goals as digital signatures;
they further argue that by precluding other technologies future
innovations will be discouraged.  They also note that public key
cryptography can only be implemented using patents owned by a limited
number of commercial entities, and question whether it is wise public
policy to legislatively tie electronic commerce so closely to the
interests of a few private sector actors.

5.	Should legislation endorse the X.509 paradigm?

	When the Utah Act was enacted, it explicitly endorsed the X.509
infrastructure model. Subsequent laws have dropped the explicit
endorsement of X.509, but nonetheless remain true to the X.509 paradigm.
 Under most digital signature legislation, certificates serve to bind an
individual's *identity* to a particular public key.  This binding is
accomplished in the context of a rigid, hierarchical CA infrastructure. 
This model has been criticized for two main reasons: global CA
hierarchies are almost certainly unworkable, and identity certificates
often provide too much information -- frequently an "attribute" or
"authority" certificate will do.  Alternative certificate formats, such
as SDSI and SPKI, have emerged in response to these and other perceived
flaws with the X.509 model.  However, it is not clear that these
alternative certificate formats can be accommodated under current
digital signature legislation.

6.	How should liability and risk be allocated in a PKI?

	Liability allocation promises to be a vexing problem in a PKI.
The liability issue is most dramatic in the context of fraud.  An
impostor can obtain the private encryption key associated with a
particular party and create electronic documents purporting to be from
that party.  A second party may enter into an electronic contract
relying on these ostensibly valid documents, and a loss may occur.  Who
should bear this loss? In the paper world, generally one cannot be bound
by a fraudulent signature.  This principle may not be entirely
appropriate in an electronic context, however.  In a PKI, the integrity
of the infrastructure depends upon the security of private encryption
keys.  If a key holder bears no liability for fraudulent use of that
private key, perhaps he or she  may not have adequate incentive to keep
the private key secure.

	How much liability should the private key holder bear?  Under
the Utah Act and its progeny, an individual who negligently loses
control of their private key will bear unlimited liability. This risk
allocation scheme raises the specter of consumers facing immense losses
-- as one commentator puts it: "Grandma chooses a poor password and
loses her house."  In contrast, consumer liability for negligent
disclosure of a credit card number is generally limited to $50.  If
consumer liability were similarly limited in a PKI, where would the risk
of loss fall?  If CAs had to act as an insurer in all transactions, the
price of certificates would likely be extraordinarily high.  If relying
third parties faced the risk that ostensibly valid documents may in fact
be forgeries and bear any resulting loss, then some benefits of a PKI
are lost. 

7.	What mechanisms should be used to allocate risk?

	Currently at least one commercial certification authority,
VeriSign,  is attempting to allocate risk to both certificate subjects
and relying third parties by contract.  VeriSign includes significant
warranty disclaimers, liability limitations, and indemnification
provisions in its Certification Practices Statement (CPS).  Certificate
applicants agree to be bound by the CPS when obtaining a certificate. 
VeriSign's web page informs relying third parties that the act of
verifying a certificate or checking a certificate revocation list
indicates agreement to the terms of the CPS.  However, it is not clear
that a binding contract can be formed with relying third parties in this
fashion.  Thus the relationship between VeriSign and relying parties may
not be governed by the CPS at all, but instead be subject to default
contract and tort rules (which would be less favorable to VeriSign). As
a policy matter, should CAs be able to form contracts with relying third
parties, despite their rather attenuated connection?  If relying parties
will be bound by unilateral contracts imposed by CAs, they face
significant transaction costs involved with determining the contract
terms offered by potentially numerous CAs.  If CAs cannot scale their
potential liability exposure to third parties by contract, however, it
may be impossible for CAs to compete on warranty terms -- and presumably
such terms would otherwise be the subject of significant competition.

8.	Should digitally-signed documents be considered "writings" for
all legal purposes?

	The Utah Act and most other digital signature laws provide that
digitally signed documents have the same legal effect as writings. 
Critics have noted that while most of the functions or goals of writing
requirements may be served by electronic documents, this may not be true
in all instances.  For example, the law often requires a written
instrument to effect notice -- i.e., to alert an individual that a lien
has been filed on their property.  It is not clear that a digitally
signed electronic message would achieve the same effect.  Additionally,
there are other contexts -- such as wills or adoption papers -- where
paper documents may prove more effective than electronic documents. 
Moreover some paper documents (such as bank drafts or warehouse
receipts) are negotiable instruments, and this negotiable character
depends upon the existence of a single, irreproducible copy of the
document.  Thus, critics say, digital signature legislation should not
override all writing requirements without separately considering the
extent to which sound policy might require retention in specific

9.	How much evidentiary weight should a digitally-signed document

	Evidentiary  issues, though seemingly arcane and procedural, can
raise important public policy concerns.  For example, the Utah Act
creates a presumption that the person who owns a particular key pair
used to sign a document in fact did sign the document.  Holding an
individual presumptively bound by obligations entered into under their
digital signature could be inequitable if the individual is the victim
of the fraudulent use of such a signature.  This potential problem can
be compounded by the evidentiary weight assigned to digitally-signed
documents.  Under the Utah Act digitally-signed documents are accorded
the same evidentiary weight as notarized documents, and someone
challenging the authenticity of such a document can overcome the
presumption of authenticity only with "clear and convincing evidence"
(in contrast, one can overcome the presumption of validity of a paper
signature simply by denying that it is one's signature).  Critics of the
Utah Act's approach argue that providing digitally-signed documents with
this status creates unreasonable evidentiary burdens for victims of
fraud challenging the validity of electronic documents signed with the
victim's private key.

10.	Should governments act as CAs?

	Much of the currently enacted digital signature legislation
envisions state government agencies acting as "top level" certification
authorities who in turn certify a second tier of private sector CAs.  At
the federal level, the U.S. Postal Service has declared its intention to
act as a CA on a nationwide basis.  Should governments be acting in this
sort of role?  Critics say no, arguing that government involvement will
skew an emerging private sector CA marketplace.  Government actors may
face very different liability rules than private sector market
participants -- governments can choose to scale their potential
liability exposure through the doctrine of sovereign immunity. Thus,
critics argue, government CAs may "win" in the marketplace not because
they are more efficient or provide better service, but rather because
they can stack the rules in their favor. Proponents of government
involvement argue that governments can play an important role precisely
because they can create sensible ground rules for all PKI participants. 
Additionally, they note that governments have existing relationships
with all of their citizens, making the process of identification and
public key binding that much easier.


* Brad Biddle is the author of "Misplaced Priorities: The Utah Digital
Signature Act and Liability Allocation in a Public Key Infrastructure,"
which appears in Volume 33 of the San Diego Law Review, and serves as
Vice Chair of the Electronic Commerce Subcommittee of the American Bar
Association's Committee on the Law of Commerce in Cyberspace.  He is a
third-year law student at the University of San Diego and is a law clerk
in Cooley Godward LLP's San Diego office, where he served on the legal
team advising the Internet Law and Policy Forum's Working Group on
Certification Authority Practices.  He can be contacted by phone at
(619) 550-6301 or by e-mail at biddlecb@cooley.com.


_________ o s b o r n e @ g a t e w a y . g r u m m a n . c o m _________
Most obscure warning:
If you fork() without ever waiting on your children, you will accumulate
-PERLFUNC man page