Mr. Field is a U.S. attorney specializing in payment systems and electronic commerce. He chairs the Electronic Commerce Payment Committee of the American Bar Association, Section of Science and Technology, and is an Affiliated Research Fellow of the Institute for Tele-Information at Columbia Business School. Mr. Field has served as a U.S. delegate-adviser to the United Nations Commission on International Trade Law, Working Group on Electronic Commerce.
The Drafting Committee on Electronic Contracting has begun to consider model state legislation in the U.S., with the goal of better enabling the use of digital signatures and other electronic communications and records, and of harmonizing the law. Its efforts have been endorsed in the Clinton administration's recent White Paper report, "A Framework for Global Electronic Commerce."
My thanks to Robert Jueneman of Novell for his technical assistance.
Access control systems can use three methods to identify a particular user: something the user knows (e.g., a password), something the user has in his or her possession (e.g., a secure token), or something that physically characterizes the user. U.S. Congress, Office of Technology Assessment, Information Security and Privacy in Network Environments, OTA TCT 606 (Washington, DC: U.S. Government Printing Office, September 1994) at page 37 (hereinafter OTA Report). When applied to electronic commerce, these methods translate into generic analogs to traditional signatures. They offer solutions to nonrepudiation of an electronic commerce transaction. We believe that the technologies underlying these methods may translate, for legal analysis purposes, into four categories. These four technical categories are: (i) symmetric cryptosystems; (ii) asymmetric (public key) cryptosystems (also known as digital signatures); (iii) passwords and tokens; and (iv) biometrics.
Symmetric cryptosystems for electronic signatures include any pre arrangement which involves the sharing of the underlying cryptographic information (key) by both parties to the transaction. These include "test keys", traditionally used in tested telexes, and the DES algorithm, currently in wide usage in communicating financial information. The same key is used at both ends of the transaction, whether to encrypt and decrypt the message or to sign it. In short, symmetric keys involve a shared secret, which must be kept private from others. Thus, symmetric keys are also known as "secret" keys.
Since the "signature" (along with its associated "message authentication code") can be thought of as a number derived mathematically from both the message and the private key to form a unique result which is different for every message, symmetric key systems not only identify the sender but also tie the sender to the text of the message. They serve a further function of confirming that a message was not altered during or after transmission. And the one time signature cannot usefully be intercepted and used to forge the signature on a different message. (Absent other security measures, however,it can be used successfully to send an exact duplicate of the original message.)
The use of symmetric cryptosystems in electronic commerce suggests that there must have been a relationship between the parties prior to the first use of the key, to enable one to one distribution of the key and to confirm the identity and authority of the key recipient. Therefore, any model law directed to the use of symmetric cryptosystems must take into account a fundamentally contractual relationship. The nonrepudiation effectiveness of a symmetric cryptosystem is notably limited by the fact that the party that wishes to enforce nonrepudiation generally also has a copy of the key.
Public key cryptosystems (digital signatures) involve a uniquely known secret. The technology for digital signatures has been in existence for about 20 years, and has been widely acknowledged to be the most efficient and useful system for electronic commerce. (See OTA Report, Appendix C: Evolution of the Digital Signature Standard, at page 215.) Indeed, the Office of Technology Assessment has stated:
"A public key infrastructure (PKI) is a critical underpinning for electronic commerce and transactions. The establishment of a system of certification authorities and legal standards, in turn, is essential to the development of a public key infrastructure and to safekeeping business and personal transactions." (OTA Report, Introduction and Policy Summary, at page 7)
Digital signatures are utilized in a variety of forms. For the sake of simplicity, following is an abbreviated description of one utilization of digital signatures (for a full description, see Digital Signature Guidelines: Legal Infrastructure for Certification Authorities and Secure Electronic Commerce, August 1, 1996, American Bar Association, Information Security Committee, Electronic Commerce and Information Technology Division, Section of Science and Technology):
i) A person receives a key generating device, perhaps on a smart card.
ii) The person generates two keys, called a key pair. The second key is mathematically related to the first and will successfully decrypt messages encrypted with the first key. However, so long as the keys are sufficiently long, it is computationally infeasible to derive the first key from the second.
iii) The person retains the first key as his "private key". The private key is known to no other person (provided it remains well secured and is not disclosed voluntarily or involuntarily) and is used to sign electronic commerce messages and other records.
iv) The person publishes the second key as his "public key". Any person who wishes to authenticate a message signed with the private key can look up the public key in a public record to see if they offer an encryption/decryption match.
v) In order to ensure that the public record has been verified as accurate, a third party "certification authority" (or "CA") may be called upon to investigate and confirm that the public key indeed pairs to a private key and links up to an identified person, company, or level of authority. Using its own private key, the CA signs the public key as an assurance that its accuracy has been verified, and makes the resulting certificate available to the key holder, to append to future messages, or to potential message recipients.
The use of digital signatures in electronic commerce requires no prior relation between the transaction parties, and thus there may be no contractual agreement as to their legal effectiveness. Similarly, there may be no contractual relation between a relying party and the CA which issues the certificate that is being relied upon to verify a digital signature.
While a digital signature can both establish the identity of the signer and private key can be lost, stolen or fraudulently generated. Loss allocation resulting from unauthorized digital signatures will be a function of the integrity of the key generation process as well as the entire public key infrastructure, including the level of assurance provided by the CA, and legislation. Recognizing the need to provide certainty in the electronic environment, NCCUSL and a number of states (as well as foreign governments) have already made inroads into developing approaches to equitably allocate losses caused by unauthorized electronic and digital signatures. In addition to electronic signatures, it should be noted that public key cryptosystems can be used for other business applications, including trusted time and date stamping, electronic archiving/record retention, and notarial functions.
Passwords and tokens are in wide usage in ATM and credit cards and other applications. They are like symmetric keys in that they establish the identity of the signer. However, they do not generally verify the accuracy of the message, unless they are used in combination with keys. Passwords and tokens carry the same types of risk of unauthorized use as do keys. However, physical tokens cannot be electronically stolen. While most tokens are limited in functionality to identification, memory or information transport, the most secure devices are capable of performing cryptographic operations and contain a private (or secret) key that never leaves the token. Such secure tokens are thus able to provide firewalls between private information and a communications network, and offer an increased level of protection.
Since the use of biometrics typically requires hardware and software whose trustworthiness can be guaranteed at both ends, it is more readily adapted to point of sale or entry control, and less to Internet electronic commerce. The widespread use of biometrics also raises sensitive social and policy questions.
The above electronic signature technologies can be, and often are, used in combination. For example, the Mastercard and Visa SET protocol is primarily public key, and also incorporates passwords and symmetrical keys. Future applications are expected to use secure tokens. The incorporated technologies are used for user authentication, message integrity, and privacy purposes.
Since the technical attributes of these technologies create different legal consequences and opportunities, there are substantial reasons for establishing some degree of separate legal framework for each of them. By way of example, the unique capabilities of digital signatures best allow for a legal model which shifts the risk of loss in connection with a disputed signature to the purported signer. Whether risk of loss should be so shifted may be a function of the application (payment, government filing, contract signature, etc.), whether the purported signer is a consumer, as well as the nature and level of assurance provided by a certification authority.
Comments or questions regarding this Annex may be directed to:
Richard L. Field, Esq.
755 Anderson Avenue #4A
Cliffside Park, NJ 07010
U.S.A.
(201) 941-8015
field@pipeline.com