A reliable authentication mechanism is essential for the rule of law to prevail in the online world. Digital signatures, which use cryptography to facilitate authentication and data integrity verification, have come to be regarded as the technology that can match a person with their online alter ego. Given this mapping between a person and their online identity, electronic commerce can thrive since the law will be able to enforce contracts made in cyberspace. In order to promote this type of electronic commerce, legal bodies have begun to assess the liability of the parties who sign contracts using digital signatures. This paper contends that legislatures should define regulations regarding digital signatures narrowly since the technology and infrastructure is not ready for prime time use. In particular, this paper argues that trusted computing and in certain cases biometrics are necessary components before digital signatures should be considered legally binding.
Today, handwritten signatures are commonly used to authenticate individuals and signify the integrity of a particular document. Handwritten signatures can be used to enter into legally binding agreements and seal commercial transactions. The judicial system can enforce a contract signed by an individual. Handwritten signatures made in person convey additional information. The receiver of the document can verify age, height, weight, and demeanor. A profile of the person can be developed and remembered by the receiving party. Although forgery of handwritten signatures is possible, there are techniques which can determine whether a signature has been created artificially. In the absence of forgery and severe duress, a signature is seen as a deliberate and conscious decision by the signer.
Digital signatures share several similarities with their physical world counterpart. Digital signatures like handwritten signatures attach information that is intended to uniquely identify the signer. A digital signature verifies the contents of the entire document much like a handwritten signature often indicates agreement with the stated conditions and content of a document. Given that forgery has not occurred, both digital and handwritten signatures allow parties to present the signature to a court and hold the signer to the stated agreement. However, digital signatures do have several limitations. The software or naive users may make their private key available. This would allow individuals to sign documents with a "name" other than their own.
Given most organizations limited experience with digital signatures, it is important for the government to explore and understand this technology. However, legislation concerning digital signatures and the digital signature applications that the government encourages should be narrow in scope. Developing a trusted computing platform and incorporating biometric systems will form an infrastructure in which digital signatures can be trusted and seen as legally binding.
A digital signature uses a one way asymmetric cryptographic function and a user's private key to uniquely identify an electronic entity that can be represented in binary form. Suppose Bob and Alice wish to communicate securely. Each of them generates a public and private key pair. Messages that are signed with one's private key can only be decoded using one's public key. Thus if Bob and Alice were able to share their public keys they would be able to communicate securely.
They may physically exchange copies of their public keys or they may use a certificate authority, an independent trusted third party. If Bob and Alice both possess the public key for the certificate authority, then exchanging keys becomes much simpler. The certificate authority can encrypt a copy of Bob's public key with its private key and transmit this message to Alice. Alice will then be able to use the certificate authority's public key to decrypt the message and obtain Bob's public key. After the converse of this takes place, Alice and Bob could begin communicating securely.
However, in transit the communication itself may become corrupted due to a hacker or unintended circumstances. Digital signatures address this issue. A one way asymmetric cryptographic "hash" function is performed on the data to be communicated. This result, known as a message digest, is a function of the data to be communicated and thus will change if the data changes. This message digest is encrypted with the sender's private key. The receiver of the entire data including the message digest can now determine the authenticity of the data by checking if the decryption process was successful. Once all of the data is decrypted and therefore assumed to be originally from the purported sender, the integrity of the data is verified. The receiver does this by computing the same one way cryptographic function on the data as the sender and checking whether this result matches the decrypted message digest sent with the message. Thus, this encrypted message digest or digital signature allows the receiver to check for both the authenticity and the integrity of the data.
Digital signatures provide a base level of authentication and also check for message integrity. However, when used in isolation, digital signatures do not truly provide the level of authentication necessary for entering into legally binding agreements. Digital signatures must be utilized in an overall trusted system that has links to the physical world. The computing platform itself must implement security measures designed to safeguard private data such as one's private key. In many cases, this technology must also be used in combination with other physical authentication mechanisms such as signature verification, finger print verification, hand writing verification, and retinal scan verification.
This biometric authentication will provide additional assurance to parties who have more stringent authentication and message integrity criteria. Despite all of these security measures, a model must recognize that nothing whether in the physical or virtual world is completely secure. Thus, a truly viable architecture will reflect the "best effort" philosophy of the internet by attempting to erect significant barriers to online crime. The current architecture does not contain such barriers and is therefore insufficient.
A trusted computing platform is an essential component of the infrastructure that enables online authentication. If the platform the user interacts with is compromised, then any subsequent attempts at authentication over the internet are futile. For example, if the private key of an individual can easily be obtained, then there can be no guarantees as to which physical person initiated the signing. The Trusted Computing Platform Alliance (TCPA), which is composed of Compaq, Hewlett-Packard, IBM, Intel, and Microsoft is defining a specification which will enable web users to have more confidence in the security of their personal computers. [19] This group is investigating how hardware and software security measures can be integrated into the various levels in a personal computer such as the Basic Input Output System (BIOS), operating system, and storage system. The goal of the TCPA is to "allow a computer owner to maintain complete control over information contained by the system." [2]
Aside from the TCPA, PC manufacturers are developing their own proprietary technologies to ensure greater security. For example, IBM has developed an embedded security chip that encrypts data that flows out of the client workstation. The public and private key reside in the embedded security chip and are thus not readily exposed. A pin code allows a user to initiate secure, encrypted communication to and from the embedded chip. The embedded chip then can perform encryption and digital signatures over the internet using the person's public and private keys. [3] This architecture provides two layers of encryption and additionally safeguards a user's public and private keys. These efforts that make the PC more secure will increase the confidence that one's private key, and therefore one's digital signature, are valid.
However, these technologies do not complete the process of linking the physical and virtual world. A user access pin can be compromised and doesn't associate a physical person with their online actions. The integration of biometrics into the trusted computing platform will prevent unauthorized individuals from using one's computer. This provides the insurance that someone cannot physically infiltrate one's machine and therefore is a critical component of a trusted computing platform.
As corporations develop a trusted computing platform they must make sure to not isolate and lose the trust of the consumer. If the consumer can't even trust his/her own machine, then why would he/she choose to make purchases online. For example, if a trusted system were to report to some authority every time a copy was made of a software package, then consumers might just opt for untrusted, standard systems. Consumers also aren't willing to tolerate draconian policies. For instance, Intel went through a public relations nightmare when it had to defend its use of the Pentium III processor serial number. Consumers were concerned that the Pentium III processor serial number might be broadcast when users logged on to the Internet. Intel assured consumers that the processor serial number would enable greater security for electronic commerce. The chip maker made sure to state that the processor serial number would default to "OFF". This example illustrates the fact that a trusted computing platform must not attempt to deceive the consumer and must instead serve to educate the consumer about how to better secure their private information.
A persons identity is typically determined in one of four ways [5]:
These methods have certain benefits and drawbacks with respect to their reliability, functionality, and intrusiveness. The Association of Biometrics defines biometrics as "the automated measuring of one or more specific attributes or features of a person, with the aim of being able to distinguish that person from all others." [6] Biometrics can further be subdivided into physiological biometrics, such as finger print verification and behavioral biometrics, such as signature verification. [5] Physiological biometrics is intuitively more intrusive since one often has to make physical contact with an object and physical characteristics are stored about oneself. On the other hand, behavioral biometric techniques such as signature verification may seem natural to individuals since handwritten signatures are commonly used for authentication.
There are several advantages of a biometric scanning system. Foremost among these advantages is the fact that the biometric system authenticates based upon the unique characteristics of an individual. Thus, it is more difficult for hackers to fake such systems. Another inherent advantage of biometrics is that it does not require users to carry any physical device such as an access card which can be lost or duplicated. Biometrics also don't depend upon secrets such as passwords or secret codes. These secret codes can be forgotten, broken, and inadvertently shared. Due to some of these advantages, biometrics are increasingly being deployed along with computer systems in a variety of scenarios.
There are valid privacy concerns about biometrics. For example, the individual is required to give data about his person. A fingerprint image conveys information about someone that they may want to keep private. Another danger to using biometrics is that situations may arise where an individual's biometric information is disclosed to a third party. This third party may sell this information on the free market without one's consent. It is unclear whether the courts wold support the individual in this case. In Smith v. Maryland [29], the U.S. Supreme Court found that the telephone numbers that the defendant dialed from his home do not constitute a search under the fourth amendment. The court stated that the defendant did not have a reasonable expectation of privacy with regard to the actual numbers dialed since he must have known that this information would necessarily have to be disclosed to the phone company. The court stated that it "consistently has held that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties." [29]
Although congress has recently introduced legislation protecting an individual's right to private medical information in electronic form, it isn't clear what stance the court will take with respect to biometric information held by third parties. This represents a serious risk for individuals. Accordingly, another fear about the use of physiological biometrics is that the government may use this information in improper ways. For example, many privacy advocates fear that the FBI may augment user's finger print images to their already extensive database of criminal's finger print images. According to [9], "To borrow the reasoning of a 1973 report on national identity card proposals, the biometric identifier, in ways far more effective than a numerical identifier, "could serve as the skeleton for a national dossier system to maintain information on every citizen from cradle to grave" Physical biometric identifiers give the government the awesome power of correlating data and tracking citizens activities in ways that were never before possible.
Another disadvantage of physiological biometrics is that they may convey too much information. For example, biometric information may capture a person's physical well being. According to [9], "Certain nonchromosomal disorders, such as chronic intestinal pseudoobstruction, leukemia, breast cancer, and Rubella syndrome, have also been implicated by certain unusual fingerprint patterns." Although the link between biometric data and an individual's medical condition hasn't been proven conclusively, if this were true a physical biometric may serve as a medical record. Trusting this information with third parties could be a risky indeed.
However, some systems do not actually store the biometric data but rather use the biometric data to allow a PIN to become valid. Such systems address many of the aforementioned concerns. Additionally, many of the baneful effects of biometrics are due to physical characteristics being recorded. If one investigates behavioral biometrics such as signature verification, many of the privacy concerns are alleviated since most people are comfortable with disclosing their signature. If a signature verification system was used, a person could sign their name on a digital pad which can measure the velocity and image features of the signature. It can compare this data against a known set of signatures in a database and determine if a match has occurred. Although one's signature can vary due to time, habits, and mental state, the velocity profile of a signature tends to remain consistent. This could be true because the central nervous systems ability to facilitate movement generally remains consistent. [4] By matching the spatial and kinematic properties of the signature, the system can dynamically authenticate an individual. This method of biometric authentication should seem natural to most people since one is familiar with performing handwritten signatures. The connotations that a signature generally has may also enable parties to fully understand their obligations when they enter into legally binding agreements.
Fundamentally, biometrics can help protect one's identity, the integrity of one's online actions, and can also limit access to private data. This technology can serve as a bridge between the virtual and physical worlds.
Using digital signatures can also create other problems since there is not a connection between the analog world of humans and the digital codes of one's private key. Since humans are not digital, how can a private key uniquely identify our person? We live in an analog world. If authentication systems do not take into account our physical being, then how can they be used in a court of law to uniquely identify us.
Suppose that an individual was able to access my private key on my computer. If they commit a crime online, do I have to prove that my private key was compromised? In such a scenario, I would essentially be considered guilty until proven innocent. The burden will rest upon me to demonstrate that another individual somehow accessed my private key and committed a crime. This contradicts fundamental tenets of the American judicial system. Conversely, suppose that I commit a crime. Can I use the argument that my private key was compromised as an alibi? This tenuous connection between the private key and the physical world doesn't permit true authentication. Rather, there must be a connection or conversion between the analog and digital worlds.
Without this conversion, the law has the daunting task of using evidence collected in the digital domain against individuals in the analog domain. For example, imagine a situation in which you paid a contractor an advance for re-tiling your bathroom. He signed a contract that binds him to complete the work. If he leaves with your money, you expect the law to be on your side since you have a written contract with his signature. What if this transaction were to take place online? If digital signatures are not legally binding, you have no recourse. Further, if a digital signature could easily be forged, a law that recognizes digital signatures might not be of much use since your contractor may have disappeared. Currently, the law states that people who engage in fraud by forging a document or providing false information are subject to prosecution regardless of whether the signature is hand written or digital. If investigators track down the individual who supposedly digitally signed the contract, how will authorities be able to verify that he actually did digitally sign the document. Suppose someone obtained access to his computer and illegally signed the document with this individual's private key. Who do you file a civil suit against then? There is nothing that connects any physical person to the crime. One only knows that someone who obtained access to the individuals private key participated in the transaction. This person may be the owner of the private key or it could be another person who illegally used the owner's private key. One can't truly be assured that the private key maps to the correct physical person under the traditional digital signature architecture.
In order to provide a more rigorous level of authentication, analog physical world data and digital data must be used in combination. Transducers such as finger print analyzers could be used to create a mapping between the analog and digital world. For example, digitized samples of a finger print image, could be attached to outgoing messages. This information could be verified by certificate authorities and the resulting message could then be transmitted to the receiver. Alternatively, users could be required to write a passphrase on a touch screen. This information would be digitized and appended to outgoing messages. Handwriting recognition programs at certificate authorities could verify the handwriting of the individual. Another alternative could involve performing a retinal scan of individuals and appending this data to the message. Servers at the certificate authority could match these patterns to a known database and verify the sender. Similar schemes could be developed using voice recognition, face recognition, etc. These authentication mechanisms can also be used to limit the access other individuals have to one's private keys. In all of these cases, analog data is being digitized to check the authenticity of the sender.
These schemes would be used in combination with traditional digital signature technology. Thus the use of a private key and the message integrity that is a part of digital signature technology would also be utilized.
Hackers who compromised someone's private key would still have to append the correct biometric data to a message in order for it to be recognized as authentic. This provides another barrier to malicious individuals and also accidental usage of another's private key. Thus a password allowing access to one's private key would not suffice. This makes sense since passwords can often be broken and may be made known inadvertently. Using such a system which incorporates real world human characteristics, the law can map crime that takes place in the digital domain back to individuals in the analog domain quite effectively. In the words of Larry Lessig, the law must regulate the "code" to create a situation which is more easily regulable. [26] The only way to ensure greater degree of authentication on the web is to have a system that incorporates analog, human characteristics and digital signature technology.
Unfortunately, there are drawbacks to using biometrics to identify a person. First of all, will the general public find this type of identification intolerable? Web surfers today complain about their web surfing habits being tracked. Imagine how many of these same people will feel about having digital images of their fingers, eyes, and face stored in central databases. In any case, biometrics are making their way into everyday life. Connecticut and Pennsylvania use finger print analysis to correlate welfare records and recipients.[1] And employees at IBM's Lotus site must pass through a hand analysis machine to pick up their children from the company day care center.[1] It is likely that as these devices become more common they will also be more socially acceptable.
In practice, digital signatures are not widely used in electronic commerce today. The fundamental structure of the internet allows for anonymity. Although, your IP address is attached to packets of data that you send, one can use proxy servers to "mask" one's IP address. Given that many users utilize dynamic host configuration protocol (DHCP) in which one's IP address may be different on every new session, authenticating an individual by IP address alone doesn't provide full assurances. This is especially true since the mapping between IP address and the individual is not easy to determine.
Passwords are the most common form of online authentication. For example, an individual who desires to trade stocks online at Fidelity Investments need only know their user name and password. An impostor who somehow was able to obtain this information could easily pose as the legitimate user and inflict any harm that he/she desired. Passwords are a weak form of authentication since they can be shared inadvertently and may be compromised by a hacker. The latter can be accomplished more easily due to the fact that users do not always choose "strong" or random passwords. Rather, users often choose passwords that are easy to remember. These users may also write down their password which allows potential imposters yet another avenue to gain access to their account.
Credit cards serve as another form of online authentication. E-commerce web sites that sell pornography online often require a credit card number before allowing the user to view the desired material. These sites claim that requiring a credit card number provides greater assurance that the individual is over eighteen years of age.
Currently, most web sites rely on an individual to honestly fill out a personal information page before they allow access to their site. One can easily provide false information on this page and still utilize the features of the web site. The web site must assume that the information that you fill out is correct. Essentially, on the internet today we are operating on the honor code. If one travels to Ebay's web site, one has to sign an agreement that states that one has correctly filled out the personal information web page. Ebay states that people who violate this will be subject to prosecution. However, Ebay does not utilize digital signatures to verify the identity of the individual. This presents a major security problem for this online auction company. Individuals could present themselves as someone else and artificially inflate bids for items which they are selling. Clearly, passwords, credit card numbers, and personal information pages don't provide the requisite amount of authentication necessary for online commerce to rapidly grow without the fear of widespread fraud.
Perhaps this degree of authentication is sufficient for sites like Yahoo and Amazon.com. However, for applications like access to confidential medical records authentication and confidentiality are critical. For these applications, digital signature technology will need to be used in an overall trusted environment to provide greater assurance.
Without a doubt, consumers and businesses stand to benefit from the additional security and services offered in such a trusted environment. Information technology will enable the health care system to be more efficient. For example, electronic records allow doctors to better organize data and therefore enable better overall treatment. [8] The flexibility and efficiency of this technology comes along with some serious risks. For example, if medical records were to somehow float on to an internet chat site and insurers and employers were able to view this document, individuals career and financial stability will be at stake. A medical record may contain information about one's mental health, illegal and legal drug use, sexual habits, and demographic information such as one's education, employment status, and family history. The Internet gives one the power to publish something that can be world viewable. Consequently, considerable security measures need to be implemented to prevent people from using this power to expose a document as private as a medical record.
According to [8], "It is a commonplace of data security that risks increase with the value of the information at issue, and in proportion to the number of persons who potentially have access to it." As the risks increase, so too must the security measures. Thus, for such an application the combined system of biometric techniques, trusted computing, and digital signatures should most likely be utilized.
In an interaction between two or more parties, the degree of authentication required depends on what is at stake in the transaction. There must be a layering of authentication mechanisms. According to [10], the lowest level of authentication required should be utilized. This allows one to offer the least amount of information while still allowing the transaction to take place.
In summary, to make applications which require high levels of authentication viable on the internet and to have digital signatures carry greater significance in a court of law, the technology will have to be employed in an overall trusted environment and also combined with physical world authentication mechanisms.
Various legal bodies have begun to address liability issues for contracts which are digitally signed. The American Bar Association's Digital Signature Guidelines are considered to be the most comprehensive set of recommendations concerning digital signatures. The guidelines define a digital signature as "a type of electronic authentication method that meets the formal requirements of asymmetric cryptography deployed within a public key infrastructure." [9] The Digital Signature Guidelines attempt to determine the responsibilities and liability of the sender, recipient, and certificate authority. Under these guidelines, the sender is responsible for keeping their private key safe, maintaining a trustworthy system, and informing the certificate authority if they believe that their private key has been compromised. The certificate authority is responsible for ensuring that their subscriber's information is valid. The recipient is responsible for verifying that a digitally signed document is "reasonable". The recipient must not have reason to believe that either the sender or certificate authority has violated their responsibilities. If the recipient believes that the signature is reliable, then the law will enforce the contract as if it were signed by hand.
However, the guidelines have some serious shortcomings. Jane Kaufman Winn argues in Negotiable Instruments and Digital Signatures states that the ABA's guidelines place too much of a burden on consumers and relying parties. For example, recipients must assess four different factors before they can be sure that a court of law will agree that they are legally entitled to hold the signer to the contract or agreement. They must consider [11]:
The ABA Digital Signature Guidelines also make significant demands of consumers who may not be technologically savvy. The guidelines state that consumers must take measures to maintain a trustworthy system. The ABA guidelines define a trusted system as:
One cannot be certain that today's computers meet this standard. For example, the Microsoft Windows platform is notorious for crashing and therefore it isn't clear whether it provides a reasonable level of availability. The digital signature guidelines also suggest that consumers are responsible for keeping their private key private. However, most consumers do not know how to safeguard their private key. Additionally, consumers usually don't pick "strong" passwords. "Strong" passwords are generally random and are therefore more difficult for hackers to guess. If hackers are easily able to deduce the passphrase that unlocks one's private key, then one's private key will be vulnerable. In what is referred to as the "Grandma picks a bad password and loses her house" [232] scenario, unsuspecting consumers may find that a hacker has obtained their private key and has digitally signed an agreement with it. In such a situation, the digital signature guidelines would require that this unfortunate victim prove that he/she did not in fact digitally sign the fraudulent transaction. This places a huge, unreasonable burden on the backs of consumers. In effect, the consumer is guilty until proven innocent.
Even in practice today, a great deal of liability and burden is placed upon the consumer when they utilize digital signatures. For example, Verisign's Digital IDs ask consumers to agree to the following statement, "[b]y accepting a certificate, the subscriber assumes a duty to retain control of the subscriber's private key, to use a trustworthy system, and to take reasonable precautions to prevent its loss, disclosure, modification, or unauthorized use."[222] This is quite a high standard for consumers to have to live up to. It isn't clear what would be considered a trustworthy system today. The phrase "reasonable precautions is also a vague requirement. Digital signatures will not be widely used unless these issues are resolved.
Winn suggests that the certificate authorities are better able to pool risk and may even be able to demand insurance fees from users to offset any additional liability. The model of placing greater liability on institutions which are better able to pool risk and combat fraud makes sense. One need just look at the way credit card liability is structured to find a suitable example. If an individual determines that his/her credit card has been used fraudulently, then the credit card company is bound by certain federal consumer protection laws to assume this cost. This is reasonable since consumers can't assume the costs every time someone fraudulently obtains their credit card number. If consumers did have to assume this liability, they might be hesitant to purchase items over the phone or give their credit card to salespeople that they did not trust. They would therefore purchase less with their credit card. According to [9], "risk management systems involving centralized risk pooling and insurance should be considered before a system that imposes losses on consumers who will not be able to predict or control the risk." If the guidelines required certificate authorities to provide more consumer protection akin to the requirement for credit card companies, it could potentially foster greater use of digital signatures.
Aside from these limitations of the ABA's guidelines, there are also errors of omission. For example, the guidelines don't adequately address how certificate authorities will initially verify the personal information that a subscriber provides. Ensuring that this process is accurate and relatively simple is critical. Additionally, the ABA's guidelines also do not describe any re-verification procedures. The subscriber's personal information is bound to change over time. In [11] it is suggested that individuals periodically re-verify themselves to the certificate authority and that the date of the last re-verification be presented openly during any transaction. [11] One must understand that the ABA's guidelines have omitted crucial details and are still a work in progress.
While the ABA guidelines have begun a useful dialogue, the federal government and numerous state governments have begun to develop and pass legislation about digital signatures. The Millennium Digital Commerce Act introduced in Congress gives contracts signed electronically the same force as contracts signed by handwritten signatures. The language embodied in the Millenium Digital Commerce Act indicates that the government wants to let market forces shape the architecture for secure electronic commerce. One of the stated purposes of the act is to "permit and encourage the continued expansion of electronic commerce through the operation of free market forces rather than proscriptive governmental mandates and regulations." The Millenium Digital Commerce Act gives states wide latitude to states to develop additional laws concerning digital signatures. The tone of this act illustrates the government's strategy to wait until businesses and consumers have had more time to grapple with the issues involved in using digital signatures before defining broad digital signature regulations.
States such as California and Utah have enacted digital signature legislation which gives digital signatures the same legal force as handwritten signatures. However, if one contends that a digital signature was signed fraudulently, the burden of proof is largely shifted to oneself. [13] Thus, these laws almost assume guilt before innocence. Many of these states provisions are still a work in progress and are being revised. For example, Utah introduced legislation relating to digital signatures in 1995 and later revised their legislation in 1996. It is likely that the digital signature legislation that states pass will have to be modified as new issues arise.
As opposed to watching state legislatures from the sidelines, Congress has attempted to lead by example. H.R. 2991 which was introduced by Congresswoman Anna Eshoo of California and passed in October of 1998 requires government agencies to use digital signatures when submitting federal forms. The Government Paperwork Elimination Act which was passed in 1998 also encourages greater use of electronic signatures in government agency activities. This legislation also requires that the Office of Management and Budget cooperate with the National Telecommunications Information Administration to determine how individual privacy can be protected when using electronic signatures. The Digital Signature Act of 1999 which has been introduced in Congress is "designed to encourage the development of uniform standards for digital signature technology by focusing on federal agencies rather than commercial applications." [28] These laws are definitely a step in the right direction. If the government leads by example then perhaps members of congress may better understand the issues and problems of using digital signatures.
Another piece of legislation titled The Digital Signature and Electronic Authentication Law (SEAL) of 1998, which was introduced in the senate encourages banks to utilize electronic authentication. The act also states that consumers should continue to be protected by the Truth in Lending Act and Electronic Transfer Fund Act. SEAL will attempt to provide a uniform federal framework that will alleviate concerns about conflicting state laws. One issue with SEAL is that it promotes a centralized certificate authority scheme. The federal government would have control over the certificate authorities in SEAL. Privacy protections need to be guaranteed before this centralization of information should be implemented. It remains to be seen how the SEAL bill will be modified over the next year.
Even though federal and state governments have been drafting legislation, there still doesn't exist any case law that specifically makes digital signatures legally binding. There is good reason to believe that the courts will consider them as binding since the courts have held that any type of mark affixed to a document is legally binding assuming that the person actually made the mark. For example, in an 1844 case, Brown v. Butchers and Drovers' Bank the Illinois Supreme Court held that any type of mark not necessarily a signature can be legally binding so long as the person who entered into the contract made the mark. The court said, "A person may be bound by any mark or designation he thinks proper to adopt, provided it be used as a substitute for his name." [13] The courts have determined that electronic signatures on facsimilies, telexes, and telegrams have been held as valid. [25] It is likely that digital signatures will be grouped with the aforementioned category, however one problem stems from the fact that much of case law requires that a written document be used for different transactions. Even documents such as e-mail have not been considered writing in certain cases. For instance, in Walgreen Co. v. Wisconsin Pharmacy Examining Board [14], Walgreens drug store was charged with not providing doctors prescriptions to pharmacists in writing as mandated by state law. The court held that the e-mail that was sent from the doctors to the pharmacy was not considered to be a "writing". Therefore, the court found that the doctors name in the e-mail did not constitute a signature. Overcoming judges bias against electronic signatures may be a major difficulty for plaintiffs who argue that digital signatures should be legally binding.
Integrating digital signatures and thereby an identity system into the fabric of the Internet is no small task. It involves changing an architecture that fundamentally supports anonymity. A viable internet architecture which allows for authentication will exemplify a layered, best effort model down to its core. For example, the architecture should recognize the varying levels at which an individual may authenticate himself/herself.
One must be able to identify oneself online. However, one should not be required to identify oneself unless requested to do so by law enforcement. The real world's driver's license analogy works particularly well here. [10] If one travels in a car one need not carry a drivers license. However, if one drives a car then one is required by law to carry a driver's license. Law enforcement can under certain circumstances question an individual and demand to see his/her identification. However, one is protected under the Fourth Amendment from unlawful searches and seizures. One's driver's license can also used by other entities, such as stores, to verify one's identity.
If one wishes to sit in a passenger seat along the information superhighway then there should be no reason that one should have to identify oneself. However, if one participates in an agreement or contract online then one should carry a driver's license. Further, if a law enforcement official follows due process and decides to investigate the transaction then one should be required to produce some form of identification. This identification can be used by third parties such as shopping stores for authentication also. In this virtual world, the level of authentication that one need produce should be in accordance with the type of transaction being conducted. [10]
To make this example more concrete, imagine a scenario in which an individual decides to surf various non-pornographic web sites. There should be no reason why this individual should be required by law to authenticate himself/herself. If however, this individual decides to purchase a pornographic magazine, then the authentication necessary to prove that this individual is over eighteen years of age should be used. If the individual is participating in online voting, then biometric techniques such as signature verification may need to be incorporated in the authentication process. This layering of authentication mechanisms will allow the maximum flexibility for web users.
With this layered scheme, parties may require any level of authentication. One must negotiate with the other party to determine an appropriate level of authentication. Companies that perform authentication by passwords and credit cards may incur more liability than companies that require authentication through digital signatures and biometric verification. Conversely, consumers who engage in transactions with less stringent authentication mechanisms will face less liability than participants who engage in transactions with more stringent authentication systems. From a legal standpoint, the stronger authentication mechanism provides greater assurance that the individual was involved in the transaction personally and is thus more liable for his actions. Biometric authentication need not be used in all applications. Individual entities can independently decide on the level of authentication that they desire.
The aforementioned layered authentication system upholds one's right to anonymity. The Supreme Court has guaranteed such a right. In NAACP v. Alabama, ex rel. Patterson, (1958), the court rejected Alabama's request for the NAACP to disclose its member list. [30] The Supreme Court stated "...the injury to a right subsequent to disclosure of identity precludes the right to identification." [31] Thus, using this architecture one would still be able to participate in online chat forums that do not require stringent authentication mechanisms. This ensures a person's right to freedom of association and further limits the traceablility of one's speech in a public forum.
No one understands what digital signature architecture will emerge. Consequently, legislation should be "narrowly tailored to address specific legal needs and obstacles". [14] In Clear Signatures, Obscure Signs Adam Scoville says "the level of legal protection and recognition granted signatures must be no greater than is commensurate with the security and reliability provided by the weakest form of signature to qualify for such protection." Right now, legislatures have considered digital signatures on par with handwritten signatures. However, the legislature must consider that the infrastructure and environment necessary for digital signatures to be valid has not yet arrived. In this manner, the "law" is racing ahead of the "code". [26]
Overall, it appears that Congress is on the right track. Bills such as the Digital Signature Act of 1999 are defined narrowly since they only attempt to define digital signature standards for the government and not for commercial applications in general. Acts such as the Government Paperwork Elimination Act which was passed in 1998 also limit their scope to governmental activities. This act states that for forms signed and filed with Federal agencies, "[e]lectronic records... or electronic signatures or other forms of electronic authentication used in accordance with [the procedures and guidelines established pursuant to title] shall not be denied legal effect, validity or enforceability because they are in electronic form." [27] Legislation such as the Internal Revenue Restructuring and Reform Bill which was enacted in 1998, states that tax returns filed electronically "shall be treated for all purposes ... in the same manner as though signed and subscribed." By enforcing such legislation, the government will be able to better understand the issues involved in treating electonic signatures on the same par with handwritten signatures. It is possible that such legislation will result will result in widespread fraud. However, it is better for the government to take calculated risks and thereby define legislation governing digital signatures in a systematic manner.
For example the Health Care Personal Information Nondisclosure Act of 1999 and The Medical Information Privacy and Security Act introduced this year are calculated risks that will push the envelope. These bills encourage the use of digital signatures in the distribution of medical records over the world wide web. They define strict penalties for individuals who compromise other people's confidential medical records. These acts further establish one's right to have private medical records. Such measures will encourage industries to consider the services that they can offer with digital signature technology. In effect, the government can actually accelerate certain industries' adoption of digital signature technology. It is true that additional infrastructure will be needed before such an application can become a reality. However, the government's attempts are laying the ground work for companies to begin offering this service.
The fact that these acts are written in a technology neutral style was a shrewd move by the federal and state governments. This allows the legislation to take hold even when the technology changes. This also reflects the legislature's desire to let the markets decide which technology should be used.
Ideally, the disparate state regulations concerning digital signatures will eventually disappear. A uniform federal policy on digital signatures is necessary since electronic commerce is nation-wide and global in nature and should not be burdened with multiple state digital signature laws conflicting with one another. For now, the various laws concerning digital signatures are necessary. Our lack of experience with digital signatures makes it difficult to clearly draft workable legal codes governing their use. Therefore, a dialogue needs to form and states and the federal government need to be able to learn from each others mistakes during this time period in which no entity knows exactly how laws concerning digital signatures should be drafted.
As trusted computing platforms and biometric authentication systems become more prevalent, the environment will be suited to considering digital signatures as legally binding. Currently, one's private key is too insecure. Additionally, it isn't easy to map an online identity with a physical person. Without this infrastructure, considering digital signatures as legally binding can only hurt consumer confidence in secure electronic commerce and online digital authentication. Aside from the technology that is needed for digital signatures to be viable, a framework in which consumers and recipients assume limited liability must be developed. Without this framework of consumer and recipient protections, these groups will see it as too risky to enter into contracts with strangers online. This will stifle electronic commerce. Certificate authorities that are able to combat fraud and pool risk must assume a greater share of liability. The government should let consumers and businesses become more familiar with digital signature technology before enacting legislation that guarantees their use.
One could argue that digital signatures can't become viable unless the government sets the example. And the government should set such an example by employing digital signature technology and considering its potential in government related work. This will provide a useful testbed in which the government may better understand the issues involved in considering digital signatures as legally binding.
By drafting legislation which is narrowly defined the government can encourage the use of digital signatures and avoid crippling the technology. The government should let an underlying trusted infrastructure develop before drafting broad digital signature legislation such as mandating that consumers be held responsible for contracts which they digitally sign. By employing digital signatures in the government itself and engaging in such experimentation the government may encourage industry to also consider using digital signatures. As the infrastructure of trusted systems and biometric authentication become more prevalent, digital signatures will be poised to profoundly transform the nature of the Internet and worldwide commerce.