[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Digital Signature Legislation (fwd)
On Thu, 22 Feb 1996, Bill Frantz wrote:
> At 20:54 AM 2/20/96 -0500, C. Bradford Biddle <[email protected]> wrote:
> >---------- Forwarded message ----------
> >
> >DIGITAL SIGNATURE LEGISLATION: SOME REASONS FOR CONCERN
[...]
> >LIABILITY
[...]
> The question I have is, does "reasonable care" include keeping your machine
> "virus free"?
A very good question, and one not answered by the Utah Act. The answer to
the question of what constitutes reasonable care for holders of private
keys will have to be addressed through the long, expensive, and inelegant
process of common law evolution: court case after court case after court
case slowly providing an answer. In contrast, the duties of certification
authorities are explicitly described in the Act.
> >There is a second troubling policy choice relating to liability. The Utah
> >Act limits the potential liability of one actor in the infrastructure --
> >the certification authority -- to a fixed amount (termed a "suitable
> >guarantee" and determined by a complex formula or by administrative rule).
>
> The historic precedent is the liability limit on nuclear power plants.
An interesting point, which can be spun several ways. The nuclear
industry has been able to externalize the immense costs of waste storage,
etc. Would the same investments have been made in nuclear energy if the
nuclear industry was forced to internalize all of the costs it generates,
including the costs of potential accidents? Probably not. I suspect that
you could find people who would argue that the liability limits have had
very good consequences (i.e., promoting investment in an ultimately
beneficial technology) and others who would say that the current state of
the nuclear industry points out the harm in allowing an industry to
externalize costs.
> For both these problems, a relatively low liability limit would force
> people to use other techniques (e.g. old style signed contracts) for large
> transactions. While we are working the bugs out of a new technology, with
> new standards of "reasonable care", everyone might win if the risks are
> limited.
Agreed. Letting market forces sort out the most appropriate risk
allocations may be the best solution. This isn't really what the Utah Act
does, however.
> Regards - Bill
>
>
> ------------------------------------------------------------------------
> Bill Frantz | The CDA means | Periwinkle -- Computer Consulting
> (408)356-8506 | lost jobs and | 16345 Englewood Ave.
> [email protected] | dead teenagers | Los Gatos, CA 95032, USA
Thank you for your thoughtful comments.
Brad
Brad Biddle, Legal Intern <[email protected]>
Privacy Rights Clearinghouse, Ctr for Public Interest Law
http://pwa.acusd.edu/~prc
For the record: Someone else who responded to my post on the Cypherpunks
list referred to me as "Dr. Biddle." I think they were misled by Phil
Agre's characterization of me as an "academic" in his introduction to my
article. (Or perhaps just dazzled by the force of my arguments). I am, in
fact, a law *student*, not a law professor.