[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Digital Signatures & THE LAW???




William Geiger III wrote:

>Has there been any concideration for the difference between a digital
>signature that is used only for authentication and one that is legally
>binding??
>
>I would hate for these Digital Signature Laws make every e-mail message I
>sent a legally binding document. :(

I realize I'm in danger of sounding like Tim here, but I remember writing a
long message about this some months ago - perhaps it's available through
the archives.

"Legally binding" isn't a useful way to think about this sort of thing.
Signatures serve at least two different purposes; sometimes they're
required to form a contract (say, for the transfer of an interest in real
estate, or a contract which cannot be performed in less than a year, or for
the sale of goods worth more than $500) and sometimes they serve as
evidence that a person has had access to or contact with a physical thing
(like a paper copy of an agreement).

Contract law does not revolve around signatures, it revolves around
agreements. If you don't have an agreement with someone (and haven't acted
in a way which would have led a reasonable person to think you had an
agreement) then you don't have a contract with them. A signature can be
evidence of an agreement, and it may be required to form certain
agreements; but a signature is not an agreement. It's a pattern made with
ink or with bits; an agreement is a legal relationship. The map is not the
territory. 

If your e-mail doesn't seem to be proposing an agreement, or accepting an
agreement, I don't think you need to worry that you're going to
accidentally form a contract with someone. Other concerns (like, say, that
a digitally signed message could be introduced as evidence in a criminal or
civil trial) seem to stem from the assumption that unsigned messages won't
be admissible .. and I think that assumption will prove to be false. Courts
admit evidence whose origin is disputed or uncertain all of the time, and
trust the jury to decide who they'll believe. There's no reason to assume
that electronic evidence (as opposed to eyewitness accounts, or
photographic evidence, or other falsifiable evidence) will be excluded
because it's potentially suspect. The addition of a digital signature makes
the spurious "But how do you know *I* sent that messsage?" argument less
plausible - but I think that argument's a loser anyway, at least in most
cases.

If you're really worried about it, you could add "THIS KEY WILL NOT BE USED
TO SIGN OR FORM CONTRACTS" to your ID string for your public key - but I'm
not sure it really makes much difference. 
--
Greg Broiles                | US crypto export control policy in a nutshell:
[email protected]         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.