Cryptography Reference
In-Depth Information
The Model Law has been cited as a reference by most electronic signa-
ture legislation. Although the principles of nondiscrimination and func-
tional equivalence have enjoyed wide dissemination, the significance of
the principle of proportionality and the cost-risk trade-offs it entails has
been more rarely acknowledged.
American Bar Association
In 1996, the Information Security Committee of the American Bar Associa-
tion (ABA) published a set of recommendations, “Digital Signature Guide-
lines: Legal Infrastructure for Certification Authorities and Secure Electronic
Commerce,” directed at American state legislatures. The
Utah Digital Sig-
nature Act
, the first American statute to legislate digital signatures, was
directly inspired by the ABA guidelines, itself becoming a “model law” for
other state legislatures. The Guidelines' editorial committee was chaired
by Michael Baum, an attorney and vice president of PKI vendor VeriSign,
and also included three representatives of CertCo, another PKI vendor. It
is thus no surprise that, in contrast with the UNCITRAL Model Law, the
Guidelines were not concerned with establishing a broad legal framework
for electronic authentication technologies. Rather, they advocated for
legislation that literally hard-wired cryptographic signatures into the law
to the exclusion of all other possible authentication technologies:
In a digital setting, today's broad legal concept of signature may well include
markings as diverse as digitized images of paper signatures, typed notations such as
/s/ John Smith, or even addressing notations, such as electronic mail origination
headers. From an information security viewpoint, these simple electronic signatures
are distinct from the digital signatures described in this tutorial and in the technical
literature. . . . These Guidelines use digital signature only as it is used in information
security terminology, as meaning the result of applying the technical processes
described in this tutorial.
32
The defining contribution of the Guidelines however is its introduction
of a number of evidentiary presumptions concerning the validity of digital
signatures: “In resolving a dispute involving a digital signature, it is rebut-
tably presumed that: . . . (2) a digital signature verified by reference to the
public-key listed in a valid certificate is the digital signature of the sub-
scriber listed in that certificate; (3) the message associated with a verified
digital signature has not been altered from its original form.”
33
