Cryptography Reference
In-Depth Information
preservation of all governmental records. Its official 2005 policy for cryp-
tographically signed records of transactions provides the record-keeping
requirements “for establishing or supporting the trustworthiness of the
transaction and meeting evidentiary requirements in any legal proceeding
relating to the transaction.”
43
The policy bluntly states that “for digitally
signed records that have been scheduled and appraised as permanent,
NARA currently has no intention of using the digital signature's re-valida-
tion capabilities to establish authenticity of the record or of maintaining
that capability into the future.”
44
Because it does not have the resources to
maintain the complex and expensive infrastructure required for the per-
formance of signature verification, NARA will rely on the transferring
agency for attesting “to the authenticity and integrity of the record at the
time of transfer of legal custody of the materials to NARA.”
45
For nonper-
manent records under the responsibility of the original agency, NARA
suggests that digitally signed records be supplemented with a “textual,
easily understood 'summary trust record' . . . that should collect, at a
minimum, the fact that the PKI digital signature is valid, the date/time
validated, and the transaction ID.”
46
Thus, the event of signature verif-
ication, the visible and provable demonstration of authenticity with the
power to compel a judge's assent, is supplemented or altogether replaced
by a simple attestation that the event took place at some earlier point in
time.
Lynch and colleagues describe a similar situation in criminal law with
respect to DNA profiling. Although the technology was initially granted a
status of irrefutable proof of identification, it met with a surprising defeat
during the course of O. J. Simpson's murder trial in 1995. As they noted,
By following the samples from the crime scene to the laboratory, and then from the
laboratory to the tribunal, one realizes that the genetic fingerprint may only serve
its role of competent witness
if and only if
the succession of transactions during
sampling, transport, preservation, digitization, and analysis of the sample is itself
testified to by witnesses, certified and duly registered by responsible authorities. To
be considered as such, the truth contained in the automatic signature (the genetic
bar code) must be accompanied, surrounded by a whole series of bureaucratic traces:
handwritten signatures on standard forms, actual bar-codes affixed on bags contain-
ing the samples, etc.”
47
Rather than the DNA sample, it is those bureaucratic traces that were
successfully contested during the Simpson trial. The requirements for the
