Thursday, April 13, 2006

Do digital signatures create unintended contracts?

According to a recent UK court judgment, Metha v J Pereira Fernandes SA [2006] EWHC 813 (Ch) (07 April 2006) almost certainly not in any common law jurisdiction.

The term 'digital signature' has always been a liability. The legal system has a very clear idea of what a signature is. A digital signature is something else entirely.

A digital signature provides a nearly unforgeable proof that the party that created it knew the private signing key corresponding to the public key used to verify the signature. If the private key is only known to one particular party that amounts to nearly irrefutable proof that the message was authenticated by that party.

People often ask me if this point has ever been tested in a court of law. To my knowledge it has not and I don't expect this to happen any time in the near future either. Cryptography offers a degree of certainty that is far far greater than any other form of evidence courts are asked to deal with.

Cryptography offers certainty but cryptography is only one part of a security system. A lawyer wanting to raise a question about the authenticity of the signature would be much better advised to attempt to raise doubt about the methods used to generate and protect the private key and the infrastructure used to identify the key holder than attempt to dispute the security of the signature algorithm. Even these arguments are fairly weak, the risk of loosing control of a private key are negligible in comparison to the difficulties raised by autograph signatures. Is the signature genuine? Was the document altered after the signature was made?

The real concern when using digital signatures is intention. Does the security protocol generate a signature that the user did not intend to create? Is it possible for a user to repudiate a signature that was intended to create a binding contract?

Most of the scenarios raised in crypto mailing lists are really about intention even if the apparent topic is key security. If a company really wants to use a digital signature as a method of signing contracts they are going to make pretty certain that they protect their private key.

This particular judgment is important because it helps answer the question of whether using a protocol such a DKIM might have the unintended side effect of causing an unintended contract offer or acceptance to be made. It is clear that it does not. It also helps us answer the other part of the question, is it possible for a signer to repudiate a digital signature intended to be an offer or acceptance of a contract? Again the answer appears to be no.

The one part of the judgment that should be cause for some concern is the conclusion that an email can contain an offer or an acceptance of contract even if there is no digital signature or other form of authentication whatsoever. That means that it is enirely possible for an attacker to create a forged email and then claim that it is a contract.

The best way to guard against this possibility is to sign every email message with a transparent, infrastructure level signature scheme such as DKIM.

1 comment:

Unknown said...

I am surprised to know about this fact. But after reading the entire summary I am somehow convinced with this fact. I will remember your advice.
digital signatures