Fw: Revised Digital Signature Law Review Article Available

Rohit Khare (khare@w3.org)
Mon, 4 Nov 1996 18:56:15 -0500

The included URL leads to a comprehensive resource on US State digsig
legislation; Bradford has done some great work analyzing the Utah law in
particular. Good bits, all... RK

> From: Bradford Biddle <BIDDLECB@COOLEY.COM>
> To: biddle@acusd.edu
> Cc: kaye@ix.netcom.com
> Subject: Revised Digital Signature Law Review Article Available
> Date: Monday, November 04, 1996 6:38 PM
> This message is blind cc'd to a number of folks who have expressed
> varying degrees of interest in my law review article concerning digital
> signature legislation. (If my name doesn't ring a bell for you we
> probably met at either the ABA meeting in Orlando or at the DIMACS
> crypto conference at Rutgers). A revised version of the article is now
> available online, linked at:
> http://www.SoftwareIndustry.org/issues/1digsig.html
> The article (or "Comment," in law review parlance) has been retitled
> "Misplaced Priorities: The Utah Digital Signature Act and Liability
> Allocation in a Public Key Infrastructure." It is scheduled to be
> published in volume 33 of the San Diego Law Review this month.
> For those of you who have read the April 8, 1996 draft, I've made some
> substantive changes from that version, mostly in the section where I
> propose alternative liability allocations different from those imposed
> by the Utah Act. I ended up dropping any proposal for a state-backed
> insurance pool (except in one very narrow circumstance) and instead
> propose a model which takes "fault" as far as it will go, and then
> allocates risk for 'fault-free' losses on the party that relied on the
> digital signature. I do propose capping consumer liability even for
> negligence at a tiered amount -- i.e., $500 for "ordinary negligence,"
> $2500 for "gross negligence," $5000 for "recklessness," no limit for
> intentional wrongs. Relying parties would bear the risk of loss in
> excess of these limits.
> For those of you that haven't seen the April draft, the gist of the
> Comment is that I criticize the Utah Digital Signature Act for its
> singleminded emphasis on creating an attractive legal environment for
> certification authorities and its consequent neglect of other important
> policies, such as consumer protection. Ultimately, I argue, these
> "misplaced priorities" will undermine the Act's ostensible goal of
> facilitating the development of a public key infrastructure. I compare
> the Utah Act's risk allocation scheme with several other models -- the
> "credit card model," the "notary model," and the "toll-fraud model" --
> to show that private key holders bear an inordinate share of risk under
> the Utah Act.
> Please feel free to contact me with any questions, comments, criticism,
> or suggestions.
> (Thank you to Kaye Caldwell of the Software Industry Coalition for
> graciously volunteering to put my Comment online. Her site, at the URL
> above, is an excellent compilation of material related to digital
> signature legislation, and a superb resource for anyone interested in
> this issue.)
> Brad Biddle
> * 3L, University of San Diego School of Law
> * Law Clerk, Cooley Godward LLP (San Diego, California)
> v: (619) 550-6301 f: (619) 453-3555 e: biddlecb@cooley.com