The Digital World and its impact on the Legal World

1
The Digital World and its impact on the Legal
World
Tony Sutherland Ess Consulting
2
Relying on Paper is a Fools Paradise
Ess Consulting
3
How business will be conducted
Ess Consulting
4
MIS Australia - March 1998

• MIS - One of the biggest stumbling blocks for
  organisations wishing to carry out business
  online is that the legal framework isnt in place
  yet. ...

Ess Consulting

• Alston - There are separate legal issues about
  validation of contracts, about verification of
  digital signatures, about encryption technology
  in terms of security, and theyre all being
  addressed and we will be in a position to make
  some announcements in the not too distant future.

5
MIS Australia - March 1998

• Alston - There will probably also be a need
  for legislation to allow for the courts to accept
  digital signatures and digitally signed contracts
  so that there is a proper enforcement mechanism
  but I dont think thats going to be a very
  difficult issue.

Ess Consulting
6
How business is conducted today
Ess Consulting
7
How business is conducted today

• Receive fax with letter of engagement, requesting
  signature.

Ess Consulting
8
How business is conducted today

• Pull up image of fax in software - save in
  correct directory.

Ess Consulting
9
How business is conducted today
Ess Consulting

• Apply scanned signature to sign line, annotate
  date - re-save.

10
How business is conducted today

• Send back the image document via fax.

Ess Consulting
11
How business is conducted today

• Nothing ever printed.

Ess Consulting
12
Was it signed?

• Applying a scanned hand-written signature
  constitute signing?

Ess Consulting

• Applying a drawn X (or cross)?
• What about typing name in with S/ using an
  annotation tool?

13
Digitally Assisted Paper Fraud

• Hypothetically
• I am having a little contretemps with the
  contracting authority.

Ess Consulting
14
Digitally Assisted Paper Fraud

• Before I sign and save the document, I perform a
  little creative accounting.

Ess Consulting
42,000
12,000
15
Digitally Assisted Paper Fraud

• I fax the document back as before - Nothing ever
  printed.

Ess Consulting
16
Digitally Assisted Paper Fraud

• At the contracting authority office, they print
  and file the received fax - on the paper file.
  This is now the latest copy - and signed copy -
  of the contract.

Ess Consulting
17
Digitally Assisted Paper Fraud

• Which is the correct version? How can one tell
  from simply perusing the paper?

Ess Consulting
18
Absolutely Fabulous

• I also get a hankering for some

Ess Consulting
Bolle.
19
Absolutely Fabulous

• I copy and paste the Contract Managers signature.

Ess Consulting
20
Absolutely Fabulous

• I put together a Purchase Order - with their logo
  - ordering TEN crates of the best Bolle,
  delivering to Room 666, Sheraton Southgate.

Ess Consulting
21
Absolutely Fabulous

• I fax the PO to LiquorLand, who promptly deliver

Ess Consulting
22
Absolutely Fabulous

• I make a few phone calls and we party on.

Ess Consulting
23
Absolutely Fabulous

• When LiquorLand sends an invoice for payment, the
  Contract Manager denies sending the PO, and
  doesnt pay the bill. LiquorLand contemplate
  suing for the money but decide it will be too
  difficult.

Ess Consulting
...

• Meanwhile, I have had the best party of my life.

24
Business conducted via email
Ess Consulting
25
What about email?

• Is signing with S/ Tony Sutherland a valid
  signature?
• Does the addition of a sig constitute signing?
• Does sending an email without a signature, but
  known to come from your address, constitute the
  equivalent of signing?

Ess Consulting
26
Issues Raised

• The issues are well known in legal terms
• Confidentiality
• Integrity
• Authenticity
• Non-Repudiation

Ess Consulting
27
Digital Solutions

• There are many other scenarios whereby the
  current operations - especially those predicated
  on a paper model - can no longer be relied on.
• The solution is available in the digital world
  (and has been for many years).

Ess Consulting
Encryption
Digital Signatures
28
Encryption

• Cryptography the science of converting messages
  or data into a different form, so that they can
  only be read by using a key
• Cryptology the science of breaking or
  cracking encryption schemes, by discovering the
  key

Ess Consulting
29
Digital Signatures

• Digital Signatures are a reliable electronic
  means of signing electronic documents that
  provides send authentication, message integrity
  and non-repudiation, in a convenient and
  efficient manner.
• Note the difference between electronic signatures
  and digital signatures

Ess Consulting
30
How Digital Signatures Work
SENDER
Res IPSA LOQUITUR

• S1. Plain Text Document

S2. Produce Message Digest (hash)
101000110
Ess Consulting
S!G09USET
S3. Encrypt Message Digest with Senders Private
Key
Res IPSA LOQUITUR S!G09USET
S4. Attach to Message
S5. Obtain Receivers Public Key
POI5RE83R
FSD9dsa97SFef(WR4
S6. Encrypt Message and Signature with Receivers
Public Key
S7. Send Secure Message and Signature
FSD9dsa97SFef(WR4
31
How Digital Signatures Work
RECEIVER
R1. Receive Secure Message and Signature
FSD9dsa97SFef(WR4
Ess Consulting
R2. Decrypt Message and Signature with Receivers
Private Key
Res IPSA LOQUITUR S!G09USET
R3. Separate Signature from Message (now in plain
text)
S!G09USET
Res IPSA LOQUITUR
9yH56fc
R4. Obtain Senders Public Key
R5. Decrypt Signature with Senders Public Key
101000110
R6. Produce Message Digest (hash)
101000110
Confidentiality Integrity Authentication Non-Repud
iation
R7. Compare Sent Message Digest with Calculated
Digest
32
Digital SolutionsSatisfying Confidentiality

• Confidentiality is satisfied because messages are
  encrypted and not easily read without substantial
  effort.

Ess Consulting
33
Digital SolutionsSatisfying Authentication

• Only the sender can (digitally) sign a message
  using her private key,
• therefore if the (digital) signature is properly
  decrypted using the senders public key,
• it must have come from the sender.

Ess Consulting
34
Digital SolutionsSatisfying Non-repudiation

• In a similar vein to Authenticity,
• only the sender can (digitally) sign a message
  using her private key.
• A successful decryption of the (digital)
  signature means the signature can only have come
  from the sender,
• who therefore can not deny signing (and sending)
  the message.

Ess Consulting
35
Digital SolutionsSatisfying Integrity

• The message digest can only be calculated with
  respect to the text which it is hashing.
• Thus, if the sent message digest equates to the
  message digest calculated on the message at the
  receiving end,
• it means that the message must be intact (it has
  not been tampered with).

Ess Consulting
36
Certificate Authorities

• The digital signature process relies on finding,
  retrieving and using the public keys of both
  senders and receivers.
• Certificate Authorities (CAs) are trusted sources
  of public keys.
• CAs issue certificates, verifying that the public
  key to be used is valid and up-to-date.
• International standard CCITT X.509

Ess Consulting
37
Key Escrow

• Escrow is an arrangement whereby something is
  deposited with a trusted party, to be accessed by
  a third party under special conditions only.
• Key escrow (of private keys) is needed so that
  encrypted messages can be read under certain
  conditions, such as
• An employee leaves the organisation
• Law enforcement requirements.

Ess Consulting
38
Legal Progress of these Digital Solutions

• Australia - PKAF Report (Strategies for the
  implementation of a Public Key Authentication
  Framework for Australia)
• United States -
• National Institute of Standards and Technology
  Federal Digital Signature Standard
• American Bar Association Guidelines
• Malaysia - Public Key Infrastructure Pilot

Ess Consulting
39
Legal Progress of these Digital Solutions

• Arizona - accept digital signatures for documents
  filed with the office of the secretary of state.
• California - digital signatures affixed to
  communications with public entities.
• Connecticut - use of electronic signatures for
  certain medical records.
• Delaware - electronic signatures with respect to
  accounting and payroll documents.
• Florida - Electronic Signature Act of 1996.
• Iowa - electronic signatures for voter
  registration forms.
• Illinois - Electronic Commerce Security Act.
• Louisiana - "alphanumeric or similar codes,
  fingerprints, or other identifying methods" for
  medical records.

Ess Consulting
40
Legal Progress of these Digital Solutions

• New Mexico - Electronic Authentication of
  Documents Act - its purpose is to "provide a
  centralized, public, electronic registry for
  authenticating electronic documents by means of a
  public and private key system promote commerce
  and facilitate electronic information and
  document transactions.
• Utah - Utah Digital Signature Act - The first to
  authorize commercial use of digital signatures.
  It governs the use of public-private key pair
  encryption and certification authorities.
• Virginia - use of digitized signatures, thereby
  enabling what is referred to as electronic
  commerce.
• Washington - Digital Signature Act, enabling
  reliable electronic messages, to minimize the
  incidence of forged digital signatures and fraud
  in electronic commerce. The Governor signed the
  bill digitally.

Ess Consulting
41
Digital Solutions and the Courts
Ess Consulting
42
Problems with the Digital Solutions

• Ability to crack keys
• Privacy
• Certification requires identification
• De-facto Australia Card
• Government Control
• Law Enforcement

Ess Consulting
43
Where to from here?

• The Bleedin Obvious The Digital World is here
  to stay!
• Business will be transacted digitally, and the
  law (and the Courts) must embrace digital
  concepts
• Legislation
• Experience and Understanding
• Use
• Lateral Re-think on Privacy and associated issues

Ess Consulting
44
FIN
Ess Consulting