Alt, aber lesenswert: "Legislating Market Winners"

Mal eine andere Meinung zu Gesetzgebung zu digitalen Signaturen.

Definitiv lesenswert.



Legislating Market Winners 

Digital Signature Laws and the Electronic
Commerce Marketplace 

C. Bradford Biddle 


This paper argues that certain enacted digital signature laws are
premised upon false assumptions, and inappropriately enshrine a
business model which would not evolve naturally in the marketplace.
In attempting to solve an unsolvable liability allocation problem,
such legislation harms consumers and the future evolution of
electronic commerce. The article points out that alternative
business models can solve the liability allocation problem. Despite
obvious flaws, legislation of this type continues to be proposed,
partly because the infrastructure created by these laws coincides
with the needs of key escrow proponents. Ultimately the article
argues that digital signature laws, which impose a particular view
of electronic commerce, should be abandoned in favor of laws that
remove specific, well-defined barriers to electronic commerce and
that allow the electronic commerce marketplace to evolve unfettered.

The argument goes something like this: Internet commerce is hampered
by the authentication problem. There is no reliable way to ensure
that the sender of an electronic transmission is in fact who they
purport to be. Though digital signatures, supported by a "public key
infrastructure" (PKI) of certification authorities (CAs) and
certificate databases can solve this authentication problem, CAs
will not emerge under the current legal regime because they face
uncertain and potentially immense liability exposure. Additionally,
the legal status of digitally signed documents is unclear.
Therefore, legislation is needed to define and limit CA liability
and to establish the legality of digitally signed documents. [A]

This argument has captured an influential segment of the legal
community, and has led to the enactment of "digital signature
legislation" (described later in the article) in several U.S. states
and foreign nations. Unfortunately, the argument is built on
fundamentally flawed assumptions, and the legislation enacted based
upon it is correspondingly flawed. Much (but not all) of the digital
signature legislation enacted to date presumes a vision of
electronic commerce that simply is not tenable, and which would not
"naturally" evolve in the marketplace. This legislation poses the
risk of profoundly distorting an infant market and locking in
business models which are harmful to consumers and to the future
development of electronic commerce.

The type of public key infrastructure (PKI) envisioned by many of
the existing digital signature laws is not viable. The problem is
liability. Digital signature legislation drafters have assumed that
the potential liability exposure faced by CAs is somehow a flaw of
the existing legal regime. This is an erroneous assumption: the
liability exposure faced by CAs under the "open PKI" model
envisioned by legislation drafters is a product of a business model
that cannot internalize the costs associated with its
implementation. Moreover, in attempting to limit the liability
exposure of CAs, current digital signature laws shift an immense
liability burden onto consumers who use the infrastructure
envisioned by these laws. Putting this type of liability burden on
consumers violates long-held tenets of public policy, and is a
result which consumers would reject in any truly "bargained for"

Digital signatures will undoubtedly play a significant role in
electronic commerce. However, rather than being implemented in the
"open PKI" model envisioned by various digital signature laws,
digital signatures are more likely to be utilized under a "closed
PKI" system. Under a closed PKI system, the liability problems
associated with digital signatures become much more manageable. This
article describes the differences between open and closed PKI, and
suggests that, in the absence of legislative displacement, certain
marketplace trends indicate that closed PKI is indeed the likely
market winner.

The open PKI model can and should compete against closed PKI and
other authentication technologies, and should not be accorded
special legal status via legislation. Such legislation is
unnecessary: the "contractual privity problem" which is used to
justify open PKI legislation is a red herring. Commercial CAs
utilizing the open PKI model can compete in the marketplace without
special PKI legislation. These CAs are unlikely to succeed, not
because of flaws with the legal system, but because the open PKI
model is not a winning business model.