[BACK], [PROCEEDINGS] | ||
|
||
Introduction [1] The title of the symposium for which these ideas were solicited was
"The Official Version"(1).
As a kind of official myself, I am inclined to conclude that we are
looking at official records, public records. "The Law" is in some ways a
set of rules governing public order, the essence of government. So records
of the law are public records and official records: government records.
[2] All three branches of government - legislature, executive and
judiciary - produce official public legal records: statutes, regulations
and orders, judgments. They produce them and publish them by different
methods. One of the early questions we face is whether these types of
records require the same kinds of authentication. On the practical side,
will the producers of these different kinds of records seek a common
understanding of their production in electronic form, so that their
authentication will present common rather than diverse problems? [3] These public records are not all published by public authorities.
Most judicial decisions, for example, are published only by private
publishers. While statutes are generally published by an "official"
publisher, many of them are also made public, with more or less value
added, by private sources. The same is true for executive law. [4] The legal records, from official public or unofficial private
sources(2),
often find their way to their users through private hands, notably
libraries. [5] But there is other "law" as well. Private law is made by agreements
among private parties. Contracts are law, in a meaningful sense. Public
statements by private sector interests may have legal effect. The records
of these actions or transactions are legal records, and often are taken
into account by public authorities, such as courts and departments or
ministries of the executive branch. So the principles that apply to
official legal records often apply equally to private legal records.
[6] Law librarians serve as custodians and locators of the official
versions of public and private legal records. This essay explores some of
the issues they will face, and the producers of legal records face, and
other users will face, in determining the authentic legal record when the
record is in electronic format. All of the ideas need - and some of them
may even deserve - further development. This whole text could bear the
title of this section: introduction. Electronic records [7] As David Masse says in his background paper, bits don't care what
they are.(3)
An assemblage of electrons can be music, text, or operating instructions
for a machine. What makes them a record is the intention of the parties -
the creator of the record (who puts the electrons together) and the user
of the record (who interprets(4)
the collected electrons).(5)
[8] The shared intention is shown by the use of compatible systems: hardware, software, communications links.(6) If I put the CD-ROM of the Ontario statutes (say for the purpose of
argument, the "official" version) into my CD player, I will not get music.
I will not get intelligible output. If, as the creator intends, I
put it into the CD-ROM drive of my computer, then I will get statutes
(more or less intelligible, perhaps, but that won't be a problem of
format!) [9] Authentication may be in some sense the detection and demonstration
of that shared intention. If the record is "official", then the intention
must perhaps be ultimately attributed to a source whose actions have that
character. Intermediaries [10] David Masse speaks of "disintermediation"(7),
the disappearance of traditional explainers, interpreters, agents, between
the public and the people who provides goods and services to the public.
One thinks of travel agents in the era of World Wide Web information
services and automated booking by carriers; of stockbrokers when (and if)
issuers of securities will transfer them on-line; and even lawyers, when
"the law" is available in electronic form, from governments or elsewhere.
[11] In my view we will not be left alone on the Web with all those
anarchic bits. We already are seeing "reintermediation" - the appearance
of new kinds of explainers, interpreters, adders of value to the
electronic world. The information technology industry is now the biggest
by value in the United States. Many of its participants are
intermediaries: Internet Service Providers (with an array of services),
Value Added Networks, webmasters, suppliers of electronic cash,
archivists, data base compilers, and certification authorities. One could
go on. [12] Among the surviving intermediaries from the paper world one will
find librarians, who have always sought to pull order out of chaos. Legal
publishers will survive - though when authors can charge (micro)royalties
over the Web, and lawyers can access court reports and statutes directly
from their origin, publishers will find new ways to add value to attract
customers. [13] And the lawyers, of course. Lyonette Louis-Jacques of Chicago
publishes (electronically) a list of electronic mailing lists aimed at
lawyers and usually run by lawyers.(8)
Printed out, it comes to nearly 200 pages of names of lists. That is a lot
of new-age intermediaries. [14] In addition, governments of all political persuasions seem to be
outsourcing and downsizing (known in Ontario as "alternative service
delivery"). This will result in the appearance of new intermediaries to
perform what have typically been very public functions: regulation of
business, interpretation of public policy, and hence creation of records
of purported legal effect. Claims of authenticity [15] The proliferation of intermediaries between the person who wants
to use a legal record and its source creates a large number of possible
"intentions" about the electrons in question. The user faces a lot of
claims of authenticity from people with many different interests, not all
of them public spirited. Electrons risk casting what has been called "the
Net of a Million Lies"(9)
over legal records. Risks and risk management [16] Multiple claims of authenticity create multiple risks of
inauthenticity. We need to explore these risks. What are the risks in a
world of electronic records, i.e. the world of shared intentions? Do they
arise from poorly-shared intention? from imperfectly communicated
intention? from fraudulent intention? How vulnerable are the bits to
slippages of intention? [17] Do the risks vary with the type of record? With the source of the
record? Are court records more or less subject to inauthenticity than
statutes or regulations? Contracts? [18] To a large extent legal advice is advice on risk management. "If
you do this, these consequences will probably ensue. To avoid or lessen
the chances of those consequences, adjust your actions as follows."
[19] Likewise authentication is risk management. How sure are we that
the source of a record has been correctly identified and that the text has
not been improperly altered? Nothing in the world is completely certain.
Computer security follows that rule. Risk managers seek an appropriate
level of "assurance", based on balancing standard factors: the degree of
risk of inauthenticity, in the case of legal records (i.e. how likely is
the harm of which one is at risk to occur), the gravity of the risk (i.e.
how serious is it if it does), the benefit of the risky activity (i.e. how
much do we gain from it) and the cost of reducing the risk. [20] The same factors come into play when we are looking for ways to
"care for the bits", in David Masse's phrase(10),
to produce assurance of authenticity. Since we are talking about legal
records that are produced at one time, whether or not by a government
authority, and used at another, usually remote from the creator, we are
talking about production, communication and storage. We are talking about
a system of records whose risk factors must be estimated and
handled. [21] The creation of system-based assurances of authenticity
constitutes a condition precedent for continued expansion in the modern
use of the systems in important marketplaces.(11)
[22] The legal effect of this proposition is shown in the Uniform
Electronic Evidence Act, a product of the Uniform Law Conference of
Canada.(12)
The Uniform Act replaces the search for an "original" record with the need
to show the integrity of the record before the court. Integrity is
demonstrated by showing the integrity of the record-keeping system of
which the record is part.(13)
Securing the system [23] Legal records may be produced by many different systems, and used
in many more. A secure system, one that provides sufficient guarantees of
authenticity, must be secure from end to end, i.e. from the creator of the
record to the user. That may be within the control of one record manager
or require the work of several records systems. The challenge of
maintaining authenticity within a single system differs in some ways from
the challenge of ensuring secure communications among systems. [24] Security may come from secure data or a secure way of storing,
retrieving and communicating data. A closed system with solid records
management practices may need little else for the users, members of that
system, to trust the authenticity of the records. Likewise, a secure
physical system that does not allow tampering provides security: buying a
CD-ROM ("Read-Only Memory") gives confidence that the data are as the
originator has intended. Trust the originator, trust the data. When the
system is not so secure, or is unknown, or when the data are communicated
over an insecure carrier such as the Internet, then one may compensate for
insecure communications by increasing the security of the data
themselves.(14)
[25] A method that is frequently proposed to secure electronic records
is encryption, and in particular, digital signatures.(15)
A digital signature uses public key cryptography to ensure the integrity
of the record - that it has not been altered - and the source of the
record. In practice, identifying the source will depend on the technology
itself and on outside knowledge of who has access to it: an example,
perhaps, of what John McDonald calls "context".(16)
(a) the integrity of the record
[26] To create a digital signature of an electronic record, one applies
a "hash function" or "digest function" to the record. This mathematical
procedure transforms the record into a shorter record (the "message
digest" or "checksum") that is unique to the original record. In other
words, if one amended the original record in any way and applied the hash
function to it, a different message digest would be produced. It is not
feasible to figure out the original message from its digest. [27] This means that one can test the integrity of an electronic record
by running the hash function on it and comparing the message digest to an
existing stored digest that one knows to be authentic.(17)
If they match, then the record has not been altered since the first digest
was created. [28] This is a good way to ensure the security of one's storage of
records. It helps detect degradation of the data from physical causes. It
does not in itself prevent someone from altering the stored message digest
as well as the record. That is prevented by encrypting the digest with a
key that is known to be within the control of a reliable (trusted) person.
To test the integrity of the record, therefore, one decrypts the stored
digest with the appropriate key, and then proceeds as described in the
previous paragraph. [29] The advantage of public key cryptography is that the key needed to
decrypt the digest can be readily available to anyone who wishes to check
or use the record, and yet no one but the holder of the private key can
create the encrypted digest.(18)
(b) the source of the record [30] If one can decrypt a message with a public key, that message must
have been encrypted by the corresponding private key of a key pair. That
is certain because of the technology. And if one knows who controls the
use of the private key, one knows the source of the record. In some
record-keeping systems this will not be a problem. The control of the
system will be clear enough to all users that they will know who uses the
private key. If they trust that person, they will trust the records
"signed" with that key.(19)
[31] In other systems, or in communications between systems, this may
not be as clear. In that case digital signature theory often turns to a
"trusted third party" (i.e. not the creator or the user of the record) who
certifies that the private key is held by a particular person or
institution. The trusted third party, often known as a certification
authority, or CA, links the key used to sign the record to a person.(20)
[32] A system of public key cryptography with one or more certification authorities and established policies for their operation is called a Public Key Infrastructure, or PKI.(21) It is arguable that authenticating legal records will in the future
require the use of a PKI, or PKIs.(22)
But this is far from an automatic process, for several reasons. [33] There is no single kind or implementation of PKI. A committee of
the American Bar Association looking at accreditation of certification
authorities has described nine types of PKI, ending with "voodoo PKI" -
one for which the reliability of the linkages would be totally
speculative(23).
Likewise, different CAs may identify the holders of the private key by
different methods offering different reliability. A single CA may issue
certificates that offer different levels of reliability.(24)
Someone wishing to rely on a certificate may have to weigh the policies in
a CA's "certification practice statement" to see how reliable it is, and
the extent to which the CA stands behind it legally.(25)
[34] As noted, legal records originate in different branches and levels
of government, as well as the private sector, across municipal, provincial
or international borders. Each government, or each department of
government, may have its own PKI. How does one test trust across PKIs, so
that different record authentication systems can produce comparable
reliability? This is one of the biggest unresolved problems in electronic
commerce, and it is important here too. Authentication: It Ain't Just a Matter of Encryption(26)
[35] The problem of knowing what a certificate means is just the
beginning of questions about the use of digital signatures to establish
authenticity of legal records. Authenticity is the result of technology
and policy. PKI advocates would not deny this statement; much work is done
on policy statements to implement a PKI. But we need policy beyond the
scope of the technology. [36] It has been pointed out that a decision to trust someone - or a
source of a communication, or the name on a certificate, in short, a
record - must be based on factors outside the assertion of trustworthiness
that the record's system makes for itself.(27)
That decision can be based on evidence of a reliable business process, as
John McDonald argues in his companion essay.(28)
It can be based on prior dealings with a CA, or general institutional
trust in a root CA (such as the government or a large bank). It can be
based on personal relationships, though that is less likely to be useful
where one is seeking to authenticate legal records. [37] People may also be content to shortcut the full line of
authentication. Maybe it will be enough to trace a chain of trust to a
known law library, or a known law firm, or a known legal publisher. If
users are comfortable relying on the public key of Carswell or Canada Law
Book, or the University of Toronto Law Library, then for most purposes
they should be able to do so, and bind themselves accordingly, at their
risk. There is no obvious reason why the law should protect people against
themselves as they decide what is reliable, by requiring stronger
authentication than they choose for themselves.(29)
[38] The user may trust these intermediate (intermediary) sources to
use appropriate methods of authentication to get their records to them.(30)
They themselves may have reliable business processes. They may follow
appropriate standards of authentication and storage of the records the
user then gets from them.(31)
[39] Some uses of legal records may require higher levels of
authentication, i.e. higher levels of trust, or more "official" levels. If
a court were asked to take judicial notice of a statute, it might well ask
to know that the source of the electronic version presented to it reliably
came from a public sector database, such as the CD-ROM issued by the
Queen's Printer. This would parallel the practice for paper records, in
which the "official version" is preferred by the courts(32).
For these purposes, then, one may want an official version that is
digitally signed by the source, or perhaps by a keeper of a data warehouse
of public legal records. Most users would not need this level of
assurance. [40] Likewise the use of legal records for public purposes, such as
deposit on a public register, may require reliance on a more secure
authentication. For example, the electronic registration of land records
in Ontario being managed by Teranet Land Information Systems will accept
records signed by the digital signatures of the solicitors who file them.
In this case Teranet will issue the private keys and verify and
authenticate the signatures as its own CA, as it were. [41] One should be cautious about demanding more security for
electronic records than current practices demand of paper records, unless
the added vulnerability of the electronic version justifies the greater
demand.(33)
As noted earlier, the level of assurance required, even by a public body,
will vary according to its risks. David Masse once said elsewhere that we
should not try to create an electronic armoured car where on paper we use
an envelope and a regular first-class stamp. [42] Much of the discussion of secure authentication in electronic
commerce focuses on hypothetical large-value transactions between
strangers. Without exploring whether this hypothesis is realistic(34),
it may be observed that legal records will generally not come from
strangers, and public, official, legal records will never originate with
strangers. As a result, one will not depend on communications security
devices to establish who they are or what their authority is for issuing
the record. One wants to know only that the record actually came from the
official source. It will be much easier to establish a trusted link. A
well-known public key of a public authority may travel with the legal
record through multiple hands and maintain the trustworthiness of the
record throughout its life. (Interjurisdictional records may not benefit
from quite so much trust, but foreign governments are also not
strangers.)(35)
Conclusion: Risk Management and Trust Management
[43] What one seeks in order to authenticate legal records depends on
one's estimate of the risks of inauthenticity in all the circumstances of
the creation, storage, communication and retrieval of the record,
including its purpose (the intention of its creator) and the character, in
the moral as well as descriptive sense, of the intermediaries between the
creator and the user. Put another way, one's demands will depend on the
elements of trustworthiness that the system or systems offer. One size
will not fit all. [44] The United Nations Model Law on Electronic Commerce(36)
proposes legal methods to allow electronic records to be used where rules
of law require paper-based concepts like writing, or signature, or
original documents. The Model Law sets out "functional equivalents" to
these concepts that should satisfy those rules of law. The functional
equivalent is often described to be "as reliable as appropriate in the
circumstances".(37)
[45] That approach is the proper one for authentication as well. We get
as close as we can, in the circumstances. We consider the system, the
business practices, the context, the intention of the parties (including
public authorities where necessary), the means of security, and we
exercise our best judgment based on why we need to establish authenticity
of a particular record. We weigh our risks, we weigh the trust we place in
these elements, and we take our chances. [46] So we find no absolute rule for authenticating legal records.
Sometimes pretty good authentication will suffice. Sometimes we will find
pretty good authentication with little added to the systems that have
managed our paper records over the years. And sometimes we will demand
full scale certified digitally signed records. So long as we do not
believe that the latter is the goal to which we should strive in all
cases, we should be content with the freedom that this gives us to
authenticate as we - and the officials to whom we report - see fit.
[March 1998] 1. The symposium was called "The Official Version: A National Summit to Solve the Problems of Authenticating, Preserving, and Citing Electronic Legal Information", organized by the Canadian Association of Law Libarians. It is described at http://www.callacbd.ca/summit/index.html 2. Sometimes the "official" version of a legal record is published only by a private publisher. Many administrative tribunals, for example (which are an amalgam of judicial and executive functions), contract with the private sector to publish their decisions. As governments "outsource" more and more of their traditional functions, as noted later in the text, it is possible that other publications of "original" legal records will appear first from private publishers. 3. Masse background paper,"The ABCs of Authentication: A is for Atom, B is for Bit, and C is for Care", http://www.callacbd.ca/summit/auth.html, para. 22. 4. See Masse background paper, para 36. 5. The intermediaries between the creator and the user also have a role to play, as noted later in the text. 6. This argument is developed a little further in my article, "Electronic Records in Ontario's Photoradar System", (1995), 6 Journal of Motor Vehicle Law 277. 7. Masse background paper, para 19. This is particularly likely where one is looking for information, where information itself is the product. 8. "Lyo's list" is at http:/www.lib.uchicago.edu/~llou/lawlists/info.html 9. The phrase was used by Verner Vinge in Fire Upon the Deep (1992), a fictional description of an interstellar communications nework seemingly modelled on the Net. 10. Masse background paper para. 35ff. 11. Raymond T. Nimmer and Patricia Krauthouse, "Electronic Commerce: New Paradigms in Information Law ", 31 Idaho Law Review 937, 945 (1995), quoted in Johnston and Handa, CyberLaw (Toronto: General Publishing, 1997), 251 n6. 12. A draft of the Act approved in principle by the Uniform Law Conference in August, 1997 - what one might call a "beta version" - can be found at http://www.law.ualberta.ca/alri/ulc/current/eueea.htm. A consultation paper with more background is at http://www.law.ualberta.ca/alri/ulc/current/eelev.htm. Earlier studies appear in the Proceedings of the Conference for 1994 (.../ulc/94pro/e94j.htm), 1995 (.../ulc/95pro/e95n.htm) and 1996 (.../ulc/96pro/e96b.htm). 13. Uniform Electronic Evidence Act, s. 4. 14. Other examples of systems considered secure enough that encrypted data are not needed include the current Ontario e-filing of court documents. Filers have a contract with the Ministry of the Attorney General and use proprietary software obtained from the Ministry. Records submitted are said not to be "signed", though their origin can be traced accurately through the software and security procedures such as log-in passwords. Most filings in Canada under the Personal Property Security Acts (in force in most of the common law provinces) are electronic, again in a closed, subscription-based system where the signatures do not need the "extra" security of encryption. The result, in both cases, is essentially a public notice of a claim, rather than an automatic according of a legal right. In short, there is more margin for error. The electronic land registration system shortly to be implemented in Ontario creates legal rights on filing, and it will use digital signatures; see text at para 40. As noted, authentication is risk management. 15. See Masse background paper, para.47ff. This essay does not discuss encryption for secrecy or confidentiality of the records, though of course encryption can be used for those purposes. 16. See John McDonald's remarks to The Official Version symposium. 17. Hash functions are publicly known algorithms that cannot be tampered with. 18. I have not attempted to describe how public key cryptography works. As noted, the Masse background paper does that to some extent. In very brief, it uses a mathematical formula to transform the bits of the electronic record in a way that can be made intelligible, i.e. decrypted, only by a related formula. The formulas are keys, and the related keys are called a key pair. One cannot decrypt with the key used to encrypt, but only with the other half of the key pair. Public key cryptography works by having one half of the key pair (the private key) kept secret by the person who uses it, and the other half (the public key) openly available to anyone who might need to decrypt the text. The person who decrypts cannot alter and re-encrypt the record so it will still be readable by the public key. 19. As noted earlier, in a very secure system, one may not need to protect the data, the record, by encryption (digital signature) at all because other business processes provide adequate authentication. Secure systems may choose to use digital signatures to protect the records over time, even when current users are content to rely on the other processes. 20. Linking a person with a private key may be done in other ways than through a trusted third party. Keys or identities may be exchanged in person or by other bilateral communication. The Pretty Good Privacy (PGP) system, whose name is reflected in the title of this essay, builds a "web of trust" through personal references and interconnections: A knows B and B knows C, so A trusts C's digital signature. See http://www.pgp.com. It might be described as a system of trusted second parties. One may debate whether such an informal system should be relied on for official legal records, though it may be perfectly adequate to support reliance on private records with legal effect. 21. The array of distribution, control and use of the keys in a closed system as described in paragraph 30 can be said to constitute an uncertificated public key infrastructure. 22. This discussion greatly simplifies the operation and use of PKIs. See Masse background paper at para. 58. It also leaves out the debate about the legal support for PKIs themselves and whether the law should promote them by special rules on attributing signatures or on liability for faulty identification. 23. The name is obviously not intended as a technical, or permanent, term! See references in note 30. 24. Identifying someone is not as simple as it may sound, either. Those with a strong incentive to deceive a CA can probably manage it in many cases. See Nicholas Bohm, "Authentication, Reliability and Risks", at http://www.mcg.org.br/auth_b1.htm (1997) para 17 - 23. 25. And how does one know that a certificate really comes from the CA that purports to issue it? The certificate is signed with the digital signature of the CA. One reads it with the CA's public key. To link that key with that CA, one might want another certificate from another (more trusted?) CA. One can conceive of a "certification chain" until one arrives at a CA whose key is known or identity trusted for other reasons. In a hierarchy of CAs, one may arrive at the top of the chain, or the "root CA". Government PKIs are likely to use a root CA for the ultimate level of trust. 26. This title paraphrases the title of a speech by Professor Amelia Boss of Temple University School of Law in Philadelphia, "Security: It Ain't Just a Matter of Encryption", given at a conference of the Electronic Commerce World Institute in Montreal in August, 1995. Professor Boss persuasively explains why security of commercial dealings must be supported far more broadly than by encryption alone. Security includes "a discernable legal and social structure that allows us both to define our own rights [and] the rights of others, and gives us the ability to determine the risks that we face and [make] intelligent choices about their distribution." 27. "Trust is that which is essential to a communications channel but which cannot be transferred from a source to a destination using that channel." Dr. Ed Gerck, at http://www.mcg.org.br/trustdef.htm. 28. John McDonald's paper to The Official Version symposium. 29. One might ask if a consumer protection principle would set a minimum standard of authenticity for records with legal effect on consumers. However, it is not clear what such a requirement would add to existing rules against misrepresentation and in favour of warranties of merchantability and fitness for purpose. The threat to consumers is not generally that the records with which they deal are not authentic, i.e. lack integrity or come from someone unexpected. 30. Efforts are under way in the United States to devise standards for the accreditation of CAs, so the value of their certificates can be compared. The Information Security Committee of the Section of Science and Technology of the American Bar Association is running one such effort. See http://www.abanet.org/scitech/ec/home.html. Here in the text, however, we are talking about a less formal "name recognition" authority. The user trusts them because of who they are, not because the user has investigated what they do. 31. The Uniform Electronic Evidence Act referred to earlier, in footnote 12, expressly allows the integrity of electronic records, and thus their admissibility in evidence, to be judged on whether the record-keeping system complies with recognized standards (including those prescribed by private agreement among parties to a transaction). 32. Ontario, like many other places, directs the courts to give judicial notice to statutes and other "public documents" "purporting to be printed under the authority of" the government of various recognized (trusted) jurisdictions ("within the Queen's dominions"). Evidence Act, R.S.O. 1990 c.E.23, s. 25. To date the Act has not been amended to deal with electronic documents. The Uniform Electronic Evidence Act referred to in note 12 does not deal with this issue (yet). 33. A thorough exposition of this point appears in an article by Nicholas Bohm, "Authentication, Reliability and Risks", at http://www.mcg.org.br/auth_b1.htm. He points out that in the United Kingdom the land registry does not seriously check written signatures, and argues that electronic signatures for that purpose should not require a heavy infrastructure either. "This suggests that remarkably low levels of authentication are quite sufficient to enable substantial transactions to proceed on a large scale without significant practical risk." (para 15). 34. For a number of reasons it may not be. Authentication goes to integrity and attribution of a message, but not to crucial elements about a transaction such as creditworthiness. In general, one needs more "context", as John McDonald says, to have confidence in a record. Where creditworthiness is established, as through bank-sponsored communications - letters of credit, electronically signed credit card transactions using the forthcoming Secure Electronic Transaction protocol - then identity of the originator may be much less important to the party relying on the record. See the Bohm article referred to in note 33. 35. This does not mean that everyone should trust all government, but only that government will have a more obvious public identity than most private actors and a large number of ways of establishing itself as an authentic source. 36. See http://www.un.or.at/uncitral/texts/electcom/ml-ec.htm. 37. For example, the Model Law's Article 7(1) on signatures provides as follows: Where the law requires a signature of a person, that requirement is met in relation to a data message if: (a) a method is used to identify that person and to indicate that person's approval of the information contained in the data message; and (b) that method is as reliable as was appropriate for the purpose for
which the data message was generated or communicated, in the light of all
the circumstances, including any relevant agreement. |