Introduction

[1] The title of the symposium for which these ideas were solicited was "The Official Version"⁽¹⁾. As a kind of official myself, I am inclined to conclude that we are looking at official records, public records. "The Law" is in some ways a set of rules governing public order, the essence of government. So records of the law are public records and official records: government records.

[2] All three branches of government - legislature, executive and judiciary - produce official public legal records: statutes, regulations and orders, judgments. They produce them and publish them by different methods. One of the early questions we face is whether these types of records require the same kinds of authentication. On the practical side, will the producers of these different kinds of records seek a common understanding of their production in electronic form, so that their authentication will present common rather than diverse problems?

[3] These public records are not all published by public authorities. Most judicial decisions, for example, are published only by private publishers. While statutes are generally published by an "official" publisher, many of them are also made public, with more or less value added, by private sources. The same is true for executive law.

[4] The legal records, from official public or unofficial private sources⁽²⁾, often find their way to their users through private hands, notably libraries.

[5] But there is other "law" as well. Private law is made by agreements among private parties. Contracts are law, in a meaningful sense. Public statements by private sector interests may have legal effect. The records of these actions or transactions are legal records, and often are taken into account by public authorities, such as courts and departments or ministries of the executive branch. So the principles that apply to official legal records often apply equally to private legal records.

[6] Law librarians serve as custodians and locators of the official versions of public and private legal records. This essay explores some of the issues they will face, and the producers of legal records face, and other users will face, in determining the authentic legal record when the record is in electronic format. All of the ideas need - and some of them may even deserve - further development. This whole text could bear the title of this section: introduction.

Electronic records

[7] As David Masse says in his background paper, bits don't care what they are.⁽³⁾ An assemblage of electrons can be music, text, or operating instructions for a machine. What makes them a record is the intention of the parties - the creator of the record (who puts the electrons together) and the user of the record (who interprets⁽⁴⁾ the collected electrons).⁽⁵⁾

[8] The shared intention is shown by the use of compatible systems: hardware, software, communications links.⁽⁶⁾

If I put the CD-ROM of the Ontario statutes (say for the purpose of argument, the "official" version) into my CD player, I will not get music. I will not get intelligible output. If, as the creator intends, I put it into the CD-ROM drive of my computer, then I will get statutes (more or less intelligible, perhaps, but that won't be a problem of format!)

[9] Authentication may be in some sense the detection and demonstration of that shared intention. If the record is "official", then the intention must perhaps be ultimately attributed to a source whose actions have that character.

Intermediaries

[10] David Masse speaks of "disintermediation"⁽⁷⁾, the disappearance of traditional explainers, interpreters, agents, between the public and the people who provides goods and services to the public. One thinks of travel agents in the era of World Wide Web information services and automated booking by carriers; of stockbrokers when (and if) issuers of securities will transfer them on-line; and even lawyers, when "the law" is available in electronic form, from governments or elsewhere.

[11] In my view we will not be left alone on the Web with all those anarchic bits. We already are seeing "reintermediation" - the appearance of new kinds of explainers, interpreters, adders of value to the electronic world. The information technology industry is now the biggest by value in the United States. Many of its participants are intermediaries: Internet Service Providers (with an array of services), Value Added Networks, webmasters, suppliers of electronic cash, archivists, data base compilers, and certification authorities. One could go on.

[12] Among the surviving intermediaries from the paper world one will find librarians, who have always sought to pull order out of chaos. Legal publishers will survive - though when authors can charge (micro)royalties over the Web, and lawyers can access court reports and statutes directly from their origin, publishers will find new ways to add value to attract customers.

[13] And the lawyers, of course. Lyonette Louis-Jacques of Chicago publishes (electronically) a list of electronic mailing lists aimed at lawyers and usually run by lawyers.⁽⁸⁾ Printed out, it comes to nearly 200 pages of names of lists. That is a lot of new-age intermediaries.

[14] In addition, governments of all political persuasions seem to be outsourcing and downsizing (known in Ontario as "alternative service delivery"). This will result in the appearance of new intermediaries to perform what have typically been very public functions: regulation of business, interpretation of public policy, and hence creation of records of purported legal effect.

Claims of authenticity

[15] The proliferation of intermediaries between the person who wants to use a legal record and its source creates a large number of possible "intentions" about the electrons in question. The user faces a lot of claims of authenticity from people with many different interests, not all of them public spirited. Electrons risk casting what has been called "the Net of a Million Lies"⁽⁹⁾ over legal records.

Risks and risk management

[16] Multiple claims of authenticity create multiple risks of inauthenticity. We need to explore these risks. What are the risks in a world of electronic records, i.e. the world of shared intentions? Do they arise from poorly-shared intention? from imperfectly communicated intention? from fraudulent intention? How vulnerable are the bits to slippages of intention?

[17] Do the risks vary with the type of record? With the source of the record? Are court records more or less subject to inauthenticity than statutes or regulations? Contracts?

[18] To a large extent legal advice is advice on risk management. "If you do this, these consequences will probably ensue. To avoid or lessen the chances of those consequences, adjust your actions as follows."

[19] Likewise authentication is risk management. How sure are we that the source of a record has been correctly identified and that the text has not been improperly altered? Nothing in the world is completely certain. Computer security follows that rule. Risk managers seek an appropriate level of "assurance", based on balancing standard factors: the degree of risk of inauthenticity, in the case of legal records (i.e. how likely is the harm of which one is at risk to occur), the gravity of the risk (i.e. how serious is it if it does), the benefit of the risky activity (i.e. how much do we gain from it) and the cost of reducing the risk.

[20] The same factors come into play when we are looking for ways to "care for the bits", in David Masse's phrase⁽¹⁰⁾, to produce assurance of authenticity. Since we are talking about legal records that are produced at one time, whether or not by a government authority, and used at another, usually remote from the creator, we are talking about production, communication and storage. We are talking about a system of records whose risk factors must be estimated and handled.

[21] The creation of system-based assurances of authenticity constitutes a condition precedent for continued expansion in the modern use of the systems in important marketplaces.⁽¹¹⁾

[22] The legal effect of this proposition is shown in the Uniform Electronic Evidence Act, a product of the Uniform Law Conference of Canada.⁽¹²⁾ The Uniform Act replaces the search for an "original" record with the need to show the integrity of the record before the court. Integrity is demonstrated by showing the integrity of the record-keeping system of which the record is part.⁽¹³⁾

Securing the system

[23] Legal records may be produced by many different systems, and used in many more. A secure system, one that provides sufficient guarantees of authenticity, must be secure from end to end, i.e. from the creator of the record to the user. That may be within the control of one record manager or require the work of several records systems. The challenge of maintaining authenticity within a single system differs in some ways from the challenge of ensuring secure communications among systems.

[24] Security may come from secure data or a secure way of storing, retrieving and communicating data. A closed system with solid records management practices may need little else for the users, members of that system, to trust the authenticity of the records. Likewise, a secure physical system that does not allow tampering provides security: buying a CD-ROM ("Read-Only Memory") gives confidence that the data are as the originator has intended. Trust the originator, trust the data. When the system is not so secure, or is unknown, or when the data are communicated over an insecure carrier such as the Internet, then one may compensate for insecure communications by increasing the security of the data themselves.⁽¹⁴⁾

[25] A method that is frequently proposed to secure electronic records is encryption, and in particular, digital signatures.⁽¹⁵⁾ A digital signature uses public key cryptography to ensure the integrity of the record - that it has not been altered - and the source of the record. In practice, identifying the source will depend on the technology itself and on outside knowledge of who has access to it: an example, perhaps, of what John McDonald calls "context".⁽¹⁶⁾

(a) the integrity of the record

[26] To create a digital signature of an electronic record, one applies a "hash function" or "digest function" to the record. This mathematical procedure transforms the record into a shorter record (the "message digest" or "checksum") that is unique to the original record. In other words, if one amended the original record in any way and applied the hash function to it, a different message digest would be produced. It is not feasible to figure out the original message from its digest.

[27] This means that one can test the integrity of an electronic record by running the hash function on it and comparing the message digest to an existing stored digest that one knows to be authentic.⁽¹⁷⁾ If they match, then the record has not been altered since the first digest was created.

[28] This is a good way to ensure the security of one's storage of records. It helps detect degradation of the data from physical causes. It does not in itself prevent someone from altering the stored message digest as well as the record. That is prevented by encrypting the digest with a key that is known to be within the control of a reliable (trusted) person. To test the integrity of the record, therefore, one decrypts the stored digest with the appropriate key, and then proceeds as described in the previous paragraph.

[29] The advantage of public key cryptography is that the key needed to decrypt the digest can be readily available to anyone who wishes to check or use the record, and yet no one but the holder of the private key can create the encrypted digest.⁽¹⁸⁾

(b) the source of the record

[30] If one can decrypt a message with a public key, that message must have been encrypted by the corresponding private key of a key pair. That is certain because of the technology. And if one knows who controls the use of the private key, one knows the source of the record. In some record-keeping systems this will not be a problem. The control of the system will be clear enough to all users that they will know who uses the private key. If they trust that person, they will trust the records "signed" with that key.⁽¹⁹⁾

[31] In other systems, or in communications between systems, this may not be as clear. In that case digital signature theory often turns to a "trusted third party" (i.e. not the creator or the user of the record) who certifies that the private key is held by a particular person or institution. The trusted third party, often known as a certification authority, or CA, links the key used to sign the record to a person.⁽²⁰⁾

[32] A system of public key cryptography with one or more certification authorities and established policies for their operation is called a Public Key Infrastructure, or PKI.⁽²¹⁾

It is arguable that authenticating legal records will in the future require the use of a PKI, or PKIs.⁽²²⁾ But this is far from an automatic process, for several reasons.

[33] There is no single kind or implementation of PKI. A committee of the American Bar Association looking at accreditation of certification authorities has described nine types of PKI, ending with "voodoo PKI" - one for which the reliability of the linkages would be totally speculative⁽²³⁾. Likewise, different CAs may identify the holders of the private key by different methods offering different reliability. A single CA may issue certificates that offer different levels of reliability.⁽²⁴⁾ Someone wishing to rely on a certificate may have to weigh the policies in a CA's "certification practice statement" to see how reliable it is, and the extent to which the CA stands behind it legally.⁽²⁵⁾

[34] As noted, legal records originate in different branches and levels of government, as well as the private sector, across municipal, provincial or international borders. Each government, or each department of government, may have its own PKI. How does one test trust across PKIs, so that different record authentication systems can produce comparable reliability? This is one of the biggest unresolved problems in electronic commerce, and it is important here too.

Authentication: It Ain't Just a Matter of Encryption⁽²⁶⁾

[35] The problem of knowing what a certificate means is just the beginning of questions about the use of digital signatures to establish authenticity of legal records. Authenticity is the result of technology and policy. PKI advocates would not deny this statement; much work is done on policy statements to implement a PKI. But we need policy beyond the scope of the technology.

[36] It has been pointed out that a decision to trust someone - or a source of a communication, or the name on a certificate, in short, a record - must be based on factors outside the assertion of trustworthiness that the record's system makes for itself.⁽²⁷⁾ That decision can be based on evidence of a reliable business process, as John McDonald argues in his companion essay.⁽²⁸⁾ It can be based on prior dealings with a CA, or general institutional trust in a root CA (such as the government or a large bank). It can be based on personal relationships, though that is less likely to be useful where one is seeking to authenticate legal records.

[37] People may also be content to shortcut the full line of authentication. Maybe it will be enough to trace a chain of trust to a known law library, or a known law firm, or a known legal publisher. If users are comfortable relying on the public key of Carswell or Canada Law Book, or the University of Toronto Law Library, then for most purposes they should be able to do so, and bind themselves accordingly, at their risk. There is no obvious reason why the law should protect people against themselves as they decide what is reliable, by requiring stronger authentication than they choose for themselves.⁽²⁹⁾

[38] The user may trust these intermediate (intermediary) sources to use appropriate methods of authentication to get their records to them.⁽³⁰⁾ They themselves may have reliable business processes. They may follow appropriate standards of authentication and storage of the records the user then gets from them.⁽³¹⁾

[39] Some uses of legal records may require higher levels of authentication, i.e. higher levels of trust, or more "official" levels. If a court were asked to take judicial notice of a statute, it might well ask to know that the source of the electronic version presented to it reliably came from a public sector database, such as the CD-ROM issued by the Queen's Printer. This would parallel the practice for paper records, in which the "official version" is preferred by the courts⁽³²⁾. For these purposes, then, one may want an official version that is digitally signed by the source, or perhaps by a keeper of a data warehouse of public legal records. Most users would not need this level of assurance.

[40] Likewise the use of legal records for public purposes, such as deposit on a public register, may require reliance on a more secure authentication. For example, the electronic registration of land records in Ontario being managed by Teranet Land Information Systems will accept records signed by the digital signatures of the solicitors who file them. In this case Teranet will issue the private keys and verify and authenticate the signatures as its own CA, as it were.

[41] One should be cautious about demanding more security for electronic records than current practices demand of paper records, unless the added vulnerability of the electronic version justifies the greater demand.⁽³³⁾ As noted earlier, the level of assurance required, even by a public body, will vary according to its risks. David Masse once said elsewhere that we should not try to create an electronic armoured car where on paper we use an envelope and a regular first-class stamp.

[42] Much of the discussion of secure authentication in electronic commerce focuses on hypothetical large-value transactions between strangers. Without exploring whether this hypothesis is realistic⁽³⁴⁾, it may be observed that legal records will generally not come from strangers, and public, official, legal records will never originate with strangers. As a result, one will not depend on communications security devices to establish who they are or what their authority is for issuing the record. One wants to know only that the record actually came from the official source. It will be much easier to establish a trusted link. A well-known public key of a public authority may travel with the legal record through multiple hands and maintain the trustworthiness of the record throughout its life. (Interjurisdictional records may not benefit from quite so much trust, but foreign governments are also not strangers.)⁽³⁵⁾

Conclusion: Risk Management and Trust Management

[43] What one seeks in order to authenticate legal records depends on one's estimate of the risks of inauthenticity in all the circumstances of the creation, storage, communication and retrieval of the record, including its purpose (the intention of its creator) and the character, in the moral as well as descriptive sense, of the intermediaries between the creator and the user. Put another way, one's demands will depend on the elements of trustworthiness that the system or systems offer. One size will not fit all.

[44] The United Nations Model Law on Electronic Commerce⁽³⁶⁾ proposes legal methods to allow electronic records to be used where rules of law require paper-based concepts like writing, or signature, or original documents. The Model Law sets out "functional equivalents" to these concepts that should satisfy those rules of law. The functional equivalent is often described to be "as reliable as appropriate in the circumstances".⁽³⁷⁾

[45] That approach is the proper one for authentication as well. We get as close as we can, in the circumstances. We consider the system, the business practices, the context, the intention of the parties (including public authorities where necessary), the means of security, and we exercise our best judgment based on why we need to establish authenticity of a particular record. We weigh our risks, we weigh the trust we place in these elements, and we take our chances.

[46] So we find no absolute rule for authenticating legal records. Sometimes pretty good authentication will suffice. Sometimes we will find pretty good authentication with little added to the systems that have managed our paper records over the years. And sometimes we will demand full scale certified digitally signed records. So long as we do not believe that the latter is the goal to which we should strive in all cases, we should be content with the freedom that this gives us to authenticate as we - and the officials to whom we report - see fit.

[March 1998]

Notes

1. The symposium was called "The Official Version: A National Summit to Solve the Problems of Authenticating, Preserving, and Citing Electronic Legal Information", organized by the Canadian Association of Law Libarians. It is described at http://www.callacbd.ca/summit/index.html

2. Sometimes the "official" version of a legal record is published only by a private publisher. Many administrative tribunals, for example (which are an amalgam of judicial and executive functions), contract with the private sector to publish their decisions. As governments "outsource" more and more of their traditional functions, as noted later in the text, it is possible that other publications of "original" legal records will appear first from private publishers.

3. Masse background paper,"The ABCs of Authentication: A is for Atom, B is for Bit, and C is for Care", http://www.callacbd.ca/summit/auth.html, para. 22.

4. See Masse background paper, para 36.

5. The intermediaries between the creator and the user also have a role to play, as noted later in the text.

6. This argument is developed a little further in my article, "Electronic Records in Ontario's Photoradar System", (1995), 6 Journal of Motor Vehicle Law 277.

7. Masse background paper, para 19. This is particularly likely where one is looking for information, where information itself is the product.

8. "Lyo's list" is at http:/www.lib.uchicago.edu/~llou/lawlists/info.html

9. The phrase was used by Verner Vinge in Fire Upon the Deep (1992), a fictional description of an interstellar communications nework seemingly modelled on the Net.

10. Masse background paper para. 35ff.

11. Raymond T. Nimmer and Patricia Krauthouse, "Electronic Commerce: New Paradigms in Information Law ", 31 Idaho Law Review 937, 945 (1995), quoted in Johnston and Handa, CyberLaw (Toronto: General Publishing, 1997), 251 n6.

12. A draft of the Act approved in principle by the Uniform Law Conference in August, 1997 - what one might call a "beta version" - can be found at http://www.law.ualberta.ca/alri/ulc/current/eueea.htm. A consultation paper with more background is at http://www.law.ualberta.ca/alri/ulc/current/eelev.htm. Earlier studies appear in the Proceedings of the Conference for 1994 (.../ulc/94pro/e94j.htm), 1995 (.../ulc/95pro/e95n.htm) and 1996 (.../ulc/96pro/e96b.htm).

13. Uniform Electronic Evidence Act, s. 4.

14. Other examples of systems considered secure enough that encrypted data are not needed include the current Ontario e-filing of court documents. Filers have a contract with the Ministry of the Attorney General and use proprietary software obtained from the Ministry. Records submitted are said not to be "signed", though their origin can be traced accurately through the software and security procedures such as log-in passwords. Most filings in Canada under the Personal Property Security Acts (in force in most of the common law provinces) are electronic, again in a closed, subscription-based system where the signatures do not need the "extra" security of encryption. The result, in both cases, is essentially a public notice of a claim, rather than an automatic according of a legal right. In short, there is more margin for error. The electronic land registration system shortly to be implemented in Ontario creates legal rights on filing, and it will use digital signatures; see text at para 40. As noted, authentication is risk management.

15. See Masse background paper, para.47ff. This essay does not discuss encryption for secrecy or confidentiality of the records, though of course encryption can be used for those purposes.

16. See John McDonald's remarks to The Official Version symposium.

17. Hash functions are publicly known algorithms that cannot be tampered with.

18. I have not attempted to describe how public key cryptography works. As noted, the Masse background paper does that to some extent. In very brief, it uses a mathematical formula to transform the bits of the electronic record in a way that can be made intelligible, i.e. decrypted, only by a related formula. The formulas are keys, and the related keys are called a key pair. One cannot decrypt with the key used to encrypt, but only with the other half of the key pair. Public key cryptography works by having one half of the key pair (the private key) kept secret by the person who uses it, and the other half (the public key) openly available to anyone who might need to decrypt the text. The person who decrypts cannot alter and re-encrypt the record so it will still be readable by the public key.

19. As noted earlier, in a very secure system, one may not need to protect the data, the record, by encryption (digital signature) at all because other business processes provide adequate authentication. Secure systems may choose to use digital signatures to protect the records over time, even when current users are content to rely on the other processes.

20. Linking a person with a private key may be done in other ways than through a trusted third party. Keys or identities may be exchanged in person or by other bilateral communication. The Pretty Good Privacy (PGP) system, whose name is reflected in the title of this essay, builds a "web of trust" through personal references and interconnections: A knows B and B knows C, so A trusts C's digital signature. See http://www.pgp.com. It might be described as a system of trusted second parties. One may debate whether such an informal system should be relied on for official legal records, though it may be perfectly adequate to support reliance on private records with legal effect.

21. The array of distribution, control and use of the keys in a closed system as described in paragraph 30 can be said to constitute an uncertificated public key infrastructure.

22. This discussion greatly simplifies the operation and use of PKIs. See Masse background paper at para. 58. It also leaves out the debate about the legal support for PKIs themselves and whether the law should promote them by special rules on attributing signatures or on liability for faulty identification.

23. The name is obviously not intended as a technical, or permanent, term! See references in note 30.

24. Identifying someone is not as simple as it may sound, either. Those with a strong incentive to deceive a CA can probably manage it in many cases. See Nicholas Bohm, "Authentication, Reliability and Risks", at http://www.mcg.org.br/auth_b1.htm (1997) para 17 - 23.

25. And how does one know that a certificate really comes from the CA that purports to issue it? The certificate is signed with the digital signature of the CA. One reads it with the CA's public key. To link that key with that CA, one might want another certificate from another (more trusted?) CA. One can conceive of a "certification chain" until one arrives at a CA whose key is

known or identity trusted for other reasons. In a hierarchy of CAs, one may arrive at the top of the chain, or the "root CA". Government PKIs are likely to use a root CA for the ultimate level of trust.

26. This title paraphrases the title of a speech by Professor Amelia Boss of Temple University School of Law in Philadelphia, "Security: It Ain't Just a Matter of Encryption", given at a conference of the Electronic Commerce World Institute in Montreal in August, 1995. Professor Boss persuasively explains why security of commercial dealings must be supported far more broadly than by encryption alone. Security includes "a discernable legal and social structure that allows us both to define our own rights [and] the rights of others, and gives us the ability to determine the risks that we face and [make] intelligent choices about their distribution."

27. "Trust is that which is essential to a communications channel but which cannot be transferred from a source to a destination using that channel." Dr. Ed Gerck, at http://www.mcg.org.br/trustdef.htm.

28. John McDonald's paper to The Official Version symposium.

29. One might ask if a consumer protection principle would set a minimum standard of authenticity for records with legal effect on consumers. However, it is not clear what such a requirement would add to existing rules against misrepresentation and in favour of warranties of merchantability and fitness for purpose. The threat to consumers is not generally that the records with which they deal are not authentic, i.e. lack integrity or come from someone unexpected.

30. Efforts are under way in the United States to devise standards for the accreditation of CAs, so the value of their certificates can be compared. The Information Security Committee of the Section of Science and Technology of the American Bar Association is running one such effort. See http://www.abanet.org/scitech/ec/home.html. Here in the text, however, we are talking about a less formal "name recognition" authority. The user trusts them because of who they are, not because the user has investigated what they do.

31. The Uniform Electronic Evidence Act referred to earlier, in footnote 12, expressly allows the integrity of electronic records, and thus their admissibility in evidence, to be judged on whether the record-keeping system complies with recognized standards (including those prescribed by private agreement among parties to a transaction).

32. Ontario, like many other places, directs the courts to give judicial notice to statutes and other "public documents" "purporting to be printed under the authority of" the government of various recognized (trusted) jurisdictions ("within the Queen's dominions"). Evidence Act, R.S.O. 1990 c.E.23, s. 25. To date the Act has not been amended to deal with electronic documents. The Uniform Electronic Evidence Act referred to in note 12 does not deal with this issue (yet).

33. A thorough exposition of this point appears in an article by Nicholas Bohm, "Authentication, Reliability and Risks", at http://www.mcg.org.br/auth_b1.htm. He points out that in the United Kingdom the land registry does not seriously check written signatures, and argues that electronic signatures for that purpose should not require a heavy infrastructure either. "This suggests that remarkably low levels of authentication are quite sufficient to enable substantial transactions to proceed on a large scale without significant practical risk." (para 15).

34. For a number of reasons it may not be. Authentication goes to integrity and attribution of a message, but not to crucial elements about a transaction such as creditworthiness. In general, one needs more "context", as John McDonald says, to have confidence in a record. Where creditworthiness is established, as through bank-sponsored communications - letters of credit, electronically signed credit card transactions using the forthcoming Secure Electronic Transaction protocol - then identity of the originator may be much less important to the party relying on the record. See the Bohm article referred to in note 33.

35. This does not mean that everyone should trust all government, but only that government will have a more obvious public identity than most private actors and a large number of ways of establishing itself as an authentic source.

36. See http://www.un.or.at/uncitral/texts/electcom/ml-ec.htm.

37. For example, the Model Law's Article 7(1) on signatures provides as follows:

Where the law requires a signature of a person, that requirement is met in relation to a data message if:

(a) a method is used to identify that person and to indicate that person's approval of the information contained in the data message; and

(b) that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement.

[BACK], [PROCEEDINGS]