Magazine article American Banker

Multiple Legal Setups Imperil Electronic Commerce

Magazine article American Banker

Multiple Legal Setups Imperil Electronic Commerce

Article excerpt

Somewhat paradoxically, as an increasing number of states are enacting laws to authorize and regulate the use of digital signatures, the prospects for efficiently developing electronic commerce are harmed.

The possibility that 50 states may enact 50 different digital signature laws creates considerable uncertainty for multiparty, multijurisdictional transactions.

While federal preemption may be a solution, it would not resolve other issues that would arise in global electronic commerce.

The keys that are generated by a computer's software and applied to a message transmitted electronically may be viewed as a secure electronic envelope that must be properly opened before the message inside can be read. But there are degrees of security and authentication.

Tom may want to send a secure message to his mother. If he encrypts it with Mom's public key, Mom would then apply her private key-known only to her-to decipher the message. But this only assures Mom that the message has not been altered or read by anyone else. It does not establish that Tom sent the message.

Alternatively, if Tom uses his private key to encrypt the message, anyone can look up his public key and decipher it.

In neither of these examples is both the sender and the security of the message simultaneously authenticated.

However, if Tom encrypts the message with both his private key and Mom's public key, when Mom applies her private key and Tom's public key, both the identity of the sender and integrity of the message can be established. (See graphic.)

State laws or the rules that enforce them may define what a digital certificate authority, or CA, certifies, and establish the situations in which liability may attach. They may similarly determine the size and nature of transactions in which certified digital signatures may be used and the maximum amount of liability that CAs will assume.

The rules may also establish the life span of a particular electronic signature, the respective rights of the parties, the periods within which repudiation or rejection of a transaction may occur, the nature of the evidence that must be offered to prove the existence of an effective certificate, the obligations and rights of the CA, and the authority and obligations of any party from whom the CA receives its "root" certificate.

This last point raises the issue of the need for CA hierarchies and whether either law or practice will require a class of more trusted, super CAs to vouch for them.

In the absence of a specific electronic signature or certification law, bankers playing a role in these transactions would have to satisfy themselves that there is a sufficient legal predicate, certification agreement, and enforcement mechanism for them to certify the existence, use, and validity of an electronic signature.

In addition to the provisions that would normally be included in a written contract signed in the physical world (which operates under state commercial transaction laws, the Uniform Commercial Code, unclaimed property laws, the statute of frauds, jurisdiction and severability of liability), several areas should be addressed in a CA agreement.

These include: allocation of the various risks in the transaction; limitations of risk; bank regulatory and other supervisory concerns, limitations, or conditions; financial incapacity or insolvency of responsible parties; the cost of a certificate; care, maintenance, and protection of the certificate. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.