Diapositive 1 - Vincent Gautrais

Download Report

Transcript Diapositive 1 - Vincent Gautrais

PANEL C – Salon C
Digital Signature: Are they Reliable ?
Vincent Gautrais
(U. de Montreal)
Jean-François Blanchette
(UCLA)
Michael Legary
(Seccuris Inc.)
Mike Neumann
(Adobe)
signature and liability !
vincent gautrais
associate professor
faculty of law
university of montreal
university of montreal chair
in e-Security and e-Business law
www.gautrais.com
Digital Signature: Are they Reliable ?
difficult to say
1
because law definition is not clear
2
because contract decline signature liability
definition
liability is a legal concept
1
definition
signature is a legal concept too
simple definition
1) Identity of the signatory
2) Intention to sign
simple definition
United Nations Convention on the Use of Electronic
Communications in International Contracts (2005)
9. 3. Where the law requires that a communication or a
contract should be signed by a party, or provides
consequences for the absence of a signature, that
requirement is met in relation to an electronic
communication if:
• (a) A method is used to identify the party and to indicate
that party’s
• intention in respect of the information contained in the
electronic communication;
simple definition
Quebec and Civil Code of Quebec (1994)
2827. A signature is the affixing by a person, to a
writing, of his name or the distinctive mark which
he regularly uses to signify his intention.
simple definition
Ontario and Electronic Commerce Act (2000)
simple definition
British Columbia and Electronic Transaction Act
(2001)
But …
not so simple definition
law ask some help from IT …
not so simple definition
Laws proposed technical additional conditions
laws refer sometimes to…
liability
liability signature obligation
United Nations Convention on the Use of Electronic
Communications in International Contracts (2005)
9. 3. and
(…)
(b) The method used is (…) :
(i) As reliable as appropriate for the purpose for which
the electronic communication was generated or
communicated, in the light of all the circumstances,
including any relevant agreement;
liability signature obligation
Ontario and Electronic Commerce Act
(…)
• (a) the electronic signature is reliable for the
purpose of identifying the person; and
• (b) the association of the electronic signature
with the relevant electronic document is reliable.
liability signature obligation
British Columbia and Electronic Transaction Act
(…)
• 21 (d) prescribing records or classes of records for which
a requirement under law for the signature of a person
must be satisfied by an electronic signature and proof
that, in view of all the circumstances including any
relevant agreement and the time the electronic signature
was made,
• (i) the electronic signature is reliable for the purpose of
identifying the person, and
laws refer in other cases to…
Security procedures
Uniform Electronic Transaction Act (USA)
“the use of security procedures is simply one method for
proving the source or content of an electronic record or
signature. A security procedure may be technologically
very sophisticated, such as an asymetric cryptographic
system. At the other extreme the security procedure may
be as simple as a telephone call to confirm the identity of
the sender through another channel of communication. It
may include the use of a mother's maiden name or a
personal identification number (PIN). Each of these
examples is a method for confirming the identity of a
person or accuracy of a message.”
very few cases
what’s fiability ?
what’s a good security procedure ?
2
contract decline liability
contracts are impossible to read
contracts need better usability
contracts commonly used illegal (abusive) clauses
Example
DELL (INCLUDING DELL’S PARENTS, AFFILIATES, OFFICERS,
DIRECTORS, EMPLOYEES OR AGENTS) DOES NOT ACCEPT
LIABILITY BEYOND THE REMEDIES SET FORTH HEREIN,
INCLUDING ANY LIABILITY FOR PRODUCTS NOT BEING
AVAILABLE FOR USE, LOST OR CORRUPTED DATA OR
SOFTWARE, PRODUCTS SOLD THROUGH DELL’S SOFTWARE
AND PERIPHERALS DIVISION, OR THE PROVISION OF
SERVICES OR SUPPORT. DELL WILL NOT HAVE ANY LIABILITY
FOR ANY DAMAGES ARISING FROM THE USE OF THE
PRODUCTS IN ANY HIGH RISK ACTIVITY, INCLUDING, BUT NOT
LIMITED TO, THE OPERATION OF NUCLEAR FACILITIES,
AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR
TRAFFIC CONTROL, MEDICAL SYSTEMS, LIFE SUPPORT OR
WEAPONS SYSTEMS. DELL WILL NOT BE LIABLE FOR LOST
PROFITS, LOSS OF BUSINESS, OR OTHER INCIDENTAL,
INDIRECT, CONSEQUENTIAL, SPECIAL OR PUNITIVE DAMAGES,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES,
OR FOR ANY CLAIM BY ANY THIRD PARTY EXCEPT AS
EXPRESSLY PROVIDED HEREIN.
Example
« Do not use the ING DIRECT Web Site to communicate
to others, to post on the ING DIRECT Web Site, or
otherwise transmit to the ING DIRECT Web Site, any
materials, information, or communication that either
causes any harm to any person or that is illegal or
otherwise unlawful, including without limitation any
hateful, harassing, pornographic, obscene, profane,
defamatory, libellous, threatening materials which
constitutes or may encourage conduct that would be
considered, a criminal offence, give rise to civil liability,
promote the excessive, irresponsible or underage
consumption of alcohol, or otherwise violate any law or
regulation. »
Example
« The limited warranty set forth below is given by
Canon U.S.A., Inc. (Canon U.S.A.) in the United
States or Canon Canada Inc., (Canon Canada) in
Canada with respect to the Canon-brand PowerShot
Digital Camera purchased with this limited warranty,
when purchased and used in the United States or
Canada. »
Example
11. Governing Law
This Agreement is governed by the law of
Sharp’s Audio Visual.
information = oxygen
real need for some contractual marketing
if no liability = no security
End