Tag Archives: digital

July 1 / All Articles, Computing

Clear Signatures, Obscure Signs

There are two kinds of digital signatures: signatures good enough for a six dollar trade among friends, and signatures good enough for a six figure trade between strangers. [1] This Article considers both, from the digital equivalent of an initialed placemat to secure verification techniques more like notarizations. Nationally and internationally, diverse groups and bodies have been propelling the development of digital signature and certificate authority regulation and legislation. This Article examines the need for such legislation, questioning the assumption that current law presents, at best, uncertainties or, at worst, outright barriers to the use of electronic records and signatures. This analysis attempts to determine the extent of such uncertainty or conflict, by examining case law, as well as the most crucial technological and policy issues that face the drafters of digital signature legislation. Finally, the major statutes, drafts, and model laws are evaluated with regard to their efficacy in addressing the concerns so identified. [2]

The fundamental question legislation drafters face is the same question courts face: under what circumstances are electronic records and signatures as trustworthy as traditional writings and signatures? Beyond this question, however, many groups have also considered whether there is a need to legislate proactively in order to encourage the use of the more secure varieties of electronic signatures and to stimulate electronic commerce. To analyze fully the existing common-law environment for the treatment of digital records and signatures, one would ideally examine cases involving both low security records (e.g., a faxed signature, a name in text at the end of an e-mail) and records protected by elaborate security measures (particularly those that have been cryptographically signed). Unfortunately, while the law has long dealt with the application of new technologies by which non pen-and-ink signatures are used, as of yet there are no cases ruling on the per se validity of writings or signatures where a message was cryptographically signed. [3]

Thirteen states have digital signature statutes that apply generally to public and private settings; at least six have already passed “comprehensive” legislation also including the regulation of certificate authorities. [4] Pioneered by the Utah Digital Signature Act, [5] the “comprehensive” laws set precise rules governing the validity of signatures, the issuance and revocation of certificates, and the regulation of certificate authorities. In addition, a growing number of states have enacted limited statutes specifying only a vague outline for digital signature validity and delegating broad rulemaking authority to executive agencies. [6] Various guidelines and model laws have also contributed greatly to the evolution of state laws in this area, including efforts by the American Bar Association, the National Conference of Commissioners on Uniform State Laws (“NCCUSL”), which is preparing a Uniform Electronic Transactions Act, and the United Nations Commission on International Trade Law (“UNCITRAL”).

Several subordinate concerns must also be considered in the preparation of digital signature laws and drafts. As should be evident from the discussion herein, different types of electronic “signing” yield different levels of reliability. Drafters must acknowledge that it may be necessary to abandon bright line, “yes or no” rules in order to treat different kinds of signatures appropriately in all cases. This may mean leaving digital signatures equivalent to normal, signed documents in some cases and attaching evidentiary presumptions to others, even within the same statutory scheme. Some of these protections may be appropriate for generically defined signatures, and other measures may be appropriate only when specific, proven technologies, such as public key encryption, are used. In addition, digital signature laws must avoid interfering with the validity of electronic authentication procedures agreed to by contract, and with the validity of already-valid traditional signatures.

Drafters concerned solely with removing impediments in pre-existing laws may view the question of enhanced protection for secure signatures very differently from those who think the legal environment should proactively encourage the use of secure authentication methods. Either viewpoint may be appropriate, but drafters must be aware of their objectives. Moreover, digital signature statutes would be most effective if they were uniform and compatible with the laws of other states and nations. Yet, this goal must be balanced against preserving decentralization of regulation in order to allow experimentation and evolution in this nascent industry, and to avoid the negative privacy implications of an overly centralized infrastructure.

In short, the legal landscape is treacherous. It is therefore critical that any legislation be made with deliberate caution, adherent to two basic, guiding principles. First, given the uncertain environment, legislation must be narrowly tailored to address specific legal needs and obstacles. Second, the level of legal protection and recognition granted signatures must be no greater than is commensurate with the security and reliability provided by the weakest form of signature to qualify for such protection.


Adam White Scoville

April 15 / All Articles, Computing, Copyright

Misunderstanding RAM: Digital Embodiments and Copyright

In the opinion of the United States federal courts, digital software embodied in a computer’s Random Access Memory (RAM) is sufficiently fixed to constitute a “reproduction” under the Copyright Act. As a reproduction, the creation of the RAM embodiment, or the loading of software into RAM, is a potential copyright infringement. However, a close reading of the Act and its legislative history reveals that a digital work embodied in RAM should not be considered a reproduction of the work. Furthermore, including digital works embodied in RAM as reproductions is a poor fit in light of the policy behind the Copyright Act. This would mean that every time a person opens a computer program, he or she might be infringing a copyright. The courts’ widely criticized finding can be explained, at least in part, by early law makers’ confusion about computer memory and inability to fit RAM into previous constructs. Courts and law makers have built on each others’ flawed or non-existent analysis of RAM embodiments as reproductions since the 1976 Act was being drafted. These approaches ignored the purpose behind the fixation requirement when interpreting it. Since digital embodiments in RAM do little harm to a copyright holder, their categorization as reproductions is not consistent with the policy behind the fixation requirement for reproductions.

In response to the intuitive incorrectness of the current law and its contradiction with the policy behind copyright law, critics have made several arguments against finding an embodiment in RAM to be an infringement. Critics argue that RAM embodiments should be afforded one of the defenses of fair use, copyright misuse, or per section 117(1), that the copying is an essential step in the program’s utilization. This paper, however, focuses on another argument born of the same policy considerations: That a RAM embodiment is not sufficiently fixed to be a reproduction under the Copyright Act’s definitions.