I've been interested in this discussion and have been doing some research into 
the legal status here in Panama.

In 2001 the assembly voted into effect Law 43 more commonly known as the 
electronic commerce law.

http://neuclear.org/ley43.pdf (in Spanish)

It is supposedly based on UNCITRAL of which I admitedly know very little. So I 
was rereading the law after having read Ben and Nicholas' excellent overview:
http://www.apache-ssl.org/tech-legal.pdf

In a civil law country like Panama things work a bit differently to the to me 
preferred Common law way of doing it. IANAL and my Spanish aint perfect 
either, but here is my analyis of Non Repudiation  of Digitally Signed 
Messages in Panama.

The real meat of the matter is handled in Article 31 (Page 10). "Guarantees 
derived from the acceptance of a Certificate":

        "The subscriber, at the time of accepting a certificate, guarantees all the    
 
        people of good faith to be free of fault, and his information contained 
        within is correct, and that: 

        1. The authenticated electronic company/signature verified by means of this 
        certificate, was created under his exclusive control.

        2. No person has had access to the procedure of generation of the electronic 
        signature.

        3. The information contained in the certificate is true and corresponds to 
        the provided one by this one to the certification organization."

This is backed up by article 33 (Page 11). "Causes for Revocation of 
Certificates":
        
        "The subscriber of a verified digital signature is obliged to seek revokation
        of the certificate under the following circumstances:

        1. Loss of information to validate the Certificate 

        2. If the privacy of the certificate has been exposed or there is danger of 
        illicit use of the certificate.

        3. If the subscriber doesnt solicit revocation in any of the proceeding cases
        he will be held responsible for any losses or damages incurred by 3rd parties
        of good faith, who confide in the contents of the certificate.

Now bearing in mind the slight misunderstandings of technical terms in the 
law. I see this as saying that once someone accepts a certificate from a CA, 
he is legally responsible in Panama for all information signed by his private 
key. Even under the loss of control of the private key, unless the person 
specifically revokes his key.

I will forward this to a couple of Panamanian lawyers as well to see if they 
would like to comment as well.

Pelle
-- 
http://talk.org     + Live and direct from Panama
http://neuclear.org + Clear it both ways with NeuClear

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to