Re: Repudiating non-repudiation

2003-12-29 Thread Jerrold Leichter
Ian's message gave a summary that's in my accord with how courts work.  Since
lawyers learn by example - and the law grow by and example - here's a case
that I think closely parallels the legal issues in repudiation of digital
signature cases.  The case, which if I remember right (from hearing about it
20 years ago from a friend in law school) is known informally as the
Green Giant Peas case, and forms one of the bases of modern tort liability.

The beginning of the 20th century lead to the first mass production, distri-
bution, and marketing of foods.  Before that, you bought peas.  Now, you
could buy a can of Green Giant Peas, sold by a large manufacturer who sold
through stores all over the place, and advertised for your business.

Someone bought a can of Green Giant Peas at a local store.  The can contained
metal shavings.  The purchaser we injured, and sued Green Giant.  One of the
defenses Green Giant raised was:  Just because it says Green Giant on the label
doesn't *prove* Green Giant actually packed the stuff!  The plaintiff must
first prove that these peas really were packed by Green Giant.  Such defenses
had worked in the past - there are many of the same general flavor, insisting
that no recovery should be possible unless plaintiff could reach a level of
proof that was inherently unreachable.  In this case, the courts finally
threw out this defense.  I can't find the actual case on line, but at (a curious site -
it seems to be mainly in Chinese) the following text appears:

D. Self-authentication: A few types of documents are
self-authenticating, because they are so likely to be what they
seem, that no testimony or other evidence of their genuineness need be
produced. [474 - 475]

1. State provisions: Under most state statutes, the following
are self-authenticating: (1) deeds and other instruments that
are notarized; (2) certified copies of public records (e.g., a
certified copy of a death certificate); and (3) books of
statutes which appear to be printed by a government body
(e.g., a statute book appearing to be from a sister state or
foreign country).

2. Federal Rules: FRE 902 recognizes the above three classes,
and also adds: (1) all official publications (not just
statutes); (2) newspapers or periodicals; and (3) labels,
signs, or other inscriptions indicating ownership, control,
or origin (e.g., a can of peas bearing the label Green Giant
Co. is self-authenticating as having been produced by Green
Giant Co.).

Self-authenticating here seems very close in concept to what we are trying
to accomplish with digital signatures - and the Green Giant example shows how
the law grows to encompass new kinds of objects.  But it's also important to
look at how self-authentication is actually implemented.  Nothing here is
absolute.  What we have is a shift of the burden of proof.  In general, to
introduce a document as evidence, the introducer has to provide some
proof that the document is what it purports to be.  No such proof is
required for self-authenticating documents.  Instead, the burden shifts to
the opposing console to offer proof that the document is *not* what it
purports to be.  This is as far as the courts will ever be willing to go.

-- Jerry

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Repudiating non-repudiation

2003-12-29 Thread robin benson
On 29 Dec 2003, at 19:29, Paul A.S. Ward wrote:

This first case is actually quite amusing.  I was recently the subject 
of identity theft.
Specifically, the thieves had my SSN (SIN, actually, since it is in 
Canada), and my
driver's licence number.  They produced a fake driver's licence, and 
used it to open
bank accounts in my name.  When this all came to light, the bank 
wanted a notarized
document that said that I did not open these accounts or know anything 
about them.
And what was required for notarization?  I had to go to city hall and 
get someone
who had never met me before to look at my photo ID (which was my 
drivers licence)
and sign the form saying it was me!  Great system!
A friend of mine went through the same city hall process in the US, 
although for a different reason (still in the context of proof of 
identity) and was given a dot-matrix printout which was then considered 
good enough for somebody else who had previously declared a current 
passport as falling short of the mark.

robin benson
+44 114 2303764
+44 7967 354544
hammerhead media limited
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]