(Dewan Rakyat, Monday): The Digital Signature Bill used the Utah Digital Signature Act as the model. Utah is the first to have digital signature legislation, which was signed into law on March 9, 1995. The potential benefits of the public key infrastructure (PKI) implemented by the Utah Act are considerable, as a well-functioning public key infrastructure would allow private individuals, businesses and governments to routinely and securely conduct personal, financial and legal affairs over open networks like the Internet.
Before Malaysia followed Utah’s footsteps to develop the digital signature legislation, the Utah Digital Signature Act had already become a putative "Model Act" for about a dozen other states in the United States.
However, it is obvious that the drafters of the Bill had not recognized certain policy choices made by, and certain problems with, the Utah Act.
The biggest criticism against the Utah Digital Signature Act is that the liability allocations of the Utah Act inappropriately impose potentially unlimited risk on users of digital signatures, ignoring an important policy of consumer protection. The Utah Act had also been criticised for limiting the liability of certification authorities as undermining the economic integrity of the PKI implemented by the Act.
The drafters should explain why they have not taken into consideration these reservations, as consumers who participate in the infrastructure developed under the Utah Act subject themselves to far greater risk of extensive liability than they face in a variety of analogous situations in the United States and face greater evidentiary burdens in resolving disputes that arise under the Act.
We should realise that in ignoring consumer protection as an important policy consideration, the drafters are undermining the ostensible goal of promoting the development of a public key infrastructure. Ultimately, consumers will not utilize a system which subjects them to potentially unlimited liability.
Under the Digital Signature Act, users of digital signatures are held to a standard of reasonable care in preventing disclosure of their private encryption key. In contrast to the carefully articulated duties imposed on certification authorities, the Utah Act is virtually silent when it comes to determining what constitutes reasonable care on the part of subscribers in safeguarding their private keys. This means that the issue of what constitutes reasonable care would be shaped by the expensive process of court decisions gradually determining a standard.
In the long run a sensible, workable standard may emerge from this process. In the meanwhile, however, this lack of a clear standard could lead to inconsistent decisions by courts struggling to understand a complex, emerging technology, and lead to inequitable results for those unable to marshal the considerable resources necessary to make complicated, technology-based arguments before a tribunal which may be ill-equipped to understand the relevant issues.
The drafters of this Bill should know that the Utah Digital Signature Act is the subject of hot debate in professional circles in the United States on its pros and cons, merits and demerits, whether it protects consumer interests, etc.
The Utah Signature Digital Act is in fact the product of the discussion and consultation between the Utah state government and the American Bar Association, but this is not followed here. The Digital Signature Bill is the sole decision of the Attorney-General, without the benefit of discussion and consultation with the public as to how to deal with problems which could arise from the implementation of the new law.
Let us consider the hypothetical situation, adapted from the example given by the drafters of the Utah Act to illustrate the difficulties that the allocations of liability and evidentiary burdens under the Utah Act pose for subscribers who utilize digital signatures under the Act:
Cedric, a licensed certification authority, duly issues a certificate to Susan, who accepts it. Cedric publishes the certificate in a recognized repository. Susan’s private key, which corresponds to the public key in the certificate, is kept on a floppy disk. Irving, a malicious computer hacker, releases a computer virus on the Internet that finds its way onto Susan’s computer. Subsequently when Susan uses her private key, the virus program surreptitiously sends a copy of Susan’s private key to Irving. Irving immediately uses the private key to cash a $10,000 electronic check drawn upon Susan’s account payable to a numbered, anonymous account in a state having rigorous bank secrecy laws. Irving disappears and cannot be found. As soon as Susan learns of the fraud she revokes her certificate.
According to the analysis of this scenario provided by the drafters of the Utah Act, under the Act Susan will be liable for the loss caused by the forgery if she failed to exercise reasonable care in safeguarding her private key. The Act provides no guidance as to whether the failure to protect one’s computer from a virus constitutes a breach of the duty of reasonable care.
Thus Susan must obtain the services of a lawyer well-versed in computer technolotgy and go to court. Susan must overcome the presumption that the electronic check signed with her digital signature is valid and binding upon her. The electronic check will have the status of an acknowledged document, so clear and convincing evidence is required to challenge its validity. Susan must show that in fact she did not affix the digital signature in question. Furthermore, she must show that she did not breach her duty of care in allowing Irving, the criminal, to obtain her private key. If Susan is unsuccessful after this time-consuming process, then Susan will bear the $10,000 loss and many times this loss in legal fees.
The allocations of liability and evidentiary burdens imposed by the Utah Act, therefore, put users of digital signatures who are victimized by fraud in a position that is disadvantageous compared to several analogous situations. Consumers who participate in the infrastructure developed under the Utah Act subject themselves to a far greater risk of liability than they face in other electronic transactions, such as credit card or debit card transactions.
The question is why are we following Utah? Had there been an extensive public discussion as to whether we have to follow Utah or whether we had thought of other options to introduce digital signatures?
It has been contended in the United States that the liability allocations and evidentiary burdens of the Utah Act contradict the spirit, and in certain circumstances (such as the example of Susan and Irving), the letter, of consumer-protection statutes such as the Electronic Fund Transfer Act (EFTA) and the Turth-in-Lending Act. Moreover, a defrauded consumer challenging the practice of a certification authority in court faces more difficult evidentiary burden than a defrauded consumer challenging the practice of a notary.
The liability allocations and burdens of proof imposed by the Utah Act most closely resemble the law relating to telecommunications "toll fraud", which itself has been highly controversial.
It is worth examining how consumers’ rights in the United States in transactions utilizing digital signatures under the Utah Act contrast sharply with the liability rules governing the Electronic Fund Transfer Act.
To illustrate the potential applicability of the EFTA to transactions utilizing digital signatures, reconsider the hypothetical example involving Susan and Irving mentioned just now.
According to the analysis provided by the drafters of the Utah Act, Susan will likely be liable for the loss caused by the forgery if she failed to exercise reasonable care in safeguarding her private key. While this may be true as far as the Utah Act goes, this analysis fails to consider the applicability of the EFTA, which, under this scenario, would likely preempt the Utah Act and limit Susan’s liability to US$50 and impose the bulk of the loss upon the financial institution, as well as shift the burden of proof in any dispute away from Susan and onto the financial institution.
The maximum damage a credit card user in the United States is liable in the case of fraud of the credit card is US$50. We do not have such a consumer-protection law in Malaysia. What is worse, we are not even following the Utah Digital Act as we are removing some of the consumer-protection provisions in the Utah Act. Has there been an extensive study as to why we should go for the worst features in digital signature legislation?
It has been said that the liability allocations and evidentiary burdens imposed by the Utah Act perhaps most resemble the law concerning telecommunications fraud. Toll fraud entails a third party criminal "hacker" gaining remote access to a private branch exchange (PBX) and placing unauthorized long distance calls that are billed to the owner of the system.
Advocates of this system of liability argue that the customer is the party with the ability to prevent fraud from occurring, and thus imposing liability on the customer creates incentives to minimize fraud. The PBX owner has primary care, custody and control of the PBX equipment, and thus can best take preventive steps to eliminate fraud. This liability scheme and its underlying rationale have proven controversial. One commentator notes that "few telecommunications issues in recent years have created more concern.. than the PBX toll fraud problem."
Like the law of telecommunications toll fraud, the Utah Digital Signature Act places a significant risk of liability on a subscriber/customer, with the rationale that the subscriber is best positioned to prevent fraud (by safeguarding the subscriber’s private key) and thus will have the appropriate incentives to do so. In the toll fraud arena, the liability standard imposed on customers is strict liability. Under the Utah Digital Signature Act, the standard imposed on subscribers is, ostensibly, a negligence standard. However, the burden on a subscriber who is attacking a fraudulently signed digital document is an onerous one. If a criminal hacker breaks into a subscriber’s computer system, gains access to a subscriber’s private key, and creates a large number of facially valid but fraudulent electronic documents, that subscriber will face enormous practical hurdles in challenging those electronic documents. Thus, for many subscribers, particularly those who lack the resources necessary to pursue their rights in court, the Utah Act imposes a de facto strict liability standard.
The telecommunications toll fraud model is effective as an analogy for a public key infrastructure in some respects because it introduces an actor who is ignored in the Utah Act and in the credit card model and notary model - the equipment manufacturer.
The hardware and software used to create digital signatures is a critical weak point in the framework of a public key infrastructure. This is why the Utah Act empowers the Division of Corporations and Corporate Code responsible for the digital signature system to "review software for use in creating digital signatures and publish reports concerning software".
However, our Bill does not have such a provision for our Controller of Certification Authorities to monitor software developments - which seems to be part of a pattern to reduce the responsibilities of international IT/multimedia companies who will be applying to become certification authorities while increasing the risks to be faced by consumers.
This is one reason why I say that the our Digital Signature Act, which I would describe as "Utah 2" in following the Utah model, is worse than Utah One from the point of view of protecting consumer interests.
Is the digital signature system that would be created by this Bill safe and secure? Cryptographic algorithms are at the core of a public key infrastructure. For these algorithms to fulfil their promise, it is absolutely essential that they be implemented correctly. This is not an easy task.
For example, the Netscape Navigator World Wide Web browser uses the RSA public key algorithm for encryption. A criminal who wanted to decrypt a message encrypted using Netscape’s system and who didn’t have the key would, theoretically, need a supercomputer and thousands of years in order to decipher it.
However, in September of 1995 two Berkeley graduate students discovered a flaw in Netscape’s implementation of the RSA algorithm, which allowed them to decrypt encrypted messages in a matter of seconds. Similarly, in March of 1996 a security flaw in the Java programming language was announced, a flaw which would allow an attacker to surreptitiously add and remove data from the computers of visitors to a Web site which exploited the flaw. This flaw conceivably would allow a criminal to capture a visitor’s private key, as described in the Susan/Irving hypothetical example.
Recently, in March, the security flaws in the Microsoft web browser were uncovered by university students which could jeopardise the security of private keys.
The liability allocations of the Utah Act can be subject to the same criticism that has been directed at the liability rules embodied in the law of toll fraud. Subscribers bear an immense amount of risk under the Utah Act. If electronic documents are fraudulently signed with a subscriber’s digital signature, that subscriber faces a substantial possibility that he or she will bear any resulting loss. To some degree, a subscriber can prevent fraud by taking steps to safeguard the subscriber’s private key.
However, a private key can be discovered in ways that are totally outside the control of a subscriber. Generating key pairs, for example, is a notoriously risky process. If the hardware or software used to generate key pairs is flawed, private keys could be easily discovered.
In the context of toll fraud, one toll fraud victim said: "PBX owners should not be responsible for 100 per cent of the toll fraud if we don’t control 100 per cent of our destiny." The same principle applies in a public key infrastructure.
There is strong opinion in the United States that the heavy burden of liability which the Utah Act places on subscribers is inappropriate in light of the fact that there is a substantial likelihood of fraud occurring which is not the result of a subscriber’s negligence, but instead based on fauty hardware or software. Some measure of liability risk should explicity be placed on hardware and software providers in order to ensure that adequate care is taken to prevent this sort of fraud.
This is an important issue and I cannot understand why the government is against opening this subject for public discussion to solicit public viewpoints and comments. I want to make it clear that by raising these issues, I am not opposed to digital signature legislation but because we want a digital signature law which is fair to all parties concerned, especially the consumers, as for instance, requiring an adequate warning system for the public key infrastructure.
There is now a growing demand that to prevent telecommunications toll fraud, equipment manufacturers and sellers should adequately warn customers about the possiiblity of toll fraud, inform customers about appropriate precautions to take to prevent such fraud, and alert customers to the risk of financial exposure they assume when purchasing the equipment.
Such an "adequate warnings" system should be translated to the realm of digital signatures, where subscribers must be informed by their hardware and software provider about steps that they should take to adequately protect their private keys, and must be informed about the liability exposure that they face when participating in a public key infrastructure.
The Digital Signature Bill should have provided for a dispute resolution mechanism in the realm of digital signatures. Subscribers who challenge a digital signature as fraudulent should have the opportunity to immediately appeal to an arbitrator or "expert agency" with expertise in electronic transactions. If that subscriber can show that he did not affix the digital signature in question and that they adhered to clearly articulated guidelines in protecting his private key, then the subscriber should not bear the full brunt of the loss.
The recipient of a facially valid digital-signed document should not necessarily fully bear the loss either; otherwise reliance on digitally-signed documents would be chilled and the benefits of a public key infrastructure lost. Instead, the arbitrator could apportion the loss between the hardware/software provider, the repository, the certification authority, and the subscriber, depending on relative degree of fault. If a software system is cracked, for example, enabling the fraud, then the software provider should be liable. Likewise, if a certification authority or a repository causes a loss, they should be responsible.
One difficult question arises when no entity is clearly at faut; that is, when a subscriber, certification authority, recipient, software/hardware provider, and repository all perform as well as can reasonably be expected, and yet a loss still occurs. In such a situation the loss should fall on the recipient, the party that chose to rely on the fraudulent digitally signed message. This party is best able to assess the risks associated with relying on any particular message. If the potential risk of loss is high, this party can make "out of band" (i.e. telephone or in-person contacts) with the ostensible sender to obtain assurances about the authenticity of the message, or can choose not to rely on the message at all.
Another important aspect is insurance, which could probably help address the problem of unreimbursed losses. But our Bill is completely silent on this.
May be a private insurance market will not develop immediately because of a lack of a pattern of loss experience and others. However, as we are creating a public key infrastructure, the government has the responsibility to study all aspects of the workings of such a system.
We must not be under the misapprehension that digital signatures are unbreakable, and so we must consider carefully who should be held liable when digital signatures are broken.
This is because it should be easy to envision a scenario in which a certification authority’s private key is compromised. One way that this could occur is through brute force cryptanalysis: a "factoring attack". That is, a criminal could simply dedicate the immense amount of computing power needed and "break" the underlying algorithm, discovering the certification authority’s private key from an analysis of the certification authority’s public key. This is of course very difficult, and an expert had estimated that it would take more than US$300 trillion in computing resources to determine a private key from a public key.
Alternatively, a criminal could threaten, blackmail, or torture an employee of the certification authority, forcing the employee to surrender the certification authority’s private key - a process described as "rubber hose cryptanalysis". The criminal could also bribe a certification authority; a "purchase-key attack". An incompetent employee could simply reveal the key accidentally. A flaw in the hardware and software utilized by the certification authority could be discovered and exploited.
The compromise of a certification authority private key could be catastrophic. A publication from RSA Laboratories noted that "it is extremely important that private keys of certifying authorities are stored securely because compromise would enable undetectable forgeries". A criminal who discovers the private key of a certification authority could produce an unlimited number of ostensibly valid certificates. The criminal could enter into fraudulent transactions under a host of assumed names, or could create certificates in the name of particular individuals or corporations and impersonate those individuals or corporations electronically. Moreover, once a certification authority’s private key was compromised and the corresponding public key revoked, all certificates issued by that certification authority would be invalid. All of the subscribers who utilized that certification authority would be forced to obtain new certificates. The costs associated with a compromised certification authority key dramatically outweigh the costs associated with a compromised subscriber key.
A criminal with a certification authority’s private key could cause an immense amount of financial damage, imposing huge losses on a number of innocent parties.
Under the Utah Act, these innocent parties would be unable to recover their full losses from a negligent certification authority if the total of these losses were greater than the amount of that certification authority’s "suitable guarantee" provided by the Utah Act.
A suitable guaranty is either a surety bond or an irrevocable letter of credit that meets certain administrative specifications and is designed to facilitate recovery of any judgment obtained against a certification authority.
Under the Utah Act, the Utah Division of Corporations and Commercial Code is empowered to determine an amount appropriate for a suitable guaranty in a rulemaking proceeding, in light of the burden a suitable guaranty places upon licensed certification authorities and the assurance of financial responsibility it provides to persons who rely on certificates issued by licensed certification authorities.
The Utah Act states that "[a] suitable guaranty may also provide that the total annual liability on the guaranty to all persons making claims based on it may not exceed the face amount of the guaranty". Financial institutions acting as certification authorities are exempted from the requirements of posting a suitable guaranty.
What I want to highlight here is that at least in the Utah Act, there is a provision that when a certification authority’s private key is compromised causing extensive damages to the subscribers, there is a bond or surety guaranty which it had been required to provide and from where compensations could be paid out.
This provision had however been taken out of the Digital Signature Bill for Malaysia. I want to know why such a consumer-protection provision, which is already being criticised as weak and inadequate in Utah, had been removed altogether from our Bill. This is why the Utah II of the Malaysian Digital Signature law which we are asked to enact is worse than the Utah 1 legislation!
I have many other examples to show that Utah 2 is worse than Utah 1, but what I have said should be adequate for the moment as I have given notice to move ten amendments to the Digital Signature Bill during the committee stage, and I will deal with the other examples then - all because the drafters have dropped provisions in the Utah Act which had provided minimal protection to consumers or have introduced provisions which are not in the national or consumer interests.
We should be having the best digital signature law in the world. We should have been able to benefit from the experience of digital signature legislation in other countries, take what is good and drop what is bad. But here, we have followed the worst in the Utah Digital Signature Act by removing whatever little consumer-protection safeguards which are already being criticised as inadequate!
We seem to be only interested in impressing the international IT/multimedia companies that we have an even more "favourable" digital signature law than Utan from their standpoint, just as in the Computer Crimes Bill, our only interest appears to impress the international IT/multimedia companies that we have the most severe penalties in the world for the same offence of computer crime - e.g. 12 times more severe than UK and US and two-and-half times more severe than Singapore for the offence of unauthorised access to computer material.
Let us have the best cyberlaws in the world, not for international IT/multimedia companiesf but for the the people of Malaysia and future generations.
We should also be focussing on issues where the digital signature regime can infringe on consumer and privacy interests are liability, privacy and costs.
Privacy-related issues would arise as certain entities, like the online databases of public encryption keys termed "repositories" - defined as "a system for storing and retrieving certificates and other information relevant to digital signatures" - would have unrestricted access to valuable transaction-generated information that could expose sensitive relationships among individuals or businesses.
For instance, if Company A sends a digitally signed message to Company B, Company B must verify the digital signature by connecting to a licensed certification authority. This process would leave electronic footprints. Could the owner of the recognized repository disclose the fact that A and B were corresponding? What if A and B were discussing a possible merger, or other transaction with significant consequences in the securities market?
The costs issue would be part of the larger question of social equity in the Information Age. The costs of the institutional overhead associated with creating and maintaining the infrastructure for implementing the Digital Signature Bill would be passed to the participants, who must have access to expensive computer hardware and software in order to participate in the system.
It must be recognised that there are bound to be Malaysians who would not be able to afford these costs. Would there be subsidised or reduced-cost access to the digital signature infrastructure so as not to create a new disparity between the "Information-haves" and "Information have-nots" in the country?
The Member for Parit Sulong had proposed that the government take the international initiative to encourage other nations to have digital signature legislation if they are not to be left behind and if electronic commerce is not to be hampered because of the failure of nations to reach agreement on international standards for digital signature systems.
This is a mistake. It does not mean that without digital signature laws there are no digital signature systems. In fact, the Utah Digital Signature Act allows unlicensed certification authorities to continue to function and elsewhere there have been private encryption companies like Pretty Good Privacy (PGP) which have been acting as unofficial certification authorities.
There are in fact different views as to whether digital signature legislation is the best way to promote digital signature systems, as laws might stifle the growth of technologies in the field of digital signatures when its promotion is best left to free-market forces.
I do not think Singapore has a digital signature law but this does not mean that digital signatures are not to be found in Singapore.
What is the role of the government in an era of fast-changing information technologies? Is it to create the climate and conditions to promote technological developments and is it necessary for us to be careful to ensure that we do not over-legislate as to stifle the growth of technology and undermine our ability to compete with other nations in the global marketplace?
These are issues which should the subject of intensive national discussions. We want to make a quantum leap into the information age, but we must make sure that in the process, we do not take measures which will be counterproductive to our objective to become an information superpower in the 21st century.
(5/5/97)