Public Key Infrastructure: The Risks of Being Trusted

August 31, 2000

Every so often, a new legal player emerges to whom existinglegal principles must be adapted. The latest such role of relevance to ITlawyers is that of ‘Trusted Third Party’ or ‘Certification Authority’.


Confidence ine-commerce is maintained by security. Security requires encryption and theinfrastructure of commercial encryption is founded on trust. Encryption is madepractical for public networks by ‘asymmetric key cryptography’. What doesthis mean? At the risk of both undue simplification and errors arising fromattempts at compression, an explanation follows.


The processes ofencryption and decryption are recorded by an ‘algorithm’ or series of steps:one of these steps will involve the use of a variable key. With a‘symmetric’ key system, each user must know the same key. In an asymmetrickey system, each user has both a public key (which is made available to theworld as being associated with the owner) and a private key (which must be keptsecret). The keys are related and can be derived from each other (although it isvirtually impossible for the private key to be derived from knowledge of thepublic key). They are generated as ‘key pairs’ through the application ofcomplex mathematical processes.1


If you wish to sendme an encrypted message, you scramble it with my public key. Only my private keywill unscramble it when I get it. If you want to sign a message to me so that Iknow that you have sent it and cannot resile from its content, you produce anencrypted digest of the message with your private key and I will be able todecrypt it with your public key. I will then know that only someone using yourprivate key could have sent it. By comparing a message digest of the receivedmessage with the digitally signed digest, I will be confident that there canhave been no change in the content of the message.


Thus, the essentialrequirements for effective e-commerce – confidentiality, authenticity,integrity and non-reputability of communications – are made available tousers. The strength of the asymmetric key method for the purpose of trade overopen networks (such as the Internet) is that we do not need to meet to exchangeencryption keys or agree specific methodologies. But, naturally, there are weakspots and risks. Private keys can be lost or compromised. Public keys can befalsely attributed. To manage these risks, intermediaries who are trusted byboth sides (hence ‘trusted third parties’) can provide services and assumethose risks in exchange for payment. They can:




  • generate the key pairs



  • provide digital certificates (signed with their own digital signature) which confirm that a public key does indeed belong to the named holder



  • register the identity and vet the credentials of applicants for public key certificates



  • revoke public key certificates



  • provide time stamps on certificates



  • administer directories of public key holders


They may also have a role in the administration of private keysand provide other confidentiality services – including, controversially, thefacilitation of the recovery of keys for law enforcement agencies.


Variousdescriptions and acronyms have been applied for different purposes. As well asthe broad general description of ‘Trusted Third Parties’ (TTPs), suchintermediaries have been designated ‘Certification Authorities’ (CAs),‘Commercial Certification Authorities’ (CCAs) and ‘Trusted ServiceProviders’ (TSPs). The terminology has been used differently by differentpeople2 and there isreally no accepted standard as yet. The EU Directive referred to below uses theterm ‘certification-service-providers’. Our own Electronic CommunicationsAct makes reference to ‘cryptography service providers’. The whole businessof providing such services is called ‘public key infrastructure’ (PKI).


The New Act
The Electronic Communications Act 2000 received Royal Assent on 25 May 2000.Part I states that the Secretary of State has a duty to establish and maintain aregister of approved providers of cryptography support services. There isprovision for a raft of regulation of such people although the government hasaccepted the recommendation of the Trade & Industry Select Committee thatthis is best achieved in the first instance through an attempt atself-regulation. The relevant provisions will probably not be in force for sometime and there will be, no doubt, plenty of opportunity for consultation anddebate.


Section 6 providesthat ‘cryptography support service’ is any service which is provided to thesenders or recipients of electronic communications, or to those storingelectronic data, and is designed to facilitate the use of cryptographictechniques for the purpose of:




  1. securing that such communications or data can be accessed, or can be put into an intelligible form only by certain persons; or



  2. securing that the authenticity or integrity of such communications or data is capable of being ascertained.


However, the ‘clear policy’ distinction originally envisagedin the consultation document ‘Building Confidence in Electronic Commerce’between encryption and digital signature services is not emphasised.


Cryptographysupport services are provided in the United Kingdom not only if they areprovided from premises in the United Kingdom but also if they are provided to aperson who is in the United Kingdom when he makes use of the services or theyare provided to a person who makes use of the services for the purposes of abusiness carried on in the United Kingdom or from premises in the UnitedKingdom. This is obviously a wide jurisdictional clause. It remains to be seenwhether there will be any incentive for certification authorities to set upoperations in other jurisdictions ostensibly more friendly to electroniccommerce. As several commentators have pointed out, we have the more sinisterprovisions of the Regulation of Investigatory Powers Act 2000 (Royal Assent, 28July 2000) waiting in the wings to achieve the results which made the originalElectronic Communications Bill so controversial in the first place.


EU Law
Provisions made under the Act must in due course be consistent with anyrequirements of European law. We will need to comply with the recent‘Directive on a Community framework for electronic signatures’3(the Directive). It is unclear how the UK regime is going to incorporate anyrequired changes but those providing certification services should be taking theDirective into account. The Directive makes two distinctions which do notexpressly appear in the Act. ‘Electronic signatures’ are to be distinguishedfrom ‘advanced electronic signatures’. A signature is ‘advanced’ if itis uniquely linked to the signatory, capable of identifying the signatory,created using means that the signatory can maintain under his sole control andis linked to the data to which it relates in such a manner that any subsequentchange in the data is detectable.


There is also adistinction between a mere ‘certificate’ and a ‘qualified certificate’.An ordinary common-or-garden certificate links signature-verification data to aperson and confirms the identity of that person. A ‘qualified’4certificate meets certain additional requirements of form and is provided by athird party certification body which also fulfils various requirements. Inparticular, such a body will need to use trustworthy systems, employ suitablyqualified personnel, maintain sufficient financial resources and keep adequaterecords. Further, and of significance to the subject of this article, theservice provider must:


‘before entering into a contractual relationship with a person seeking a certificate to support his electronic signature inform that person by a durable means of communication of the precise terms and conditions regarding the use of the certificate, including any limitations on its use, the existence of a voluntary accreditation scheme and procedures for complaints and dispute settlement. Such information, which may be transmitted electronically, must be in writing and in readily understandable language. Relevant parts of the information must also be made available on request to third parties relying on the certificate’.


The scheme of the Directive is that advanced electronicsignatures based on a qualified certificate must be made admissible as evidenceand must be treated in the same way as paper-based data. However, a signature isnot to be denied effectiveness simply because it is not ‘advanced’, nor itscertification ‘qualified’. For voluntary regulatory purposes, it is likelythat service providers will want to ensure that they are in a position toproduce qualified certificates of advanced signatures.


Potential Liabilities
If you vouch for someone’s identity or incur other responsibilities in theinfrastructure of electronic commerce, someone will sue you if they incur lossesas a result of what you do. You must be contractually protected or well insured,or both, if you are to perform a role in that infrastructure. The consultationdocument ‘Building Confidence in Electronic Commerce’ suggested that therewould be privileges conferred on licensed service providers enabling theirliability to be specifically limited but the position has now been ‘left toexisting law’.


Tort
The first source of liability for certification authorities is the law oftort which applies simply by reason of the facts: that someone has providedservices, someone has received those services and loss is suffered. Whether ornot there is a contract, there may well be a duty to take reasonable care toavoid loss to certain parties. The present position, insofar as it can besummarised, is that the court looks at new duties incrementally andpragmatically. The fundamental premise is that assumption of responsibility to aperson who relies on your advice generates liability for foreseeable loss if youdo not take reasonable care in giving the advice. This liability in tort arisesindependently of contract and can exist concurrently with it.5


If B relies on adigital certificate provided by a certification authority vouching for and paidfor by A, then it is likely that B can recover against the certificationauthority if it is negligent. The concept of ‘assumption of responsibility’will in all probability be applied. The only way in which the certificationauthority can manage its risk is by suitable notices and disclaimer or bringingB within the scope of its contractual arrangements. Contracts can at least benegotiated and formulated in advance so it is best for certification authoritiesand those dealing with them to try to regulate the position through contractsinsofar as possible.
It is worth quoting from the speech of Lord Browne-Wilkinson inHenderson v Merrett [1995] AC 145 at p206:


‘I can see no good reason for holding that the existence of a contractual right is in all circumstances inconsistent with the co-existence of another tortious right, provided it is understood that the agreement of the parties evidenced by the contract can modify and shape the tortious duties which, in the absence of contract, would be applicable.’


Contract
The general duty of care in the absence of a contract simply requires reasonablecare to be taken in all the circumstances. Therefore, if a certificationauthority took all reasonable steps and complied with all the quality controlprocedures which it has laid down for itself or which regulate it, loss causedby an inevitable failure to link a public key accurately with a party to atransaction will not be recoverable. Further, the duty of care applicable, thestandard of care to be expected and the extent of damage recoverable can bemanipulated by notices properly drawn to the attention of the person relying onthe statements and advice. Such variations are also governed by the UnfairContract Terms Act 1977 and the Unfair Terms in Consumer Contracts Regulations1994.


Equally, ifthe parties have a sufficiently close relationship that a contract can benegotiated, the result offered and the price for the services performed can beappropriately balanced. If a result is promised, the certification authoritywill be bound to achieve that result. If an identity is guaranteed, thecertification authority will be liable for any loss caused thereby. But if thecontract provides only for reasonable care to be taken, or provides for‘gentlemen’s certificates’ only, more risk will fall on the customer.


There isclearly scope for considerable debate upon the standard of care which will applyin the giving of certificates and it may be that a certification authority feelssufficiently confident to give an absolute guarantee of identity. It may feelthat its own procedures are sufficiently robust to ensure that no mistakes aremade. There is always a level of risk but, if the certification authority feelsthat the price charged for the services will enable it to make a profit out ofits activities, it will be happy to bear that risk. Equally, it may charge alower price and qualify the result to be sought. It will incorporate exclusionclauses and liability limitation clauses into its contracts and, assuming thebusiness to business negotiation process is not on written standard terms or,more likely, assuming that it passes the test of reasonableness, thosecontractual terms will allocate the risk between the parties. The law ofcontract in this context is all about risk allocation.


It should gowithout saying that care needs to be taken with small print, the devil being inthe detail. It seems that some of the certificates of leading providerspresently available for review are not worth the magnetic media they are storedon, such are the limitations imposed in the absence of additional insurancecover.


The Directive
The Directive envisages that service providers should be liable to users inboth contract and tort. As a minimum, Member States are required to ensure thatby issuing a qualified certificate a service provider is liable in damagescaused to anyone who reasonably relies on that certificate. Limitations can beplaced on liability (including a cap on maximum liability) provided that thelimitations are recognisable to third parties. The Unfair Terms in ConsumerContracts Directive will however prevail. States must impose such liabilityunless the service provider proves it has not acted negligently. In terms ofburden of proof, this is a different basis of liability in terms of burden ofproof from our own tort laws and future legislation will need to grapple withit.


Insurance
Commercial considerations may mean that a certification authority, in orderto be competitive, has to guarantee identities and any gap must be filled byinsurance policies. The availability of insurance is of course one of thefactors which is taken into account in determining whether an exclusion isreasonable under the Unfair Contract Terms Act and insurance is simply a furthermethod of spreading risk. The certification authority fulfils its trusted thirdparty role by taking on some risk and the insurance industry will enable therisk to be further allocated and spread. In that sense, the certificationauthority is an intermediary between the business relying on the certificatesand the insurance industry because its expertise enables the insurance industryto take a more informed measure of risk. Were it not for the intervention of thetrusted third party, the customer might simply have to purchase title insurancebut the premiums might be unduly high. It is for this reason that players in thetraditional industry of trust and certification, such as scriveners andnotaries, seek a role in e-commerce: their training, expertise, mystique and,presumably, manageable insurance premiums put them a neck ahead of the fieldwhen it comes to be being trusted.


Conclusion
In summary, depending on the nature of the business undertaken,certification authorities will need to be very aware of their insurance options.Their relationships with direct and indirect customers will need to be carefullydocumented through notices and contractual terms. The law of trusts probablywill not be relevant to TTPs but other laws certainly will and in the end itwill be market forces which will determine who is best placed to receive trustand who is best placed to obtain the most cost-effective insurance cover.


Endnotes




  1. ‘The Code Book’ by Simon Singh (Fourth Estate, 2000, paperback) is a good balance of technicality and readability.



  2. The DTI and Simon Singh appear to use ‘TTP’ as a specialised form of CA, providing confidentiality services for private keys. This does not seem logical since there are many types of ‘trusted third party’ (including notaries public). For present purposes it is important to look at the liabilities which arise from entering into particular relationships and performing particular tasks, not from status or qualification.



  3. 1999/93/EC.



  4. Confusion is possible: ‘qualified’ is not used here in the sense of a qualified audit report to suggest something less effective than might otherwise be the case, but rather to show that the certificates ‘qualify’ for legal recognition.



  5. See Henderson v Merrett Syndicates Limited [1995] AC 145 and White v Jones [1995] 2 AC 207 where Lord Goff led the House of Lords in applying the seminal authority of Hedley Byrne v Heller [1964] AC 465 and in setting the agenda for consideration of issues of duty of care in contract and tort for the foreseeable future.


Richard Harrison is a solicitor and partner in Laytons.