On Mon, 5 Feb 2007, Shachar Shemesh wrote:
Peter wrote:
I meant, how will this help against the fact that, if you sign your
emails, they are legally binding?
It would not.
Then why did you say it would? /me is confused.
Ahh, now you have reached the opinion of the public ;-) As I pointed
out, the problem is the confusion and that is not 'helped' by the
redefinition of the value of something many users would not consider
legally binding, namely a digital signature of a certain kind, only in
association with a digital certificate of a certain kind, and only when
tested in court.
But then nothing else would.
Not true. Not signing trivial emails would. A recommendation, I might
add, that you mocked. I am not holding my breath for an apology, but
feel free to surprise me.
You can consider yourself partially virtually surprised, however this
email is not digitally signed using an approved method and recognized
certificate, and does not contain a claim of intent. I am not mocking
you, the problem is the system. Once it is up to the courts, it is the
depth of the pockets of one of the participants that decides the
outcome. It is irrelevant if this is decided by the ability to sustain
the burden of legal fees or the loss of time and business caused by
direct and indirect effects of an eventual lawsuit, or by direct
financial impact.
The redefinition of a digital signature as 'legally binding' is such a
redefinition.
There is no redefinition here. Digital signatures were always a verified
way of establishing that you said something. Automatic signing of all
outgoing mail was always of questionable wisdom. The only thing that
changed is that it is even less smart to do so today.
Let me expand on this: Not all (more exactly: most) digital signatures
are digital signatures in this context. In particular, f.ex., signing an
email with a *private* public key that is shown only to qualified
individuals on demand (and a court would certainly not qualify) is
explicitly, by design, not 'digital signing' in the sense implied by you
and by the new law, and should it at any time become binding, then new
ways will be found to circumvent the new redefinition. In this case, the
digital signature is meant to serve the role of sealing wax on a paper
envelope, NOT to make the email legally binding. Not for the courts, but
for the *intended* recipient. And in fact, the act of such an email or a
subpoena for the *private* public key that was used to sign it appearing
in court is irrefutable proof of eavesdropping and possibly illegal
'electronic surveillance', followed by explicit malicious use of the
information thus gained.
Therefore one could be explicit and say that 'an email digitally signed
with an approved method and a recognized electronic security certificate
is legally binding in certain countries'. And this implies that all
other emails, signed or not, are *not*.
It may be useful but imho people are not clear about this (I wasn't
for sure until someone pointed out the relatively recent law).
That's why I gave the advice I did.
Yes, that was welcome. But you have to be very explicit.
Consider the following: Many companies and individuals have a standard
signature that contains a disclaimer that says that 'the opinions
herein ... do not represent anything in particular ... are not yada
yada ... no legal advice ...' etc etc.
IANAL, but I doubt that digital signatures change anything in that
regard. Signed or not, there is a limit on how much you can limit your
liability. Signing your outgoing mail makes you liable for what you say,
but the fact that you digitally signed your email does not change my
rights. That's exactly the reason it's so important not to automatically
sign everything.
In general, making new 'definitions' of the value of signatures is void
of value when one considers precisely the fact that you state so
obviously in this answer: That in fact 'it depends' and there are
'limits' which actually redefine the meaning of 'not legally binding'.
These 'limits' are not stipulated by the law and are 'open for
intrepretation', which, due to information collection on an
unprecedented scale, is likely to be used out of context and with
malice, often by people who had nothing to do with the collection and
organization of the information (such as stored emails at an ISP).
*This* is why freedom of speech is important. F.ex. censoring some
answers to emails in a thread on a public list that is archived is
equivalent with quoting out of context for malicious purposes (by
leaving certain questions raised in a thread unanswered, or improperly
answered in the opinion of a thread participant).
And signing one's emails with non-legally-binding and deniable methods
is a part of ensuring that freedom of speech is maintained, and if not,
then to what extent. F.ex. searching for unique message ids on public
search engines yields interesting results, wrt archival (and
non-archival) and other details about one's communications.
Peter
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]