The DTI are proposing that the TTPs should have strict liability for keeping private keys private, though they do not discuss how much compensation you might need. When one starts to consider public key encryption systems, where the private keys are also held by the end users, one concludes that this is unlikely to be workable, not least because keys may end up going abroad. The problems and the risk of fraud will dissuade companies from becoming TTPs.
The DTI are remarkably silent on all other aspects of liability.
In particular, it is proposed:
In a very strange proposal, quite out of character, the DTI envisage that the Tribunal findings will be published. This makes rather a nonsense of the secrecy which otherwise surrounds provision of private keys under warrant.
If there was some sort of raid made on a TTP, and keys were divulged, then the cost of all their customers changing their keys would be substantial... and it need not be a raid. Any potential security problem would mean that there was a risk of compromise. We're all used to changing our locks when we drop our keyring in the street, or stopping all our credit cards if our wallet disappears. The same pessimistic assumption that 'lost' equates to 'in-use-by-the-bad-guys' applies to encryption keys.
Demon changes keys for infrastructure on a semi-regular basis, with a fair amount of automation - so we've some idea how complex a task it is. I think that if we did it because our TTP slipped up we'd probably put in a bill for a thousand or so in wage bills alone...
If a TTP had a 100,000 customers that's 10 million for admitting to having a mag tape which cannot be accounted for...
Then, besides these costs involved in just "changing the locks", one can consider the actual damage caused by the loss of privacy. One could lose a contract because one's bid price was known. Insider dealing is all about knowing things one should not, and how can one measure in money the invasion of one's privacy if all one's billets doux are being read by bored hackers...
The upper limit on the liability does temper one's enthusiasm, but clearly no-one will want to be a TTP if the upper limit is infinite. The keys will leak, because these are human+computer systems we're talking of, and no-one believes that they are going to be totally safe. However, unless you've been especially clued up and have negotiated a special contract, the TTP's financial liability is going to be limited.
So in the end, one can only judge this proposal, by knowing what the upper limit is. If it is 1 million then that's pretty realistic for the sort of real damage that the loss of keys would cause to a medium size company. If it is 100 pounds then that's totally laughable. The DTI do not even hint what sort of figure they may have in mind.
As we've seen, "strict liability" is a real problem for the TTP, because the potential damages are enormous, and keys may leak in bulk, not just one by one. Their only real defence (ignoring special events such as when warrants have been signed by the Secretary of State) is that the user leaked the keys. How can they possibly prove that ?
If the private keys are published on Usenet, posted through an anonymous server then, as far as I can see, the TTP pays. You don't even have to invest in some brown paper envelopes to bribe a TTP employee - just make sure you don't get caught when you publish the private keys. The TTPs will have their suspicions that fraud has been committed, but they're stuck with strict liability. Who wants to be a TTP now ?
I am also, rather puzzled as to why the DTI proposal is for an upper limit on compensation if you can arrange a contract which overrides this? I could understand a lower limit - the state would be enforcing good consumer standards on the TTPs - but an upper limit to strict liability seems odd if a company can really demonstrate that the loss has occurred? Would one perhaps expect the "strict liability" to be negotiated away if one needed the bigger sums ?
Under the DTI proposals, you'll be pleased to hear that you don't have to worry. You merely have to demonstrate that your key has escaped and you get compensation in the UK... the Tribunal will then tell you whether the TTP pays or someone else has to cough up. You get paid in sterling, even if someone somewhere pays in escudos.
The difficulty here is that if your private key appears on Usenet then you will know that it has been compromised. If the person who has your key keeps this fact relatively quiet, then it might take a little longer for you to become aware if people are able to read your incoming mail without your knowledge. Knowing that someone is liable and will pay, may not, in the end, feel like suitable recompense.
We all expect that a major role of the TTPs will be acting as a certificating authority. viz: we expect them to be vouching for identity. If they fail to fulfil this role in an adequate manner, a proper legal framework is needed. If Alice misleads a TTP into signing her key and then uses this fake identity to steal goods from Bob, then surely Bob should be able to proceed against the TTP for damages, attempting (presumably) to demonstrate that the TTP was negligent in checking Alice's identity. Yet there is no contract between Bob and the TTP so how can Bob manage this? Or are we expecting signed keys to only be worth something if obtained direct from the TTP? The DTI is silent.
If you are interested in this particular area, then there is a (rather long, but quite readable) discussion in The Essential Role of Trusted Third Parties in Electronic Commerce by Michael Froomkin. Froomkin, it may be noted in passing, is quite dismissive of strict liability!
It is even less attractive to the TTP because they are open to fraud.
There seems little reason to interfere with market forces. Assuming a free market - viz that key escrow is not compulsory - the level of compensation should be entirely set by contract between user and the TTP.
The issues of liability for other TTP services are notable by their absence from the DTI proposals. Since some TTP services are offered to the community as a whole, there ought to be explicit ways in which the TTP should be liable to that community.
HTML problems? mailto: webmaster@happyday.demon.co.uk