Legal Liability

The DTI are proposing that the TTPs should have strict liability for keeping private keys private, though they do not discuss how much compensation you might need. When one starts to consider public key encryption systems, where the private keys are also held by the end users, one concludes that this is unlikely to be workable, not least because keys may end up going abroad. The problems and the risk of fraud will dissuade companies from becoming TTPs.

The DTI are remarkably silent on all other aspects of liability.

The proposals

The DTIs proposals on liability can be found in sections 86-88 of their consultation paper. It's a bit of a struggle for non-lawyers (myself included) to get through this, but it is quite clear that the TTPs must protect the private keys which are in their possession. Note that the DTI are apparently proposing (see separate article) that the handing over of these private keys will be a prerequisite of using the TTP. If the TTP does not protect the keys then damages can be claimed.

In particular, it is proposed:

TTPs will have vicarious liability for acts of their employees (ie you proceed against the TTP not the individual).
In the event of loss or disclosure whether deliberate or accidental the TTP must have adequate compensation arrangements in force (ie they are going to have to pay some insurance premiums or persuade the Licensing Authority that they can self-insure).
They will have "strict liability" (ie you merely have to prove that the keys got out, and not how or why).
BUT to balance the "strict liability" there will be a limit on the compensation payable if disclosure of the key is established by the Court.
It's a defence to show that the client disclosed the keys (!)
If the Court finds that the keys have got out then there will be an automatic referral to a Tribunal which will check if there was access to the keys under warrant... if the Tribunal finds that the leak is from the law enforcement agencies then they have to cough up, not the TTP.
In a very strange proposal, quite out of character, the DTI envisage that the Tribunal findings will be published. This makes rather a nonsense of the secrecy which otherwise surrounds provision of private keys under warrant.
Liability above the minimum level will be subject to contract between the TTP and the client.

How much compensation does one need?

It's rather tricky to see what the cost of the divulging of private keys might be. There are companies in numerous areas which would be seriously damaged if people could not trust their products. Would you put your money into Northshire Building Society? Their keys got stolen in that raid last week! At present companies in this position go to extraordinary lengths to protect their keys. A description of Microsoft's measures appears in Bob Atkinson's article in RISKS 18.85.

If there was some sort of raid made on a TTP, and keys were divulged, then the cost of all their customers changing their keys would be substantial... and it need not be a raid. Any potential security problem would mean that there was a risk of compromise. We're all used to changing our locks when we drop our keyring in the street, or stopping all our credit cards if our wallet disappears. The same pessimistic assumption that 'lost' equates to 'in-use-by-the-bad-guys' applies to encryption keys.

Demon changes keys for infrastructure on a semi-regular basis, with a fair amount of automation - so we've some idea how complex a task it is. I think that if we did it because our TTP slipped up we'd probably put in a bill for a thousand or so in wage bills alone...

If a TTP had a 100,000 customers that's 10 million for admitting to having a mag tape which cannot be accounted for...

Then, besides these costs involved in just "changing the locks", one can consider the actual damage caused by the loss of privacy. One could lose a contract because one's bid price was known. Insider dealing is all about knowing things one should not, and how can one measure in money the invasion of one's privacy if all one's billets doux are being read by bored hackers...

Strict liability

The DTI are proposing "strict liability". This is admirable consumer protection. The TTPs are not going to be able to hide behind a smokescreen of pretending to be leakproof. If your keys get out in any way, they will have to pay up. Sounds great!

The upper limit on the liability does temper one's enthusiasm, but clearly no-one will want to be a TTP if the upper limit is infinite. The keys will leak, because these are human+computer systems we're talking of, and no-one believes that they are going to be totally safe. However, unless you've been especially clued up and have negotiated a special contract, the TTP's financial liability is going to be limited.

So in the end, one can only judge this proposal, by knowing what the upper limit is. If it is 1 million then that's pretty realistic for the sort of real damage that the loss of keys would cause to a medium size company. If it is 100 pounds then that's totally laughable. The DTI do not even hint what sort of figure they may have in mind.

As we've seen, "strict liability" is a real problem for the TTP, because the potential damages are enormous, and keys may leak in bulk, not just one by one. Their only real defence (ignoring special events such as when warrants have been signed by the Secretary of State) is that the user leaked the keys. How can they possibly prove that ?

If the private keys are published on Usenet, posted through an anonymous server then, as far as I can see, the TTP pays. You don't even have to invest in some brown paper envelopes to bribe a TTP employee - just make sure you don't get caught when you publish the private keys. The TTPs will have their suspicions that fraud has been committed, but they're stuck with strict liability. Who wants to be a TTP now ?

I am also, rather puzzled as to why the DTI proposal is for an upper limit on compensation if you can arrange a contract which overrides this? I could understand a lower limit - the state would be enforcing good consumer standards on the TTPs - but an upper limit to strict liability seems odd if a company can really demonstrate that the loss has occurred? Would one perhaps expect the "strict liability" to be negotiated away if one needed the bigger sums ?

What about the foreigners?

The DTI proposals for access to escrowed keys envisage that there should be interworking with other jurisdictions. Now you might believe the assurance of our Secretary of State (perhaps more or less either side of an election) when you're told that only reliable people, perhaps in that concrete block on the South Bank, will have access to your private keys ... but are you prepared to trust the people in Langley or Paris or Bonn or Rome or Buenos Aires....

Under the DTI proposals, you'll be pleased to hear that you don't have to worry. You merely have to demonstrate that your key has escaped and you get compensation in the UK... the Tribunal will then tell you whether the TTP pays or someone else has to cough up. You get paid in sterling, even if someone somewhere pays in escudos.

The difficulty here is that if your private key appears on Usenet then you will know that it has been compromised. If the person who has your key keeps this fact relatively quiet, then it might take a little longer for you to become aware if people are able to read your incoming mail without your knowledge. Knowing that someone is liable and will pay, may not, in the end, feel like suitable recompense.

What about liability for other things?

The DTI's proposals have a great deal of discussion about the liability of TTPs for the disclosure of private keys. There is no discussion whatsoever of the liability which they may have for their other services.

We all expect that a major role of the TTPs will be acting as a certificating authority. viz: we expect them to be vouching for identity. If they fail to fulfil this role in an adequate manner, a proper legal framework is needed. If Alice misleads a TTP into signing her key and then uses this fake identity to steal goods from Bob, then surely Bob should be able to proceed against the TTP for damages, attempting (presumably) to demonstrate that the TTP was negligent in checking Alice's identity. Yet there is no contract between Bob and the TTP so how can Bob manage this? Or are we expecting signed keys to only be worth something if obtained direct from the TTP? The DTI is silent.

If you are interested in this particular area, then there is a (rather long, but quite readable) discussion in The Essential Role of Trusted Third Parties in Electronic Commerce by Michael Froomkin. Froomkin, it may be noted in passing, is quite dismissive of strict liability!

Conclusions

What it comes down to is that the government is proposing to force you to place your private keys inside a TTP, yet no matter how valuable they may be, they propose to limit your compensation when they leak - unless you make a special contract. This is far from ideal for the consumer.

It is even less attractive to the TTP because they are open to fraud.

There seems little reason to interfere with market forces. Assuming a free market - viz that key escrow is not compulsory - the level of compensation should be entirely set by contract between user and the TTP.

The issues of liability for other TTP services are notable by their absence from the DTI proposals. Since some TTP services are offered to the community as a whole, there ought to be explicit ways in which the TTP should be liable to that community.

* DTI Encryption Proposals - Main Discussion
* Compulsory Licensing * Compulsory Key Escrow * Legal Liability * Summary * Links

HTML problems? mailto: webmaster@happyday.demon.co.uk