non-repudiation, was Re: crypto flaw in secure mail standards
Greg Broiles
gbroiles at well.com
Thu Jul 5 17:07:35 EDT 2001
At 10:02 AM 7/4/2001 -0700, jamesd at echeque.com wrote:
>On 2 Jul 2001, at 13:05, Greg Broiles wrote:
> > One of the basic problems with "non-repudiation" is that its proponents
> > can't even which general body of law it exists within - e.g., is it an
> > aspect of contract law? an evidentiary rule? a rule of civil or criminal
> > procedure? Does it satisfy an existing burden of production, or persuasion
> > .. or create a new one? Does it establish a rebuttable or a non-rebuttable
> > presumption, or merely a permissible inference?
>
>Non repudiation is a commercial and cryptographic concept, not a legal
>one, linked to chargebacks, not legislation.
>
>If cryptographers can produce a system whose user interface and underlying
>technology is such that the signature is unlikely to be forged except as a
>result of obviously irresponsible or improper behaviour by the signatory,
>that signature cannot be repudiated in the way that a credit card number
>c
>To determine the meaning of non repudiability, we need to apply to the
>boss of the pimply faced clerk who handles Visa chargebacks, not to the
>supremes.
Well, that seems like an interesting application of the technology - the
downside is that it doesn't really fix the whole chargeback problem, and it
conflicts with existing federal laws & regulations in the US, which are old
and unlikely to change.
Specifically - one aspect of the chargeback problem is consumers who say
"who are these people? why are they charging against my account? I've never
heard of them!", especially versus porno web sites or phone sex, and using
a PKI non-repudiation scheme in this instance might be helpful, though it's
worth keeping in mind that it rests on the assumption that end-users can
and will preserve the security of a couple of big numbers (their private
keypair) when currently they're frequently able to escape liability by
claiming to have experienced a security breach related to their
preservation and use of a single, much shorter pair of numbers - their
credit card number and expiration date.
What it does not, and cannot, solve, are the other chargeback issues -
where people admit they had an agreement, or at least some contact, with
the merchant, but claim that the merchant has not performed in some or all
aspects as promised - e.g., nothing delivered, or the order was cancelled,
or the goods/services that were delivered were not what was promised, or
were in some other way deficient such that the merchant is not entitled to
payment.
In particular, reaching my second point above, in the US the Fair Credit
Billing Act (15 U.S.C. 1666-1666j) preserves the right to make arguments
about the correctness of a billing (including amount, computation, timing,
and delivery/receipt of goods/services) between a customer and his/her
issuing bank - and also allows them to raise defenses versus the merchant,
related to quality of goods/services purchased, in many instances. Those
rights can't be waived by contract.
Implementing non-repudiation as a countermeasure versus spurious "do not
recognize" chargebacks seems to depend on all of the following:
(a) development and widespread adoption of a secure platform for key
storage and Internet use, like the system "whose user interface and
underlying technology is such that the signature is unlikely to be forged .
." described by James Donald above
(b) merchants forcing customers to adopt that platform and SET-like
procedures in order to carry out transactions
(c) changing the Fair Credit Billing Act to make it more difficult or
impossible for consumers to dispute items on their bills.
I believe that (a) is a very attractive goal but I'm skeptical that it'll
ever happen, given the average person's attention to security and risk, and
the low value they place on it . . . unless and until (c) occurs, which I
consider very unlikely for political reasons - sure, lenders and merchants
would love to eliminate chargebacks, but it sounds like political suicide
to me. Who wants to be known as the senator who introduced legislation to
make identity theft and credit card fraud easier, and harder to correct?
I'm also skeptical that (b) will occur - I'd group merchants into two
categories, high-margin and low-margin. Where merchants earn a high margin
on each transaction - like sex/porno sites - they might as well take a
chance on questionable transactions, because even a high chargeback rate on
their billings is still pretty good, so long as they don't get their
acquiring bank too angry with them. Where merchants earn a low margin on
each transaction - mostly online sales of physical goods (like Amazon, or
computer hardware) - a "non-repudiable" signature to originate or approve a
transaction doesn't address the likely other grounds for a chargeback, like
failure to ship, or failure to ship on time, or disputes about quality. So
.. high-margin vendors aren't likely to move towards (b), because they'd
make more money without it, and low-margin vendors might not mind, but it
won't solve most of their problems, and may drive away or inconvenience
paying customers.
Many online merchants currently benefit quite a bit from the allocation of
risk in the current chargeback regs - not because they like chargebacks,
but because they like the (relative) ease with which people can enter into
transactions, believing they have some recourse to effective dispute
resolution in the event that the transaction fails. I buy things without a
lot of worry online, because I know I can call my credit card issuer and
dispute transactions if the merchant didn't perform, or if a transaction
appears on my statement that I didn't authorize. If that weren't the case -
if credit card transactions were irreversible (or "non-repudiable") like
cash transactions, I'd only do them with people I'd mail cash to in
advance, a la Paypal.
This all boils down to assigning risk to one party or another - most of the
technical literature treats dispute resolution and the assignment of that
risk as a simple or mechanical process, which is simply wrong - both
factually in terms of how things work now, and in terms of what's likely to
be attractive to all parties in a transaction.
We're aware lots of simple dispute resolution protocols now - like "might
makes right" or "caveat emptor" but they turn out to be unsatisfying. Some
people ascribe the need for dispute resolution to human weakness and greed.
Other people ascribe the need for dispute resolution to unpredictable or
unsolvable complexity in transaction outcomes, and the difficulty of
anticipating and providing for them in advance.
Regardless of whose fault the failures are, humans seem to want and need a
collection of overlapping and interlocking systems for arguing about
transactions - and where one system appears unreasonably biased towards one
constituency, another system will appear which shifts the balance towards a
different group. (Consider, for example, the competing state-based and
church-based courts for law and equity, respectively, which appeared in the
English system - or the rise and expansion of federal court jurisdiction in
the US where state court systems were perceived as unfair to the poor,
racial minorities, or prisoners - or our current parallel systems for
consumer disputes, with a relatively pro-merchant pro-lender credit
reputation/lending system, and a relatively pro-consumer unfair trade
practice court system in opposition.)
People who feel their needs aren't met or their problems aren't solved will
not continue to act within a system they perceive as unfair or unresponsive
- they'll do business elsewhere, not do business, or arrange for a parallel
system more biased towards them. That's a tendency in human history and
behavior much older and longer than anything we might dream up regarding
non-repudiation, and we ignore it at our peril.
I believe it would be very difficult - but arguably* possible - to achieve
all of (a) - (c) above; but I don't think even that would achieve the
desired ends, because I don't think the system thus constructed would be
used as intended - either it would not be used (much), or an entirely
separate system would be created or modified to reallocate the risks of the
non-repudiation system in a fashion more palatable to participants. Law and
commerce are just like computer security that way - attackers go after weak
points, not strong ones, so it's not helpful to over-fortify one aspect of
an installation at the expense of others.
(* On the other hand, given the enthusiastic adoption of OS's with weak or
nonexistent security features, the low adoption rate of OS's which have
more defensible security configurations, and the indifference/hostility and
lack of interest that SET and "internet wallets" enjoyed, I'm very
skeptical. I know what my answer would be if I ran across a webpage which
told me that, in order to do business with that vendor, I'd need to install
another OS and browser on my computer, then make a cash-equivalent payment
to them before they'd even ship my merchandise.)
--
Greg Broiles
gbroiles at well.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list