non-repudiation, was Re: crypto flaw in secure mail standards

Greg Broiles gbroiles at well.com
Thu Jul 5 17:07:35 EDT 2001 

At 10:02 AM 7/4/2001 -0700, jamesd at echeque.com wrote:
>On 2 Jul 2001, at 13:05, Greg Broiles wrote:
> > One of the basic problems with "non-repudiation" is that its proponents
> > can't even which general body of law it exists within - e.g., is it an
> > aspect of contract law? an evidentiary rule? a rule of civil or criminal
> > procedure? Does it satisfy an existing burden of production, or persuasion
> > .. or create a new one? Does it establish a rebuttable or a non-rebuttable
> > presumption, or merely a permissible inference?
>
>Non repudiation is a commercial and cryptographic concept, not a legal 
>one, linked to chargebacks, not legislation.
>
>If cryptographers can produce a system whose user interface and underlying 
>technology is such that the signature is unlikely to be forged except as a 
>result of obviously irresponsible or improper behaviour by the signatory, 
>that signature cannot be repudiated in the way that a credit card number
>c
>To determine the meaning of non repudiability, we need to apply to the 
>boss of the pimply faced clerk who handles Visa chargebacks, not to the 
>supremes.

Well, that seems like an interesting application of the technology - the 
downside is that it doesn't really fix the whole chargeback problem, and it 
conflicts with existing federal laws & regulations in the US, which are old 
and unlikely to change.

Specifically - one aspect of the chargeback problem is consumers who say 
"who are these people? why are they charging against my account? I've never 
heard of them!", especially versus porno web sites or phone sex, and using 
a PKI non-repudiation scheme in this instance might be helpful, though it's 
worth keeping in mind that it rests on the assumption that end-users can 
and will preserve the security of a couple of big numbers (their private 
keypair) when currently they're frequently able to escape liability by 
claiming to have experienced a security breach related to their 
preservation and use of a single, much shorter pair of numbers - their 
credit card number and expiration date.

What it does not, and cannot, solve, are the other chargeback issues - 
where people admit they had an agreement, or at least some contact, with 
the merchant, but claim that the merchant has not performed in some or all 
aspects as promised - e.g., nothing delivered, or the order was cancelled, 
or the goods/services that were delivered were not what was promised, or 
were in some other way deficient such that the merchant is not entitled to 
payment.

In particular, reaching my second point above, in the US the Fair Credit 
Billing Act (15 U.S.C. 1666-1666j) preserves the right to make arguments 
about the correctness of a billing (including amount, computation, timing, 
and delivery/receipt of goods/services) between a customer and his/her 
issuing bank - and also allows them to raise defenses versus the merchant, 
related to quality of goods/services purchased, in many instances. Those 
rights can't be waived by contract.

Implementing non-repudiation as a countermeasure versus spurious "do not 
recognize" chargebacks seems to depend on all of the following:

(a) development and widespread adoption of a secure platform for key 
storage and Internet use, like the system "whose user interface and 
underlying technology is such that the signature is unlikely to be forged . 
." described by James Donald above

(b) merchants forcing customers to adopt that platform and SET-like 
procedures in order to carry out transactions

(c) changing the Fair Credit Billing Act to make it more difficult or 
impossible for consumers to dispute items on their bills.

I believe that (a) is a very attractive goal but I'm skeptical that it'll 
ever happen, given the average person's attention to security and risk, and 
the low value they place on it . . . unless and until (c) occurs, which I 
consider very unlikely for political reasons - sure, lenders and merchants 
would love to eliminate chargebacks, but it sounds like political suicide 
to me. Who wants to be known as the senator who introduced legislation to 
make identity theft and credit card fraud easier, and harder to correct?

I'm also skeptical that (b) will occur - I'd group merchants into two 
categories, high-margin and low-margin. Where merchants earn a high margin 
on each transaction - like sex/porno sites - they might as well take a 
chance on questionable transactions, because even a high chargeback rate on 
their billings is still pretty good, so long as they don't get their 
acquiring bank too angry with them. Where merchants earn a low margin on 
each transaction - mostly online sales of physical goods (like Amazon, or 
computer hardware) - a "non-repudiable" signature to originate or approve a 
transaction doesn't address the likely other grounds for a chargeback, like 
failure to ship, or failure to ship on time, or disputes about quality. So 
.. high-margin vendors aren't likely to move towards (b), because they'd 
make more money without it, and low-margin vendors might not mind, but it 
won't solve most of their problems, and may drive away or inconvenience 
paying customers.

Many online merchants currently benefit quite a bit from the allocation of 
risk in the current chargeback regs - not because they like chargebacks, 
but because they like the (relative) ease with which people can enter into 
transactions, believing they have some recourse to effective dispute 
resolution in the event that the transaction fails. I buy things without a 
lot of worry online, because I know I can call my credit card issuer and 
dispute transactions if the merchant didn't perform, or if a transaction 
appears on my statement that I didn't authorize. If that weren't the case - 
if credit card transactions were irreversible (or "non-repudiable") like 
cash transactions, I'd only do them with people I'd mail cash to in 
advance, a la Paypal.

This all boils down to assigning risk to one party or another - most of the 
technical literature treats dispute resolution and the assignment of that 
risk as a simple or mechanical process, which is simply wrong - both 
factually in terms of how things work now, and in terms of what's likely to 
be attractive to all parties in a transaction.

We're aware lots of simple dispute resolution protocols now - like "might 
makes right" or "caveat emptor" but they turn out to be unsatisfying. Some 
people ascribe the need for dispute resolution to human weakness and greed. 
Other people ascribe the need for dispute resolution to unpredictable or 
unsolvable complexity in transaction outcomes, and the difficulty of 
anticipating and providing for them in advance.

Regardless of whose fault the failures are, humans seem to want and need a 
collection of overlapping and interlocking systems for arguing about 
transactions - and where one system appears unreasonably biased towards one 
constituency, another system will appear which shifts the balance towards a 
different group. (Consider, for example, the competing state-based and 
church-based courts for law and equity, respectively, which appeared in the 
English system - or the rise and expansion of federal court jurisdiction in 
the US where state court systems were perceived as unfair to the poor, 
racial minorities, or prisoners - or our current parallel systems for 
consumer disputes, with a relatively pro-merchant pro-lender credit 
reputation/lending system, and a relatively pro-consumer unfair trade 
practice court system in opposition.)

People who feel their needs aren't met or their problems aren't solved will 
not continue to act within a system they perceive as unfair or unresponsive 
- they'll do business elsewhere, not do business, or arrange for a parallel 
system more biased towards them. That's a tendency in human history and 
behavior much older and longer than anything we might dream up regarding 
non-repudiation, and we ignore it at our peril.

I believe it would be very difficult - but arguably* possible - to achieve 
all of (a) - (c) above; but I don't think even that would achieve the 
desired ends, because I don't think the system thus constructed would be 
used as intended - either it would not be used (much), or an entirely 
separate system would be created or modified to reallocate the risks of the 
non-repudiation system in a fashion more palatable to participants. Law and 
commerce are just like computer security that way - attackers go after weak 
points, not strong ones, so it's not helpful to over-fortify one aspect of 
an installation at the expense of others.

(* On the other hand, given the enthusiastic adoption of OS's with weak or 
nonexistent security features, the low adoption rate of OS's which have 
more defensible security configurations, and the indifference/hostility and 
lack of interest that SET and "internet wallets" enjoyed, I'm very 
skeptical. I know what my answer would be if I ran across a webpage which 
told me that, in order to do business with that vendor, I'd need to install 
another OS and browser on my computer, then make a cash-equivalent payment 
to them before they'd even ship my merchandise.)


--
Greg Broiles
gbroiles at well.com




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list