Civil law Non Repudiation in Panama (was Re: Non-repudiation)
Pelle Braendgaard
pelle at veraxpay.com
Mon Jan 5 10:25:45 EST 2004
I've been interested in this discussion and have been doing some research into
the legal status here in Panama.
In 2001 the assembly voted into effect Law 43 more commonly known as the
electronic commerce law.
http://neuclear.org/ley43.pdf (in Spanish)
It is supposedly based on UNCITRAL of which I admitedly know very little. So I
was rereading the law after having read Ben and Nicholas' excellent overview:
http://www.apache-ssl.org/tech-legal.pdf
In a civil law country like Panama things work a bit differently to the to me
preferred Common law way of doing it. IANAL and my Spanish aint perfect
either, but here is my analyis of Non Repudiation of Digitally Signed
Messages in Panama.
The real meat of the matter is handled in Article 31 (Page 10). "Guarantees
derived from the acceptance of a Certificate":
"The subscriber, at the time of accepting a certificate, guarantees all the
people of good faith to be free of fault, and his information contained
within is correct, and that:
1. The authenticated electronic company/signature verified by means of this
certificate, was created under his exclusive control.
2. No person has had access to the procedure of generation of the electronic
signature.
3. The information contained in the certificate is true and corresponds to
the provided one by this one to the certification organization."
This is backed up by article 33 (Page 11). "Causes for Revocation of
Certificates":
"The subscriber of a verified digital signature is obliged to seek revokation
of the certificate under the following circumstances:
1. Loss of information to validate the Certificate
2. If the privacy of the certificate has been exposed or there is danger of
illicit use of the certificate.
3. If the subscriber doesnt solicit revocation in any of the proceeding cases
he will be held responsible for any losses or damages incurred by 3rd parties
of good faith, who confide in the contents of the certificate.¨
Now bearing in mind the slight misunderstandings of technical terms in the
law. I see this as saying that once someone accepts a certificate from a CA,
he is legally responsible in Panama for all information signed by his private
key. Even under the loss of control of the private key, unless the person
specifically revokes his key.
I will forward this to a couple of Panamanian lawyers as well to see if they
would like to comment as well.
Pelle
--
http://talk.org + Live and direct from Panama
http://neuclear.org + Clear it both ways with NeuClear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list