Information Security Technical Report, Vol 5, No. 4 (2000) 39-52 0167-4048/00/$20.00 © 2000, Elsevier Science Ltd 39 Robert Carolina and Jamie Lyford 1 , Tarlo Lyons Introduction As the importance of Public Key Infra- structures (PKI) to E-commerce has become understood, PKI has become ‘flavour of the month’. There has been a rapid and widespread movement to develop legislative frameworks in which PKI can sit — so that electronically signed documents and messages may be treated in the same way that physical documents are treated. Generally speaking, legislation relating to PKI has dealt with the following issues: • Legal effect — what should the effect of a digitally signed document be? Does that digitally signed document satisfy the Statute of Frauds and other writing and assigning requirements? What is the role of the best evidence rule and other requirements or preferences, for original documents? Should a digitally signed document be presumed authen- tic for evidentiary purposes? Should that document be deemed notarially acknowledged? What requirements are relevant to archiving and record keeping? • Dispute resolution — much legislation often provides for rebuttable presumptions that tip the burden of proof in litigation away from propositions that can be expected to be true in most cases. For instance, legislation often calls for presuming that a digital signature verified by a public key in a certain certificate is the signature of the subscriber of that certificate. • Certification Services — a digital signature is as good as a hand written signature only if the digital signature is verified by reference to a reliable certificate issued by a trusted third party. A certificate can only be reliable if the relying party can trust the issuer of the certificate. To deal with this issue, certain legislation includes regulatory provisions designed to assure quality in certification services. The degree of regulatory interference in this way varies widely between countries and even states within countries, such as in the USA. • Reliance and liability limits — certain legislation and its certificates to in- clude certain limits intended to restrict the right of the parties to rely upon certificates and the right to recover from the issuer the losses incurred as a result of reliance. The Intersection of Public Key Infrastructures and the Law 1 Robert Carolina (B.A. 1988, University of Dayton; J.D. 1991, Georgetown University Law Center; LL.M 1993, London School of Economics; Attorney-at-Law, Illinois, USA; Solicitor, England and Wales) is a partner in the IT and Communications practice of the London law firm Tarlo Lyons. He may be contacted at robert.carolina@tarlolyons.com. Jamie Lyford (B.Com 1989, Murdoch University; LL.B 1994, Murdock University; LL.M. 1998 Murdoch University; Solicitor, Western Australia and New South Wales; Solicitor, England and Wales) is a senior assistant in the IT and Communications practice of Tarlo Lyons. He may be contacted at jamie.lyford@tarlolyons.com. The authors are grateful for considerable research assistance provided by Lucy Awad, a trainee solicitor at Tarlo Lyons.