Monday, May 09, 2005

IT Act 2000: Digital Signature and Risks

The passing of the IT Act 2000 was seen as an important event as it appeared to signal the entry of India into the Cyberworld. Our legal system now had to accept digital signatures at par with ink signatures except in some special instances. With this, we expected governments, businesses and individuals to be motivated to accept digital signatures, but if the experience of the intervening period is anything to go by, this expectation has been belied. Be that as it may, the issue that this article takes up is, whether the law drafters and the law makers had considered the inherent risk in accepting the digital signature. Another question we will look at is, whether our technology-bureaucracy took into account the warnings the technology wizards sounded against the commercial interests of the PKI businesses.

Digital certification is an excellent business model for the certifying "authority". It costs almost nothing to sign a certificate ( I can write 5 lines of Java code for this and you can run it any number of times in a year) and even if an income of Rs 500/= is received for every certification, it assures a good income stream for the Certifcying "Authorities" (CA) over the years. Income in the range of Rs 25000/= per certificate is a rich bonanza!

Just because an "authority" has signed the certificate does not mean that the risks in accepting the digital certificate lies with the CA. It still lies with you, the acceptor of the digital signature, even if it is discovered that the CA has failed in its due diligence. Why would you go for digital signature when you can get ink signature from your business partner, especially if it is likely to result in a legal dispute and you have to carry the risk in case of any financial loss. So rational and intelligent businesses would like to stay clear of this risk.

Since the CA business model and the CCA respectability comes out of increased digital signature use, the Government has decided to go out of the way to encourage digital signature by giving incentives to businesses in using digital signature for doing businesses with the government. Fincial risks in accepting digital signature lies with the acceptor of digital signature and if that happens to be the government itself, they are even prepared to forgo some percentage of the income the Government receives per transaction as incentive. A rather bizarre situation.

If CA is a business, what about "Controller" of CA ? When we have Import/Export, we need a "Controller"of Imports and Exports, right? We need some one who gives CA a license to do their business! This comes out of a mind-set of License Raj, and the irony is, it came when the other arm of the Government was busily engaged in dismantling the "License Raj". We created the infrastructure and organizational set up to license the CAs. There is ample motivation amongst the technology-bureaucracy to create and man an organizational set up with budget allocation and provide them with the thrill of running a business enterprise with Government money allocated year after year Every time the government bureaucracy wants to run a business whether it is making steel, rolling out cars, running a hotel or running a transportation business, the motivation is the same. Unfortunately, the then Minister who was a crusader and was busy selling off one by one the businesses run by the Government, was the same minister who approved this new "government business" in the garb of a "Controller".

If you have a "Controller" in your name, then it can easily pass off as a Government function! The United States of America where the technology of digital signature is more prevalent than any where else in the world does not have a "Controller" of Certifying Authorities in their Government set up. So their model does "not" suit our bureaucracy. Instead, we go hunting for a model in countries like Singapore or Malayasia or wherever till we find a model that satisfies the entrepreneurial aspirations of technology- bureaucracy, but with "no risk" budget allocation. If these bureaucrats were told to raise the money to run the enterprise by going to the market through an IPO, then, they would have been less enthusiastic. If the US is not prepared to allocate state budget for this activity, why should we, when we have urgent alternate demands such as primary education, heath care and social security allocations This is a question that was never asked in any of the thousands of notes scribbled by the bureaucracy before the IT Act 2000 was passed.

Now, let us look at Digital Signature more critically. Abdul's digital signature does not prove that Abdul signed the message, only that his private key did. When writing about non-repudiation, cryptographic theorists often ignore messy details that lie between Abdul and his computer. If his computer were appropriately infected, the malicious code could use his key to sign documents without his knowledge or permission. Even if he needed to give explicit approval for each signature (e.g., via a fingerprint scanner), the malicious code could wait until he approved a signature and sign its own message instead of his. If the private key is in tamper-resistant hardware, the malicious code can still steal the key as soon as it is used.

While it is legitimate to ignore such details in cryptographic research papers, it is just plain irrational to assume that real computer systems implement the theoretical ideal. Should one need to deny some signature, one would have the burden of proving the negative, that one didn't make the signature in question, against the presumption that one did.

The main risk in believing this popular falsehood, that if a person's private key is used it was done by him or with his consent, stems from the cryptographic concept of "non-repudiation''. It is even worse if a country's laws are made to make you liable (legally) if your private key is used to sign a document! (See S 42 IT Act: For the removal of doubts, it is hereby declared that the subscriber shall be liable till he has informed the Certifying Authority that the private key has been compromised.) Unfortunately, there is likely to be a time gap between when it is actually compromised and when we realize, if at all, that it has been compromised. Moreover, as stated earlier, the person who accepts the signature is also at risk. The Indian IT Act 2000 actually fixes the liability on the one who accepts the digital signature. The CA is not legally liable for the possible financial loss. That is, it is a "do it at your risk" proposition!

The only way to escape the misplaced legal liability is

* Never get your key certified by a Certifying Authority.
* Never get your public key published for the benefit of the public.
* Never accept digital signature for things that involve legal liability.

(This does not, however, prevent the use of digital signature between two trusted friends or partners.)

In other words, if the country has gone grossly wrong due to over enthusiastic but under informed technocrats in getting the IT Act 2000 passed, the only way to protect yourself is by escaping the provisions of the law.

The modern day Guru of Cryptography, Bruce Schneier, will convince you how patently ill-conceived the Digital Signature provisions of the IT Act is in one short essay "Ten Risks of PKI ". Just Google for the article.

If the current article starts a debate on the subject, the purpose of the article is more than adequately served.

_____________________________________________________________________
* The author is a technologist and works in Software for Modern Cyptography and Digital Signature.