{AP2.1} This Report focuses on an "open system" or "open loop" model of a PKI. The open system model envisions that consumers will obtain from an independent third-party CA a single certificate which certifies that consumer's identity. Consumers will then use that certificate to facilitate transactions with potentially numerous merchants.

{AP2.2} As discussed in the Report, the open system scenario implicates legal uncertainty and risk. This problem has attracted the attention of numerous state and national legislatures, and has been scrutinized by several private-sector legal groups. Nonetheless, the problem is far from being solved, and the open system model has not yet been implemented in the marketplace in any meaningful fashion.

{AP2.3} "Closed system" or "closed loop" models offer an alternative way to implement a PKI. Closed systems may fall into two categories: systems where a payment mechanism serves to "close the loop," and systems where certificates are used within a bounded context. In a closed system, a contract or a series of contracts identify and define the rights and responsibilities of all parties to a particular transaction.

{AP2.4} The existing credit card system provides a good example of how a payment system can "close the loop." A consumer can only use a credit card to purchase a good or service at a merchant who is authorized to accept such a payment device. The consumer's right to use the credit card for payment is based upon a contract between the consumer and the financial institution that issued him the credit card. The financial institution's right to issue the credit card is based upon a contract between the financial institution and a payment card company (e.g., Visa, MasterCard, JCB or Europay). Similarly, the merchant has a contractual relationship with another financial institution, which in turn has a contractual relationship with the same payment card company. Therefore, there is a closed loop of contracts that define each party's rights and responsibilities with respect to the transaction in question.

{AP2.5} We describe this process because, by analogy, we think this process potentially could alleviate several or all of the legal problems of an open system. Particularly in the context of consumer transactions, it is very likely that merchants will have contracts with payment companies like credit card systems. Therefore, the CAs will have the opportunity to enter into agreements with payment companies that require payment companies either to pass CA-specified terms through to merchants or to share the risk with CAs. Solutions sponsored by payment companies (like SET) may help achieve the implementation of a closed system. While such a closed system would raise its own set of challenging legal issues -- such as determining the appropriate scope of existing payment systems legislation (e.g., the Electronic Funds Transfer Act) -- it would avoid many of the difficult risk allocation questions inherent in an open system. Future analysis should address how payment mechanisms would affect this Report's analysis.

{AP2.6} A second type of closed system exists when certificates are issued and used only within a bounded universe. For example, the proprietor of an online "mall" might issue certificates to potential customers and to merchants. The proprietor, acting as a CA, has the opportunity to enter into contractual relationships both with consumers and with the merchants who will rely of the certificates.

{AP2.7} Similarly, a merchant might issue certificates directly to its customers. The owner of an online magazine, for example, might mail diskettes containing certificates directly to subscribers of the paper version of the same magazine. Such certificates could be installed the subscriber's web browser and used to access the online magazine, and perhaps to order related merchandise. The magazine vendor would be well positioned to determine whether such certificates would be sufficiently trustworthy for the purposes for which they were being used. Again, such a scenario does not implicate the difficult risk allocation questions associated with the open system model.

{AP2.8} We believe that there are pluses and minuses to both the open system and closed system models. Certainly, there is no intent to suggest that, because this Report focuses on open system models, open system models are superior to closed system models. Closed system models do have one significant advantage over open system models -- the legal issues related to transactions performed within closed systems are fewer and less ambiguous than in the open system environment, because closed system models raise few novel or esoteric issues under contract law. However, there are situations where the contracts governing the parties will fail, in which event the legal issues raised by the parties' relationships will be governed by the default rules, which are not well-understood but are addressed in this Report.