{AP3.1} This Appendix analyzes selected legal systems and highlights how their existing rules and principles might affect the CA service industry. The analysis is complicated by several factors. First, due to the global nature of the Internet, CAs may operate on a global scale, and thus potentially be subject to the varying laws of many different jurisdictions. Second, even within a particular jurisdiction, legal systems may overlap. For example, a transaction between a merchant and a consumer using a digital signature may simultaneously be subject to contract law and related consumer protection legislation; tort law; legislation addressing payment issues; and to specific "digital signature legislation." Nonetheless, we believe a survey of a selected number of existing legal systems serves to illustrate the general legal context in which the CA service industry is developing. With this understanding, we can better understand how the existing legal systems will provide incentives and disincentives to using digital signatures in consumer transactions.

{AP3.2} This Appendix first surveys U.S. contract law, discussing the potential application of the Uniform Commercial Code and the common law of contracts, then provides an overview of contract law in certain international settings. This Appendix then addresses certain U.S. and E.U. tort law principles and concludes by addressing various "digital signature" laws and other laws relating to electronic commerce and electronic funds transfers.

{AP3.3} This Appendix does not attempt to cover all of the existing legal systems which are relevant to users of digital signatures or providers of CA services. Such analysis should be performed in subsequent studies. It may also be worthwhile to analyze more carefully the interaction between competing legal doctrines within a single jurisdiction.

{AP3.4} One of the most significant jurisdictions outside the US which has begun to concern itself with the legal implications of digital signatures is Germany, which is poised to enact one of the first digital signature laws outside the US. While in most non-US jurisdictions the lack of precedent, statutory law and legal commentary regarding digital signatures hampers discussion of their legal consequences, such material exists in abundance in Germany. Furthermore, Germany's position in this area is likely to be quite influential among other jurisdictions outside the US, making it useful as a point of comparison. Other jurisdictions which are actively analyzing digital signature issues -- and which could be the subject of subsequent study -- include Australia, Malaysia and Singapore.

{AP3.5} This Appendix discusses general legal principles and is not intended to be a comprehensive treatise of applicable law in the jurisdictions addressed. Exceptions to almost every rule discussed here can be found, but this analysis sets forth the basic rules that we believe would be applied by a decision-maker in the relevant jurisdiction.

(a) A Statement of the Legal Problem: Open vs. Closed Systems.

{AP3.6} As described previously, the use of digital signatures is seemingly straightforward. At a transaction's most basic level, the consumer and merchant independently establish relationships with a CA, each procures a certificate, the parties swap and verify certificates and the transaction is consummated. In practice, this process has the potential to create enormous risk for all the parties involved.

{AP3.7} This Report does not deal with the many issues related to consumers relying on the certificates of merchants; such an analysis is properly the study of a subsequent report. It is expected that many -- but not all -- of the issues addressed in this paper will be equally applicable to the situations where consumers are the relying third parties.

{AP3.8} As described in Appendix 2, this Report addresses "open" systems, where no contracts between the parties will exist except possibly in the process of obtaining or delivering certificates. In an open system, the relationship between the CA and the consumer, although important and multi-faceted, raises only a few complicated legal issues. Usually the CA will claim consumers are bound by contract to the CA's standard terms (usually contained in its certification practices statement). If something goes wrong, the contract would generally be the first source of operating rules to govern the problem. In addition to the contract, however, there may be tort principles or statutory guidelines that establish the default rules. There are also some general rules that may limit the provisions that can be contained in the contract, but again it is relatively straightforward to identify these rules.

{AP3.9} In an open system, the relationship between the CA and the merchant, however, raises some very complicated legal principles. To get a perspective on the complexity of the issues, the diagram in Figure 1 provides a road map for the subsequent analysis.

{AP3.10} Stated simply, the issue is whether, in an open system, the CA can form a contract with a merchant based on a relatively attenuated connection between the parties? Further, can a merchant benefit from any favorable provisions agreed to between the CA and the consumer? Finally, does the delivery of the certificate to the merchant give the merchant any rights to sue the person who placed the certificate into the stream of commerce (i.e., the CA)? These issues all are very difficult to resolve in analogous physical space situations, and this Appendix provides some thoughts on how some of the analysis might apply in the PKI context.

(b) Contract Law in the United States.

{AP3.11} The United States is primarily a "common law" legal system. Common law is a system of jurisprudence, originated in England and transplanted to the United States, based on judicial precedent and not legislatively-adopted statutory rules. Generally, legislative statutes supersede the common law, although some statutes are merely codifications of the common law. This section first addresses U.S. law applicable to the sale of goods, and then addresses U.S. law applicable to contracts for services. Both are relevant to an analysis of contract aspects of the role of CAs in consumer transactions.

{AP3.12} (i) The Uniform Commercial Code. The Uniform Commercial Code ("UCC") is a set of standard rules in the United States prepared by the National Conference of Commissioners on Uniform State Laws and the American Law Institute. Each state in the United States is free to adopt the UCC rules as part of their statutory framework; in practice, most states adopt most of the proposed rules. The UCC is the comprehensive body of law in the United States governing the sale of "goods" both between merchants and consumers and among merchants. The UCC has proven very influential both in the United States and internationally, with many jurisdictions adopting rules based on or similar to the UCC. In addition, in the United States many courts look to the UCC as persuasive authority, even when it does not specifically apply.

(1) Goods vs. Services.

{AP3.13} To identify the applicable body of contract law, it must be determined whether the certificate issued by a CA to a subscriber, for further delivery to a merchant, is a "good," a "service" (or the memorial of services), or a mixture of a good and a service.

{AP3.14} If the certificate is a "good," then Article 2 of the UCC applies and a number of default rules will apply (as described later in this section). Importantly, Article 2 will impose a number of implied warranties on the CA's activities and will impose procedural hurdles on limiting disclaimers of those warranties. On the other hand, if the CA is providing a "service," Article 2 does not apply.

{AP3.15} Section 2-105(1) of the UCC defines "goods" as "all things . . . which are moveable at the time of identification to the contract for sale . . . ." In the sense that certificates are moveable (both in electronic form and if printed out), they could be deemed to fit within the definition of goods.

{AP3.16} However, in some ways, the certificate merely is the tangible memorial of the services performed by the CA, which may include processing of the consumer's information, verification of the factual statements made by the consumer and maintenance of a Certificate Revocation List ("CRL"). In this regard, the certificate is not the critical element to the transaction; rather, the CA is selling its services, and the certificate is evidence that such services were performed.

{AP3.17} Courts may treat the CAs as selling a mixture of services and goods. In such "mixed" cases, there are a number of different ways to decide whether or not Article 2 applies:

{AP3.18} * Many jurisdictions use a "predominant factor" test, which looks at whether the parties intended that the transaction was predominantly for the sale of goods. If so, Article 2 will apply to the entire transaction. If not, the common law will apply.

{AP3.19} * Some jurisdictions use a "final product" test, which looks at the product remaining when a contract is completed. If the final product involves delivery of a good, Article 2 will apply to the entire transaction. If not, the common law will apply.

{AP3.20} * Some jurisdictions attempt to determine which classification best serves public policy.

{AP3.21} * Some jurisdictions divide mixed sales into "goods" and "services" components and then apply Article 2 to the goods component and the common law to the services component.

{AP3.22} Because jurisdictions apply so many different rules in analyzing whether something is a good or a service, it is likely that jurisdictions will reach different results on how to categorize certificates and to what extent Article 2 applies to them.

{AP3.23} In general, we believe that it is both likely and desirable that the certificate be viewed as evidence of the CA's performance of a service, meaning that the relationship between consumer and CA should not be governed by the rules contained in Article 2. The certificate is ultimately only valuable as evidence of the CA's performance of the services and the CA's willingness to stand behind its efforts. However, if the consumer and merchants are transacting goods, the consumer's delivery of the certificate to the merchant could be governed by Article 2 under either the predominant factor or final product test. Because of this, we also think it is possible that the relationship between the CA and the merchant, to the extent it is governed by contract law, could be governed in part by Article 2. Therefore, while we believe the analysis in Section (b)(ii) of this Appendix is more relevant to the CA/consumer relationship, the rest of this section completes the analysis of how Article 2 would apply to the various relationships.

{AP3.24} If an agreement for the sale of goods is silent on an issue, the relevant provision of Article 2 will be automatically incorporated into the agreement. However, the parties are free to vary most of the UCC provisions by contract, and many choose to do so.

(2) Contract Formation.

{AP3.25} Contract formation requires an offer, an acceptance and consideration. Under the UCC Section 2-206, an offer is a manifestation of a willingness to enter into a bargain, made so as to justify another person in understanding that assent will conclude the contract. Acceptance may consist of any conduct sufficient to show agreement, including performance if performance is a reasonable mode of acceptance. A contract may exist despite the fact the offeree does not expressly signify acceptance. In general, the UCC makes the formation of contracts easier than it was under the common law -- if the parties intended to contract, the court will enforce their agreement.

CA/Consumer Relationship

{AP3.26} In general, the CAs are likely to attempt to form contracts using the same formation process found with shrinkwrap licenses. Both involve mass-market transactions in which one party attempts to unilaterally bind the other to unnegotiated terms through conduct or performance. The U.S. Court of Appeals for the Seventh Circuit recently analyzed this issue in ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (1996), a case involving a software company's use of a shrinkwrap license contained inside the packaging. The ProCD Court found an offer and acceptance had occurred pursuant to UCC Section 2-206. The offer was implicit in the vendor's placement of software on the shelf for sale. The acceptance was the buyer's retention of the software after having reviewed the terms of the license and having had the opportunity to return the software. As a result, a contract was created which included, as its terms, the terms of the shrinkwrap license.

{AP3.27} Assuming the shrinkwrap license approach works, CAs will have little difficulty forming an agreement with consumers at the time when the consumers approach the CAs for certificates, at which point the contract will be formed when the consumer performs the requisite act. Alternatively, given that many CAs are now preinstalling certificates in consumers' browsers or clients, the CAs may also choose to require browser licensors to use their software license agreements to pass through to consumers the terms specified by the CAs.

CA/Merchant Relationship

{AP3.28} In the case of the merchant/CA relationship under Article 2, it is difficult to determine by what terms, if any, the merchant intends to be bound. Currently, most operating CAs attempt to specify that the merchant's use of the certificate is subject to the terms and conditions established by the CA (generally in the form of a certification practices statement). A CA may place some language in the certificate incorporating by reference the certification practices statement. In turn, the CA will make the certification practices statement available (often online). Under such practices, the merchant's act of relying on the certificate is a somewhat tenuous manifestation of the merchant's intent to enter into terms -- many of which were incorporated by reference and not on the face of the certificate -- the CA unilaterally imposes.

{AP3.29} Generally, the UCC can fill the gaps where all the terms of a contract have not been worked out, but only when the parties clearly intend to be bound. The question, then, is whether the merchant's ambiguous acts demonstrate the intent of the CA and merchant to be bound to one another in contract.

{AP3.30} Even if the CA's issuance of a certificate is sufficient to constitute an offer to all those who might use it in reliance, and the merchant's use is deemed sufficient to show a manifestation of assent to the terms contained in the certificate, the contract must be supported by consideration. Sections 17(1) and 71 of the Restatement (Second) of Contracts define consideration to be some right, interest, profit or benefit accruing to one party, or some forbearance, detriment, loss or responsibility, given, suffered or undertaken by the other. In an open system, it is questionable if any consideration has been exchanged when the only interaction between the CA and the merchant is the certificate itself and possibly access to a CRL (which may not even be maintained by the CA).

{AP3.31} In sum, given the mechanics of the contract formation process and the UCC rules, we believe that merchants will have strong arguments to avoid the application of a CA's contract by asserting that no contract was formed. In addition, in light of our suggestions in the Report about the possibility of merchants bearing liability even if they act reasonably, it may be appropriate to avoid allowing the merchants to be inadvertently contractually obligated to bear additional risk.

{AP3.32} Although we believe this is unlikely, it is possible that merchants would desire to enforce the terms of the CA's agreement even if no contract is formed. In this case, the merchant would claim the benefits of an equitable doctrine known as promissory estoppel. Promissory estoppel requires that there be clear and definite terms (i.e. the terms of the certificate and perhaps the certification practices statement), the party urging estoppel (i.e., the merchant) acted to its detriment in reasonable reliance on the agreement, and fairness requires enforcing the agreement. However, the CA's agreement may contain terms (such as disclaimers of any accuracy or limits on liability) that would be sufficient to make the merchant's reliance unreasonable.

(3) Contract Terms.

CA/Merchant Relationship

{AP3.33} Assuming that a contract is actually formed between the merchant and CA, the next issue is to determine what terms are part of the contract. Terms may become part of the contract either by being contained within the actual certificate or by incorporation by reference into the certificate, so long as the merchant had notice of the terms and an opportunity to review them. There is no requirement that the merchant actually review the terms in order for the terms to become part of the agreement.

{AP3.34} Given the number of issues CAs might desire to address in their certification practices statements, the ability of CAs to incorporate terms by reference is very important to CAs. These documents legitimately can be dozens of pages long. On the Internet, it also becomes relatively simple to incorporate terms by reference through the use of hypertext links. Despite the general rule of contracts permitting incorporation by reference, it is entirely possible that courts will be reluctant to bind merchants to such voluminous terms that were only summarized in a certificate and then incorporated by reference by hypertext link. This might also support a finding that the agreement was unconscionable.

{AP3.35} In addition, if the UCC applies to the relationship between the CA and the merchant, under the UCC, to enforce certain disclaimers it is necessary that the disclaimer be conspicuous and that certain terminology be used in the disclaimer. These requirements may not be satisfied, and the disclaimer ineffective, through the incorporation by reference approach currently used by some CAs.

(4) Warranties and Limitations of Liability.

{AP3.36} Warranties are statements of fact made by a party to a contract which, if untrue, give rise to breach of the contract and an action for damages. Many vendors make express warranties in their contracts as an inducement to buyers; the UCC also specifies certain implied warranties which are automatically made by the vendor and included in any agreement unless properly disclaimed.

{AP3.37} Under the UCC, any disclaimers of warranties must be conspicuous and certain "magic words" must be used to disclaim certain implied warranties. So long as the disclaimers are not unconscionable, are conspicuous and use the proper "magic words," the CA and the consumer may contractually disclaim any warranties that would apply to the certificate.

{AP3.38} Many sellers find it desirable to limit their liability for damages. In particular, many CAs will want to disclaim liability for consequential damages, which are damages that are caused by an injury but are not the necessary result of the injury. CAs will also want to limit the dollar amount of damages they can be liable for. Consumers and CAs may agree to these types of limitations of liability in a contract so long as the waiver is not unconscionable, although again in consumer transactions, the waivers of consequential damages must be conspicuous.

{AP3.39} It is a more difficult issue determining whether or not, in the absence of a contractual relationship between CAs and merchants, UCC-based warranties (or the disclaimer of such warranties) extended in the CA's agreement with consumers will benefit, or limit the rights of, merchants. Section 2-318 of the UCC proposes three alternative rules governing the seller's warranty liability to third parties:

* seller's warranties extend only to persons in the buyer's family or household,

* seller's warranties extend to all natural persons who may reasonably be expected to use or be affected by the goods, or

* seller's warranties extend to all artificial as well as natural persons who may reasonably be expected to use or be affected by the goods.

{AP3.40} Many states have adopted one of these three official versions of Section 2-318, but several states have adopted their own variations. Given the multitude of approaches taken by the various states, it is likely that non-uniform rules will develop with respect to whether CAs will have warranty obligations to merchants under the UCC.

{AP3.41} In the absence of an effective contractual waiver or statutory limitation, CAs could be liable to merchants for all forms of damages (including consequential damages), and there would be no dollar cap on liability. If the CAs successfully form a contract with merchants, they can attempt to use the contract to disclaim warranties and limit their liability as discussed in the previous paragraph.

{AP3.42} Disclaimers of warranties and limitations of liability are also subject to UCC Section 2-719. Section 2-719(2) says that if a limited remedy fails of its essential purpose, other UCC remedies will be available, and Section 2-719(3) says that a party may limit consequential damages if not unconscionable. Some cases have held that 2-719(2) and 2-719(3) are dependent, meaning that consequential damages can be recovered, despite a limited remedy clause, when the limited remedy fails of its essential purpose. Other cases have held the sections independent, upholding the disclaimer of consequential damages even if the limited remedy fails of its essential purpose, so long as the disclaimer is not unconscionable. Once again, there is no predictability on this legal point.

(5) Unconscionability.

{AP3.43} UCC Section 2-302 specifies that an agreement will not be enforced when it is deemed unconscionable. Unconscionability can be found where the agreement is excessively one-sided, such as where the terms are unreasonably favorable to one party and the other party had little bargaining power and therefore an absence of meaningful choice. Unreasonably favorable contract terms include unfair limitations on consequential damages and excessive disclaimers of warranty. Courts may consider language barriers in evaluating the parties' relative positions. Courts may also consider if the party was unfairly surprised by the terms, such as in the case of a poorly educated party, hidden terms or a lack of a meaningful opportunity to read or understand the proposed terms.

{AP3.44} Unconscionability poses a meaningful problem to the contract formation between the CA and both the consumer and merchant. In addition to the importance to the CA of disclaiming implied warranties, excluding consequential damages and capping its dollar liability, the CA has many other terms it often will desire to include in its certification practices statement. The result could be a long, technical, complicated, legalese-intensive document.

{AP3.45} CAs' agreements with consumers could be deemed unconscionable because the consumer will often have limited sophistication to understand the terms of the contract and no bargaining power to negotiate over its terms. On the other hand, if a CA were to draft a "reasonable" agreement that it can legitimately argue could have been the outcome of a negotiated agreement, then the unconscionability doctrine may not apply.

{AP3.46} CAs' agreements with merchants could be deemed unconscionable because of the tenuous way in which the agreement is formed and the unreasonableness of asking the merchant to review the agreement for each signature it desires to rely upon. On the other hand, the courts are less likely to treat merchants as lacking the sophistication to defend themselves, and merchants could always specifically negotiate an agreement if the merchant is uncomfortable with the CA's form agreement (meaning that merchants have some power to avoid the "take-it-or-leave-it" problem of most form agreements).

{AP3.47} The ambiguity over whether or not the CAs' agreements with consumers (and to the extent one is formed, with merchants) would be determined to be unconscionable is a particularly vexing problem for the CAs and is a major impediment to certainty in the industry. To attempt to resolve this problem, it could be appropriate for industry to undertake the effort of developing reasonable business practices which will establish industry standards that are not unconscionable.

(6) Proposed UCC Article 2B.

{AP3.48} A major overhaul of the UCC is currently underway, including the proposed addition of a new Article 2B to create new rules that apply to the sale or license of intangible informational "goods." If Article 2B is enacted, it is possible that a certificate would be covered under its rules. Many experts believe that Article 2B is the leading edge of an effort to resolve a global need for a commercial law structure for transactions in digital goods.

{AP3.49} Generally, Article 2B makes it easier for terms in standard form contracts which are not easily understood or known to the consumer at the time of contracting to be enforceable. Under the proposed rules, terms in standard form contracts, other than disclaimers of warranties in consumer transactions, will be deemed accepted by the licensee if, prior to or within a reasonable time after beginning to use the intangible, the licensee (a) signs or otherwise manifests assent to the form, and (b) had an opportunity to review the terms of the license before manifesting assent, whether or not the licensee actually read and understood the terms. If the terms are only available upon the initial use of the good (rather than prior to the acceptance of the good), the terms will only be enforceable if the licensee had the opportunity to return the good after reviewing the terms. Although Article 2B contains some limitations on contract enforceability (including, importantly, the doctrine of unconscionability), it places significant responsibility upon licensees to affirmatively reject terms by returning the goods if they find the terms unacceptable.

{AP3.50} However, Article 2B imposes a relatively strenuous "manifestation of assent" process for mass market transactions, which will require the CA to obtain express consent to certain terms of its agreement if the term would be objectionable to a reasonable licensee. This approach will require the CA to bring the potentially offensive term to the attention to the consumer or merchant and to obtain an express consent to that offensive term. If applied to CAs' agreements, this approach may seriously limit the ability of a CA to incorporate terms by reference into its certificates.

{AP3.51} Article 2B is still being considered by the National Conference of Commissioners on Uniform State Laws and the American Law Institute. Once adopted by these bodies, each state will make an independent decision about whether or not to adopt the article in whole or in part. It is expected to take several years for this process to be completed.

(ii) Services.

{AP3.52} The preceding sections discussed the legal application of the UCC to the relationships between CAs and consumers and CAs and merchants. This section discusses a similar analysis in the non-UCC context.

{AP3.53} In the United States, in contrast to the UCC's authoritative role in contracts for the sale of goods, there is no comprehensive uniform body of law governing contracts for services. As a result, each state's laws vary, although many apply variations of the common law.

(1) Relationship Between CAs and Consumers.

{AP3.54} Even if the relationship between the CAs and the consumers is categorized as a service relationship, making the UCC inapplicable, much of the analysis contained in the UCC section above will still be applied, by analogy, by the courts.

(2) Relationship Between CAs and Merchants.

{AP3.55} It must first be determined whether the CA and the merchant enter into a contractual relationship. Like the UCC, contract formation under the common law requires offer, acceptance and consideration.

Offer

{AP3.56} The first issue is whether the CA's certificate or any other activity by the CA constitutes an offer. Because the certificate may be distributed generally, it could be argued that the certificate is like an advertisement -- which generally is considered not to be an offer but merely is an invitation to make an offer. If the CA says on the certificate, however, that use of the certificate forms a binding agreement, it is likely that the certificate would be deemed an offer because such a statement would manifest the CA's intent to be bound.

Acceptance

{AP3.57} Generally, unless the offer specifies a manner of acceptance, any reasonable manner of acceptance is sufficient to form a contract. Silence alone cannot constitute acceptance, and the offeror cannot make silence a means of acceptance if the offeree did not intend silence to indicate assent. In the case of certificates, however, the merchant would do more than remain silent; it would manifest assent in accordance with the method for acceptance specified in the certificate -- e.g., by relying upon the information contained therein. Case law suggests that in some situations this is sufficient to constitute acceptance, although other cases indicate that mere reliance on proposed terms is insufficient.

Consideration

{AP3.58} As discussed earlier in the UCC section, it is unclear if the CA and merchant exchange consideration. This applies equally in the case of agreements for services.

Conclusion

{AP3.59} We have already noted that it is more difficult to form a contract under the common law than it is under the UCC. Given that we think it is unlikely a contract between the merchant and CA is formed under the UCC, we believe it is even less likely that a contract between the merchant and CA will arise under a common law analysis solely by virtue of the terms contained in the certificate.

(3) Implied Warranty of Workmanship.

{AP3.60} Unless properly disclaimed, an agreement for services contains an implied warranty of workmanship; that is, that the services were performed in a workmanlike manner. In essence, this creates an obligation on the part of the party performing the services not to act negligently. Since negligence is a tort concept, courts are frequently faced with alternative claims from customers under service agreements for breach of warranty and for negligence. Principles relating to tort law in the PKI context are discussed in Section (d) below.

(4) Liability Limitations and Unconscionability.

{AP3.61} If a contract exists between the CA and the merchant, limitations of liability and disclaimers of warranty which became part of the contract will still be subject to principles of unconscionability such as those found in the UCC. As with the UCC, case law in this area demonstrates the absence of clarity over when form non-negotiated agreements will be enforceable and when they will not.

(5) Extension of Warranties to Merchants.

{AP3.62} In the absence of an agreement in place between a merchant and a CA, there exists an alternative argument under common law for a merchant to have recourse against a CA for losses suffered. The traditional rule in service relationships has been that one party is not liable to any party not in contractual "privity" (i.e., has entered into a contract with the party causing harm). However, this general rule has been relaxed by several jurisdictions. In the case of merchants, this means that in some situations merchants may be able to benefit from the warranties (if any) granted by the CA to the consumer.

{AP3.63} In some ways, the CA -- by providing a certificate regarding the accuracy of information -- can be analogized to information providers, who provide information both to parties in privity and to parties who have some affiliation with the parties in privity. The landmark case of Ultramares Corp. v. Touche, 255 N.Y. 170 (1931), rendered by the highest court in the state of New York, held that information suppliers who fail to use reasonable care are liable only to parties in privity. The court reasoned that to extend this duty to parties not in privity would expose information providers to liability to an indeterminate class of people for an indeterminate amount. The Ultramares court was willing to extend the information suppliers' duty of care to third parties that the information provider knew were the ones for whom the information was being furnished. In the case of CAs, this could easily include the intended recipients (i.e., the merchants). However, mere knowledge that the party in privity intends to use the information commercially in dealing with unspecified third parties did not create a duty of care toward such third parties.

{AP3.64} There is a continuum across jurisdictions in their adherence to the privity rule. Among the theories deployed by jurisdictions:

* Liability extends only to those in privity.

* Liability extends where the third party was known.

* Liability extends where the third party was known but only if there was actual communication between the information provider and the third party.

* Liability extends to all foreseeable third parties.

* Liability extends based upon a balancing of various factors.

* Liability extends only when the parties not in privity are physically injured.

{AP3.65} Given that there is not a standard for whether or not information suppliers are liable to parties not in privity, it is unclear to what extent the CA could be liable to merchants based on a CA's contract with consumers.

{AP3.66} One additional theory under which merchants could attempt to claim the benefits of the CA's warranties to consumers is the legal doctrine of "third party beneficiary." Generally, to be a third party beneficiary: (a) the merchant must be identified in the promises between the consumer and the CA, (b) the merchant must have the performance of the promise rendered directly to the merchant, (c) there must be a relationship between the consumer and the merchant that supports an intent to benefit the merchant, and (d) either (i) the merchant gets the CA's performance as a gift, or (ii) the consumer has an obligation to the merchant which is being performed by the CA. While some arguments could be made for the application of this theory to benefit the merchant, it would not be a traditional application of third party beneficiary law.

(iii) United States Federal Law - Magnuson-Moss.

{AP3.67} The Magnuson-Moss Act governs written warranties provided with "consumer products" (i.e., tangible person property which are normally used for personal, family or household purposes). The Magnuson-Moss Act requires that written warranties freely and conspicuously disclose, in simple and readily understood language, the terms and conditions of the warranty. Specific language must be included with any limitations of warranty or limitations of liability, and other restrictions regarding the manner of describing the warranty must be adhered to. While the Magnuson-Moss Act may apply to certificates, compliance with the Act is relatively mechanical.

(c) Contract Law in Certain Non-U.S. Jurisdictions.

{AP3.68} This section identifies some applicable European laws that could apply to transactions using digital signatures. As will be clear, although some general rules could apply in the consumer context, there are no comprehensive uniform rules that apply to consumer transactions in Europe or elsewhere.

(i) UN Convention on the International Sale of Goods.

{AP3.69} The UN Convention on the International Sale of Goods ("CISG") is the United Nations' counterpart to the UCC. However, the CISG applies to commercial sales only, not to consumer sales or service contracts, so its applicability to this Report is by analogy only.

{AP3.70} The CISG applies a predominant purpose test similar to the UCC's approach to determine whether its provisions apply to a particular agreement. The parties can contractually avoid the application of the CISG.

{AP3.71} Generally, it is slightly more difficult to form a contract under the CISG than it is under the UCC. For instance, the CISG requires a price to be specified in the contract. The CISG also requires that the acceptance mirror the offer on all material terms. If terms in the offer and acceptance differ, no contract is formed -- unlike the UCC, where a contract would be formed, but the conflicting terms would drop out and the UCC terms would fill in the gaps.

{AP3.72} The theory underlying the UCC is that parties rarely read the boilerplate in forms, and thus contracts should only consist of terms that the parties actually agree upon. The CISG, on the other hand, believes boilerplate terms are important, and a contract should not form unless all material terms are agreed upon.

{AP3.73} This difference provides insight into the philosophical underpinnings of the UCC and CISG that might impact the issue of whether a contract is deemed to be formed between CAs and merchants. Under the CISG, an offer addressed to specific people constitutes an offer if it is sufficiently definite and indicates an intention of the offeror to be bound. In contrast, an offer to many unspecified people is just an invitation to make an offer, unless contrary intent is clearly indicated. Under the CISG, any statement or conduct by the offeree indicating assent is an acceptance. The CISG is explicit that silence alone will not amount to an acceptance. Thus, the merchant's use of the certificate might be more likely to be deemed a valid acceptance under the UCC than it would under the CISG, which appears to require more formal assent to material terms. As indicated earlier, we believe it is unlikely that a contract is formed under the UCC between merchants and CAs, so it is doubtful a contract would be formed under the CISG.

(ii) E.U. Directive on Unfair Contract Terms.

{AP3.74} European Union Directives are legislative acts articulating E.U. policy which are binding on the European Union's member states. The Directives are intended to establish uniform legislation throughout the European Union, so that entities doing transborder business will have to comply with only one set of rules. Usually, member states have three years to conform their laws with an adopted directive.

{AP3.75} The E.U. Directive on Unfair Contract Terms addresses non-negotiated consumer form contracts such as those used by CAs. The Unfair Contracts Directive states that unfair terms are unenforceable but such terms may be severed from the contract and the remaining terms enforced. The Unfair Contracts Directive defines unfair terms to be those terms that are: (a) not negotiated and which are contrary to the obligation of good faith or which impose a significant imbalance in the parties' rights, and (b) obligations under the contract to the detriment of the consumer. The Unfair Contracts Directive describes types of terms deemed to be imbalanced, including terms that the consumer did not have the opportunity to appreciate before the contract was formed. However, the Unfair Contracts Directive allows for the consideration of circumstances and the nature of the goods or services sold. Finally, if terms have conflicting meanings, the term will be interpreted most favorably to the consumer. As with the principles of unconscionability in the U.S., the Unfair Contracts Directive could significantly circumscribe the CAs' ability to rely on the terms of its contract.

{AP3.76} Germany has a long-standing set of laws ("Gesetz zur Regelung des Rechts der Allgemeinen Geschaftsbedingungen" or "AGB­Gesetz") similar to the E.U. Directive on Unfair Contract Terms. The AGB­Gesetz generally provides that contract terms which one party has unilaterally established in advance with the intent of using them in a number of future transactions must be clearly identified to the other party, who must be given a reasonable opportunity to review these terms and approve them in advance. If these conditions are not complied with, the terms and conditions will be disregarded and the entire contract will be governed by statutory law. The AGB­Gesetz is generally interpreted by the courts in a very consumer­friendly way.

{AP3.77} Under the AGB­Gesetz, it is unclear to what extent courts will allow parties offering goods or services on the Internet to bind purchasers to standard contract terms which take up many computer screens and which would require the purchaser to spend a long time online reviewing them. Further, lengthy and complex certification practice statements could very well be unenforceable under the AGB-Gesetz.

{AP3.78} (iii) German Consumer Protection Laws. A number of statutes designed to protect consumers could prove problematic when applied in the context of digital signatures and electronic commerce. For instance, the "Law on Revocation of Contracts Concluded Door­to­Door" (Hausturwiderrufsgesetz) gives consumers a wide­ranging right to revoke contracts concluded "door­to­door" within a certain time limit. The extent to which this law would apply to online transactions concluded by consumers in their homes by digital signatures is a matter of debate in Germany. If it did apply, this law could allow consumers to invalidate transactions consummated using digital signatures. Similar issues arise with regard to the Law on Consumer Credit Transactions (Verbraucherkreditgesetz).

(d) Tort Law.

(i) Tort v. Contract.

{AP3.79} In general, parties are free to establish legal relationships with each other. This is done by contract. However, in common law jurisdictions, there are situations where, even when the parties do not enter into a contract, one party will owe a duty to the other party. The body of law imposing these duties is called tort law. There are situations where tort obligations can exist even though parties have entered into a contract governing their relationship. Indeed, in the United States, it is often difficult for merchants to prospectively disclaim, by contract or otherwise, tort liability for harms created by their products.

(ii) In the United States.

{AP3.80} The most likely basis for a tort action by a consumer or merchant against a CA is the tort of negligent misrepresentation. Generally, negligent misrepresentation requires the following elements: (a) there was a material misrepresentation, (b) the misrepresentation was false, (c) the information supplier breached a duty of care to provide accurate information to the party requesting information, and (d) the plaintiff suffered injury as a result. Many courts require the existence of some type of commercial relationship between the parties prior to imposing liability. Most jurisdictions do not extend liability to unknown third parties.

{AP3.81} The Restatement (Second) of Torts §552 (a highly persuasive summary of general U.S. law principles) states that one who, in the course of a business, profession or employment, or any transaction in which he has a pecuniary interest, supplies false information for the guidance of others in their business transactions, is subject to liability for the pecuniary loss caused by justifiable reliance on the information if he did not use reasonable care. In the case of CAs, the CAs will often be in a position to assert that merchants' reliance was not justified because of limiting language in the certification practices statement.

{AP3.82} Note that currently no standard of care currently exists for CA conduct so it is unclear what conduct will subject a CA to liability for negligent misrepresentation. The Utah Digital Signature Act contains some minimum standards, but these have not been universally adopted.

{AP3.83} Alternatively, some jurisdictions state that misrepresentations, even if innocent, will give rise to tort liability when the party disseminating the information had the means of knowing, ought to know, or had a duty to know the truth. These cases arose only in limited circumstances (primarily involving errors in aviation maps) and have been severely criticized by legal scholars.

{AP3.84} As with the discussion regarding extension of UCC warranties to third parties, jurisdictions have formulated a wide range of rules about who can assert tort claims for negligent misrepresentation and what the damages will be:

* The Restatements limit liability to loss suffered by a limited group of people for whose benefit and guidance one intends to supply the information for or knows the recipient intends to supply it to.

* The majority of jurisdictions allow no recovery for negligent misrepresentation for economic loss.

* Some jurisdictions allow recovery to those not in privity only for physical injury or economic loss caused by the use of a product.

* Some jurisdictions allow recovery for economic loss if there was a special relationship between the party acting tortiously and the injured party.

* Some jurisdictions take a broad view of the class of risks and the class of victims that are foreseeable.

{AP3.85} Currently, UCC Article 2B proposes to adopt an implied warranty regarding information which parallels the Restatements position. This approach has been criticized by some members of the drafting committee and certain legal scholars.

(iii) E.U. Directives on Products Liability.

{AP3.86} The European Union has adopted two Directives related to products liability that could potentially affect CAs. The "Strict Products Liability Directive" (85/374/EEC) imposes liability on manufacturers for injuries caused by defective products, even if the manufacturer was without fault. To recover, an injured party only needs to show damages, a defective product, and a causal relationship between the two. Under this Directive, damages are limited to personal injuries or property damage, but some E.U. member states permit recovery for pain and suffering or punitive damages as well.

{AP3.87} The "General Product Safety Directive" (92/59/EEC) requires manufacturers and suppliers to place only safe products on the market, to provide consumers with all relevant information related to risks associated with their use, and to inform consumers whenever use of a product may be dangerous. It also requires distributors to monitor the safety of products on the market, pass on information about product risks, and cooperate in actions taken to avoid such risks.

{AP3.88} It is unclear whether a certificate issued by a CA would be considered a "product" and thus within the scope of these Directives. Under the Strict Products Liability Directive, "products" are defined as "all movables . . . even [if] incorporated into another movable or into an immovable." Interestingly, electricity is expressly included as a "product." At least one United Kingdom case has suggested that software was a product under that country's implementation of this Directive, but its analysis focused primarily on the tangible nature of a floppy disk. We believe that it would be unlikely and inappropriate to categorize certificates as a "product" under these Directives, just as we concluded that it is unlikely that certificates will be categorized as a good under the UCC.

(e) Digital Signature/CA Laws.

(i) United States of America - State Laws.

{AP3.89} Several states within the United States are developing digital signature legislation. Several of the more important state efforts are surveyed here; a complete list of current state digital signature legislation is provided in Appendix 5. The Utah, California and Florida approaches represent three different approaches to the problem of developing legislation regarding digital signatures; many other states that have considered or have passed digital signature-related legislation have followed one of these three approaches.

{AP3.90} We have not attempted here to identify if any of these legislative efforts actually resolve some of the legal difficulties identified in the previous sections, although such an inquiry would surely yield some insight.

(1) Utah.

{AP3.91} The first state to adopt digital signature legislation was Utah, which enacted the Utah Digital Signature Act of 1995 (as amended) (the "Utah Act"). The Utah Act's stated goals are: (1) to facilitate commerce by means of reliable electronic messages; (2) to minimize the incidence of forged digital signatures and fraud in electronic commerce; (3) to implement relevant standards, such as Standard X.509 of the International Telecommunication Union; and (4) to establish uniform rules regarding the authentication and reliability of electronic messages.

{AP3.92} Under the Utah Act, a government agency assumes the obligations of being a "top level" CA and is charged with policy making, facilitating implementation of digital signature technology, and providing regulatory oversight. Licensing under the Utah Act is voluntary; however, licensed CAs are offered certain legal benefits. Utah may provide the same legal benefits to CAs licensed or authorized by other jurisdictions if the licensing or authorization schemes are substantially similar to the Utah Act and regulations.

{AP3.93} The Utah Act imposes certain duties on CAs and subscribers. Prior to issuing a certificate to a subscriber, the CA must confirm, among other things, that: (1) the prospective subscriber is the person to be listed in the certificate; (2) the information in the certificate is accurate; and (3) the subscriber rightfully holds the private key corresponding to the public key to be listed in the certificate. Neither the CA nor the subscriber can waive these requirements. By issuing a certificate, a CA makes certain warranties to the subscriber, including that the certificate contains no information the CA knows to be false and that the certificate satisfies all material requirements of the Utah Act. The CA cannot disclaim or limit these warranties. By issuing a certificate, a CA certifies to all who reasonably rely on it that, among other things, the information in the certificate is accurate and that the subscriber has accepted the certificate.

{AP3.94} By accepting a certificate issued by a licensed CA, a consumer certifies to all who reasonably rely on the certificate that the consumer rightfully holds the private key corresponding to the public key listed in the certificate, and that all representations made by the subscriber to the CA or otherwise incorporated into the certificate are true. A subscriber is obligated to indemnify the issuing CA for any loss or damage caused by publishing or issuing a certificate in reliance of: (1) a false and material representation of fact by the subscriber; or (2) the subscriber's failure to disclose a material fact done intentionally to deceive the CA or a person relying on a certificate or negligently. This indemnity obligation cannot be disclaimed or contractually limited in scope. By accepting a certificate, a subscriber also assumes a duty to exercise reasonable care to retain control of the subscriber's private key and to prevent its disclosure to any person not authorized to create the subscriber's digital signature.

{AP3.95} The Utah Act provides that, unless waived by the CA, a CA is not liable for any loss caused by reliance on a false or forged digital signature if the CA complied with all material requirements of the Utah Act with respect to the false or forged digital signature. A licensed CA is not liable in excess of the amount specified in the certificate as its recommended reliance limit for a loss caused by reliance on a misrepresentation in the certificate of any fact that the licensed CA was required to confirm. Furthermore, a licensed CA is only liable for direct compensatory damages and not for punitive or exemplary damages, damages for lost profits or lost opportunity, or damages for pain and suffering.

{AP3.96} If reliance on a digital signature is "not reasonable under the circumstances," the recipient of that digital signature assumes the risk that digital signature is forged.

{AP3.97} Several evidentiary presumptions arise under the Act, including:

(1) a presumption that a certificate digitally signed by a licensed CA and either published in a recognized repository or made available by the issuing CA or by the subscriber listed in the certificate is issued by the CA which digitally signed it and is accepted by the subscriber listed in it;

(2) a presumption that the information listed in a valid certificate and confirmed by a licensed CA issuing the certificate is accurate;

(3) a presumption that, if a digital signature is verified by the public key listed in a valid certificate issued by a licensed CA:

(a) that digital signature is the digital signature of the subscriber listed in that certificate;

(b) that digital signature was affixed by the signer with the intention of signing the message; and

(c) the recipient of that digital signature has no knowledge or notice that the signer: (i) breached a duty as a subscriber; or (ii) does not rightfully hold the private key used to affix the digital signature; and

(4) a presumption that a digital signature was created before it was timestamped by a disinterested person utilizing a trustworthy system.

{AP3.98} Unless waived, a recognized repository, or the owner or operator of a recognized repository, is not liable for its failure to record suspension or revocation of a certificate unless more than one business day elapsed after notice was received. Otherwise, the repository may be held liable for any loss of a person who relied on a revoked or suspended certificate, up to the amount of the recommended reliance limit on the relevant certificate and including only direct compensatory damages and not punitive damages or lost profits, savings, or opportunity. Repositories are not liable for misrepresentation in a certificate published by a licensed CA.

(2) California.

{AP3.99} In contrast to the broad scope of the Utah Digital Signature Act, California has adopted legislation pertaining only to digital signatures affixed to communications with public entities. The Act provides that a digital signature (which is defined as an electronic identifier created by a computer) shall have the same force and effect as a manual signature if: (1) it is unique to the person using it; (2) it is capable of verification; (3) it is under the sole control of the person using it; (4) it is linked to data in such a manner that if the data are changed, the digital signature is invalidated; and (5) it conforms to regulations adopted by the Secretary of State. Any party has the option to use or accept a digital signature. The California Secretary of State is supposed to promulgate regulations implementing the legislation by March 1, 1997.

(3) Florida.

{AP3.100} Florida's "Electronic Signature Act of 1996" authorizes the Secretary of State to be a CA to verify electronic signatures and requires it to study the use of electronic signatures for commercial purposes.

(ii) United States - Federal Laws and Regulations.

{AP3.101} The National Institute of Standards and Technology ("NIST") has algorithm standards in place for digital signatures. The Digital Signature Standard, or DSS, uses public and private keys, and users can encrypt a signature only or the entire message. In support of the DSS, the General Accounting Office issued a decision that electronic signatures create a valid contract consistent with federal law. The Pentagon also notified NIST that the digital signature standard can be used by the Defense Department to sign unclassified data and -- in some cases -- classified da