April 03, 2005

JIE - Contracts in Cyberspace

Daniel points at the Journal of Interesting Economics, which I hadn't been aware of. It looks like an interesting experiment. There, I found David Friedman's "Contracts in Cyberspace" paper, which describes how contracts might form with anonymous and distanced parties.

I think I would say that Friedman's paper describes well and comprehensively how people thought it might pan out given the technological mix. Since the heady days of the 90s when anything was possible with a public key and a laptop, we have had at least a little experience in some of these predictions. Here's my shot at what I see we've learnt.

Firstly, public key cryptography is by far and away the most overrated technical enabler. It has achieved almost none of the things that were predicted, and those that were achieved were mostly done through other means. As a few examples:

  • heterogeneous contracts are formed simply from documents. If you have the document and you have the agreement then you have the contract; the signatures did not need to be digital to achieve the contract.
  • the message digest (or hash) has formed a far more powerful record of intent and control, as a digital signature, than the public key signature in contract formation. I say this based on the experiences of the Ricardian Contract, which even though it includes a public key signature, uses the hash of the contract as glue to bind the entire payment system together (also). It would be 99% as strong without the public key signature, and I personally would have plenty of confidence in running it without public key signatures as long as the hash was there - but it isn't worth the discussion to take out the public key signatures.
  • where public key signatures make a difference is in access and routine transactions (homogeneous or fungible contracts). Obviously we use them heavily in payments, and there is no way known that we could ditch them in that arena; using just hash signatures would expose the payment system to insider fraud and outsider theft.

Having said all that, I think the public key metaphor will remain strong, and there is no need to stop using it. Practitioners and builders however want to be aware that the limits of public keys come much sooner than anyone really predicted a decade ago.

Secondly, reputation systems have not really worked as well as people thought, IMHO. Yes, I know about eBay, but simply the record of the number of transactions has been the biggest enabler there, as because the reputation system is so intrusive on the formation of new contracts, each additional entry has been limited to a race to the top: "absolutely divine experience!!" is almost the only thing that one is likely to write.

Other systems I have seen have suffered similar artifacts. In contrast,within the digital gold market, reputation has arisen and exists through a complex entanglement of information. Newlists, personal contacts, blogs like this one, and websites like the Craig's fee plot page have all contributed more to reputation in real markets like the digital gold market than any formal notion of collecting numbers and trying to present a reputation-in-a-digit.

Thirdly, dispute resolution: Friedman points to the possibilities of arbitration, as being admittedly attractive on paper. Having been through one, and having seen groups struggle to set up arbitration, I'd have to say it is a slow process. Stating it doesn't seem to obviate a slow painful evolutionary process towards it.

It may well be that arbitration will arise, but I don't see much support for that claim. Or indeed for the contrary, that it won't arise .. I feel the jury is simply out on that point.

In the forums I've seen (again, mostly the digital gold field) it hasn't. Most disputes went either to court (including ones with complex cross-border jurisdictional problems), or were not settled at all. Indeed, those that shouted about arbitration the loudest seemed also to be those that ran fastest into court.

Having said all that; I would say that David Friedman's paper is a good starting point. Experience points in different directions, but one can also say that it is early days yet, and I wouldn't want to commit to any of the above comments in an academic forum - we simply lack enough data to be able to be firm on where and how contracts will go in the future.

Posted by iang at April 3, 2005 09:49 AM | TrackBack

Thanks again Ian for another interesting link!

From my perspective it seems that the crypto-geeks/technorati are well prepared to deliver the goods to make this stuff all work. I'm less well convinced that the legal community is even in the slightest interested. Case law in the courts (U.S. anyways) is just slowly coming out of the '70s era. Judges now are starting to figure out how to change the clock on their VCR. It's a vicious catch-22 - until publickey technologies become more mainstream in business dealings the law won't catch up; until the law catches up the maths won't be implemented.

Posted by: Wren at April 3, 2005 10:42 AM

As to how prepared we are, yes! We have delivered the technology; but the business aspects have slowed us down.

I wouldn't worry about the legal community. They do best when they follow behind and clean up the mess. Controversially, they showed just how far out of tune they can be with reality when they get ahead of the technology with the whole "digital signature law" mess.

Although not a big barrier, in our field we continually trip over digsig law and have to skirt around it by one means or another. As a current example, the laws are slowing down the introduction of differentiated certificates in the slick-like-molasses field of x.509 PKI browsing. Whether we will find a way around the laws remains to be seen.

(Digital signature law is a dremple, to use the FC term of art, which is a small barrier that gets in the way, but if we have too many of them, we end up not getting anywhere.)

Posted by: Iang at April 3, 2005 11:26 AM

some recent posts on public key operations

TLS-certificates and interoperability-issues sendmail/Exchange/postfix

xml-security vs. native security

PKI: the end

there is the issue of possible semantic confusion with the term "digital signature" containing the word "signature" and possibly implying something related to human signature. digital signature basically provides

1) indication of whether message has been altered

2) from 3-factor authentication, the validation of a digital signature implies that the originator had access to and used a specific private key (aka "something you have" authentication).

typically, a human signature indicates that somebody has viewed, read, understood, approved, agreed, and and/or authorizes something .... none of which is implied by the standard digital signature process.

in fact, some number of digital signature based authentication schemes have a server sending random data (that is never viewed) for digital signature (authentication, random data as countermeasure against replay attack).

if the same digital signature mechanism were to be used to also imply human signatures ... then a possible attack on the infrastructure would be to transmit a valid document under the guise of random data (in an authentication protocol) for digital signature.

Posted by: Lynn Wheeler at April 3, 2005 02:36 PM

When the Capo orders a contract it is executed.

Posted by: Gotti at April 4, 2005 05:53 AM

I think that even when we (try to) use the digital signature paradigm like a human signature, it still doesn't work because it's more like a rubber stamp. We need to own something (the secret key). Something, that can be stolen from us, that we may lose, that is not available to us at any time in any place. This, in my opinion, in a major roadblock to ubiquitous signatures. Right now, I am working on the technology to overcome it. I actually do have a working prototype, so it is very-very promising.
Also, it is worth noting that digital signatures and reputation based on them does work in one system: OpenPGP identity certification. It is admittedly a geek toy, but tens of thousands of people are using it with success.
This said, I also strongly agree with Ian that one-way hashes are a much more important and powerful tool to entangle information and unambiguously refer to documents. My ePoint payment system also hinges on these and provides digital signatures only for dispute resolution purposes. Preliminary experiments with users (it is used as an exchange medium in a file-sharing community) indicate that they seldom bother with verifiing the digital signatures, and yet the system works.
Another interesting observation is that young people (e.g. teenagers) take these things much more seriously than grown-ups. They become familiar with the technology to the extent that they are willing to trust it much faster. From that point on, a digitally signed promise carries significant weight. Young people are willing to sustain losses to save their reputation.
I think, digital signatures have not lived up to the promise because the authenticity of documents with a reasonable trail is seldom questioned. An email from my address is accepted as having been written by me. A page downloaded from my website is accepted to be posted by me. Heck, this comment is universally accepted to have been written by myself. Why?

Posted by: Danial A. Nagy at April 4, 2005 01:56 PM

I see a lot of bad thinking about digital signatures which could be improved by thinking more clearly about handwritten signatures. People hold digital signatures to an unrealistic standard which handwritten signatures could never meet. Handwriting can be forged; signatures standing alone have no obvious meaning; commercially signatures are often implemented literally with rubber stamps. Yet signatures have played an important and successful role in commerce for thousands of years.

The truth is that digital signatures are better and more secure than handwritten ones, but they are not infinitely better. People need to stop thinking "magically" about digital signatures and recognize them for what they are, evidence of intent; not perfect evidence, but good evidence. Compare them with a handwritten signature in a similar context and ask yourself, what is that signature telling us, and how strong is the evidentiary link to the ostensible signer's intent?

This kind of reality-based analysis will help avoid the simplistic and superficial analysis of digital signatures that we often see in the ecommerce world.

Posted by: Cypherpunk at April 5, 2005 02:18 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.