It may just be an erroneous reference in the Wired article, but the HR 2391 bill does not contain any of the provisions described in the Original Post. The bill with that number does not even carry the same title as mentioned in the Wired article.
Perhaps someone knows the correct number of the bill and could post it here because I would like to read the bill for myself before calling my elected officials in Washington.
. . . will we then see a version of Region Codes embedded within Windows to prevent U.S. users from running the European version?
Perhaps no one in this country will be that interested in a European bootleg edition of Windows. On the other hand, the availability of separate editions would add some interesting aspects to the debate about customer choice.
I agree with your point and wish that tech people would stop confusing cryptographic authentication with "signatures". This has the potential to lead to some very bad legislation. I do not know if the law is still on the books, but a few years ago the State of Utah enacted a statute which DID specify methods of cryptography required in order to contstitute an electronic signature.
It is interesting to observe the people here arguing about folks who don't understand the tech behind digital signatures. The real problem is that most techs don't understand the law behind signatures.
Under our legal tradition, a "signature" is any mark or sign made by person to show that he intends to be legally bound. Thus, making an "x", placing your fingerprint in blood or even spitting on a piece of paper could be considered a signature. Under this principle, clicking your mouse on a button or icon within a program that is labelled, "Yes, I agree to the terms of this license and agree to be legally bound by them" could be deemed to be a signature.
The legal function of a signature is nothing more than a symbolic gesture. Although the unique character of a person's written signature can be used to authenticate a document or the identity of the person who signed it, that is not the legal function of a signature.
Authentication of contents and of the identity of the author of a document (or a file) are important functions, but there are means of accomplishing these functions quite apart from a signature. If someone employs an encryption algorythm to perform these functions, we should not call such algorythm or its output a "signature". To put it another way,
Although I agree with your conclusion, your premise is not quite correct. The historical and legal purpose of a signature was a symbolic one, not one of authentication or verification. Under our legal tradition, affixing a signature is an official statement - a symbolic gesture - that you recognize that you are assuming a legal obligation. It is not an act of authentication. Legally, a person may make any mark ( many contracts and treaties have been signed with a simple "X") as a signature. It is incidental to the legal effect of a person's written signature that it tends to be unique and may therefore offer a means of identification.
Slashdot Mirror
It may just be an erroneous reference in the Wired article, but the HR 2391 bill does not contain any of the provisions described in the Original Post. The bill with that number does not even carry the same title as mentioned in the Wired article.
Perhaps someone knows the correct number of the bill and could post it here because I would like to read the bill for myself before calling my elected officials in Washington.
. . . will we then see a version of Region Codes embedded within Windows to prevent U.S. users from running the European version?
Perhaps no one in this country will be that interested in a European bootleg edition of Windows. On the other hand, the availability of separate editions would add some interesting aspects to the debate about customer choice.
I agree with your point and wish that tech people would stop confusing cryptographic authentication with "signatures". This has the potential to lead to some very bad legislation. I do not know if the law is still on the books, but a few years ago the State of Utah enacted a statute which DID specify methods of cryptography required in order to contstitute an electronic signature.
Under our legal tradition, a "signature" is any mark or sign made by person to show that he intends to be legally bound. Thus, making an "x", placing your fingerprint in blood or even spitting on a piece of paper could be considered a signature. Under this principle, clicking your mouse on a button or icon within a program that is labelled, "Yes, I agree to the terms of this license and agree to be legally bound by them" could be deemed to be a signature.
The legal function of a signature is nothing more than a symbolic gesture. Although the unique character of a person's written signature can be used to authenticate a document or the identity of the person who signed it, that is not the legal function of a signature.
Authentication of contents and of the identity of the author of a document (or a file) are important functions, but there are means of accomplishing these functions quite apart from a signature. If someone employs an encryption algorythm to perform these functions, we should not call such algorythm or its output a "signature". To put it another way,
authentication != signature
signature != authentication
Although I agree with your conclusion, your premise is not quite correct. The historical and legal purpose of a signature was a symbolic one, not one of authentication or verification. Under our legal tradition, affixing a signature is an official statement - a symbolic gesture - that you recognize that you are assuming a legal obligation. It is not an act of authentication. Legally, a person may make any mark ( many contracts and treaties have been signed with a simple "X") as a signature. It is incidental to the legal effect of a person's written signature that it tends to be unique and may therefore offer a means of identification.