Strong Privacy


(DF) My private key somehow comes into the hands of a third party who uses it to impersonate me. What is my liability? Am I bound by agreements signed with my private key? [Someone might find it interesting to do a search for old cases involving seals--physical objects used to authenticate documents.]

(DF) Suppose I give my private key to someone else--say my girlfriend. How does that affect my legal responsibility for documents signed with that key? Her responsibility if she passes it on to someone else--say her new boyfriend?


(DF) An obvious weakness of any system to protect privacy by encryption is its vulnerability to human error--individuals who reveal information that the system treats as secret, as in the example above. How might you design a system to minimize that risk?

(DF) The police have evidence that you have been engaged in some illegal enterprise such as gambling or drugs and have seized your computer--only to discover that all the files on it are encrypted. Under current law, can they penalize you for refusing to decrypt the documents? You might want to think about constitutional arguments for and against.

(PYS) More and more individuals are storing their data in "the cloud".  How can they maintain their privacy when their private communications are only a subpoena or National Security Letter away?

Regulation and Taxation

(DF) Online commerce, especially with anonymity, raises serious problems for state taxation. What are different ways in which the states might deal with those problems? You might consider, in the case of schemes that require cooperation with the state where the seller is located, whether or not it is in the interest of that state to provide such cooperation.


(AC) For crimes or torts committed on the web where the transgressor is known solely by their cyber identification, how would the legal system effectively identify that person, and how would the injured party effectively notify the transgressor of a legal claim? Could the transgressor simply cloak themselves in the veil of privacy provided by the internet? Or would there be some way to track the transgressor down to a physical location? Would rules governing the procedure for putting an adverse party on notice of litigation (i.e., Federal Rule of Civil Procedure) have to be amended in such a way to correct this possible problem?

(PYS) A virtual company designs a widget and anonymously contracts with another company to manufacture the widget. Shipments are made directly from the manufacturer, or from a warehouse that has also been contracted with anonymously. A purchaser is injured by a widget and seeks to sue for product liabilty (defective design). Can/should the manufacturer be held liable even though they had no involvement in the product design?


(AC) If the internet and cyber identification (i.e., public and private keys) become increasingly prevalent in our society, it follows that a new area of law would develop (if it hasn't already) dealing with cyber crimes or torts. Could there be causes of action for cyber trespassing, assault, battery, negligence, intentional infliction of emotional distress, etc.? Would a new criminal code develop to deal with cyber crimes?

(PYS) Do I assume any kind of legal risk if I routinely sign the messages that I post publicly?  Specifically, what about the Fifth Amendment right against self-incrimination?  As we know from the rules of evidence, what you say can be used against you, but it cannot be used for your benefit at your request.(

What is preventing the widespread adoption of encrypted email?  What differentiates encrypted email from secure e-commerce, which has seen widespread adoption?

AC: Angus Cannon
DF: David Friedman
PYS: Previous Year Student

Some Relevant Law

Table of contents page

Course page

My Home Page