Massachusetts Legal Hackers
Blockchain Digital Signature
The following Memo was contributed by Allyson N Hammerstedt, a new Massachusetts Legal Hackers member who we thank for both her written contributions and her active, constructive participation in the Mock Trial run through!
TO: MIT Legal Hackers/Dazza Greenwood
FROM: Allyson N. Hammerstedt
DATE: July 12, 2017
RE: Blockchain Digital Signatures Mock Trial – overview of procedural standards re foundation and evidentiary objections
How to Lay Proper Foundation for Witness
In order to satisfy that the electronic signature is authentic, Federal Rule of Evidence 901 identifies several factors:
"This standard can generally be satisfied by evidence that (1) the computer equipment is accepted in the field as standard and competent and was in good working order, (2) qualified computer operators were employed, (3) proper procedures were followed in connection with the input and output of information, (4) a reliable software program was utilized, (5) the equipment was programmed and operated correctly, and (6) the exhibit is properly identified as the output in question."
State v. Swinton, 847 A.2d 921, 942 (2004). Extrinsic evidence regarding the authenticity of the digital signature as a condition precedent of admissibility is not required to establish that the "electronic message to which the digital signature is affixed has not been altered from its original form" and that the "digital signature corresponds to a specific public key pair." 31 C.F.R. § 370.39.
The person testifying about the electronic signature can use direct or circumstantial evidence to show the account that the digital signature was sent from, sufficient detail to confirm that the party in question was the party who signed the document, and evidence that the party receiving the digital signature took action based on it.
Likely Angles for Objection—Evidentiary Issues
Even after authenticating the electronic signature, there are other evidentiary issues for objecting.
The biggest evidentiary issue relates to hearsay. In Massachusetts, Mass. Gen. L. ch. 233, sec. 78 creates the business records exception. In order to satisfy the requirements for a business record, the document must be: "(1) made in good faith (2) in the regular course of business and (3) before the beginning of the civil or criminal proceeding where (4) it was the regular course of such business to make such memorandum or record at the time of such act, transaction, occurrence or event or within a reasonable time thereafter." Mass. Gen. L. ch. 233, sec. 78.
Relevance and prejudice are also arguments for objecting, but based on the facts of the mock trial, these arguments would not hold up because the document is at the center of the question about whether a breach occurred; therefore, it can be argued that the document is inherently relevant.
Other Notes From July 12 Massachusetts Legal Hackers:
The following script is intended as a starting point to guide the process of entering Blockchain-Backed Digital Signatures into evidence as part of the Massachusetts Legal Hackers practice mock trial walk through on July 12th at 6:45pm at the MIT Media Lab.
In the course of a breach of contract suit, the attorney wishes to introduce a computer printout that sets forth the date, amount, payee and purpose of a payment issued by 123, Inc. in order to show that 123, Inc. made a payment to Alice Arlington in purchase of her used car. This sample dialog demonstrates the introduction of that printout and assumes that counsel will be required to show the reliability of the process that produced the printout.
NOTE: This draft is adapted from the sample examination contained in the background reading below (see: § 12.4.7 Sample Examination) but this may not be a desirable or even workable witness examination approach for the purpose of revealing the likely evidentiary issues raised by this technology. One notable complexity with the approach is that it assumes a business is one of the parties and that the business is large enough to have technology staff. One implication of assuming a sizable business as one party in litigation is that the scope and circumstances of the underlying fact pattern may become too complex and hence burdensome to be realistically simulated within the time and resources proportional to this exploratory and relatively informal activity. Experienced litigators and others with expertise in the field of evidence are welcome and encouraged to offer modified or completely different approaches.
ATTORNEY: Please identify yourself, stating your occupation and place of employment.
WITNESS: My name is Linda Green, and I am the director of data and applications for 123.
ATTORNEY: How long have you held that position?
WITNESS: Since January 2012.
ATTORNEY: What are your responsibilities as the director of of data and applications?
WITNESS: I am responsible for the collection, organization, maintenance, and dissemination of all data used by 123 in the regular course of its business.
ATTORNEY: Are you familiar with cryptographic digital signature?
ATTORNEY: What are they?
WITNESS: They are [define]
ATTORNEY: Does ABC, Inc. make use of cryptographic digital signatures?
WITNESS: Yes, since June 2017, 123 has used cryptographic digital signatures.
ATTORNEY: Are you personally familiar with the application and processes used by 123?
WITNESS: Yes. I was responsible for our selection and deployment of the application used to generate, store, share and verify the digital signatures and I have participated in the design of all software projects currently in use by 123.
The witness then describes, in answer to a series of questions, the application and its capabilities, including how the application uses standard Bitcoin core wallet and signing libraries to generate a cryptographic key pair and public blockchain address for each user, as well as the particular workflows that replaced 123’s prior email-confirmation based electronic signature method.
ATTORNEY: Are the blockchain ledger and signature application systems you have just described used in the regular course of 123’s business?
ATTORNEY: Is it the regular course of business of 123 to store copies of all digitally signed data executed by this application on a server physically located at your office and also on a cloud backup you host on Amazon Web Services?
ATTORNEY: Who at 123, Inc. is responsible for managing the backup process for signature data?
WITNESS: John Brown, 123’s chief financial officer, and his two assistants, Mary Conto and Tim Armana.
ATTORNEY: Are you familiar with the manner in which such data is collected and stored in the the local data server and cloud backup?
ATTORNEY: Please describe the way in which it is done.
The following remains to be drafted:
ATTORNEY: Your Honor, I offer the printout into evidence as Defendant’s Exhibit 2.
OPPOSING COUNSEL: Objection.
JUDGE: Objection overruled. The printout is [...admissible...].
ATTORNEY: Linda, what is the document that has been marked as Exhibit 2?
WITNESS: 123, Inc.’s purchase agreement for Alice’s used car.
ATTORNEY: Is the purchase agreement kept in the regular course of business by 123?
ATTORNEY: What is the date of the agreement?
ATTORNEY: How much did 123 agree pay for Alice’s car based on the agreement?
WITNESS: [state amount]
ATTORNEY: Who signed the agreement on behalf of 123?
WITNESS: I did.
ATTORNEY: Does the agreement state that you signed it?
ATTORNEY: How do you know that you signed it?
WITNESS: Because of my cryptographical signature right here.
ATTORNEY: Did Alice sign the agreement using a cryptographical signature?
WITNESS: Yes, she did.
ATTORNEY: How do you know that?
WITNESS: Because her cryptographical signature appears right here on the document.
ATTORNEY: How do you know that it was Alice who made that cryptographical signature?
WITNESS: [Explain how 123’s cryptographical signature process is foolproof.]
ATTORNEY: Thank you Linda, that is all I have.
QUESTIONING OF ALICE BY ALICE’S ATTORNEY:
ATTORNEY: Good morning can you please state your name for the record?
WITNESS: Alice Arlington.
ATTORNEY: Where do you reside?
WITNESS: Cambridge, MA.
ATTORNEY: Do you know 123, Inc.?
ATTORNEY: What is it?
WITNESS: A car dealership.
ATTORNEY: Have you ever been there?
WITNESS: Yes, I have?
ATTORNEY: Why did you go there?
WITNESS: I was considering selling my car to them.
ATTORNEY: Did you?
ATTORNEY: Who did you speak with at 123?
WITNESS: A woman named Linda?
ATTORNEY: What did you speak about?
WITNESS: I showed her my car and we talked about how much it was worth and whether 123 would buy it from me.
ATTORNEY: Did 123 make you an offer?
ATTORNEY: Did you accept the offer?
WITNESS: I thought about it and we went over some paperwork but ultimately I chose not to sell it to them.
ATTORNEY: So you never signed any paperwork with 123?
WITNESS: No I didn’t.
ATTORNEY: Thank you Alice that is all I have:
123’s ATTORNEY’s CROSS of ALICE:
ATTORNEY: Alice, please look at Exhibit 2. Does your cryptographic signature appear on this agreement?
WITNESS: I don’t think so.
ATTORNEY: Well, your name appears towards the bottom of the agreement, doesn’t it?
WITNESS: Yes it does.
ATTORNEY: No further questions your honor.
[Should there be a short closing argument by the attorneys where they summarize the important evidence that establishes (or does not establish) a valid signature/agreement]
-------- END ------
Next Steps from July 12 2017 Meeting:
The evidence is not sufficient to attribute the digital signature to the party who purportedly executed the signature
The date/time of the signature relates to a different transaction or activity
The date/time of the signature corresponds to the transaction or activity being litigated but document is irrelevant to the matter
The witness was not the purported signer and lacks direct knowledge of the signing event
This objection could be appropriate if the party seeking to enter the digital signature into evidence makes a motion requesting Judicial Notice of blockchain technology or requesting information entered onto a public Blockchain to be considered self-authenticating
Attack Security Flaws of the Implementation
Is the use of expert testimony required in order to do an initial walk through intended to reveal the likely key evidentiary issues. Is there a credible and useful model of routine litigation by parties such as small businesses or individuals that is somewhat above the dollar thresholds for small claims court but pursued by parties who may lack the resources to engage expert witnesses?
What props or other tangible artifacts can and should be used to explain the evidence?
What artifact would be entered into evidence - a disk?
If a print out of the file that was signed and the hash of the contract document is to be entered, then must the electronic record instantiating the contract have been a plain text file or markdown file encoded in a format such as UTF-8? Otherwise, if the file that was digitally signed was in PDF, MS Word or other such format, would the printout need to be something like the hex or octets that were actually signed? If the raw data is printed and entered into evidence in machine readable but not human readable form, what is the purpose of printing it in the first place?’
APPENDIX: 31 CFR §370.0 - §370.47
“Electronic Transactions and Funds Transfers Related to US Securities”
§370.0 What does this part cover?
(a) Scope. This part applies to the transfer of funds by the Automated Clearing House method as used by us in connection with United States securities. This part also provides regulations for the electronic submission of transaction requests through us, except as varied by agreement or as otherwise provided. This part does not apply to transactions for the sale of United States Savings Bonds accomplished through savings bond issuing agents generally, except and to the extent we direct otherwise.
(b) Operating Rules of the National Automated Clearing House Association and Regulations of the Financial Management Service. The Operating Rules of the National Automated Clearing House Association generally apply to these transactions. However, the Operating Rules do not apply to the extent that the Operating Rules are preempted entirely and excluded specifically by application of Financial Management Service regulations in part 210 of this chapter. In the event of any inconsistencies between this part 370 and either the Operating Rules or part 210, this part 370 applies.
(c) Regulations of the Board of Governors of the Federal Reserve. To the extent that Regulation E (12 CFR part 205) and Regulation Z (12 CFR part 226) of the Board of Governors of the Federal Reserve System apply to transactions authorized by this part, those Federal laws are unaffected by this part 370.
(d) Variance by agreement. The terms of this part may be varied by agreement.
§370.1 What special terms do I need to know to understand this part?
Digital signature means a type of electronic signature. A signer creates a digital signature by using public-key encryption to transform a message digest of an electronic message. If a recipient of the digital signature has an electronic message, message digest function, and the signer's public key, the recipient can verify:
(1) Whether the transformation was accomplished with the private key that corresponds to the signer's public key; and
(2) Whether the electronic message has been altered since the transformation was made.
Electronic message means information that is stored in an electronic medium and is retrievable in perceivable form.
Electronic signature means a signature of an electronic message that:
(1) Identifies and authenticates a particular person as the source of the electronic message; and
(2) Indicates such person's approval of the information contained in the electronic message.
Message digest function means an algorithm that transforms an electronic message into a seemingly unintelligible, generally smaller, result called the message digest. A message digest function has these qualities:
(1) The same electronic message yields the same message digest every time the algorithm is executed;
(2) It is computationally infeasible that an electronic message can be derived from the message digest result produced by the algorithm; and
(3) it is computationally infeasible that two electronic messages can be found that produce the same message digest using the algorithm.
§370.35 Does the Bureau of the Fiscal Service accept all electronically signed transaction requests?
An electronic signature will not be accepted if it has not been accomplished through a method that has been approved for specific purposes by us.
§370.36 When does a transaction request become effective?
Except for auction bids of U.S. securities or unless otherwise agreed, a transaction request becomes effective at the moment we send a confirmation message. In no instance does a transaction request become effective before we actually receive the request.
§370.37 Where is the point of transaction for an electronically submitted transaction request?
For jurisdiction and venue purposes, the point of transaction for a transaction request handled pursuant to this subpart is Parkersburg, West Virginia, regardless of from where the transaction request is transmitted or where the transaction request is actually processed.
§370.38 What is the legal effect of an electronic signature?
An electronic signature and any electronic message to which it is affixed or attached may not be denied legal effect, including legal effect as a signature, a writing, or an original, solely because the signature or record is in electronic form.
§370.39 To what extent is a digital signature admissible in any civil litigation or dispute?
In asserting a digital signature against you in any civil litigation or dispute, extrinsic evidence of authenticity as a condition precedent of admissibility (such as testimony about the scientific validity of digital signatures) is not necessary to establish:
(a) That a digital signature corresponds to a specific public key pair, and;
(b) That an electronic message to which the digital signature is affixed has not been altered from its original form.
§370.40 Can I be held accountable if my negligence contributes to a forged signature?
(a) General. If your failure to exercise ordinary care substantially contributes to the submission of a forged signature, then you cannot claim that the signature is a forgery. However, we cannot invoke this section against you if we cannot first establish that we were reasonable in relying upon the signature. If we can do so, you bear the burden of production and the burden of persuasion in establishing your exercise of ordinary care. If you cannot do so, then you cannot claim that the signature is a forgery.
(b) Exception. This section has no application in any dispute involving a debit authorization or credit card transaction.
§370.41 What limitations exist on liability?
In no instance does our liability extend beyond the amount of the transaction.
§370.46 Are there any situations in which the Bureau of the Fiscal Service may waive these regulations?
We reserve the right, in our discretion, to waive any provision of these regulations in any case or class of cases. We may do so if such action is not inconsistent with law and will not subject the United States to substantial expense or liability.
§370.47 To what extent may the Bureau of the Fiscal Service change these regulations?
Any aspect of this part may be changed at any time and without notice. You assume the risk that a change may terminate a provision that was to your advantage. Nothing in this part creates vested rights in your favor.
 Michelle L. Querijero, Esq., Documentary Evidence §9.17: Foundation, Shipman & Goodwin LLP 33–34 http://www.shipmangoodwin.com/files/19628_Chapter09Final.pdf (last visited July 12, 2017).