Make a Submission
No. 4 (158) (2003)
Artykuły

Odpowiedzialność związana z zastosowaniem podpisu cyfrowego

[Liability associated with the use of digital signatures]

  • Adam Ambroziewicz

Published 2003-12-29

Keywords

  • civil liability,
  • tortious liability,
  • certification,
  • contractual liability,
  • electronic signature
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Odpowiedzialność związana z zastosowaniem podpisu cyfrowego: [Liability associated with the use of digital signatures]. (2003). Studia Prawnicze The Legal Studies, 4 (158), 63-84. https://doi.org/10.37232/sp.2003.4.3

Abstract

It is possible to base a claim for damages suffered in electronic communications on the principle of fault. Indeed, according to Articles 415 and 416 of the Civil Code, if the culpable behaviour of an authority of a certification body is in an adequate causal relationship with the damage caused to anyone, that body is obliged to compensate for it.

If the activity of issuing, suspending or publishing the certificate is entrusted to an employee or contractor, the relevant provisions of the Labour Code or the Civil Code (Article 120 of the Labour Code and Article 429 of the Civil Code) will apply. In this case, there must be a causal link between the offender's action and the damage.

According to Article 15 of the Act [of 18 September 2001 on electronic signature, Journal of Laws No. 130, item 1450. as amended] the recipient of certification services is obliged to store the data used for affixing an electronic signature in a manner ensuring its protection against unauthorised use during the validity period of the certificate used to verify the signature. This obligation should also be extended to the data for the electronic certification, since in essence this certification fulfils the same functions as an electronic signature.

An [electronic] signature affixed after the prerequisites for suspension or revocation of a certificate, and before these actions have taken place, shall remain valid and effective. Any analogy to a handwritten signature is out of place here, as a signature can be made by any person who has come into possession of a private key. The risk of such a signature, or, to put it another way, the risk of conduct creating grounds for de-certification, is in principle borne by the owner of the signature key.

In the absence of a reasonable suspicion of the existence of grounds for invalidation, the damage caused by temporary deprivation of [electronic] signature effectiveness is liable to be repaired by the certification authority on the basis of fault pursuant to Article 415 of the Civil Code in connection with Article 21(4) of the Act [of 18 September 2001 on electronic signature, Journal of Laws No. 130, Item 1450, as amended] or on the basis of an agreement on certification services (Article 11(1) in connection with Article 5(1) and Article 21(4) of the Act).

In a situation where the data contained in the certificate has become out-of-date and the subscriber has not fulfilled a contractually stipulated obligation to complete it, the certification body shall not be liable to persons placing their trust in the certificate. This follows from a functional interpretation of the provision of Article 11(3) of the Act on electronic signature.

The provision of Article 11 of the Act [of 18 September 2001 on electronic signature, Journal of Laws No. 130, item 1450, as amended] therefore contains a presumption of fault on the part of the debtor (certification body). However, its exoneration is possible. An example of a circumstance excluding liability is force majeure in the form of power cuts.

Due to the broad nature of the definition (services related to the electronic signature), undoubtedly a certification service [Article 3(13) of the Act of 18 September 2001 on electronic signature, Journal of Laws No. 130, item 1450, as amended] certification service should be regarded as all activities concerning the signature verification process. If, for example, during or before this process, an employee of the certification body causes a defect in the verification and damage occurs, grounds for claiming compensation arise. An agreement for the generation of an asymmetric key pair is an agreement of result. It would seem reasonable to apply the provisions of a contract for specific work in agreements for the generation of a key pair.

The certification body shall not be liable to the recipients of the services for damages resulting from the use of the certificate outside the scope specified in the certification policy. The rationale for excluding this liability is that a referral (e.g. in the form of a hyperlink) to the certification policy must be included in the certificate.

The scope and limitations of the use of the certificate are derived from the certificate agreement and other information concerning it, provided pursuant to Article 14 of the Act on electronic signature. If the certificate is used outside the designated scope, the certification body's liability is excluded. Restricting the scope of use of a certificate can apply, as can restricting the use of an electronic signature, to certain types of contracts or contracts of a certain value. A subjective limitation on the application of the certificate is also permissible if, of course, both parties to the contract agree. This is a contractual stipulation whereby the certification body and the subscriber agree that the certificate can only be used by a specific person or persons or a specific category of persons (e.g. natural persons).

References

  1. Bieniek G. (red.), Komentarz do kodeksu cywilnego. Księga trzecia - Zobowiązania, t. 1, Warszawa 2002.
  2. Borowicz K., Ustawa o podpisie elektronicznym. Komentarz, Bielsko-Biała 2002.
  3. Bradford Biddle C., Misplaced Priorities: The Utah Digital Signature Act and an Liability Allocation in a Public Key Infrastructure, http://www.bradbiddle.com/MP.htm [dostęp: 1.03.2003].
  4. Bradford Biddle, Legislating Market Winners; Digital Signature Law and Electronic Commerce market place, http://www.acusd.edu/biddle/LMW.htm [dostęp: 1.12.2003].
  5. Drozdowicz M., (Nie)bezpieczny podpis elektroniczny, „Przegląd Prawa Handlowego” 2003, nr 1.
  6. Ellisn C., Schneier B., The Risks of PKI. What You are not being told about Public Key Infrastructure, „Computer Security Journal” 2000, nr 1, s. 1-7, http://www.counterpane.com/pki-risks.html [dostęp: 1.04.2003].
  7. Fahn P., Answer to Frequently Asked Questions About Todays's Cryptography, http://www.rsa.com/rsalabs/faq/faq_home.html Hyperlink [dostęp: 1.09.2003].
  8. Garlicki S., Odpowiedzialność cywilna za nieszczęśliwe wypadki, Warszawa 1971.
  9. Gwiazdomorski J., Próba korektury czynności prawnej, ,,Zeszyty Naukowe UJ. Prace z Wynalazczości i Ochrony Własności Intelektualnej” 1974, nr 1.
  10. Jacyszyn J., Przetocki J., Wittlin A., Zakrzewski S., Podpis elektroniczny. Komentarz, Warszawa 2002.
  11. Jędrzejewska A., Koncepcja oświadczenia woli w prawie cywilnym, Warszawa 1992.
  12. Koch A., Metodologiczne zagadnienia związku przyczynowego w prawie cywilnym, Poznań 1975.
  13. Łętowska E., Zbieg norm w prawie cywilnym, Warszawa 2002.
  14. Norek E., Krajowy Rejestr Sądowy i postępowanie rejestrowe, Warszawa 2001.
  15. Orzeczenie SN z 28 maja 1968 r., „Orzecznictwo Sądów Polskich i Komisji Arbitrażowej” 1969, poz. 95.
  16. Pfaffenberger B., Słownik terminów komputerowych, Warszawa 1999.
  17. Pietrzykowski K. (red.), Kodeks Cywilny. Komentarz, t. 1, Warszawa 2002.
  18. Radwański Z. (red.), Prawo cywilne – Część ogólna, System Prawa Prywatnego, t. 2, Warszawa 2002.
  19. Radwański Z., Elektroniczna forma oświadczenia woli, „Monitor Prawniczy” 2001, nr 22.
  20. Rozporządzenie Rady Ministrów z 7 sierpnia 2002 r. w sprawie określenia szczególnych warunków technicznych i organizacyjnych dla kwalifikowanych podmiotów świadczących usługi certyfikacyjne, polityk certyfikacji dla kwalifikowanych certyfikatów wydawanych przez te podmioty oraz warunków technicznych dla bezpiecznych urządzeń służących do składania i weryfikacji podpisu elektronicznego, Dz.U. 2002 Nr 128, poz. 1094.
  21. Smedinghoff T.J., Certification Authority Liability Analysis, http://www.bakernet.com/ecommerce [dostęp: 1.10.2002].
  22. Sneddon M., Legal Liability and e-transactions, http://www.dcita.gov.au [dostęp: 1.04.2001].
  23. Sośniak M., Bezprawność zachowania jako przesłanka odpowiedzialności za czyny niedozwolone, Kraków 1959.
  24. Szostek D., Podpis elektroniczny, Problemy cywilnoprawne, „Przegląd Prawa Handlowego” 2001, nr 1.
  25. Szpunar A., Odszkodowanie za szkodę majątkową, Bydgoszcz 1998.
  26. Ustawa z 20 sierpnia 1997 r. o Krajowym Rejestrze Sądowym, t.j. Dz.U. 2001 Nr 17, poz. 209 z późn. zm.
  27. Ustawa z dnia 23 kwietnia 1964 r. Kodeks cywilny, Dz.U. 1964 Nr 16, poz. 93.
  28. Wierciński J., Niemajątkowa ochrona czci, Warszawa 2002.
  29. Zeuner A., Schadensbegriffund Ersatz von Vermogensschaden, „Archiv für die civilistische Praxis” 1964, t. 163.