The Essential Role of Trusted Third Parties in Electronic Commerce

The article describes the role of "Certification Authorities" (CAs) in the emerging field of electronic commerce. CAs issue certificates to participants in electronic commerce that provide indicia of identity or authority, or supply a transactional timestamp. Several states, including California, Utah, Washington, Florida, Georgia, and New Mexico, have passed ,or are considering, legislation to regulate CAs; the article seeks to inform this process by examining the law applicable to the issuance of digital certificates absent specific legislation. As part of an effort to identify legal problems CAs are likely to engender, the article examines a CA's potential liability if a customer tricks a CA into issuing a false identity credential. Among the issues discussed are the size of the class of foreseeable relying parties and whether the CA produces a "good" or a "service" or a hybrid of the two under Article 2 of the U.C.C. The article concludes with a survey of the major arguments for and against regulation of CAs, and cautions against over-hasty grants of blanket immunity of CAs against liability for their own negligence.