May 18, 2005

$850 million dollar email had Perfect Forward Secrecy

For those who consider the goal to be Perfect Forward Secrecy (or PFS as the acronymoids have it) think about the $850 million punitive damages awarded by a jury in Florida against Morgan Stanley and to the former owner of Sunbeam.

"The billionaire investor started the trial with an advantage after the judge in the case punished Morgan Stanley for failing to turn over e-mails related to the 1998 Coleman deal."

"Judge Elizabeth Maass ordered jurors to assume Morgan Stanley helped Sunbeam inflate its earnings. To recover damages, Perelman only had to prove that he relied on misstatements by Morgan Stanley or other parties to the transaction about Sunbeam's finances."

"Maass also allowed Perelman's lawyers to make reference to the missing e-mails in the punitive damage phase of the case Jurors examined whether any bad conduct by Morgan Stanley merited a punishment in addition to compensation they gave Perelman to offset his losses."

This is the core problem with PFS of course - which is the promise that your emails or IMs won't be provable in the future. It matters not that someone eavesdropping can't prove anything cryptographically, because it simply doesn't matter in the scheme of things. The node is where the threat is, and you are thousands of times more likely to come to blows with your partner than any other party.

Your partner has the emails. So whatever you said, no matter how secret, gets plonked in front of you in the court case, and you've got a choice: rely on PFS and lie about the emails, or say "it's a fair cop, I said that!" Unless this issue is addressed, PFS doesn't really effect the vast majority of the us.

Unfortunately addressing second-party-copies is very hard. I had mused that it would be possible to mark emails as "Without Prejudice" which is a legal term signalling that these conversations were to be kept out of court. Nicholas Bohm set me straight there when he explained that this only applied *after* you have entered dispute, by which time you are taking all care anyway.

Alternatively it may be possible to enter into what amounts to a contract with your companion to agree to keep these conversations private and ex-judicial. That might work but it has two big powerful limitations: it doesn't effect other parties seizing them and it doesn't apply to criminal cases.

Still there may be some merit in that and it will be interesting to experiment with once I get back into IM coding mode. Meanwhile, I'm wondering just what we have to do to convince Morgan Stanley to get into a $850 million tussle with us ... nice work if you can get it.

Posted by iang at May 18, 2005 07:40 PM | TrackBack

I would apply some economic metrics here:
In order to consider an evidence, I would estimate the cost of forging this evidence first.
For example, before paying their mercenaries, paramilitary organizations demand video-recordings of the hit-and-run operations. Of course, one could hire Hollywood to produce such a recording, but they -- correctly -- figure that it's cheaper for the thugs to actually do the dirty work instead of producing a fake recording.
Similarly with emails: there are costs associated with forging a digital signature and there are costs associated with faking an unsigned message (depending on what information is in there). It depends on the actual case, how these costs measure up to the claims.
I would think that in the digital world, where anything can be forged and nothing can be trusted with absolute certainity, this cost-benefit approach to evidence is the only way to go for justice providers. Be it criminal or civil cases, state-certified courts, or out-of-court arbitration services.

Posted by: Daniel A. Nagy at May 20, 2005 09:08 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.