[H-GEN] Constitutional amendments

David Starkoff dbs at humbug.org.au
Fri Jun 26 06:28:02 EDT 1998


On Fri, 26 Jun 1998, Paul Gearon wrote:

> I definately agree that the constitution shouldn't mention any specific
> system or software by name.  Instead I'd be inclined to simply specify
> digital encyption/authemtication as implemented by protocols ratified by
> the commitee (or general vote).  That would lend flexibility, but at the
> same time disallow people trying to encrypt official business with
> something stupid like DES. 

If you're looking for more substantial information, I was thinking along
something the lines of...

    Any electronic proxies received by the Secretary for a meeting must be
    authenticated.

    Authentication may include, but is not limited to:
      (i)   Examination of message headers,
      (ii)  Cryptographic methods,
      (iii) Further confirmation, and
      (iv)  Executive policy as determined from time to time

Possibly with a couple of other alternatives.  Thus, the constitution is
fairly broad.  Executive policy as determined from time to time may
stipulate PGP, with public keys verified at HUMBUG meetings.

Or something like that.

I'm sure we're imaginative enough to fill in the blanks.  :-)

[Legislative reticence]

> Quite correct, which is why I suggested the inclusion of these protocols
> in the constitution.  Perhaps I'm just naiive (no, let me rephrase that
> - I _am_ naiive) but I would think that any protocol like this could be
> considered legitimate if it were specifically mentioned in something
> like the constitution or a contract.  In terms of contracts, practically
> anything mentioned which isn't in violation of the law can be made
> enforcable.  Constitutions also regularly state that individuals must
> meet certain conditions in order for something to be considered valid,
> and these conditions may have no association with legislation.  Couldn't
> these principles be extended to encryption protocols? 

There is a large scope, always, for freedom of contract.  Generally,
people can agree to whatever they like.  Both the rules of an
unincorporated association (well, sort-of) and the constitution of a
corporation are considered contracts.

However, certainly with corporations, there's legislation governing the
area.  And with most contracts too.  Legislation that sometimes you just
can't contract out of.  And some of the provisions in the Corporations Law
are of this sort.

Now, before going any further, I'd also like to modify what I said earlier
about the provision in the CLRB.  When I posted that message, I was going
on my memory of the provision, which I skimmed and noted `that's strange,
how backward'.

I've since had an opportunity to re-read the provision, and I think I owe
the readers of this list, and the followers of this debate, a reproduction
of the section which I was referring to.  And, I think, it means we
shouldn't have a problem.

If the CLRB is passed by the Parliament, then it will be in s 252Z of the
Corporations Law, entitled `Proxy documents'.  Sub-section (4) of that
section, entitled `Ineffective appointments of fax or electronic
notification' provides:

    (4) An appointment of a proxy if ineffective if:
          (a) the responsible entity receives either or both the
              appointment or authority at a fax number or electronic
              address; and
          (b) a requirement (if any) in the notice of meeting that:
                (i)  the transmission be verified in a way specified in
                     the notice; or 
                (ii) the proxy produce the appointment and authority (if
                     any) at the meeting;
              is not complied with.

I apologise for my jumping the gun earlier.

> My concern was in case someone tried to dispute an electronic proxy
> which had been authenticated.  Without careful provision in the
> constitution the people using the authentication system wouldn't have a
> legal leg to stand on, even if it could be proven beyond mathematical
> doubt that the proxy was authentic.  Since everyone is currently happy
> to use and trust systems like PGP, I figured that we could remove all
> ambiguities about its use.  (Perhaps even set up a precedent for
> corporate contracts   :-)

All delusions of changing the world aside,[1] my personal, and at the
moment unresearched, opinion is that if we allow electronic (albeit
`authenticated') proxies, that will be fine.  As long it is specified in
our constitution, I can't seeing us having too much of a problem, even if
the results our challenged.

The strength of PGP would stand in our favour in that instance.

   ``Well, how did you know the proxy came from this person?''

   ``It was PGP-signed by him.[2]''

   ``But it wasn't *signed*, was it?''

   ``There's one in fifty-seven-trillion chance[3] that someone could have
   the same PGP key as him.  I personally verified the key fingerprint at
   a HUMBUG meeting.  I'm sure it came from him.  In fact, I'm more
   confident that it came from him than if he had have signed a note.

   Even if a malicious, vote-rigging, disgruntled HUMBUG member, broke
   into his house, got control of his computer and attempted to send out
   the proxy, he'd still need to know his pass-phrase.  And if you want
   to go to all the effort of either (a) getting his pass phrase from him
   or (b) doing it without his help, then you may as well have either (a)
   forged his signature or (b) got him to sign the document under
   duress.''

Or so the argument could go.[4]

If any other members have some opinions about this, or how the section in
the constitution could be worded to provide for more adequate protection
of electronic proxies, then please either post to the list or to me.

As I see it, HUMBUG is a fairly distributed sort-of club.  Its members are
more computer savvy than the general populace.  I think it's fair to say
that as computer technology goes, we're a standard deviation or two above
the mean.

It would be silly to let the very nature of the club preclude its members
from taking part in the decisions of the club.

David.

[1] :-)  Tongue very firmly in cheek.
[2] Or her.
[3] Insert appropriately, and accurately, large number here.
[4] And we've got to think about these things, don't we Robert?  :-)
--
dbs at humbug.org.au | http://student.uq.edu.au/~s343905/

``For my part, I find the proposition an affront to commonsense.''
        -- Justice Callinan





More information about the General mailing list