In theory, digital signatures should carry greater legal weight than handwritten signatures. Unfortunately, many ``quill pen'' laws are still on the books that only recognize the validity of paper records, and the legal status of digital signatures has not yet been tested adequately in the court system. There is evidence to suggest that if appropriate technology is combined with appropriate policies and procedures, the digital signature will eventually gain even stronger legal status than the existing record for handwritten signatures. In addition, the GAO has issued an opinion that digital signatures using the DSS are acceptable substitutes for handwritten signatures in most dealings with the US government [3]. For further information regarding the legal status of digital signatures, the interested reader is referred to [5, Chapter 3,].
There has been very little precedent in the area of liability for software systems, particularly when it comes to security features. Is a vendor better off to make no claims (or effort) toward providing security services in a system, in order to avoid liability claims, or is it better for them to make a good faith effort toward security, only to be compromised later by a clever hacker. In either case a party may be injured, exposing the software developer to liability. My hope is that legal liability does not get turned on its head, resulting in a greater threat to our well being through a lack of widespead tools for information security.