I am working on a project, for which it may be important for me to prove that I have completed certain milestones at certain times.
For example - I would like to be able to demonstrate that feature A was completely finished by March 31, 2008, in the face of other people claiming that it was only completed by June 15, 2008.
I am thinking of doing this by making periodic archives of my source code / document repository, and using encryption software (e.g. GnuPG) to create a digital signature of those archives. I will then print out the signature files, and have them notarized. This will prove that the files were created on the date of notarization at the latest.
So, in court, I could simply demonstrate that the signature matches the archived file - and then unpack the archive and demonstrate that it contains a complete implementation of feature A.
The notarization is required because it would be trivial to change the computer’s clock, and thus fake the dates on the signatures.
Does anyone see a problem with this approach, or a better way to do it? Is GnuPG a decent program to use to do this (i.e. will it hold up in court), or is there a commercial program that would be better to use?
This needs to be absolutely bulletproof and unquestionable. If it comes down to simply printing out the entire repository every month and having that notarized, I will do that if I have to.
FYI, this is what a digital signature file looks like - this is what I would be printing out and having notarized:
The method you propose would be adequate proof to anyone with sufficient grounding in computer science to understand it. Whether it would work for a court, though, I don’t think anyone here can tell you. It sounds to me like you need a lawyer.
One way I’ve heard of that you can supposedly prove you had possession of something on a given date is to place the evidence in an envelope and mail it to yourself by registered mail.
When you receive said envelope, store it UNOPENED in a safe place along with the receipt for the registration.
If any questions come up at a later time, you can simply produce the envelope and its content before credible witnesses.
Note that I do not know if this would stand up in court.
Well, if there is a lot riding on this and you think there is a possibility of litigation or settlement negotiations, then Chronos is right: you might want to consult the advice of an attorney rather than the advice of the internets.
Proving the date of the delivery of, well, deliverables is just an ordinary evidentiary problem; one that lawyers and judges handle each and every day that court is open. You don’t need any magic words or rituals. All you need to do is document your performance in a way that is fairly accurate and reliable. Your plan to notarize signature files would be probably be enough. In fact, if you could show that you sent an email saying “Boss, I completed deliverable X today, Wednesday, April 1, 2009. Please confirm,” followed by anything other than your boss’s disagreement (including even no response) would tend to make your case so long as you can show your boss would have seen these emails.
Would it be bulletproof? In the sense that you could march into court and wave a notarial seal and the orchestra will stop playing and the dancers will come to a halt? No. But if you notarize the signature files, you could probably prevail on summary judgment, which is close, I guess.
Note: I am not your lawyer and this message is for general information purposes only. Nothing in this message is to be considered as either creating an attorney-client relationship or as rendering of legal advice for any specific matter. You are responsible for obtaining such advice from your own legal counsel. No reader should act or refrain from acting on the basis of any information contained in this message without seeking appropriate legal or other professional advice on the particular facts and circumstances at issue.
Probably not. This scheme is often referred to as “Poor Man’s Copyright,” for the idea that you could prove authorship by mailing the text to yourself. According to snopes.com, it’s not a technique that is admissible in either US or UK courts. (We have discussed this here in other threads, but my search skills are lacking).
As for the OP, demonstrating that a feature was complete via source code is problematic. it’s open to all kinds of interpretation. Kimmy Gibbler’s suggestion is right on… that’s what I’ve always done with projects I’m working on, and getting the other party to agree that you’ve met a milestone will go a hell of a lot further than trying to deconstruct lines of source code.