--- begin forwarded text
Delivered-To: rah@shipwright.com
Delivered-To: clips@philodox.com
Date: Tue, 2 May 2006 20:27:02 -0400
To: Philodox Clips List
From: "R.A. Hettinga"
Subject: [Clips] Cryptography Rides to the Notaries' Rescue
Reply-To: rah@philodox.com
Sender: clips-bounces@philodox.com
http://www.eweek.com/print_article2/0,1217,a=177014,00.asp
EWeek
Cryptography Rides to the Notaries' Rescue
May 1, 2006
By Larry Seltzer
To those who grew up in the electronic age, notarization of documents has
the odor of antiquity and obsolescence.
It is an ancient practice, but ironically it serves purposes directly
analogous to many of high priority for modern electronic documents. And now
modern security techniques are bringing notarization to the electronic
realm, to the benefit of both.
Think of notaries as an old-world authentication and accreditation system.
RELATED LINKS
* Telelogic's Popkin Purchase Prepares the Way for SOA
* When PKIs Learn to Connect
* nCipher Aids PKI Portability
* Popkin Partners With Lanner
* Popkin, Intalio Team on Biz Processes
In the United States, they are accredited by the state, and similar
positions are supported by governments the world over.
They witness the signature of documents, authenticate the signatories, and
accredit the signatures through a physical mark attached to the paper: an
ink stamp, a crimp, even a physical seal (how's that for old world?).
There are lots of problems with this system, but let's focus on two of
them: 1) paper notarization only works for paper documents, and the world
is going digital, and 2) the paper notarizations are subject to fraud of
various kinds.
Of course, traditional notarization has never really been about any actual
security created by the process.
Its true meaning is in the formality of the process, telling the signers
that they are committing an official act of some sort and underscoring
their risk of legal penalty for perjury or fraud.
The centrality of the symbolic aspect is basically still true of electronic
notarization, but the authentication aspect of the process becomes more
genuine.
The world of paper documents will continue to have these problems and be
totally symbolic, but strong notarization tools increase the incentive for
official document recording to go electronic.
Therefore the NNA (National Notary Association) has been pushing for states
to embrace e-notarization, or electronic notarization of electronic
documents.
Ziff Davis Media eSeminars invite: Join this eSeminar at 12:30 p.m. ET on
May 3 and learn the real risks and implications of vulnerabilities to your
business.
It has been adopted to varying degrees by seven states (California,
Colorado, Florida, Michigan, Pennsylvania, Texas and Utah), but
Pennsylvania has emerged as the poster child for widespread adoption.
According to the NNA, it is the only state where all the important actors
have signed on.
Over the next year the Pennsylvania Department of State is conducting Phase
I of its Electronic Notarization Initiative and expects all counties to
begin accepting e-notarized documents.
E-notarization is a specialized form of public key signing.
To become an e-notary (here in PDF form), one must, first of all, be a
commissioned notary of the conventional sort.
The applicant files an application, which, if accepted, allows the
applicant to receive an "Electronic Notary Seal" and their contact
information is forwarded to the NNA. The applicant pays a $24.95 fee to the
NNA.
At this point, the applicant has to appear in person before a participating
county Recorder of Deeds (there are four of them right now, explained here
in PDF form) and present their approval letter and satisfactory ID.
The Recorder will then enter the notary's ID information into the shared
Electronic Notary Seal database.
Only at this point does the NNA contact the notary and tell them how to
download their Electronic Notary Seal, which is an x.509 v3 certificate.
Cumbersome, isn't it? Don't expect an Amazon one-click version of this
process any time soon. And don't assume that electronic notarization can be
done remotely through a Web site.
E-notarization still requires the notary to physically witness the
signatories sign the document, albeit to apply their signatures
electronically.
As the Pennsylvania site says, "...the personal appearance rule must be
strictly followed. In addition, the signer of the electronic document must
be positively identified and screened for awareness and willingness."
When I say the signatories "sign the document," I refer to signatures in
the more conventional sense, not to digital signatures.
Probably the most common way this would be done is with a stylus on a
tablet PC or an attached device similar to the ones used in stores for
electronically signing credit card receipts.
Next Page: E-notarization mechanics.
How to the actual software procedures work for e-notarizing a document? The
Pennsylvania and NNA sites are not very specific about it. One very popular
way is to use Adobe Acrobat, which has good support for digital signing.
There are also a number of vertical software companies that have had to
contend with the notarization process and which are excited at the
possibility to provide for electronic notarization directly in their
products.
Consider Simplifile, which makes products for electronic document recording
at counties, or Tyler Technologies, which makes products for (among other
things) property appraisal and assessment.
It's also possible to use any free, off-the-shelf software that supports
x.509 certificates (Microsoft has some for free download).
These might be inconvenient, in that you might have to separately track a
file with a signature in it, as opposed to using a format like PDF that
supports signatures intrinsically.
No matter how they are made, if they follow established PKI x.509 standards
the notary's certificate can be checked by anyone not only for authenticity
with the certificate authority (GeoTrust, under contract to the NNA), but
check to see if their authority has been revoked or expired. Try doing that
with a conventional notary.
The PKI infrastructure thus makes notarization much more secure than in the
paper world, where it's too easy to photocopy a stamp or seal and duplicate
it.
It's a pretty radical change, though, for a practice that has been pretty
stable for hundreds, arguably thousands of years.
And it's not just a matter of getting individual notaries to embrace the
electronic approach; there are state-to-state and international legal
issues.
What happens when someone tries to use in one state a legal document
electronically notarized in another that doesn't yet have electronic
notarization?
The NNA says that such a case is in the courts in Michigan now and that
they have filed an amicus brief in it in support of electronic notarization.
The Constitution requires that states grant "full faith and credit" to the
legal decisions and procedures of others, but to an old-fashioned state
facing an e-notarization, it must surely seem as if the Martians have
landed.
As widespread as PKI is in computing, I have to think it's been
substantially a failure for not reaching so many areas to which it can
bring value.
Notarization could be a bellwether for the movement of PKI into mainstream
applications where strong authentication and accreditation are needed.
If it can't be made accessible and compelling enough, people will resist
it, and that would be to everyone's loss.
Security Center Editor Larry Seltzer has worked in and written about the
computer industry since 1983.
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
_______________________________________________
Clips mailing list
Clips@philodox.com
http://www.philodox.com/mailman/listinfo/clips
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'