[Clips] Cryptography Rides to the Notaries' Rescue

R.A. Hettinga rah at shipwright.com
Tue May 2 17:29:02 PDT 2006


--- begin forwarded text


  Delivered-To: rah at shipwright.com
  Delivered-To: clips at philodox.com
  Date: Tue, 2 May 2006 20:27:02 -0400
  To: Philodox Clips List <clips at philodox.com>
  From: "R.A. Hettinga" <rah at shipwright.com>
  Subject: [Clips] Cryptography Rides to the Notaries' Rescue
  Reply-To: rah at philodox.com
  Sender: clips-bounces at philodox.com

  <http://www.eweek.com/print_article2/0,1217,a=177014,00.asp>

  EWeek


  Cryptography Rides to the Notaries' Rescue

  May 1, 2006

  By  Larry Seltzer

  To those who grew up in the electronic age, notarization of documents has
  the odor of antiquity and obsolescence.

  It is an ancient practice, but ironically it serves purposes directly
  analogous to many of high priority for modern electronic documents. And now
  modern security techniques are bringing notarization to the electronic
  realm, to the benefit of both.

  Think of notaries as an old-world authentication and accreditation system.

  RELATED LINKS

  	*	Telelogic's Popkin Purchase Prepares the Way for SOA

  	*	When PKIs Learn to Connect

  	*	nCipher Aids PKI Portability

  	*	Popkin Partners With Lanner

  	*	Popkin, Intalio Team on Biz Processes

  In the United States, they are accredited by the state, and similar
  positions are supported by governments the world over.

  They witness the signature of documents, authenticate the signatories, and
  accredit the signatures through a physical mark attached to the paper: an
  ink stamp, a crimp, even a physical seal (how's that for old world?).

  There are lots of problems with this system, but let's focus on two of
  them: 1) paper notarization only works for paper documents, and the world
  is going digital, and 2) the paper notarizations are subject to fraud of
  various kinds.

  Of course, traditional notarization has never really been about any actual
  security created by the process.

  Its true meaning is in the formality of the process, telling the signers
  that they are committing an official act of some sort and underscoring
  their risk of legal penalty for perjury or fraud.

  The centrality of the symbolic aspect is basically still true of electronic
  notarization, but the authentication aspect of the process becomes more
  genuine.

  The world of paper documents will continue to have these problems and be
  totally symbolic, but strong notarization tools increase the incentive for
  official document recording to go electronic.

  Therefore the NNA (National Notary Association) has been pushing for states
  to embrace e-notarization, or electronic notarization of electronic
  documents.

  Ziff Davis Media eSeminars invite: Join this eSeminar at 12:30 p.m. ET on
  May 3 and learn the real risks and implications of vulnerabilities to your
  business.

  It has been adopted to varying degrees by seven states (California,
  Colorado, Florida, Michigan, Pennsylvania, Texas and Utah), but
  Pennsylvania has emerged as the poster child for widespread adoption.

  According to the NNA, it is the only state where all the important actors
  have signed on.

  Over the next year the Pennsylvania Department of State is conducting Phase
  I of its Electronic Notarization Initiative and expects all counties to
  begin accepting e-notarized documents.

  E-notarization is a specialized form of public key signing.

  To become an e-notary (here in PDF form), one must, first of all, be a
  commissioned notary of the conventional sort.

  The applicant files an application, which, if accepted, allows the
  applicant to receive an "Electronic Notary Seal" and their contact
  information is forwarded to the NNA. The applicant pays a $24.95 fee to the
  NNA.

  At this point, the applicant has to appear in person before a participating
  county Recorder of Deeds (there are four of them right now, explained here
  in PDF form) and present their approval letter and satisfactory ID.

  The Recorder will then enter the notary's ID information into the shared
  Electronic Notary Seal database.

  Only at this point does the NNA contact the notary and tell them how to
  download their Electronic Notary Seal, which is an x.509 v3 certificate.

  Cumbersome, isn't it? Don't expect an Amazon one-click version of this
  process any time soon. And don't assume that electronic notarization can be
  done remotely through a Web site.

  E-notarization still requires the notary to physically witness the
  signatories sign the document, albeit to apply their signatures
  electronically.

  As the Pennsylvania site says, "...the personal appearance rule must be
  strictly followed. In addition, the signer of the electronic document must
  be positively identified and screened for awareness and willingness."

  When I say the signatories "sign the document," I refer to signatures in
  the more conventional sense, not to digital signatures.

  Probably the most common way this would be done is with a stylus on a
  tablet PC or an attached device similar to the ones used in stores for
  electronically signing credit card receipts.

  Next Page: E-notarization mechanics.

  How to the actual software procedures work for e-notarizing a document? The
  Pennsylvania and NNA sites are not very specific about it. One very popular
  way is to use Adobe Acrobat, which has good support for digital signing.

  There are also a number of vertical software companies that have had to
  contend with the notarization process and which are excited at the
  possibility to provide for electronic notarization directly in their
  products.

  Consider Simplifile, which makes products for electronic document recording
  at counties, or Tyler Technologies, which makes products for (among other
  things) property appraisal and assessment.

  It's also possible to use any free, off-the-shelf software that supports
  x.509 certificates (Microsoft has some for free download).

  These might be inconvenient, in that you might have to separately track a
  file with a signature in it, as opposed to using a format like PDF that
  supports signatures intrinsically.

  No matter how they are made, if they follow established PKI x.509 standards
  the notary's certificate can be checked by anyone not only for authenticity
  with the certificate authority (GeoTrust, under contract to the NNA), but
  check to see if their authority has been revoked or expired. Try doing that
  with a conventional notary.

  The PKI infrastructure thus makes notarization much more secure than in the
  paper world, where it's too easy to photocopy a stamp or seal and duplicate
  it.

  It's a pretty radical change, though, for a practice that has been pretty
  stable for hundreds, arguably thousands of years.

  And it's not just a matter of getting individual notaries to embrace the
  electronic approach; there are state-to-state and international legal
  issues.

  What happens when someone tries to use in one state a legal document
  electronically notarized in another that doesn't yet have electronic
  notarization?

  The NNA says that such a case is in the courts in Michigan now and that
  they have filed an amicus brief in it in support of electronic notarization.

  The Constitution requires that states grant "full faith and credit" to the
  legal decisions and procedures of others, but to an old-fashioned state
  facing an e-notarization, it must surely seem as if the Martians have
  landed.

  As widespread as PKI is in computing, I have to think it's been
  substantially a failure for not reaching so many areas to which it can
  bring value.

  Notarization could be a bellwether for the movement of PKI into mainstream
  applications where strong authentication and accreditation are needed.

  If it can't be made accessible and compelling enough, people will resist
  it, and that would be to everyone's loss.

  Security Center Editor Larry Seltzer has worked in and written about the
  computer industry since 1983.
  --
  -----------------
  R. A. Hettinga <mailto: rah at ibuc.com>
  The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
  44 Farquhar Street, Boston, MA 02131 USA
  "... however it may deserve respect for its usefulness and antiquity,
  [predicting the end of the world] has not been found agreeable to
  experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
  _______________________________________________
  Clips mailing list
  Clips at philodox.com
  http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list