June 03, 2008

Technologists on signatures: looking in the wrong place

Bruce Schneier writes about the classical technology / security view and how it applies to such oddities as the fax signature. As he shows, we have trouble making them work according to classical security & tools thinking.

In a 2003 paper, "Economics, Psychology, and Sociology of Security," Professor Andrew Odlyzko looks at fax signatures and concludes:
Although fax signatures have become widespread, their usage is restricted. They are not used for final contracts of substantial value, such as home purchases. That means that the insecurity of fax communications is not easy to exploit for large gain. Additional protection against abuse of fax insecurity is provided by the context in which faxes are used. There are records of phone calls that carry the faxes, paper trails inside enterprises and so on. Furthermore, unexpected large financial transfers trigger scrutiny. As a result, successful frauds are not easy to carry out by purely technical means.

He's right. Thinking back, there really aren't ways in which a criminal could use a forged document sent by fax to defraud me.

The problem that shakes the above comments is that signatures are not tools to make things secure, nor to stop fraud. Instead, they are signals of legal intent. The law has developed them over centuries or millenia not as tools to make contracts binding, as per the simplistic common myth, or to somehow make it hard for fraudsters, the above security myth, but signals to record the intent of the person.

These subtleties matter. When you send a fax with your signature on it, it doesn't matter that the signature can be copied; it is the act of you creating and sending the fax with signature that establishes intent. Indeed, the intent can be shown without the signature, and the source of the fax is then as important as anything else. For this reason, we generally confirm what you intended somehow. Or we should, as Bruce Schneier writes:

On October 30, 2004, Tristian Wilson was released from a Memphis jail on the authority of a forged fax message. It wasn't even a particularly good forgery. It wasn't on the standard letterhead of the West Memphis Police Department. The name of the policeman who signed the fax was misspelled. And the time stamp on the top of the fax clearly showed that it was sent from a local McDonald's.

The success of this hack has nothing to do with the fact that it was sent over by fax. It worked because the jail had lousy verification procedures. They didn't notice any discrepancies in the fax. They didn't notice the phone number from which the fax was sent. They didn't call and verify that it was official. The jail was accustomed to getting release orders via fax, and just acted on this one without thinking. Would it have been any different had the forged release form been sent by mail or courier?

It's all backwards, according to the law. There should have been an intent, but there wasn't one. It wasn't that the policeman's signature established an intent, it was that the signature should have been a final step in confirming an intent that already existed. The point of phoning the policeman wasn't to check the signature, but to establish the intent. Which the signature would have nicely confirmed, but the check on intent isn't substitutable with the check on signature. As Jeff commented on the post:

Most people don't understand that signatures don't generally perform a security function, they perform a solemnization function. At least that was the case before the mathematicians got involved and tried to convince folks of the value of digitial signatures . . .. :-)

Before they got it totally backwards, that is. Your copied signature does not show intent by you, instead, it suggests an intent by you, that should be confirmed regardless. For you, this is good, as the principle of redundancy applies: you need something much more than one signature to lock you into a contract, or get you out of prison. And this process of showing intent bounces back to the signature in a particularly powerful protocol that is used in the legal world. This is a closely held secret, but I shall now reveal it and risk censure and expulsion for breaking the code:

Ask!

That's it, just ask the question. This can happen anywhere, but is best seen in a court setting: The judge says "Did you sign this?" If you did, then you say yes. (Else you're up for perjury, which is a serious risk.) If you didn't, you deny it, and then the court has a claim that it is not yours. The court now looks further to establish who's intent was behind this act.

It is for these reasons that digital signatures failed to make any mark on the real world, when cast as some sort of analogue to the human signature. Indeed, the cryptography community got it backwards, upside down and inside out. They thought that the goal was to remove the uncertainty and simplify the procedure, when in fact the goal was to preserve and exploit the uncertainty, and to augment the procedure. They were thinking non-repudiation, yet the signature is there to entice repudiation. They thought the signature was sufficient, yet it is no more than a signal of something much more important. They thought simplicity, when redundancy is the principle.

Digital signatures were presented as a new beginning and ending for electronci contracts, and users intuitively recognised they were neither a beginning nor an ending. Digital signatures were nothing, without a custom, and within a custom were shown to be more trouble than they were worth. Case in point: this is the reason why the digital signature on Ricardian Contracts is just cryptographic sugar: the intent is better shown by the server mounting the contract, by the issuer saying "I'm selling this contract", and by the system memorialising all these events in other signed records.

You might ask, why they are there, but I'll side-step that question for now :) Instead, let us ask, how then do we move forward and use digital signatures?

We should be able to see now that it is the wrong question. The right question is firstly, how do we establish intent, and the follow-up is, intent of what? Attest to a statement, conclude a negotiation, sell a house, contract for a road to be dug up, marriage with or without a shotgun? Once we have established that, we can construct a custom (techies would say a protocol) that captures the intent _and_ the agreement, suitable for the value at hand.

We might find a way to slip in some digsigs or we might not. That's because the role is to capture intent, not the signature. Intent is obligatory, signature is not.

(Indeed, this is why we say, in financial cryptography, the cryptography is optional, which causes no end of head-scratching. What then does a poor vendor of cryptographic digsigs do with them? Simple: define the digsig as meaning nothing, legally, outside an additional custom. Nothing, nix, nada, zip! And use them purely for their cryptographic properties, only. Which happen to be useful enough, if properly designed.)

Posted by iang at June 3, 2008 12:02 PM | TrackBack
Comments

> He's right. Thinking back, there really aren't ways in which a criminal
> could use a forged document sent by fax to defraud me.

Many bank customers, for the sake of convenience, have entered into agreements whereunder their bank is authorized to transfer funds anywhere based on a faxed say-so. I doubt that most banks rigorously check the authenticity of such faxes.

Posted by: Ray at June 6, 2008 07:24 AM

I have read a great deal of poor quality discussions with respect to electronic signatures on a large variety of web sites, but have generally found the discussions on this web site to be more well informed, and it is for this reason that I post this comment.

A signature on a facsimile transmission is not acceptable in the particular circumstances of the sale of real estate because laws across the globe require the use of manuscript signatures, and the purpose of such laws is to prevent fraud – in Denmark, the Danish Western High Court in case U.2006.1341V refused to accept a scanned manuscript signature for the cancellation of a mortgage – such a decision would be the same in most other countries across the globe. Some jurisdictions reduce land and mortgage fraud by using notaries (Italian notaries are completely different to notaries in the US) (Italy is a good case in point, where such fraud is so low as not being capable of being measured: Michele Nastri, ‘Telematic Land Registers: the role of the civil law notary’, Digital Evidence and Electronic Signature Law Review, 4 (2007) 19 – 27).

What many people have signally failed to understand, is that judges have had to apply basic principles of law to changes in technology for hundreds of years – it really is nothing new. When contracts began to be commonly entered into at a distance in the late eighteenth century, so judges had to analyze different business models to establish whether a signature in a different format (such as a printed signature) could be held to prove intent. So it goes on, throughout the nineteenth century and into the twentieth century – not forgetting evidence of the proof of intent well before the wide-spread use of manuscript signatures (see chapter 2 of my book Electronic Signatures in Law (LexisNexis, 2nd edn, 2007) for the history of different forms of signature throughout the ages and the response by judges).
The reason for a signature is more than just to prove intent, and yes, it is correct to separate the signature itself from the security: these are two separate issues.

As for digital signatures, well, a number of cases from Russia (to be published in the 2008 issue of Digital Evidence and Electronic Signature Law Review) have clearly demonstrated how weak they are, as I have been writing about for some years now.

Please accept my apologies for referencing my own text and journal, but there are no other publications that I know of that combine the law and the technology. If there are, I will be delighted to know about them.

Stephen Mason, 16 June 2008

Posted by: Stephen Mason at June 16, 2008 04:35 AM

Thanks! I have just added a category to cover digital signing, and am scratching my head as to why it wasn't there in the first place. This category should list all the references to court cases I know of, but you will almost certainly know more.

Your site looks like good stuff, feel free to refer to it :)

Posted by: Iang (new category on Digital Signing) at June 16, 2008 11:39 AM

couple recent posts in microsoft crypto n.g. thread on "Certificate Purpose" that got into description of digital signature being "something you have" authentication
http://www.garlic.com/~lynn/2008i.html#80
http://www.garlic.com/~lynn/2008i.html#83

and there periodically being semantic confusion with "human signature" ... possibly because both terms contain the word "signature". misc. past posts about being called in to help wordsmith the cal. state electronic signature legislation (and later the federal electronic signature legislation)
http://www.garlic.com/~lynn/subpubkey.html#signature

and the oft repeated statement that "human signatures" have implication of having read, understood, agrees, approves, and/or authorizes (which isn't part of "something you have" authentication digital signature).

Posted by: Lynn Wheeler at June 18, 2008 12:49 PM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.