Comments: Technologists on signatures: looking in the wrong place

> He's right. Thinking back, there really aren't ways in which a criminal
> could use a forged document sent by fax to defraud me.

Many bank customers, for the sake of convenience, have entered into agreements whereunder their bank is authorized to transfer funds anywhere based on a faxed say-so. I doubt that most banks rigorously check the authenticity of such faxes.

Posted by Ray at June 6, 2008 07:24 AM

I have read a great deal of poor quality discussions with respect to electronic signatures on a large variety of web sites, but have generally found the discussions on this web site to be more well informed, and it is for this reason that I post this comment.

A signature on a facsimile transmission is not acceptable in the particular circumstances of the sale of real estate because laws across the globe require the use of manuscript signatures, and the purpose of such laws is to prevent fraud – in Denmark, the Danish Western High Court in case U.2006.1341V refused to accept a scanned manuscript signature for the cancellation of a mortgage – such a decision would be the same in most other countries across the globe. Some jurisdictions reduce land and mortgage fraud by using notaries (Italian notaries are completely different to notaries in the US) (Italy is a good case in point, where such fraud is so low as not being capable of being measured: Michele Nastri, ‘Telematic Land Registers: the role of the civil law notary’, Digital Evidence and Electronic Signature Law Review, 4 (2007) 19 – 27).

What many people have signally failed to understand, is that judges have had to apply basic principles of law to changes in technology for hundreds of years – it really is nothing new. When contracts began to be commonly entered into at a distance in the late eighteenth century, so judges had to analyze different business models to establish whether a signature in a different format (such as a printed signature) could be held to prove intent. So it goes on, throughout the nineteenth century and into the twentieth century – not forgetting evidence of the proof of intent well before the wide-spread use of manuscript signatures (see chapter 2 of my book Electronic Signatures in Law (LexisNexis, 2nd edn, 2007) for the history of different forms of signature throughout the ages and the response by judges).
The reason for a signature is more than just to prove intent, and yes, it is correct to separate the signature itself from the security: these are two separate issues.

As for digital signatures, well, a number of cases from Russia (to be published in the 2008 issue of Digital Evidence and Electronic Signature Law Review) have clearly demonstrated how weak they are, as I have been writing about for some years now.

Please accept my apologies for referencing my own text and journal, but there are no other publications that I know of that combine the law and the technology. If there are, I will be delighted to know about them.

Stephen Mason, 16 June 2008

Posted by Stephen Mason at June 16, 2008 04:35 AM

Thanks! I have just added a category to cover digital signing, and am scratching my head as to why it wasn't there in the first place. This category should list all the references to court cases I know of, but you will almost certainly know more.

Your site looks like good stuff, feel free to refer to it :)

Posted by Iang (new category on Digital Signing) at June 16, 2008 11:39 AM

couple recent posts in microsoft crypto n.g. thread on "Certificate Purpose" that got into description of digital signature being "something you have" authentication

and there periodically being semantic confusion with "human signature" ... possibly because both terms contain the word "signature". misc. past posts about being called in to help wordsmith the cal. state electronic signature legislation (and later the federal electronic signature legislation)

and the oft repeated statement that "human signatures" have implication of having read, understood, agrees, approves, and/or authorizes (which isn't part of "something you have" authentication digital signature).

Posted by Lynn Wheeler at June 18, 2008 12:49 PM
Post a comment

Remember personal info?

Hit Preview to see your comment.
MT::App::Comments=HASH(0x55656f60a7f8) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/ line 125.