April 10, 2006

Notary Publics to Cryptographers - keep yur grubby mits off!

I've often written about how certain words are stolen and misrepresented in the field of FC. One is non-repudiation, which continues to bedevil some architectures and policies where they haven't been informed of the impossibility. Another is trust, which is more often used as a marketing plus than an admission of fundamental weakness. Yet another -- we're on a roll here -- is digital signature, which Lynn euphemistically refers to as sometimes being foolishly confused with signatures made by humans (one example v. another).

Philipp pointed me to a 2001 American Notarization Association position paper complaining about the abuse of the term 'notary' by the tech industry.

A Position on Misleading Usage of Notary Terms in the Electronic Age

Notarization, Notary, and related terms are being co-opted by certain private companies and state legislatures and applied to processes that have nothing to do with valid, legally recognized notarization. These new processes either do not involve state-commissioned Notaries at all or they violate key principles involving trusted third parties, principles that form the bedrock of commerce and law.

The repercussions of this verbal misappropriation can be devastating to consumers because, believing they are receiving certain protections from a process misrepresented as notarization, they may instead find themselves victimized by loss of valuable personal and real property without the legal assurances offered by valid notarization.

Where I've complained about the term notary is in the OpenPGP forum where there are efforts (every 12 months or so) to bolster up the capability of that protocol to do notary stuff. My comments were quite simple - the meaning and application of the word is completely different between civil law and common law, so when you apply the term into an international, cross-jurisdictional cryptoprotocol such as OpenPGP, which were you referring to?

Such comments were nowhere near as informed as this document, which includes a very concise, clear definition of the process, at least in US terms:

Fundamental Components of Notarization

In order to fully appreciate the harm caused by misleading usage of the term notarization it is necessary to understand the fundamental components of a traditional notarial act. Briefly explained, there are five essential steps in an acknowledgment;2 acknowledgment is the notarial act most often used to authenticate documents of great monetary value:

* Personal Appearance: The document signer must appear in person before, and communicate with, the Notary Public, face to face, in the same room. Physical presence allows the Notary not only to identify the signer, but also to make observations and commonsense judgments that the individual appears willing and aware.

* Identification: The Notary must positively identify the document signer beyond a reasonable doubt, either through personal knowledge of the individual's identity, the sworn vouching of a personally known credible witness, or reliable identification documents.

* Acknowledgment by Signer: Personal appearance and identification are meaningless without a context, and it is the signer's active acknowledgment of a particular signature, document, and transaction that provides the context.

* Lack of Duress: Integral to the acknowledgment is the Notary's observation that the signer was not under duress or direct physical threat at the hands of a third party.

* Awareness: Essential as evidence of the signer's intent is the Notary's observation and judgment that the signer appears to be conscious and aware at the time of signing.

Hot Dang! Try doing that in a remote-parties cryptoprotocol with NIST-approved blah blah. I have to admit, I'm impressed by the quality of writing in this paper. It goes right for the jugular.

Corporate License

Increasingly, American corporations offering Public Key Infrastructure (PKI)3 management services have been using the terms Notary and notarization to describe their services. These processes typically involve the time-date stamping of text, and they amount to notarization only in the metaphorical sense. These services do not provide the assurances associated with official notarial acts by a state-commissioned Notary Public and, for that reason, they lack the legal authority of proper notarization, which is "... to provide prima facie evidence of the truth of the facts recited in the certificate and to establish the genuineness of the signatures attached to an instrument."

It is repeatedly asked in circles where crypto really matters what the form of statement your average CA is making. This paper points out one of the flaws in the process - a CA may well not have any legal authority to make the statements that it is purporting to make! Think the so-called digital signature laws might resolve this? Think again:

Governmental License

Another development is adding to the current state of confusion in the marketplace and it is potentially more harmful to the public than deceptive misuse of sensitive terms by corporate marketers; that is, poorly thought-out redefinition of notarial procedures by hasty lawmakers.

Names are named! Not only are the States various slammed for their laws, many commercial services are given a darn good slapping. Read the whole thing, if only to see how no-nonsense rejections of poorly thought-out marketing programmes can be written. We need more of these!

Posted by iang at April 10, 2006 01:29 PM | TrackBack

Hmmm... I now realise that the title is in error. The plural should be Notaries Public, for some obscure english grammatical reason. Should I change the title? Dilemmas, dilemmas...

Posted by: Iang at April 11, 2006 11:48 AM

above references my comments about semantic confusion caused by the word "signature" being in both "digital signature" and "human signature".

misc. collected postings about having worked on electronic signature legislation

Posted by: Lynn at April 11, 2006 11:49 AM

Yes, it should be Notaries Public. A lot of people make that mistake though. And being in the notary industry, it is frusterating that people are getting things confused!

Posted by: mobile notary at November 1, 2006 04:12 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.