This topic contains 6 replies, has 4 voices, and was last updated by  Geber 7 years ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #13958

    Geber
    Participant

    I noticed that in Microsoft Office 2010, when a document has several signatures, signatures may be added and removed without affecting the validity of the other signatures. This means, for example, that Joe could sign, then the notary could sign. After the document leaves the notary, someone could remove Joe’s signature and add a different one.

    #14260

    BradfordF
    Participant

    What you have noticed present a problem, in my opinion. This question should be solved in order to prevent the creation of invalid documents.

    #14261

    Geber
    Participant

    @bradfordf wrote:

    What you have noticed present a problem, in my opinion. This question should be solved in order to prevent the creation of invalid documents.

    That depends on what you mean by “invalid”. Many states have passed the Uniform Electronic Transactions Act, but have not passed any additional rules about electronic notarization. In those states, a notarized document could consist of a Word document with typed signatures of the principal and notary, with no public key infrastructure signatures at all.

    See https://en.wikipedia.org/wiki/Public-key_infrastructure

    It would be up to the principal to decide how much security he wanted. In states where notaries may freely decline to act, it would be up to the notary to decide if he wanted to be associated with a signing where the security was extremely weak. In states where the notary is required to act unless there is a legally acceptable excuse (like no ID), nobody knows if the notary could refuse to notarize an electronic document with extremely weak security.

    #14262

    DocVerify
    Participant

    Without sounding like we’re trying to promote our product, but our e-notary system has all of the integrity security measures one can possibily need and much much more already built into the DocVerify system. The entire signing process has a complete audit trail, the documents have layers upon layers of hashing, pki hashing, and pki to guarantee the document cannot, and has not been changed throughout it’s entire life cycle. Not to mention a very sophisticated document encryption system in the background.

    In fact, our proprietary technology is so advanced that if one even tampered or changed a document not only does it watermark the document in their possession, but in some cases inform the owner of the tampering, and any one can easily instantly validate the integrity of a document to see if it has been tampered with by either going to our portal and uploading it, using our API’s to validate it, or using the public key to validate it on your own system.

    You get all of this automatically… nothing to learn or do extra on your part. All you got to do is simply upload the document to be notarized, and we do the rest for you; afterall, we started out as a document security company many years ago.

    Why risk it? with https://www.DocVerify.com you’re protected.

    #14263

    LindaHFL
    Participant

    @geber wrote:

    I noticed that in Microsoft Office 2010, when a document has several signatures, signatures may be added and removed without affecting the validity of the other signatures. This means, for example, that Joe could sign, then the notary could sign. After the document leaves the notary, someone could remove Joe’s signature and add a different one.

    In FL, our certificates require the name of the person(s) whose signature(s) is/are being notarized – not just a blanket “Subscribed and sworn to.. ” or “Acknowledged before me…” – it must contained “by who is personally known or who provided xxx as identification”. I would guess that removing names or signatures from a doc would invalidate the notarization..

    Isn’t tampering with docs like this some sort of fraud?

    BTW…careful how much you rely on Wiki – although I love it as a huge source of info, it’s my understanding it’s like a couple other sites out there – info added by multitudes of laypeople, not necessarily authoritative.

    JMO

    #14264

    Geber
    Participant

    LindaH/FL,

    I agree that a notary certificate that does not name the signer would be especially vulnerable.

    As for fraud, there does not seem to be one crime named “fraud” in my state. Instead, there is a whole chapter in the law titled “frauds” with a laundry list of crimes. The general theme seems to be deceiving someone for profit. So I would say that changing a signature by itself is not fraud, but it could be part of a fraud depending on the circumstances.

    Most notary laws, including laws about electronic notarization, seem to be written with the mindset of paper documents, where any change to the document tends to be visible and raise suspicion. The laws are usually lacking in specifying exactly what the notary is certifying to. Is it the text of the document, the signature, or both? Notary laws also tend to be hazy about what the notary is certifying to about the signer. If a capacity is mentioned, is the notary certifying to it? Florida is good in this respect with it’s “who represented to me that…” wording. If a suffix (Jr.) is mentioned, is the notary certifying it? It’s all quite hazy.

    I see that the Florida notary manual is all very rah-rah and says how easy it is. It also mentions using Word.

    The relevant Florida law section is 668.50, Florida’s version of the Uniform Electronic Transactions Act, which can be found at
    https://www.law.upenn.edu/bll/archives/ulc/ecom/ueta_final.pdf
    The version from the uniform law commission has commentary, unlike the Florida statutes.

    The part about electronic notarization (Florida version) says

    (11) NOTARIZATION AND ACKNOWLEDGMENT.—
    (a) If a law requires a signature or record to be notarized, acknowledged, verified, or made under oath, the requirement is satisfied if the electronic signature of the person authorized by applicable law to perform those acts, together with all other information required to be included by other applicable law, is attached to or logically associated with the signature or record. Neither a rubber stamp nor an impression type seal is required for an electronic notarization.

    So no special security is required. An ordinary Word document with typed signatures of the signer and notary would do. Scary.

    #14265

    Geber
    Participant

    @banishi2 wrote:

    Signature is always shown in documents but you can lock the documents for security purpose. In this way no budy can change the signature.

    That seemed like a clever idea, so I tried it in Word 2010. First I created signature lines. Then I went to the backstage and picked Info –> Protect Document –> Restrict Editing and specified the “No changes (Read only)” option. I specified a password that would be needed to remove the restriction. Then I signed the document. (Yes, I was able to sign the document on the pre-existing signature line even though no changes were allowed.) Then I changed the signature to a different signature.

    So it turns out that “Restrict Editing” does not protect signatures.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.