Slashdot Mirror
Digitally Notarized Documents in Brazil
Remote writes: "As of next year, Brazilians will be able to obtain notary-authenticated digital documents and have them sent over the Internet (English) . You can also obtain a CD or floppy from a notary office, containing your document encrypted with an assymetric key. The key generation, though, demands that one shows up in person at the notary office for ID verification. This was made possible by legislation that recognises public-key encrypted documents and signatures as legally valid. This is one first step, and I don't see why this wouldn't be applied to things like contracts, invoices, wills, etc. Brazilian Notary and Register Association claims that one can even print as many copies of, say, your driver license as desired, though I don't see how this part would work..."
With all these laws being passed left and right towards internet and computer related technologys, i cannot work out which bloody country is the most technology and freedom with technology friendly of them all. Germany used to be my favorite, but with the recent DNS mess, i really dont know Anyone have any comments on this?
Microsoft IIS is to webserving as KFC is to healthy eating
Turkey!
discussing this technology almost 5 years ago.
unfortunatly we have here in brasil some of the best cracker in the world. sooner or later one of them will find a way to crack the digatal signatures.
The bad point is that the press don't know the diffence between "crackers" and "hackers", so as soon as the first digitaly signed forgery shows up, the brasilian press will start mudslinging hackers as the culprits.
it's about time we start a PR campaign to teach the public and the press about the diference.
What ? Me, worry ?
I don't know, but as a brazilian, I'm quite worried about this. One thing is to digitally sign digital documents, but to sign digitally sign real documents and allow anyone to print them as authentic copies! This opens a large space to fraud! If I'm able to print a document, why couldn't I change it before I print it, for instance? And what would make this document that I printed in my computer a really authenticated copy? I sense a lot of frauds coming...
Ricardo da Silva Lima
Music files?
And your point is??
I mean, whatever yoou call them, if someone breaks the law, he/she will have to deal with it.
I doubt police will blast into your house because you once wrote an email saying that you are an hacker.
Nobody outside slashdot really gives a damn about the difference about hacker and cracker. Just stop calling yourself hacker and you won't have to feel half as concerned.
Why do people have to go around telling that they are hackers, geeks, nerds anyway?
Stupid vanity, get busy with your code instead!!
This is really nothing new. we already use digitally signed and encrypted EDIFACT messages (Invoices) where a notary is used to give out the keys. The messages are then send over internet (unreliable ) but much cheaper then X-400 (now over 5.000 euro per month)
Highly...
The reason stuff like this would work on stuff like official documents but not on stuff like music is because if one country imposed legislation on it, there would always be another country without it. And since filesharing expands beyond patrial (is that a word?) borders, all the music that supposedly gets encrypted would just be worked around by another country. It works on official documents because... well, there's no real public demand for online official documents because they don't exist yet. And since the media and the demand for the media isn't already in place, it's not uncontrollable.
Also, people are going to spend hour upon hour of playing with music files trying to crack the encryption because, well, people are more than happy to redistribute the music they own, as opposed to say their driver's license, which I don't think they really want to hand out to some guy on the street.
At least, that's how I see it.
Karma: Non-Heinous
Alternatively, the document could be signed by both parties, but that kinda reduces the value of an individuals signature key, imho. In any case, a shared symmetric encryption key seems to me to be much like a notary stamp.
Disclaimer: the above may be a load of bunk. The site is slashdotted right now.
Digital Documents will be a big step in Brazil administration. In a near future this could be possible voting from home, through internet.
In a short ranged time period, we won't need any more travel to other cities to sell houses, or anything else that needs assign any kind of paper. You can do it from home!
I guess all brazilians thanks our governments efforts to come that true, because if you past all your entire life dealing with dozens of documents Brazil uses a lot of differents documents independently, as ID and Driver's license.
This action can too improve sells through Internet, because government supports security to the citizen.
This law can push the present situation to a step further in simplifying all transactions and accelerating selling/buying through Internet even of houses.
...has fewer holes.
Brazil has historically been the country of choice for international criminals due to their exportation laws. If you can make it to Brazilian soil, it's like crossing home plate. SAFE!
Don't believe me? Just ask Ronnie Biggs who after helping commit The Great Train Robbery in England, fled to and lived out his life in Brazi.
When international criminals need plastic surgery to change their appearance, more often than not it is performed by Brazilian doctors.
And the latest entry into Brazil's loooong list of indiscretions is the existence of large terrorist populations operating on their soil. Perhaps it isn't their fault the terrorists setup shop there, but they're still there.
Slashdot had an article about Brazil a couple months ago explaining about how their government was planning to break the patent on an AIDS drug because they couldn't agree with the manufacturer on a price.
And before you pipe up and say, "B..b..but the U.S. did the same thing with Cipro!" let me remind you that the patent on Cipro is nearly expired and we only threatened to hasten the bargaining game; not to actually do it. It was in very poor taste, but in the end, we paid for the medicine. Brazil won't.
So now Brazil is offering 'secure' documents, eh? HA! There are so many ways to exploit this it's sick.
Even in the U.S. you can be Joe Anyone and be certified as a notary. So if you want to falsify a will or business agreement, all you have to do is bribe one of your friends that is a notary and make the desired changes.
Or, you could even do it the right way and simply create a person. You can buy identities cheaply in Brazil. Make a false person, make that false person a notary, and have them change documents at will. Then, they simply disappear.
Total bullshit. Brazil creating and implementing a security scheme is like Ethiopia setting up culinary schools.
Knunov
Why do users with IDs under 100,000 or over 700,000 usually have the most worthwhile comments?
Everyone interested in this subject should read Bruce Schneier's piece on the subject: Why Digital Signatures Aren't Signatures. The gist of his article is that although cryptography came verify that a document can from a given computer, it cannot verify that it came from a given person, or even that that person intended to sign that document. "The mathematics of cryptography, no matter how strong," he writes, "cannot bridge the gap between me and my computer."
Do domain names matter?
The slashdot spin on this seems to be that it's a good thing.
How is this a good thing? Sure it may make being able to notarize things more convenient. And having it recognized as 'official' may be beneficial for many people. Especially businesses and other types of organizations who often need something to be canonized before they can embrace it.
What does this really mean though? If my key is compromised and someone uses it to 'sign' a contract, does that mean I'm bound by it?
Or will duress-like provisions apply?
brian is at entropy dot net
Well, if you have an image containing a bar code that is a digital signature of the data (name,date of birth,expiry date etc) on the licence, made by the government's secret key, anyone with a barcode scanner and a palmtop that can run PGP or something can validate the document. All you need is the government's public key.
I think that would be a very elegant way to save money, while making the production of false documents more difficult.
Is it dificult to contract AIDS? Now you're getting stupid. A beautiful day, a beautiful girl, nice family etc, she is so serious bla bla bla you are seeing her for 3 months now, you get laid, and the condom blows. But hey, no problem, she's nice, she's not a whore, she couldn't probably have aids, no big deal... till 6 months later when u do your blood test and it hits positive for HIV. And again, as a sidenote, Brazil has the best anti-AIDS propaganda in the whole fscking world. Everyone uses the damn condoms.
:)
There is no risk group when you're talking about AIDS. By the way, how the hell do you think that all ppl who have AIDS were contaminated in the first place? Maybe you're not getting laid too much heheheh
Rio de Janeiro's dwellers are stupid. No, really.
maybe by trying to give some pleasure to a Nerd like you are ?
.02 :)
+ If you make bllod test every 6 month, maybe YOU are the one that doesn't get laid often enough...
Well, just my
We all do relalize, that if the security of the notary is compromised, it is easy to generate digital signatures. What makes it worse, is if the key is secretly compromised (i.e. downloaded)
-
ping -f 255.255.255.255 # if only
someone please mod this down to offtopic.
Internet based services are way behind where they should be. Something as basic as timestamping is still having trouble getting of the ground after several years. Think of all the things that you should be able to accomplish, simply (although not necessarily freely) but just can't yet.
Brazilians will be able to digitalize any certified document and can make as many copies they want
Brazilian citizens, starting next year, will be able to get in a notary's office a floppy disk, or a CD-ROM, containing driver and identity cards, birth certificate and property deeds, guaranteed to be authentic, secure and legal. With the disk the citizen will be able to print as many electronic copies as many times as wanted, in the house, the office, or to send them over the Internet, respecting legal restrictions.
This is one of the simplifications that will be at the disposal of the Brazilian citizens in the contract that the Association of the Notaries and Registers of Brazil (ANOREG-BR) signs today, Monday, at 3:00, with the SERPRO (Federal Job of Data Processing), SGAN-Document 601-Section V, here in Brasilia (the Capital). To make a long story short, digital certificates could be distributed so that the notaries and registers will allow the electronic sending of any document, that will have the same attributes as the normal document. The trial version will have initial implantation in 10 notary's offices in Rio De Janeiro.
The information is from the president of Association of the Notaries and Registrations of Brazil (ANOREG-BR), clarifying that such modernization now is possible after the passing of the Provisional remedy that instituted Infrastructure of Brazilian Public Keys (ICP-Brazil), giving to legal validity digital documents and signatures.
According to the contract, it legalizes, the ANOREG-BR as the Authority Certifier of the notaries and Registers (notary's offices). SERPRO will initialize the creation of the digital certificates, giving the encrypted electronic form of documents, through a combination of numbers, letters and symbols, a guarantee (haha) that the source will be secure and bad guys cant crack into it.
For the creation of the Digital Certificate, the bearer generates two encrypted keys (a public and private one). The private key, used to sign documents digitally, will remain exclusively under control of the bearer of the certificate. The public key and the identification of the bearer define the content of the Digital Certificate. This, in turn, digitally is signed by the Authority Certifier, with process of identification for the bearer of the key will ALWAYS be made in notary's office.
Still according to Léa Portugal, the Digital Certificates sent by the ANOREG-BR will contain extensions that aim at to extend the degree of security and the reliability of the procedure practiced for the notary jobs and of the register. These extensions will allow, among other things, the users of the procedure to verify if the bearer of the certificate possess delegation of the public power to guarantee the act in question.
Innumerable advantages
With the implanted system, Luiz explains Gustavo Leão Ribeiro, president of the ANOREG-DF, a real estate deal will be able to be received from the notary's offices, through the Internet, and all at one time, all the necessary certificates to the finish the deal, with the documents that proves the inexistence of restrictions to the property, such as mortgage, non-availability, distrainment etc. will be available. In the same way, a bank that negotiates a loan with a customer will prove, electronically, the validity and the availability to guarantee the loan.
Says Luiz Gustavo: the advantage of the contract with the SERPRO is that the agency uses the "digital language" of the government and that the digital documents generated by the notary jobs and registrars will enjoy of the same level of acceptance that the normal documents generated for the public management (the paper kind). Securitywise, it definitively guarantees that any attempt to alter the text or signature of the digital certificates will invalidate the document. Moreover, the SERPRO will always guarantee, to the notary acts and of public registers, the same technology, security and reliability supplied the diverse organizations of the public management, from the Presidency of the Republic.
The private keys, clarified the president of the ANOREG-DF, remains exclusively under control of the bearer of the certificate, and its security can be magnified with the use of intelligent cards (smart cards), that still can be improved with diverse biological-related readers (fingerprint, voice, retina etc.).
For more information:
Assessorship of the Press of the ANOREG-BR - Luis Joca (Texto and Cia - Consultant in Communication: (61) 322.1675/1408 and 9983.3589)
Assessorship Technique - Arnaldo Viegas de Lima: (21) 9874,4997
Dra. Léa Portugal, president of the ANOREG-BR: (61) 9984-5554
Dr. Luiz Gustavo Leão Ribeiro: (61) 9985.2396
Is anyone doing online notarization in the U.S. anyone know? Is it even possible under any U.S state's current law?
I've been thinking it'd be nice if webmasters had a way to notarize information and then point to that notarization (on the notary's website, for credibility). This would a way to backup certain claims in a way easy for people to verify. Good idea?
"Be thankful you are not my student. You would not get a high grade for such a design
Do be careful when you see the word "notary" in reference to a foreign country. I guess for the purposes of what you said up there and what the article is about, you can sorta use it in the same way.
49 states are "common law" states. A notary public in these states doesn't do anything else except notarize (certify) documents (that the person is whom they claim to be and that they sign the document intentionally and not under duress...etc.)
Brazil, most foreign countries, and Lousiana are "civil law" jurisdictions. Notaries in those places do a lot more than just certify documents. They are actually lawyers who have quite a lot of interesting powers and duties. For instance, a Lousiana notary is involved in the buying/selling of a home (in the other 49 states, we use "title agencies.)
My point is, in the 49 states, notaries don't really do all that much...whereas notaries in civil law countries are quite a part of everday life--so there may not be all that much of a reason for notaries to go online here--but notarial services in civil law countries is quite a convenience.
If you are only trying to make it possible for one person to digitally sign documents with their own key, it can be much simpler than all that. Just write a module for a PDA that generates the key internally and can sign documents on it, and wave lots of warning signs at the user when they do something that would copy their private key off the PDA. If you never run the PDA software on anything you don't read first (or put any untrusted software on it), how can you screw up? Obviously you need a PDA where the data transfer can be adminstered from the PDA side, not the random-untrusted-PC side, but the software work for this seems like a lot less than custom-tailoring and auditing an entire linux kernel. You could even physically mangle the communication link so that it works in one direction only, and when you sign something, manually transcribe the result, which should be a reasonably short hex string. Or only sign hashes of documents (which is typical anyway) and also input the hash by hand, but then you have to trust the computer generating the hash, since you don't get to inspect the plaintext on the PDA as you sign it.
What are you concerned about Tempest radiation for, anyway? Maybe the system bus would leak information about the private key, but the _monitor_? All it should be doing is displaying the contract, and the contract doesn't need to be secret... indeed, it will not remain so if there is ever a dispute about the signers.
Java: the COBOL of the new millenium.
Schneier actually suggests using a handheld in the article.
At least that means this solution is obvious. Generate your keypair on your PDA, and then secure it physically.
Java: the COBOL of the new millenium.
This is a national PKI, guys. They are not just playing around. The Federal government will run a root CA, regional CAs and RAs will be established, and every citizen will have the right to use the system. Everyone will be able to get a key pair.
There are clear rules in Brazil which distinguish the applicability of an authenticated copy and an original document. You can get a physical, authenticated copy of your driver's license and use it for a zillion things, but you must drive with your original driver's license. The digital copies will be just as good as authenticated copies.
I have not had access to the actual documents that explain the notarization system, but I am quite sure that you will need to notorize (get a timestamp and a signature from a digital notary) each printed copy of the documents.
The BIG issue here is whether we want the Federal Governmente to operate the Root CA. Among other powers, it will hold a backup copy of each private key in the national system.
On the other hand, there is no point in discussing this, since the Federal Government has established the national PKI already. The rules are set, and they are reasonable.
What really worries me is that the government and media have made no effort to explain any of this to the people of this very poor and ignorant country.
He said assymetric. Heh heh.
Digital Signatures as a direct replacement for pen signatures is really a bad idea. Basically, what an X.509 certificate says is "On [date] a public key [hash] was held by [individual or orgnaization] and I have absolutely no idea what hardware, software and security procedues [individual or organization] uses to protect it. Signed by [issuer]".
Digital Notarization is a much better idea. It's the equivalent of a notarization seal, not a pen signature. Digital Notaries are required to employ certain security measures or else they could lose their license and have their certificates revoked. A Notarized Digital Signature says "On [date], I have verified the identity of [individual or authorized representative of organization] and obtained their informed consent of the content of the following document [hash]. If necessary, I will testify to this fact in court. Signed [notary]".
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Ronald Biggs wasn't sent back to GB because he is married to a brazilian woman AND has a brazilian son. This situation is protected under brazilian law.
If any foreign criminal is jailed in Brazil, it will be extractided to any country with a extratition treaty.
Please, do your homework first, then post the FACTS.