Digitally Notarized Documents in Brazil

Remote writes: "As of next year, Brazilians will be able to obtain notary-authenticated digital documents and have them sent over the Internet (English) . You can also obtain a CD or floppy from a notary office, containing your document encrypted with an assymetric key. The key generation, though, demands that one shows up in person at the notary office for ID verification. This was made possible by legislation that recognises public-key encrypted documents and signatures as legally valid. This is one first step, and I don't see why this wouldn't be applied to things like contracts, invoices, wills, etc. Brazilian Notary and Register Association claims that one can even print as many copies of, say, your driver license as desired, though I don't see how this part would work..."

With all these

[nervlord1]

With all these laws being passed left and right towards internet and computer related technologys, i cannot work out which bloody country is the most technology and freedom with technology friendly of them all. Germany used to be my favorite, but with the recent DNS mess, i really dont know Anyone have any comments on this?

Worried

[Ricardo+Lima]

I don't know, but as a brazilian, I'm quite worried about this. One thing is to digitally sign digital documents, but to sign digitally sign real documents and allow anyone to print them as authentic copies! This opens a large space to fraud! If I'm able to print a document, why couldn't I change it before I print it, for instance? And what would make this document that I printed in my computer a really authenticated copy? I sense a lot of frauds coming...

Re:Worried

[drinkypoo]

And how could the police officer validate the digital signature? He would only look at the printed paper and it would seem all right to him.

Basically the only way to do this would be to have a sufficiently dense barcode which contained a signed ID number, and have a computer which the barcode was read with which would print out a picture of their ID for comparison, or at least their picture.

Doubtful...

[ebbomega]

Highly...

The reason stuff like this would work on stuff like official documents but not on stuff like music is because if one country imposed legislation on it, there would always be another country without it. And since filesharing expands beyond patrial (is that a word?) borders, all the music that supposedly gets encrypted would just be worked around by another country. It works on official documents because... well, there's no real public demand for online official documents because they don't exist yet. And since the media and the demand for the media isn't already in place, it's not uncontrollable.

Also, people are going to spend hour upon hour of playing with music files trying to crack the encryption because, well, people are more than happy to redistribute the music they own, as opposed to say their driver's license, which I don't think they really want to hand out to some guy on the street.

At least, that's how I see it.

Re:Why Digital Signatures Aren't Signatures

[swillden]

And of course you can bridge the gap between you and the computer with biometric autorisation.

I don't think you read Schneier's article. The point is that you, the putative signer, never know what the computer, the real signer, is actually signing. How you authenticate yourself to the computer to unlock the signing key is irrelevant, and biometrics aren't really any better than other authentication mechanisms (from a security point of view, biometrics are actually very poor authentication mechanisms).

lot of security is based on thrust.

All security is based on controlling, quantifying and limiting trust. Schneier's point is that the trustworthiness of digital signatures depend absolutely on the trustworthiness of the software and hardware performing the signing operation. You have to trust that the key is stored securely, authentication of the user is performed securely (and correctly), that the signing operation is performed correctly and that the correct document (and *only* the correct document is signed. And if the computer in question is a standard, easily hackable PC running, such trust is almost impossible to justify.

I started to implement a secure digital signature system based (mostly) on commodity hardware a while back. Unfortunately the project was cancelled before it was finished, but here's what we had to do:

• Use a secure crypto card for key generation, storage and access control (the IBM 4758 (don't let the recent bad press fool you, it's an extremely secure device)). A naive person would think we're done here, and then some.
• Use a stripped-down version of an open source operating system, thoroughly reviewed. We were going to use an old Linux kernel (from the days when it was smaller and simpler). The source had to be reviewed line by line, and the policies and procedures that had to be set up around how this code was stored and how modifications were tracked were very onerous.
• Write and thoroughly review the document display and signing software.
• Build the OS and software on a secure build server and burn it onto a CD. Run an MD5 hash of the CD contents and burn a few copies of another bootable CD whose only function is to verify the first CD (using the hash). Distribute the verification CDs to appropriate, trusted, people, who store them in personal safes. Put the first CD in a lockbox in a vault. Distribute keys to the lockbox to appropriate, trusted, people who don't have verification CDs.
• Remove all drives from the PC except for one CD-ROM drive and one floppy drive, configure the BIOS to boot only from the CD-ROM drive and set a BIOS password. Lose the password.
• Place the entire PC in a custom-built, TEMPEST-shielded, lockable cabinet, with only the CD-rom drive, floppy drive, keyboard and LCD display (not CRT) exposed. The keyboard must be entirely inside the cabinet except for the keys. No cabling can be exposed, except the power cord. Put the cabinet in a secure room and tightly control access to it.
• When you want to sign something, write the document on a floppy in ASCII text, find someone with a lockbox key and someone with a verification CD.
• Retrieve the system CD. Boot the secure PC off the verification CD. Insert the system CD for verification. Assuming it verifies correctly, unplug the PC, insert the system CD and your floppy and power the PC back on. The system will read your document, display it on-screen, then ask you to identify yourself. You specify your username and passcode, which are passed to the 4758 along with the document. The 4758 checks your credentials, hashes and signs the document and passes the signature back to the PC, which writes it to the floppy.
• Return the system CD to the vault.

There are obviously a lot of other issues I didn't mention, such as the policies and procedures around key generation, who is given signing privileges, how public keys are distributed to relying parties, how certification is done, etc., etc., etc.

Of course, very few situations require this level of security. But there are also fairly few situations where there's any point in using software-based signing on a general-purpose PC.

And biometrics make absolutely no difference to any of this. Biometrics are to security like syntactic sugar is to a programming language.

possible in any part of U.S.?

[shibboleth]

Is anyone doing online notarization in the U.S. anyone know? Is it even possible under any U.S state's current law?

I've been thinking it'd be nice if webmasters had a way to notarize information and then point to that notarization (on the notary's website, for credibility). This would a way to backup certain claims in a way easy for people to verify. Good idea?