Slashdot Mirror
Digitally Notarized Documents in Brazil
Remote writes: "As of next year, Brazilians will be able to obtain notary-authenticated digital documents and have them sent over the Internet (English) . You can also obtain a CD or floppy from a notary office, containing your document encrypted with an assymetric key. The key generation, though, demands that one shows up in person at the notary office for ID verification. This was made possible by legislation that recognises public-key encrypted documents and signatures as legally valid. This is one first step, and I don't see why this wouldn't be applied to things like contracts, invoices, wills, etc. Brazilian Notary and Register Association claims that one can even print as many copies of, say, your driver license as desired, though I don't see how this part would work..."
With all these laws being passed left and right towards internet and computer related technologys, i cannot work out which bloody country is the most technology and freedom with technology friendly of them all. Germany used to be my favorite, but with the recent DNS mess, i really dont know Anyone have any comments on this?
Microsoft IIS is to webserving as KFC is to healthy eating
discussing this technology almost 5 years ago.
unfortunatly we have here in brasil some of the best cracker in the world. sooner or later one of them will find a way to crack the digatal signatures.
The bad point is that the press don't know the diffence between "crackers" and "hackers", so as soon as the first digitaly signed forgery shows up, the brasilian press will start mudslinging hackers as the culprits.
it's about time we start a PR campaign to teach the public and the press about the diference.
What ? Me, worry ?
I don't know, but as a brazilian, I'm quite worried about this. One thing is to digitally sign digital documents, but to sign digitally sign real documents and allow anyone to print them as authentic copies! This opens a large space to fraud! If I'm able to print a document, why couldn't I change it before I print it, for instance? And what would make this document that I printed in my computer a really authenticated copy? I sense a lot of frauds coming...
Ricardo da Silva Lima
Music files?
This is really nothing new. we already use digitally signed and encrypted EDIFACT messages (Invoices) where a notary is used to give out the keys. The messages are then send over internet (unreliable ) but much cheaper then X-400 (now over 5.000 euro per month)
Highly...
The reason stuff like this would work on stuff like official documents but not on stuff like music is because if one country imposed legislation on it, there would always be another country without it. And since filesharing expands beyond patrial (is that a word?) borders, all the music that supposedly gets encrypted would just be worked around by another country. It works on official documents because... well, there's no real public demand for online official documents because they don't exist yet. And since the media and the demand for the media isn't already in place, it's not uncontrollable.
Also, people are going to spend hour upon hour of playing with music files trying to crack the encryption because, well, people are more than happy to redistribute the music they own, as opposed to say their driver's license, which I don't think they really want to hand out to some guy on the street.
At least, that's how I see it.
Karma: Non-Heinous
Alternatively, the document could be signed by both parties, but that kinda reduces the value of an individuals signature key, imho. In any case, a shared symmetric encryption key seems to me to be much like a notary stamp.
Disclaimer: the above may be a load of bunk. The site is slashdotted right now.
Digital Documents will be a big step in Brazil administration. In a near future this could be possible voting from home, through internet.
In a short ranged time period, we won't need any more travel to other cities to sell houses, or anything else that needs assign any kind of paper. You can do it from home!
I guess all brazilians thanks our governments efforts to come that true, because if you past all your entire life dealing with dozens of documents Brazil uses a lot of differents documents independently, as ID and Driver's license.
This action can too improve sells through Internet, because government supports security to the citizen.
This law can push the present situation to a step further in simplifying all transactions and accelerating selling/buying through Internet even of houses.
Everyone interested in this subject should read Bruce Schneier's piece on the subject: Why Digital Signatures Aren't Signatures. The gist of his article is that although cryptography came verify that a document can from a given computer, it cannot verify that it came from a given person, or even that that person intended to sign that document. "The mathematics of cryptography, no matter how strong," he writes, "cannot bridge the gap between me and my computer."
Do domain names matter?
Here are a few statistics for you:
(Sources: http://news.bbc.co.uk/hi/english/business/newsid_
Your comparison with Cipro is, imho, spurious. There have been what, a dozen cases of anthrax in the US since 11/9, which have lead to about 4 fatalities? On the other hand, Brazil is facing an AIDS problem of epidemic proportions. Yes, I realise that anthrax could have been a real problem, and so in the face of this potential problem the US government started making threats. Well, Brazil's problem is very real, and only going to get worse. The length of time remaining on the patent is immaterial.
I'm not against patents, just their misuse, and in my opinion charging too much for a drug that is so vitally needed is immoral and an abuse of the patent system.
Cheers,
Tim
It's official. Most of you are morons.
AIDS is one of the few diseases that can be controlled simply by modifying behavior. It's difficult to contract AIDS.
So, here you have Brazil, a country full of people that won't stop carelessly fucking, breaking a patent for a medicine that someone else spent 10's if not 100's of millions of dollars developing, simply because they don't have the will to NOT FUCK, or at least use protection.
We had Anthrax mailed to us. It's not even close to being the same scenario. And the bottom line is, we paid. They won't.
Knunov
Why do users with IDs under 100,000 or over 700,000 usually have the most worthwhile comments?
This is legal in Brazil, and a part of the terms you enter into when applying for a patent.
A patent isn't some god-given right, but a privilege granted by a country for a limited period of time, provided that you fulfill whatever restrictions the particular country has placed on patents. In this case: They have to be prepared to accept compulsory licensing.
Now, perhaps you believe that hundreds of thousands of people dying of AIDS doesn't constitute a medical emergency... In that case I'll just think you're an asshole.
Either way, you are wrong that Brazil won't pay for the drugs - under the terms of their compulsory licensing law still pay licensing fees.
The slashdot spin on this seems to be that it's a good thing.
How is this a good thing? Sure it may make being able to notarize things more convenient. And having it recognized as 'official' may be beneficial for many people. Especially businesses and other types of organizations who often need something to be canonized before they can embrace it.
What does this really mean though? If my key is compromised and someone uses it to 'sign' a contract, does that mean I'm bound by it?
Or will duress-like provisions apply?
brian is at entropy dot net
Well, if you have an image containing a bar code that is a digital signature of the data (name,date of birth,expiry date etc) on the licence, made by the government's secret key, anyone with a barcode scanner and a palmtop that can run PGP or something can validate the document. All you need is the government's public key.
I think that would be a very elegant way to save money, while making the production of false documents more difficult.
Talk about being a complete idiot.
You obviously don't realize how difficult it is to get an entire country to change behaviour. ANY country.
Do you realize the cost of giving enough information to a population the size of Brazils that is thorough enough that people will change their behaviour?
Can you show me any country that has managed to get rid of HIV and AIDS by getting people to change behaviour? Let alone any country as poor as Brazil.
And I've already replied to the bullshit about "breaking" a patent before, and your lies about Brazil not paying.
Further, even if you do use protection, you don't have 100% protection against HIV. And even if you stick with only one partner, you have no guarantee that your partner does the same.
You should do better your homework...
:^O
Ronald Biggs wasn't sent back to England, because there is no extradition treaty between Brazil and England, and they refuse to sign one...
When international criminals need plastic surgery, they don't go to the surgeon's office, knock on the door and say "hey! how r u doing? My name is Osama and I'm in need of a facelift!", Surgeons who actually know they are international criminals are a few, and that happens everywhere. If you wanna talk about how the criminals get into the country, now yes, it's a diferent story.
I won't even get to the patent stuff, since WTO already agreed with it. (Just as a sidenote, if u consider this as being so wrong, how does it become right just cause you "only threatened to haste the bargain"? Get serious.)
And, some years ago, one could easily buy an identity here in Brazil, cause our information systems were not centralized. In fact, they weren't even informatized, so yes, it was easy, not anymore. But every country has its flaws, like US,where ppl still vote on paper and for that CNN declared a new president 2 or 3 times in a few hours
Bottom line: If all you have to do is spot problems and call things bullshit, that's cause u got nothing to do.
Rio de Janeiro's dwellers are stupid. No, really.
Now that you mentioned changing behavior... Stop opening your mail, silly.
Bleh.
We all do relalize, that if the security of the notary is compromised, it is easy to generate digital signatures. What makes it worse, is if the key is secretly compromised (i.e. downloaded)
-
ping -f 255.255.255.255 # if only
so the brazilian population will either die because of no children, or because of AIDS.. nice choice. All cases of anthrax could have been prevented by a simple change in behaviour. Simply by using email and fax instead of physical letters. Besides.. humanity will survive if we all stop using physical letters, humanity will die if we all stop fucking.
You're right.. the situation is not even close: 1 is an epidemy with millions of infected people, and there is no cure yet. the other is a few separate cases, with 5 deaths up to now for a disease with a cure.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Internet based services are way behind where they should be. Something as basic as timestamping is still having trouble getting of the ground after several years. Think of all the things that you should be able to accomplish, simply (although not necessarily freely) but just can't yet.
Brazilians will be able to digitalize any certified document and can make as many copies they want
Brazilian citizens, starting next year, will be able to get in a notary's office a floppy disk, or a CD-ROM, containing driver and identity cards, birth certificate and property deeds, guaranteed to be authentic, secure and legal. With the disk the citizen will be able to print as many electronic copies as many times as wanted, in the house, the office, or to send them over the Internet, respecting legal restrictions.
This is one of the simplifications that will be at the disposal of the Brazilian citizens in the contract that the Association of the Notaries and Registers of Brazil (ANOREG-BR) signs today, Monday, at 3:00, with the SERPRO (Federal Job of Data Processing), SGAN-Document 601-Section V, here in Brasilia (the Capital). To make a long story short, digital certificates could be distributed so that the notaries and registers will allow the electronic sending of any document, that will have the same attributes as the normal document. The trial version will have initial implantation in 10 notary's offices in Rio De Janeiro.
The information is from the president of Association of the Notaries and Registrations of Brazil (ANOREG-BR), clarifying that such modernization now is possible after the passing of the Provisional remedy that instituted Infrastructure of Brazilian Public Keys (ICP-Brazil), giving to legal validity digital documents and signatures.
According to the contract, it legalizes, the ANOREG-BR as the Authority Certifier of the notaries and Registers (notary's offices). SERPRO will initialize the creation of the digital certificates, giving the encrypted electronic form of documents, through a combination of numbers, letters and symbols, a guarantee (haha) that the source will be secure and bad guys cant crack into it.
For the creation of the Digital Certificate, the bearer generates two encrypted keys (a public and private one). The private key, used to sign documents digitally, will remain exclusively under control of the bearer of the certificate. The public key and the identification of the bearer define the content of the Digital Certificate. This, in turn, digitally is signed by the Authority Certifier, with process of identification for the bearer of the key will ALWAYS be made in notary's office.
Still according to Léa Portugal, the Digital Certificates sent by the ANOREG-BR will contain extensions that aim at to extend the degree of security and the reliability of the procedure practiced for the notary jobs and of the register. These extensions will allow, among other things, the users of the procedure to verify if the bearer of the certificate possess delegation of the public power to guarantee the act in question.
Innumerable advantages
With the implanted system, Luiz explains Gustavo Leão Ribeiro, president of the ANOREG-DF, a real estate deal will be able to be received from the notary's offices, through the Internet, and all at one time, all the necessary certificates to the finish the deal, with the documents that proves the inexistence of restrictions to the property, such as mortgage, non-availability, distrainment etc. will be available. In the same way, a bank that negotiates a loan with a customer will prove, electronically, the validity and the availability to guarantee the loan.
Says Luiz Gustavo: the advantage of the contract with the SERPRO is that the agency uses the "digital language" of the government and that the digital documents generated by the notary jobs and registrars will enjoy of the same level of acceptance that the normal documents generated for the public management (the paper kind). Securitywise, it definitively guarantees that any attempt to alter the text or signature of the digital certificates will invalidate the document. Moreover, the SERPRO will always guarantee, to the notary acts and of public registers, the same technology, security and reliability supplied the diverse organizations of the public management, from the Presidency of the Republic.
The private keys, clarified the president of the ANOREG-DF, remains exclusively under control of the bearer of the certificate, and its security can be magnified with the use of intelligent cards (smart cards), that still can be improved with diverse biological-related readers (fingerprint, voice, retina etc.).
For more information:
Assessorship of the Press of the ANOREG-BR - Luis Joca (Texto and Cia - Consultant in Communication: (61) 322.1675/1408 and 9983.3589)
Assessorship Technique - Arnaldo Viegas de Lima: (21) 9874,4997
Dra. Léa Portugal, president of the ANOREG-BR: (61) 9984-5554
Dr. Luiz Gustavo Leão Ribeiro: (61) 9985.2396
yeah... I live in Brazil. Fuck you. And your terrorists too.
Is anyone doing online notarization in the U.S. anyone know? Is it even possible under any U.S state's current law?
I've been thinking it'd be nice if webmasters had a way to notarize information and then point to that notarization (on the notary's website, for credibility). This would a way to backup certain claims in a way easy for people to verify. Good idea?
"Be thankful you are not my student. You would not get a high grade for such a design
Do be careful when you see the word "notary" in reference to a foreign country. I guess for the purposes of what you said up there and what the article is about, you can sorta use it in the same way.
49 states are "common law" states. A notary public in these states doesn't do anything else except notarize (certify) documents (that the person is whom they claim to be and that they sign the document intentionally and not under duress...etc.)
Brazil, most foreign countries, and Lousiana are "civil law" jurisdictions. Notaries in those places do a lot more than just certify documents. They are actually lawyers who have quite a lot of interesting powers and duties. For instance, a Lousiana notary is involved in the buying/selling of a home (in the other 49 states, we use "title agencies.)
My point is, in the 49 states, notaries don't really do all that much...whereas notaries in civil law countries are quite a part of everday life--so there may not be all that much of a reason for notaries to go online here--but notarial services in civil law countries is quite a convenience.
If you are only trying to make it possible for one person to digitally sign documents with their own key, it can be much simpler than all that. Just write a module for a PDA that generates the key internally and can sign documents on it, and wave lots of warning signs at the user when they do something that would copy their private key off the PDA. If you never run the PDA software on anything you don't read first (or put any untrusted software on it), how can you screw up? Obviously you need a PDA where the data transfer can be adminstered from the PDA side, not the random-untrusted-PC side, but the software work for this seems like a lot less than custom-tailoring and auditing an entire linux kernel. You could even physically mangle the communication link so that it works in one direction only, and when you sign something, manually transcribe the result, which should be a reasonably short hex string. Or only sign hashes of documents (which is typical anyway) and also input the hash by hand, but then you have to trust the computer generating the hash, since you don't get to inspect the plaintext on the PDA as you sign it.
What are you concerned about Tempest radiation for, anyway? Maybe the system bus would leak information about the private key, but the _monitor_? All it should be doing is displaying the contract, and the contract doesn't need to be secret... indeed, it will not remain so if there is ever a dispute about the signers.
Java: the COBOL of the new millenium.
Schneier actually suggests using a handheld in the article.
At least that means this solution is obvious. Generate your keypair on your PDA, and then secure it physically.
Java: the COBOL of the new millenium.
This is a national PKI, guys. They are not just playing around. The Federal government will run a root CA, regional CAs and RAs will be established, and every citizen will have the right to use the system. Everyone will be able to get a key pair.
There are clear rules in Brazil which distinguish the applicability of an authenticated copy and an original document. You can get a physical, authenticated copy of your driver's license and use it for a zillion things, but you must drive with your original driver's license. The digital copies will be just as good as authenticated copies.
I have not had access to the actual documents that explain the notarization system, but I am quite sure that you will need to notorize (get a timestamp and a signature from a digital notary) each printed copy of the documents.
The BIG issue here is whether we want the Federal Governmente to operate the Root CA. Among other powers, it will hold a backup copy of each private key in the national system.
On the other hand, there is no point in discussing this, since the Federal Government has established the national PKI already. The rules are set, and they are reasonable.
What really worries me is that the government and media have made no effort to explain any of this to the people of this very poor and ignorant country.
He said assymetric. Heh heh.
Digital Signatures as a direct replacement for pen signatures is really a bad idea. Basically, what an X.509 certificate says is "On [date] a public key [hash] was held by [individual or orgnaization] and I have absolutely no idea what hardware, software and security procedues [individual or organization] uses to protect it. Signed by [issuer]".
Digital Notarization is a much better idea. It's the equivalent of a notarization seal, not a pen signature. Digital Notaries are required to employ certain security measures or else they could lose their license and have their certificates revoked. A Notarized Digital Signature says "On [date], I have verified the identity of [individual or authorized representative of organization] and obtained their informed consent of the content of the following document [hash]. If necessary, I will testify to this fact in court. Signed [notary]".
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.