Expert Texture Home Contact me About Subscribe Digipede Connect on LinkedIn rwandering on Twitter rwandering on FriendFeed

The blogged wandering of Robert W. Anderson

Digital Signatures != Notary Public

I am in the “pro email encryption” camp. If encrypting all email communications was easy enough, I would do it. I won’t get into “easy enough” here, but the issue is really about encrypting for a particular recipient, most of whom don’t care about encryption in the first place. I used to routinely digitally sign my emails as well, but stopped doing that for the same reason — most recipients didn’t know what to make of it.

Anyway, I’m coming to this topic now indirectly because of Google’s new “End to End” product / plugin / stance.   Sounds cool, and I’m sure I’ll check it out.

In A World without Hearsay, Jon Udell tackles the question of why he used to digitally sign his emails and then discusses an argument made by Yaron Goland in a post with a very long title: Why Google’s support of PGP Mail might not be such a brilliant idea – Or, why I don’t like digital signatures for social networking and how Thali addresses this

In that post, the author likes digital signatures to a roving notary public:

A digital signature is intended to be an authenticator, a way for someone other than us to prove that we did/said something. When we use digital signatures for momentous things that should be on the public record, like mortgage documents perhaps, then they serve a good purpose. But with PGP Mail we suddenly sign… well… everything[2]. It’s like having a notary public walking behind you all day long stamping every statement, note, mail, etc. as provably and irrevocably yours.

I don’t think we want such records to exist. I think we want a much more ephemeral world where the bulk of what we do just quietly vanishes into the ether leaving as little of a trail as possible.

I completely agree that we would be better off in a more ephemeral world, but the notary public analogy is completely wrong.

A notary public does in fact record (in a physical record book) every action, along with a physical signature and a fingerprint (noting that the specifics may differ across jurisdictional boundaries).  Signing one’s own email does no such thing.  It does not create a record, and does not make cause the email to become more permanent than it was without a signature.

It may be harder to deny that you wrote it; however, the more automated (or easy) it is to make such signatures, the less likely that such emails will have any weight over a non-signed email in a court of law.

To be clear, I’m not harshing on Thali — I have no opinion on that right now — I just don’t think the signature/notary argument has merit.


Tags: ,


No comments yet »

Your comment

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>