Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com © 2009 Wildman, Harrold, Allen & Dixon LLP. Identification and Data Security: New Obligations and New Roles for the Notary in the Electronic World Thomas J. Smedinghoff Wildman Harrold Chicago
© 2009 Wildman, Harrold, Allen & Dixon LLP. 2 “Can You Notarize This?” What Do Notaries Do Today? [In the U.S.] the essential function of the notary is to attest the genuineness of writings and acts of execution and, thereby, to authenticate documents for purposes of admissibility and proof in court proceedings as well as for public recording purposes – Tim Reiniger, Executive Director, NNA Civil-law notaries (or latin notaries) are... able to provide legal advice and prepare instruments with legal effect
© 2009 Wildman, Harrold, Allen & Dixon LLP. 3 A Transition in Obligations? Historically the focus has been on “documents” Today, electronic notarization requires an enhanced emphasis on – Identification Security Contents Signatures
© 2009 Wildman, Harrold, Allen & Dixon LLP. 4 The Notary’s Role In Identification
© 2009 Wildman, Harrold, Allen & Dixon LLP. 5 Identification Is Required For All Notarial Acts A notary shall not perform a notarial act if the principal: is not in the notary’s presence at the time of notarization; is not personally known to the notary or identified by the notary through satisfactory evidence; shows a demeanor which causes the notary to have a compelling doubt about whether the principal knows the consequences of the transaction requiring a notarial act; or in the notary’s judgment, is not acting of his or her own free will Model Notary Act, Section 5-1(b)
© 2009 Wildman, Harrold, Allen & Dixon LLP. 6 Identification as a New Priority “Only in the 20th Century has identification of document signers become the Notary’s overriding preoccupation and problem. For most of the nearly 2000 years the office of the Notary Public has existed, identification required little effort: most people were anchored in small communities, and Notaries personally knew everyone that appeared before them. But today,... Notaries have the sobering responsibility of vouching beyond a reasonable doubt for the identities of total strangers.” The ID Puzzle, The National Notary Magazine, September 1996, p. 9. quoted in Closen, Notary Law & Practice, at pp
© 2009 Wildman, Harrold, Allen & Dixon LLP. 7 Identification as a New Priority (2) The electronic environment has added to the concern Since other indicia are missing (e.g., handwritten signatures) "Prosecutors see Notaries as a new kind of cop in the electronic world, who makes sure the person signing is who he says he is, so we can trust electronic documents." Jim Provenza, Los Angeles County special assistant district attorney “FBI: Notaries Needed to Combat Identity Theft and Mortgage fraud” Recent NNA article (2009)
© 2009 Wildman, Harrold, Allen & Dixon LLP. 8 The Process Is Called “Identity Management” Three “roles” involved – Subject – the person being identified Identity Provider – the person verifying the subject’s identity Relying Party – anyone who relies One person may fill multiple roles E.g., employer as both Identity Provider and Relying Party
© 2009 Wildman, Harrold, Allen & Dixon LLP. 9 The Elements of the Identity Management Process Identity Proofing Of the Subject by the Identity Provider Issuing an Identity Credential That Subject can use to assert his/her identity Making an Identity Assertion That makes a claim about a Subject’s identity Authentication (by Relying Party) Of the Subject named in Identity Credential or Of the Person making Identity Assertion about a Subject
© 2009 Wildman, Harrold, Allen & Dixon LLP. 10 Identity Proofing Who are you? Involves associating one or more attributes with a person Name alone often not sufficient – e.g., Bill Gates? John Smith? Two dimensions What personal information is collected and verified? What is the degree of certainty with which the identifying attributes are ascertained – “Assurance Level” Result of process is – An “identity credential” and/or An “identity assertion”
© 2009 Wildman, Harrold, Allen & Dixon LLP. 11 Examples of Identity Credentials and Identity Assertions Identity Provider Dept. of Motor Vehicles U.S. State Department Public library Employer Bank Certification authority Notary Credential / Assertion Driver’s license Passport Library card Employee ID card User ID ATM card Digital certificate Notarial Certificate
© 2009 Wildman, Harrold, Allen & Dixon LLP. 12 Notarial Certificate – Identity Assertion re Principal Notarial Certificate: states the facts attested by the notary in a particular notarization Model Notary Act, Section 2-9 Example: “On this _______ day of __________, 2009, before me, the undersigned notary, personally appeared [Bill Gates], proved to me through identification documents allowed by law, which were ____________, to be the person who signed the preceding or attached document in my presence.” Model Notary Act, Section 9-3 Signature Witnessing
© 2009 Wildman, Harrold, Allen & Dixon LLP. 13 Authentication How can you prove it? How do you verify that someone – presenting a credential or making an identity assertion -- is the previously identified person they claim to be? For example – How do we know who signed the notarial certificate? How do we know that such person is a notary? Performed by cross-checking a claimed identity against one or more authenticators that are associated with or linked to that identity A photo? A seal? A signature? A password? A PKI certificate?
© 2009 Wildman, Harrold, Allen & Dixon LLP. 14 Authenticators Credential / Assertion Driver’s license Passport Library card Employee ID card User ID ATM card Digital certificate Notarial Certificate Authenticator Subject / IdP Photo / name & hologram Possession / name on card Photo / name on card Password / ____ PIN / data in card Private key / CA signature ____ / Seal?, Signature?, Sec. of State? Other?
© 2009 Wildman, Harrold, Allen & Dixon LLP. 15 The Key Question for Electronic Notarization What are the standards applicable to the notarial identity management process? How are they enforced?
© 2009 Wildman, Harrold, Allen & Dixon LLP. 16 The Notary’s Role In Security
© 2009 Wildman, Harrold, Allen & Dixon LLP. 17 Security as a New Priority The Notary will be the front line of protection in preventing fraud and forgery of digital documents Tim Reiniger, NNA Vice President and Executive Director
© 2009 Wildman, Harrold, Allen & Dixon LLP. 18 The Legal Role of Security in E-Transactions Create trust So parties will be willing to do business Mitigate enhanced risk of electronic Comply with applicable legal requirements E.g., protecting privacy of personal data Ensure legal / enforceable transactions i.e., level of security may determine – Validity of a signature Admissibility of a document Validity of a transaction
© 2009 Wildman, Harrold, Allen & Dixon LLP. 19 Security as a Condition for Enforceability Vinhnee case Must be able to establish integrity of electronic record Dillards Store case Must be able to authenticate signer’s electronic identity NASS notary rules Must be able to detect alterations in electronic record and signatures
© 2009 Wildman, Harrold, Allen & Dixon LLP. 20 What Is the Notary’s Role? What should the notary be responsible for? Is notary responsible for authenticity and integrity of – Signatures? Notarial certificate? Notarial seal? Document contents? – (e.g., 10 page contract) Is notary responsible for such security – Before signature and notarization? During signature and notarization? After signature and notarization?
© 2009 Wildman, Harrold, Allen & Dixon LLP. 21 A New Role for the Notary?
© 2009 Wildman, Harrold, Allen & Dixon LLP. 22 Identification Per Se Is Rapidly Becoming a Legal Requirement FTC Act enforcement actions U.S. v. Rental Research Services, Inc. (March 5, 2009) State security laws FTC Red Flag Rules ACH rules FFIEC rules KYC rules for banks HSPD 12
© 2009 Wildman, Harrold, Allen & Dixon LLP. 23 Identity Management Is the New Priority Obama Administration "Near Term Action Plan" includes: "Build a cybersecurity-based identity management vision and strategy... for the Nation.“ "Cyberspace Policy Review" released by Obama Administration on May 20, 2009 "The United States should make strong identification of identity... a mandatory requirement for critical cyber infrastructures.“ Center for Strategic and International Studies report titled: “Securing Cyberspace for the 44th Presidency” (December 8, 2008)
© 2009 Wildman, Harrold, Allen & Dixon LLP. 24 New Roles for the Notary? Is Identification the new Notarial Act of the future? Is Security the new Notarial Service of the future? The notary advantage Notary is an officer of the law Legal presumptions for notarial acts But will the banks be the competition?
© 2009 Wildman, Harrold, Allen & Dixon LLP. 25 One Example – Notary Role in EV SSL Extended Validation SSL Certificates Used to identity businesses for display when browser accesses website Notary role – Face-to-face validation of identity of Principal Individual associated with the Business Entity No “notarial act” involved
© 2009 Wildman, Harrold, Allen & Dixon LLP. 26
© 2009 Wildman, Harrold, Allen & Dixon LLP. 27
© 2009 Wildman, Harrold, Allen & Dixon LLP. 28 The Future? Electronic identity management standards? Obligations re electronic record security? Notary as a key player in Identity Management?
© 2009 Wildman, Harrold, Allen & Dixon LLP. 29 Further Information Thomas J. Smedinghoff Wildman Harrold 225 West Wacker Drive Chicago, Illinois Wildman Harrold Privacy & Security Law Resource Center privacylaw.wildman.com