Law AR Rules for Electronic Notarial Acts Notary Law Update: AR Rules for Electronic Notarial ActsState: ArkansasSummary:The Arkansas Secretary of State has published permanent rules for electronic notarization authorizing Notaries to apply for a commission to perform e-notarizations using public key cryptography technology to create an electronic signature. Signed: November 13, 2013Effective: November 13, 2013Chapter: N/AAffects:Arkansas Administrative Code, Agency 187 (Secretary of State), Chapter 00 Changes: Authorizes a “traditional” Notary (one who has been issued an Arkansas Notary commission) to apply for commission as an electronic Notary. States an applicant for commission as an e-Notary must: (a) be in good standing as a “traditional” Notary; (b) complete an e-Notary application; (c) Pay a $20 application fee; (d) successfully complete a training class and exam approved by the Secretary of State (the applicant may attempt the exam up to 2 times in a 12-month period and, if the applicant still does not pass, he or she must reapply); and (e) attest that he or she has not been convicted of a felony. (Note: steps (b), (c) and (d) cited in the rule are required for renewal and the applicant may not reapply more than 30 days before the expiration of the current e-Notary commission.) States that an e-Notary is commissioned for a 10-year term and that a traditional Notary already commissioned on the effective date of the rule shall receive a commission that expires on the same date as the Notary’s traditional commission. Requires e-Notaries to complete a refresher training course offered and approved by the Secretary of State every 2 years. Requires an applicant who has been commissioned as an e-Notary to create a “key pair” in conjunction with the Secretary of State and provides rules for the issuing and storage of the e-Notary’s “private” key on a hardware device that the e-Notary must keep under the e-Notary’s exclusive control. (Note: see the Analysis for a description of public key cryptography technology. Requires the e-Notary’s key pair to include: (a) the Notary’s name as it appears on the Notary’s traditional commission; (b) the county where the Notary’s bond is filed; (c) the words “Arkansas Electronic Notary Public; (d) the e-Notary’s commission expiration date; and (e) the e-Notary’s commission number issued by the Secretary of State. Requires the e-Notary’s public key to be independently verifiable, allow a relying party to identify the e-Notary who used the private key of the key pair to create the signature and determine if any alterations were made to the document after it was signed. Requires the physical presence of the document signer for all electronic notarizations. Provides that if the electronic e-Notary resigns or his or her commission is revoked, the e-Notary must return the hardware device containing the e-Notary’s private key to the Secretary of State. Provides that an electronic notarization of a signature may be performed in one of 3 ways: (a) on an entirely electronic document that has been signed by the principal using the principal’s electronic signature; (b) on a paper document signed by the principal with a pen-and-ink signature that is subsequently scanned and electronically notarized; or (c) on an electronic document using a signature pad to capture the principal’s handwritten signature. Provides that an electronic document containing the e-Notary’s electronic signature must contain: (a) the e-Notary’s digital certificate that identifies the issuing entity and subscriber (e-Notary); (b) the e-Notary’s public key; and (c) the digital signature of the certificate’s issuing entity. Clarifies that an e-Notary of a digitally-signed document must: (a) be listed in the certificate; (b) accept the certificate; and (c) lawfully hold the private key that corresponds to the public key listed on the certificate. Requires the e-Notary’s public key to be registered on the Secretary of State’s e-Notary online key verification system and requires the Notary to include a link to this online system with every electronically-notarized document transmitted by the e-Notary. Requires an electronic Notary to charge and collect $5 per electronic notarization. Authorizes the Secretary of State to deny or revoke the commission of any e-Notary upon specified grounds, allows the Secretary to investigate alleged violations and, upon commission revocation, requires an e-Notary to immediately send or deliver the e-Notary’s journal of e-notarizations, all other papers related to electronic acts and the device containing the e-Notary’s private key to the Secretary. Requires an e-Notary to notify the Secretary of State of any changes related to the e-Notary’s commission within 30 days and to be reissued a key pair with the changes. Analysis:The Arkansas Secretary of State in August circulated proposed electronic notarization rules for public comment, which were then published as a final rule on November 13, 2013. The rules allow for a “traditional” Notary with a regular commission to be granted a commission to perform electronic notarizations using public key cryptography technology in a public key infrastructure. The technology involves the issuing of a “digital certificate” – computer code – securely to the e-Notary with which the e-Notary creates a “digital signature” to sign an electronic document. This computer code or certificate under the Arkansas rules is created on a hardware device (these devices look similar to USB “thumb” storage drives). In order to obtain a digital certificate, the certificate issuer (in this case it appears to be the Secretary of State’s office) must identify the e-Notary using paper identification credentials, because a key element of digital certificates is being able to establish the identity of the individual who creates a digital signature using the certificate. The certificate creation process involves the issuance of a “public” and “private” key pair using cryptographic methods. This public-private key pair accomplishes two important purposes. First, the private key of the key pair is used to identify the holder when he or she signs electronic documents. The private key is “private” – that is, it is kept secret by the e-Notary and is not divulged to any person. The “public” key of the pair is posted in the Secretary of States online key verification system is used by any person wanting to verify that an electronic document was signed using the corresponding private key. The private and public keys are linked together by the same mathematic algorithm. So for example, when used properly, the recipient (let’s say a county recorder) can use the e-Notary’s public key to confirm that the e-Notary’s private key was used to create the signature on an electronically-notarized mortgage. The signature is trusted as long as the e-Notary has has sole possession of the private key and has not fallen into the hands of another person who would use it to commit forgery. In the Arkansas system, the e-Notary’s private key is installed on a hardware device. This makes the system all the more secure because in order to forge an e-Notary’s signature, you have to have physical possession of the device containing the private key and also know the e-Notary’s password to unlock the private key when a digital signature is created. Second, a digital signature created with a digital certificate imparts a “tamper-evident” seal to the electronically-signed document that makes any changes to the electronic document discernible if it is changed in any way after being signed. Thus, built in to the electronic document is an audit trail that shows exactly when and how the document was touched. If, for example, it was signed by multiple parties and Notaries, it would contain date and time stamps when each signed the document. This is very useful from any evidentiary standpoint. Today, electronic documents using off-the-shelf software such as Microsoft Word and Adobe Reader and Acrobat may be used to electronically-sign documents using a PKI digital certificate. A few years ago, the NNA offered a product that was essentially the same as what the Arkansas rules require. Among all of the ways that one can sign an electronic document, it is generally accepted that PKI technology is the most secure way to create an electronic signature. The “signature” the average consumer creates by clicking the “Buy” button to buy a product online uses the same technology, but in the case of online purchases, a consumer doesn’t have possession of his or her own digital certificate. One is created for one-time use during the purchase transaction and is tied to the online session and the particular credit card information used to purchase the goods. The Arkansas rules will inevitably create discussion in the legal community about whether the rules violate the “technology neutrality” provisions of state and federal electronic signature laws which prohibit specifying or favoring a particular technology to with which to perform electronic transactions. Read the rule text.