VA Administrative Rule (eNotarization) Notary Law Update: VA Administrative Rule (eNotarization)State: VirginiaSummary:The Virginia Electronic Notarization Assurance Standard has been published by the Virginia Secretary of the Commonwealth to satisfy the requirement of the Code of Virginia Section 47.1-6.1. Signed: January 21, 2013Effective: January 21, 2013Chapter: N/AAffects:Implements COV 47.1-6.1 Changes: Defines the following terms: “accessed by biometric data”; “appear or appears in person”; “attach”; “capable of independent verification”; “digital certificate”; “electronic document”; “electronic notarization system”; “exclusive control”; “online notarization or online notarial act”; “security procedure”; “signing key” and “standard.” Requires a Notary to register the capability to notarize electronically, including the means for completing online notarizations. Provides that the Secretary of the Commonwealth will not render an opinion or determination as to whether a particular electronic notarization system or technology used by a Notary is in compliance with this Standard or the Code of Virginia and that responsibility for compliance is solely on the electronic Notary. Provides that an electronic Notary shall continue to adhere to all rules governing paper-based notarial acts, except that notaries performing online notarial acts may allow signers to appear before the electronic Notary via two-way live video and audio conference, consistent with Virginia Code §47.1-2 and §19.2-3.1 B1, B2, and B3. Provides that an electronic Notary shall not perform an electronic notarization if the document signer does not appear before the electronic Notary at the time of the notarization either in the same physical location or by means of two-way live video and audio conference. Prohibits a Notary from using a digital certificate as the electronic Notary’s official electronic signature and seal if that digital certificate has expired or been revoked. Requires the official electronic signature and seal of the electronic Notary to be used to digitally sign the electronic document in such a manner that relying parties can detect unauthorized tampering or alteration of the electronic document after it has been digitally signed by the Notary. Provides than an electronic record of notarial acts shall: (a) allow record entries to be made, viewed, printed out, and copied by an electronic Notary only after access is obtained by at least one factor of authentication such as a password, biometric verification, token, or other form of authentication; (b) not allow a record entry to be deleted or altered in content or sequence by the electronic Notary or any other person after a record of the electronic notarization is entered and stored; (c) have a backup system in place to provide a duplicate electronic record of notarial acts as a precaution in the event of loss of the original record; and (d) when not in use, be kept under the exclusive control of the electronic Notary, and shall not be used by any other electronic Notary nor surrendered to an employer upon termination of employment. Clarifies that the electronic record is at all times the exclusive property of the Notary and no employer or vendor of e-Notary services may retain control of a Notary’s electronic record for any reason, and further provides that "exclusive control" is achieved by ensuring that at least one method of authentication is required to verify the identity of the electronic Notary requesting access to the electronic record. Requires a Notary to respond to a lawful, written request to inspect an electronic Notary’s record by producing a certified copy of the electronic record that includes an entry in the electronic Notary’s record documenting the certified copy production. Provides that the means by which an electronic Notary creates an official electronic Notary signature and seal shall be: (a) attributed or uniquely linked to the electronic Notary; (b) capable of independent verification; (c) created using means that the Notary can maintain under the electronic Notary’s exclusive control; and (d) linked to the electronic document to which it relates in such a manner that any subsequent change of the electronic document is detectable. Requires an electronic Notary to use a digital certificate to digitally sign electronic documents requiring notarization. Provides that the Notary’s official signature and seal consist of both the digital signature and an image or text on the electronic document that includes the following information: (a) the electronic Notary’s name as shown on the Notary’s electronic Notary commission); (b) the electronic Notary’s registration or commission number; (c) the words “Electronic Notary Public”; (d) the words “Commonwealth of Virginia”; and (e) the electronic Notary’s commission expiration date. Requires the digital certificate, along with the image or text displaying the information required under the rule in to be affixed to the document in such a manner that any subsequent unauthorized modification or alteration of the information can be detected. Requires the digital certificate used by an electronic Notary to digitally sign electronic documents to conform to X.509 digital certificate standards and be issued and managed by a trusted root Certificate Authority. Prohibits the digital certificate used by an electronic Notary to digitally sign electronic documents from being used beyond the expiration date of the electronic Notary’s commission. Requires access to the means by which an electronic Notary creates an official electronic signature and seal, including through an electronic notarization system, to be protected by use of at least one factor of authentication such as a password, token, biometric, or other form of authentication. Provides that an electronic notarization system shall, appropriate technical and procedural means, ensure that the signing key used for generating an official electronic signature and seal: (a) is kept reasonably secured such that the signing key remains secret; (b) cannot, with reasonable assurance, be derived; and (c) can be reliably protected from misuse. Provides that when keyed hardware tokens are used for provisioning the digital certificate, the delivery shall be accomplished in a way that ensures that the correct token and activation data is provided to the electronic Notary. Provides that the electronic Notary’s registered electronic signature and seal shall be used together only for the purpose of performing lawful electronic notarial acts. Provides that any electronic notarization system used by an electronic Notary must ensure that the digital certificate used by an electronic Notary has not expired or been revoked at the time the digital certificate is used to digitally sign an electronic document. Provides that in the event an electronic Notary identifies the signer by means of the signer’s digital certificate or PIV card, the electronic notarization system must ensure for the electronic Notary that the digital certificate or PIV card used by the signer has not expired or been revoked at the time the notarization is performed. Provides that if an antecedent in-person proofing process is used to identify the signer for an online notarization, the electronic Notary shall only rely on an antecedent in-person proofing process that conforms to the guidelines of the Federal Bridge Certification Authority. Provides that an electronic Notary shall take reasonable steps to ensure that the use of two-way live video and audio communication is secure from interception through unlawful means. Provides that an electronic notarization system must be capable of producing an electronically notarized document that allows relying parties to verify the following information regarding the electronic Notary’s official electronic signature and seal: (a) the authenticity and validity of the digital certificate used by the electronic Notary to digitally sign the document at the time of the notarization may be reliably verified; (b) the electronic Notary’s identifying information, including the electronic Notary’s commissioned name, registration number, the words “Electronic Notary Public” and “Commonwealth of Virginia,” and the electronic Notary’s commission expiration date are correctly displayed; and (c) any changes or alterations to the notarized document subsequent to the electronic Notary’s affixation of a digital signature can be reliably detected. Requires an electronic notarization system must enable the electronic Notary to include an electronic notarial certificate that shall be attached to or logically associated with the electronic document in such a manner that removal or alteration of the electronic notarial certificate is detectable. Analysis:Code of Virginia Section 47.1-6.1 provides that the Secretary of the Commonwealth shall develop standards for electronic notarization outside of the Virginia Administrative Process Act. The Electronic Notarization Assurance Standard comprises these standards. These standards have the force of law. The Standards are heavily influenced by the National Association of Secretaries of State Electronic Notarization Standards and require Notaries to use an X.509 digital certificate. Aside from the controversial "remote" eNotarization provision allowed under Virginia law, there is a lot to like in Virginia's Standards. However, the statutory authority that gave rise to the Standard did not require the Standards to go through the typical administrative rulemaking procedure, and therefore organizations and individuals did not have an opportunity to provide comment on the Standards as would have been the case otherwise. It would have been better if the Standards had been produced in an open and transparent manner. Read the text of the Standard.