AnalysisThe Arkansas Secretary of State in August circulated proposed electronic notarization rules for public comment, which were then published as a final rule on November 13, 2013. The rules allow for a “traditional” Notary with a regular commission to be granted a commission to perform electronic notarizations using public key cryptography technology in a public key infrastructure. The technology involves the issuing of a “digital certificate” – computer code – securely to the e-Notary with which the e-Notary creates a “digital signature” to sign an electronic document. This computer code or certificate under the Arkansas rules is created on a hardware device (these devices look similar to USB “thumb” storage drives). In order to obtain a digital certificate, the certificate issuer (in this case it appears to be the Secretary of State’s office) must identify the e-Notary using paper identification credentials, because a key element of digital certificates is being able to establish the identity of the individual who creates a digital signature using the certificate. The certificate creation process involves the issuance of a “public” and “private” key pair using cryptographic methods.
This public-private key pair accomplishes two important purposes. First, the private key of the key pair is used to identify the holder when he or she signs electronic documents. The private key is “private” – that is, it is kept secret by the e-Notary and is not divulged to any person. The “public” key of the pair is posted in the Secretary of States online key verification system is used by any person wanting to verify that an electronic document was signed using the corresponding private key. The private and public keys are linked together by the same mathematic algorithm. So for example, when used properly, the recipient (let’s say a county recorder) can use the e-Notary’s public key to confirm that the e-Notary’s private key was used to create the signature on an electronically-notarized mortgage. The signature is trusted as long as the e-Notary has has sole possession of the private key and has not fallen into the hands of another person who would use it to commit forgery. In the Arkansas system, the e-Notary’s private key is installed on a hardware device. This makes the system all the more secure because in order to forge an e-Notary’s signature, you have to have physical possession of the device containing the private key and also know the e-Notary’s password to unlock the private key when a digital signature is created. Second, a digital signature created with a digital certificate imparts a “tamper-evident” seal to the electronically-signed document that makes any changes to the electronic document discernible if it is changed in any way after being signed. Thus, built in to the electronic document is an audit trail that shows exactly when and how the document was touched. If, for example, it was signed by multiple parties and Notaries, it would contain date and time stamps when each signed the document. This is very useful from any evidentiary standpoint.
Today, electronic documents using off-the-shelf software such as Microsoft Word and Adobe Reader and Acrobat may be used to electronically-sign documents using a PKI digital certificate.
A few years ago, the NNA offered a product that was essentially the same as what the Arkansas rules require. Among all of the ways that one can sign an electronic document, it is generally accepted that PKI technology is the most secure way to create an electronic signature. The “signature” the average consumer creates by clicking the “Buy” button to buy a product online uses the same technology, but in the case of online purchases, a consumer doesn’t have possession of his or her own digital certificate. One is created for one-time use during the purchase transaction and is tied to the online session and the particular credit card information used to purchase the goods.
The Arkansas rules will inevitably create discussion in the legal community about whether the rules violate the “technology neutrality” provisions of state and federal electronic signature laws which prohibit specifying or favoring a particular technology to with which to perform electronic transactions.
Read the adopted administrative rules.