The foolishness of signature images

Australia, according to a recent article on cracked.com, is an example of a modern country with "surprisingly backward technology", in our case, maddeningly slow internet.  The cracked article puts us at world number 41; netindex puts us at 53.  Whatever the speed is, it's not fast enough.  And partly this is due to the vastness of the country and its relatively small population, coupled with a remoteness which makes submarine cabling impossible.  And the current luddite government have neither the understanding nor inclination to make any changes.  This page, while old, still represents current government thinking.

I wonder whether this curious backwardness also accounts for an approach I've seen many times about signatures.

In the old days – before photocopiers! – you'd sign a document with a pen.  The signature could not be "lifted" from the document, nor could it be easily copied, unless by an expert forger,  and a well trained forensics expert, with all the tools of the trade, could go a long way to determine if a signature was indeed genuine.  Some elementary methods for pen and ink signatures are given here.  It would take a master forger not only to copy the shape of somebody's signature, but also the pressure they used.  So an uncopyable pen and ink signature was a pretty good indication of the document's authenticity.  And mostly, such signatures satisfied some of the standard requirements of a signature, that it must be:

  1. authentic – it convinces the receiver that the message is indeed from the sender;
  2. unforgeable – nobody else but that sender could have signed the message;

As well as:

  1. The signature can't be repudiated: the sender can't later deny that he or she didn't sign the message.

Now in the days of electronic signatures, there are two more requirements:

  1. not reusable – even if the message is sent on to a third party, the signature can't travel with it;
  2. The signed message is unalterable – if the message is changed, a new signature must be produced.

These exacting requirements are satisfied by various digital signature protocols, which generally use a public-key cryptosystem "backwards": instead of using the reciever's public key to encrypt, the sender encrypts with his or her private key, and the receiver can verify the signature by using the sender's public key.  This authenticates the signature, as only the sender would have the private key which corresponds to the public key.  The main difficulty is ensuring that the keys are indeed the correct keys for the sender, and this business of managing keys is one of the jobs of an external certificate authority which issues the keys, and maintains a database which links the keys with the correct owner.

There are now many companies which provide digital signatures such as DocuSign and EchoSign.  For a fee, these companies provide all the infrastucture needed to sign a document, and to verify the signature.  They provide means for a document to be signed by multiple parties, or just one.  And the signatures satisfy the legal requirements for a signature in many jurisdictions, as well as satisfying all the five requirements above.

Now – the Australian way.  I have been involved in a number of cross-university projects, where multiple signatures need to be attached to a document.  I would need to sign it, as would my colleagues at other institutions.  Maybe also our up-line managers have to sign, to indicate that we will have the necessary time and support to participate in the project.  If the project involves applying for a grant, then maybe the signature of some high-up person in the university is also required.  Most documents are created in something like MS Word, and will include spaces for signatures.  And in these spaces the signers insert images of their pen-and-ink signatures.

Two and a half seconds reflection will reveal that this system has zero security – indeed it's bizarrely insecure.  Since the signature is simply an image, it can easily be copied from the document onto any other document.  And if, like me, you keep electronic copies of such documents, you will end up with quite a nice library of other people's signatures.  A while back I needed the signature of my Head of School: I asked in an email, and in return was sent an image of the Head's signature, telling me to attach it to the document.  I've done this myself: sending a signature image to a colleague so as to be inserted onto a document. 

So a document will end up with a nice gallery of signature images attached to it.  And all that this shows is that somebody, somewhere – possibly the author, possibly somebody else (a secretary or admin officer) – would have inserted the images onto the document.  And then anybody else who reads the document can copy the signatures for themselves.  This method satsfies none of the five requirements above.

Why do university bodies insist on this curious practice?  It's not quite security theatre, but it shares some similar characteristics: above all it does nothing to actually increase (or in this case even achieve) security.  My own signature image has been inserted into so many documents, and emailed to so many people, that its use for verifying my involvement in a document is essentially non-existent. 

This is a nice example of where an old practice – signing with a pen, on paper – simply doesn't translate into the electronic world. 

 

Leave a Reply

Your email address will not be published. Required fields are marked *