Computer Counselor - August September 1996
The Specter of the CyberNotary
Science Fiction or New Legal Specialty?
By Joseph Kornowski
Joseph Kornowski is associate executive director and general counsel for the Los Angeles County Bar Association.. He can be reached on the Internet at JKornowski@msn.com.
Lawyers engaged in international transactions know well the difficulties of assuring the enforceability abroad of legal acts executed in the U.S. in terms of the rejection of such documents by legal and recording authorities in other countries. Even an opinion letter issued by a U.S. attorney as to the compliance of a given transaction with U.S. and foreign laws, which may be costly for the client, often does not satisfy foreign authorities. Unfortunately, as more of these transactions are conducted through electronic commerce, this situation likely will worsen.
Enter the concept of a CyberNotary®, as envisioned by attorney Ted Barassi, who manages the CyberNotary Project of the United States Council for International Business and chairs the CyberNotary Committee of the Electronic Commerce and Information Technology Division, Section of Science and Technology, of the American Bar Association. This proposed new legal professional would be a hybrid of the notary, as that profession is defined and practiced outside of the United States, and a lawyer with heightened technological powers.
The CyberNotary would possess the authority and responsibility to administer oaths or declarations, attest to or acknowledge acts, certify facts and authenticate the legality of acts-all in keeping with the traditional role of notaries in countries which follow the Romano-Germanic civil law tradition. Additionally, the CyberNotary, unlike his or her traditional (non-U.S.) counterpart, would possess a high level qualification in information security technology to be able to electronically certify and authenticate all elements of an electronic commercial transaction necessary for its enforceability under U.S. and foreign law. Unlike the specialties of multimedia law and so-called online line, which apply traditional principles of contract and tort law, related First Amendment issues, and intellectual property law to disputes and transactions involving technology, this new specialty would appear to represent a truly unique merger of law and technology in a specific legal professional who is a security officer in electronic commerce.
The way it will work, as Barassi explains in his Web page (http://www.intermarket.com/ecl/cybrnote.html), is that the CyberNotary will use digital signatures to certify the identity of a person or entity originating a commercial message, thereby preventing the originator from later repudiating the message (attestation and registration). Additionally, in some instances, the CyberNotary will provide a very high level of assurance as to the contents of the message (certification and authentication), along with the date and time it was notarized, and establish a protocol for archival purposes. The CyberNotary is envisioned to be engaged in a broad range of activities, from mere attestations of digital signatures-not unlike the function commonly performed by U.S. notaries-to authentication and certification of all elements of a commercial transaction, including both legality and form requirements.
Digital Signature Attestation and Registration
Digital signatures, though still not yet widely used, are actually computer-generated authentication codes that accompany electronically transmitted documents and verify to the receiver of the documents the identity of the originator. California law defines "digital signature" as "an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature." (Gov't Code § 16.5(d).) The standard to be used for digital signatures on documents submitted to a public entity in California, as set forth in the Government Code, provides, among other things, that:
"[A]ny party to the communication may affix a signature by use of a digital signature that complies with the requirements of this section. The use of a digital signature shall have the same force and effect as the use of a manual signature if and only if it embodies all of the following attributes:
- It is unique to the person using it.
- It is capable of verification.
- It is under the sole control of the person using it.
- It is linked to data in such a manner that if the data are changed, the digital signature is invalidated.
- It conforms to regulations adopted by the Secretary of State." (Gov't Code § 16.5.)
Those regulations must be adopted no later than January 1, 1997.
Government Code section 16.5(b) further provides that
"use or acceptance of a digital signature shall be at the option of the parties," and that a public entity is not required to use or permit the use of a digital signature.
When certified by a certification authority, a digital signature can be deemed "authentic," and thus reliable, in the sense that an independent third party has warranted by its certification that the party's digital signature is valid and in fact belongs to that party. A certified digital signature then may be used with relative confidence in electronic commercial and other transactions.
The CyberNotary will be qualified to conduct the application and registration process for a certified public key-one of a key pair (the other being the originator's secret key) generated in the public key encryption process used for digital signatures. After undertaking a security investigation of an applicant for a public key, and complying with the guidelines for the certification authority, the CyberNotary will register the applicant and issue or ratify a public key. The security investigation could range from merely establishing the identity of the user and binding it to the public key to something more extensive, say an investigation that includes criminal background checks, credit history, asset value, etc.
Once the public key is issued, the CyberNotary sends it, along with his or her attestation of a party's digital signature, in the form of the CyberNotary's own digital signature, to the certification authority so that a certificate may be issued. This element of the CyberNotary's function, though new in terms of the technology used, would appear to fall within scope of the current authority of U.S. notaries.
Transactional Certification and Authentication
At the other end of the spectrum of the CyberNotary's function is authentication of legal transactions. While not an area of notarial practice that U.S. notaries currently are competent to perform, authentication is a much more extensive undertaking by an attorney-notary and typically part of traditional notary practice outside of the U.S.
According to Barassi, authentication is the notary's verification that both the terms and the execution of a document are in accordance with the law under which the document is executed, and is therefore given full legal effect. For example, when an electronic power of attorney is executed and digitally signed before a CyberNotary, the CyberNotary will cause an authentication message to be appended to the power of attorney validating its legal contents, the digital signature used to sign it, as well as the identity, capacity and authority of the signing party to execute it and the digital certificate used to certify the signer's public key.
This transactional authentication and certification role may well constitute the greatest value of the CyberNotary's practice for documents originating in the U.S.
because authentication is an affirmative requirement for many transactions in foreign civil and common law jurisdictions. Failure to provide properly authenticated documents coming from the U.S. in a foreign jurisdiction can necessitate a notary of that jurisdiction independently authenticating the transaction. Problems often arise in such cases because the foreign notary may not in fact know, or be in a position to verify, the facts and circumstances upon which he or she must rely. And without proper authentication, public authorities in the enforcing jurisdiction may reject the document, necessitating re-execution of the transaction before a competent notary in that jurisdiction, and/or attachment of a legal opinion by a U.S. lawyer describing how the transaction complies with the governing law. In either event, the costs of effectuating the transaction escalate significantly.
Most overseas jurisdictions require authentication for many transactions, such as transfers of corporate shares, transfers of real property, powers of attorney, wills and trusts, bills of exchange and maritime shipping contracts. Based on these transactions, alone, the CyberNotary's value in authenticating international electronic transactions is potentially great.
In this respect, the proposal thus assumes an expansion of the current authority granted to U.S. notaries consistent with their foreign counterparts. For Barassi and his colleagues on the ABA CyberNotary Committee, this aspect of the proposed specialization, standing alone, is enormously important to the overall proposal because, for the first time, U.S. notarization acts will be given full force and effect in foreign jurisdictions which historically have viewed U.S. notarizations with considerable skepticism, leading to refusals on procedural grounds to enforce many documents bearing them. As a common law lawyer whose function would resemble that of a notary found in civil law jurisdictions, the new specialist will be a bridge between the two legal traditions. In a networked world, where electronic transactions must be conducted quickly and easily, a CyberNotary will provide assurance that transactions he or she processes meet the procedural and legal formalities in both civil and common law jurisdictions.
Just how fanciful is this proposal? Consider that there currently exists a Digital Notary Service offered by Surety Technologies, Inc. (http://www.surety.com/), a spin-off from Bellcore, which has developed software that allows users to certify the contents of any particular electronic record and affix a time seal to create a digital audit trail. This lets the user easily prove whether or not a record was ever tampered with or backdated. The digital audit trail can be used to show that no one has "cooked the books," or to defend precedence claims in patents, or to show that patients' medical records were not modified after the fact. For law firms and corporate legal departments, the content and delivery time of electronic documents such as e-mail, agreements, memoranda, court documents, confirming letters, proposals and other evidentiary documents, can be irrevocably established.
Meanwhile, companies like GTE Corp. are moving forward with a line of Certification Authority Services (http://www.cybertrust.gte. com/Caservic/caservic.html) that includes their Virtual CA and associated registration authorities services. For certificate requests and issuance, for example, Virtual CA generates and signs a certificate and issues it to the registration authority-e.g., a CyberNotary?--or the organization's user through the World Wide Web or Internet e-mail.