[1504] in cryptography@c2.net mail archive
Re: Cryptographic Document Storage
daemon@ATHENA.MIT.EDU (Rick Smith)
Tue Sep 16 16:17:32 1997
In-Reply-To:
<33CCFE438B9DD01192E800A024C84A19082BD3@mossbay.chaffeyhomes.com>
Date: Tue, 16 Sep 1997 14:45:12 -0600
To: Cryptography <cryptography@lists.ecosystems.net>, cryptography@c2.net
From: Rick Smith <smith@securecomputing.com>
Matthew James Gering writes:
At 12:22 AM -0700 9/16/97, Cryptography wrote:
>I've come to the decision that all records for myself and my businesses
>shall be electronic only.
Keep a diary about how this goes and write an article (or book) after doing
it for a couple of years. But keep the diary handwritten on paper, so you
don't run the risk of losing it in a crash :->
>I've decided that anything deemed important
>enough to keep in hard copy is also confidential enough to forbid it.
If your encryption measures are implemented correctly (a very difficult
task) then they will apply significantly stronger protection to your
records than is applied to other copies of the same records. Many records
that are important enough to keep an original copy of (deeds and mortgages,
for example) are also a matter of public record. Most other records you
keep will probably be copies of records elsewhere (bank records, vendor
records, customer records, etc). If they're not protecting them very well
(good security is expensive, even without encryption) then your efforts
aren't going to reduce the vulnerability of their records.
>I am curious the legal status of electronic document storage --
>especially for important legal and financial documents. And regardless
>of current legal status, what could be considered best practice (with
>future legal status in mind).
Most disputes are resolved by you sending a copy of the records you have of
the disputed activity. So in most cases you can resolve a dispute without
producing the original paper.
However, I'd be less optimistic if the other party questions a document's
authenticity and you find yourself in court. Do you really think a typical
jury will find your laser printed copies of scanned documents to be as
convincing as signed originals? Seems unlikely to me. Aside from the
question of whether you modified the scanned image with Photoshop, there's
the possibility that the original paper document was a forgery (either with
or without your knowledge). Changes made to the original paper document
might be evident in the paper copy but invisible in the scanned copy. So
the paper original is still best.
>It's the last two I am unsure about. Are there any standards regarding
>digital notarization?
It sounds as if you're referring to a service that scans documents and then
attests to the fact that the scanned copy contains the same text and
signatures as the original. I don't know if such services exist, but it
seems unlikely that even digitally signed scans would do very well in
court. Ask the opinion of a typical jury member, like the guy behind the
counter the next time you buy gas.
Rick.
smith@securecomputing.com Secure Computing Corporation
"Internet Cryptography" now in bookstores http://www.visi.com/crypto/
