Schneier Asks Why We Accept Fax Signatures 531
Bruce Schneier's latest commentary looks into one of my pet peeves: faxed signature requirements. He writes "Aren't fax signatures the weirdest thing? It's trivial to cut and paste -- with real scissors and glue -- anyone's signature onto a document so that it'll look real when faxed. There is so little security in fax signatures that it's mind-boggling that anyone accepts them. Yet people do, all the time. I've signed book contracts, credit card authorizations, nondisclosure..." It's amazing how organizations are sometimes willing to accept low-quality, unverified scans delivered over POTS as authoritative, when they won't take the same information in a high-resolution scan delivered over (relatively secure) email.
Older generation (Score:5, Insightful)
Re:Older generation (Score:5, Insightful)
Most of the posts here act like signed faxes come out of the blue and magically make things happen. Well, that's not a very secure way to use a fax machine. e.g. I'd hate to have Presidential orders executed with only a fax as evidence that the order is issued!
In real life, faxes of documents occur after a verbal agreement is reached. For example, let's say a company owes me stock options. I tell the company that I wish to exercise the options. They tell me that I need to review the terms of the options and sign them before the stocks are issued to me. Documents are faxed (or emailed!) to me for review. I review the documents and either deliver a verbal rejection (perhaps followed by modified terms) or I sign the documents and fax them in.
Let's look at the possible attacks in this situation. I have already verbally agreed to pursue this contract. If someone tries to forge my signature (why?) before I decide to reject the contract, the forgery will be discovered when I contact the company to offer my rejection of the terms.
Well, what if someone poses as me and begins the process? That could potentially be a problem. Except that my identity is usually verified up front. In a smaller company they already know me, my voice, my email, and my address. When I contact them, they know who I am. In a larger company, they will usually require proof of identification along with any papers being signed.
Someone can still steal the certificates from my mail, but that goes above and beyond the issues with fax machines.
To give another example, let's say I'm offered an employment contract. Obviously such a contract has been under negotiation for some time. By the time it's been faxed, it's clear as day that it was me who signed it and agreed to the terms. If my signature was forged for whatever reason, it would become rather clear when I don't show up for work the first day, or when some impostor shows up.
Granted, someone could have been impersonating me the entire time, but then they'd also need forged proof of identification to fill out the necessary tax forms at employment time.
I think you'll find that any contracts where there is concern of forgery or claims of forgery are handled in one of two ways:
1. The fax is used to confirm your agreement and get the process started. The actual documents must be physically mailed before the terms of the contract are fully realized.
2. Fax is unacceptable. The documents must be FedExed and signed for so that they can be tracked from person to person. Someone is ALWAYS accountable for the documents.
In short, faxes are just fine. Just don't act stupid when working with them. If you ever find a company that does, work to get their legal counsel fired. If that company is signing important documents without legal counsel, RUN. Run far away and never look back.
Re:Older generation (Score:5, Insightful)
That's not always true. In real estate contract offers are often delivered solely by fax, and the response is also delivered by fax when an offer is accepted. Sometimes the offers and counter offers go back and forth so many times that part of the document becomes too illegible to hold up in court.
Anyone can go to Kinkos and send a fax pretending it's from me. Someone might not be able to get me hired as in your example, but they might do enough damage to get me fired.
Faxing was an important technology that served a specific function in its time. It allowed us to transmit documents on analog lines before digital networks were widely accessible. Now that we have the internet and suitable cryptographic techniques, there's no point holding onto faxing. You can push the merits of telegraphs all you want, but I'd rather use a cell phone. Why waste money on a phone line for a fax machine when you can get an internet connection for about the same amount?
One irony of faxing is that digital lines are taking over in the public phone network as well. However, people are still trying to use the analog fax protocol over digital lines. IP telephony is optimized for voice transmissions. If a packet is lost, many applications will fill extend the voice from adjacent packets to cover up the dead space from the lost packet. This kind of manipulation makes voice sound good, but it distorts fax signals in a way that the protocol wasn't designed to check. The fax protocol checks for a certain threshold of error before it requests a resend. The designers new that if they mandated a perfect transmission the resends would slow down the fax too much. They designed the checksums to catch the most common errors that occur with analog lines. With IP telephony manipulation, the fax protocol can't detect much of the manipulation and so you can get a completely munged document that didn't generate a single fax error.
I think faxing filled an important niche in its time, but the world has moved on so it's time to let go of it. Newer copy machines even let you email your scanned documents which is far more convenient than faxing ever was. I'd rather see companies put their energy into standardizing an email encryption system rather than trying to keep faxing alive.
Re:Older generation (Score:5, Informative)
On the other hand, we also switched to the e-signing service DocuSign [docusign.com] for our internal contracts and approvals, because using a fax machine is such a massive pain in the ass and no one in our company likes dealing with paper. A few of our clients use it too, it's pretty wonderful. As secure as you want it to be, and also quick and easy.
Re:Older generation (Score:5, Interesting)
Re: (Score:3, Interesting)
Re:Older generation (Score:4, Insightful)
Once upon a time a FAX-ed signature was acknowledged as a contractually binding signature by the courts (we can probably dig out who and when). This was before people understood how to falsify it and how to fake it. From there on it has been accepted as valid till today.
Email never got the same treatment, because the earliest attempts to use it as evidence were countered by experts who knew how to fake it.
And this is all about this. The power of precedent especially in the Anglo-Saxon legal system. Nothing more, nothing less.
Re: (Score:3, Insightful)
FAX signatures were accepted by the courts, but I can't believe it was before people understood how to falsify them.
We haven't had faxes for 20 years (Score:5, Interesting)
Me, and most people I know, have almost never used a fax machine, and we don't understand why people around the world ever use them, at all.
This issue is very local and applies only to countries still using fax machines. Perhaps the issue isn't really about if fax machines are secure, but more general; why use them at all? They are stone age, insecure, crap quality, slow, consumes an entire phone line, etc. Much like checks. I don't think I know any swedish person who have ever used a check in his/her whole life, and that includes parents and grand parents.
So what's wrong? Fax being insecure? No, keeping bad and obsolete depricated technology. Fax machines, checks, inch, feet, Fahrenheit, etc...
Come on, the entire world is laughing at you. I'm not trying to troll, but rather to enlight. We do laugh; "Well, you know Yanks" and so on. Please give us a reason to stop that.
Re:We haven't had faxes for 20 years (Score:4, Funny)
Re:Should have stop at, Aren't FAXes the weirdest (Score:5, Funny)
Re:Should have stop at, Aren't FAXes the weirdest (Score:5, Insightful)
Re:Should have stop at, Aren't FAXes the weirdest (Score:5, Insightful)
I wouldn't do this for big deals involving large amounts of money (exceeding 6 or 7 figures), but I for one don't worry too much about an email approval.
Re:Should have stop at, Aren't FAXes the weirdest (Score:4, Interesting)
My wife is a real-estate agent. Has to deal with passing a lot of signatures around. It was only a couple of years ago that North Carolina passed a law to make faxed signatures legally binding.
Lot of Fedexing going on up till then.
There are also practical considerations. (Score:3, Insightful)
With email, the person sending the signed document could be doing so from Nigeria and there's no good way to know that they're not.
Re:There are also practical considerations. (Score:4, Insightful)
Email creates more logs than a fax. It creates a log not only at the server on either end, but in cases of companies with complex relaying setups, potentially multiple servers in between.... I'm assuming what you mean is that a fax creates a third-party log at the phone company. Even this is trivially falsifiable, however, with a trunk line and a device that generates a false Caller ID message. While IIRC there is a secondary log that's harder to falsify, if memory serves, good luck getting access to it except as part of a criminal investigation....
Re:Should have stop at, Aren't FAXes the weirdest (Score:4, Informative)
Don't believe me? Check with your bank. Checks are not physically distributed to other banks for payment/clearing (I believe) and virtually all banks use digital images for "returning" your check (I know for a fact). Print out that digital image and it's perfectly valid in court.
The law this is based off is the one that says 'a copy of a document is legally equivilant to the original'. Heck, you realize most modern photocopy machines are actually a fancy scanner and laser printer with a computer inbetween right?
Re:Should have stop at, Aren't FAXes the weirdest (Score:5, Informative)
I would be wary of stretching that logic to apply to any legal document -- if scanned documents were valid, banks could have been doing this with checks before the intervention of Congress. Then again, I don't know why faxed documents are presumed any better.
Re:Should have stop at, Aren't FAXes the weirdest (Score:4, Interesting)
While I was looking for a new job, one prospective employer wanted to verify my employment history, and called her.
She refused to verify my history over the phone - claiming privacy issues.
Fortunately the company hired to do my background check called me about this problem (apparently it's rather common.) They had me digitally sign a request for the stupid HR officer to verify my employment history with the background checking company.
She refused - claiming that digitally signed documents are not legally binding.
Instead, I had to fax a signed request to her - and then call my former boss to politely ask "WTF?!?"
FORTUNATELY the background check company was willing to work with me on this and I got the job.
However, I still have to wonder how many other job offers I may have missed due to this b*tch's refusal to do her job. Now that I think about, I did have a few job prospects abruptly dry up even though I knew the hiring manager and engineers were impressed with me, only to be told by their HR department "we've decided on someone else." without so much of an explanation as to why I was not being considered any further.
Re:Should have stop at, Aren't FAXes the weirdest (Score:5, Insightful)
All that is required to be legally binding is an offer and acceptance. This can even happen orally. For some kinds of contracts -- covered by the Statute of Frauds -- you need to have a written document which must be "signed," but this refers only to some indication in the document that the person has knowingly agreed to be bound; a suitable email will suffice.
Here, some googling found this:
(I'm not your lawyer and none of this was legal advice, obviously.)
Re:Should have stop at, Aren't FAXes the weirdest (Score:5, Funny)
Re:Should have stop at, Aren't FAXes the weirdest (Score:4, Insightful)
Re:Should have stop at, Aren't FAXes the weirdest (Score:4, Informative)
And it's not all small transactions, either. Amateur and professional traders alike make trades worth vast sums of money online. Even wire transfers, which can be billions of dollars, happen over the phone and online within hours.
The idea that emailed contracts aren't enforceable -- or even that there's reasonable fear of them not being enforceable -- is just plain wrong.
Re:Should have stop at, Aren't FAXes the weirdest (Score:4, Insightful)
For example, with wire transfers there are all kinds of non-consumer-friendly bank laws out there. If the bank followed the appropriate processes and some identity thief gets the bank to send $1M of some customers money to some foreign bank, the bank probably could care less. Chances are that banking laws will make the customer liable and they weren't involved.
Now, imagine this scenario. You pay me $50k in untraceable cash as consideration for me privately providing you with some form of insurance (say a million dollars worth). You suffer a loss that I am liable for. I simply deny having ever signed the contract. If the contract were on paper you would have an expert witness testify that it could be forensically traced to me. If the contract were faxed you would point to all kinds of court precedents for faxed documents. If the contract were emailed there would not be much precedent - maybe I'd owe you, and may be not. Unless you like taking your chances (and who buys insurance when they like to take chances?), you're going to insist on some well-tested form of transmission.
Basically the issue comes down to repudiation. It is easy to repudiate a document transitted electronically unless crytographic safeguards are used. FAX should be easy to repudiate but for various reasons it has a perception of authority and it has been well-tested in court.
Re: (Score:3, Insightful)
Chances are that banking laws will make the customer liable and they weren't involved.
This is wrong in almost all circumstances, but it's irrelevant to the point, so I won't argue.
It is easy to repudiate a document transitted electronically unless crytographic safeguards are used.
No it's not. Subpoenas for your computer, your email provider, my email provider, and my computer will reveal four separate copies of the email kept on four separate systems. If the email was sent in a corporate capacity, there are likely backups as well. Emails are, if anything, an awful lot easier to verify forensically than faxes. And as to the idea of handwriting experts verifying the signatures, well, read
Re:Should have stop at, Aren't FAXes the weirdest (Score:4, Informative)
The Uniform Commercial Code (UCC), which has been adopted by all 50 states, discusses what is a valid signature in Article 1, Section 1-201(39) [cornell.edu]:(Writing is defined as "printing, typewriting, or any other intentional reduction to tangible form.")
While that doesn't rule out the possibility of states having other requirements for signatures, the "least common denominator" between all states -- the UCC -- is pretty format-agnostic.
I think it's also worth pointing out that some 48 states, according to one source [findlaw.com], have put digital-signature laws in place that allow some form of non-physical, electronic signature. Some of them are pretty specific to PK crypto, while others are technology-agnostic. I find it a little hard to believe that any state that's gone to the trouble of crafting and passing a digital-signature law would still require faxed signatures.
What seems more likely to me is that private agreements between parties are the major driver for faxed signatures, because there are contracts forming standing arrangements between businesses that weren't written to take advantage of anything besides the dominant technology (POTS fax) at the time they were written. Therefore, you end up with change orders, POs, and other authorizations having to go by fax, because of some hoary old contract, even though some other form of signature would be theoretically acceptable.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
legally binding (Score:3, Insightful)
Verbal contracts are legally binding, but don't leave good evidence if disputed. What I think you mean is that if the veracity of a document is brought into question, that a scanned+printed document is not going to hold much weight in most courts.
Re: (Score:3, Interesting)
We had one vendor who refused to accept a signature on a scanned and e-mailed document - They insisted that it be faxed. We even pointed out that we were just going to print out the scanned document and drop it in the fax machine because the physical document had already been handed off to somebody else and we suggested that they just print it themselves. They still wanted the fax, so we printed and faxed the document we'd already delivered and that satisfied them. Bizarre.
This may be off-topic, but it reminds me of how my mother-in-law gave me money for a down payment on a house. Because the money was in cash, the bank required us to go to a bank, and have her get the money changed over to a cashiers check, which I then had to photocopy, deposit into my account, and keep into that account, until the day of the closing (when it had to be transferred to another cashiers check). All this to prove that the cash was given by her (which it didn't), and to create a paper trail (w
Re:A watermelon, eh? (Score:5, Insightful)
"Just because you're right doesn't make you any less dead/injured/royally boned"
Re:A watermelon, eh? (Score:4, Funny)
Not quite true.
Re:A watermelon, eh? (Score:4, Funny)
4 melvon
5 mevon
It's an "older" technology (Score:4, Insightful)
Sadly, the same people who make decisions based on the comfort provided by the familiarity of a technology are those who make policy at companies.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
BTW, I think GGP got modded "troll" unfairly.
telephone number (Score:4, Informative)
People are comfortable with that because they understand what is involved in doing that. With e-mail and digitial docs its harder for an untrained person to evaluate the threat. Also with digital docs it's harder later to raise questions about the authenticity. With the fax, one can later check for example fax logs on the sending machines and other trails of evidence.
In both cases forgeries are possible but in the case of faxes most humans are able to evaluate the threat.
Comment removed (Score:5, Insightful)
Re:telephone number (Score:5, Insightful)
Re:telephone number (Score:5, Informative)
Re:telephone number (Score:4, Informative)
Re:It's an "older" technology (Score:5, Interesting)
It wasn't that hard to xerox 2 copies your drivers license and then cut out the numbers with scissors on one and then tape them on the other and then xerox a 3rd copy and you really couldn't tell the difference. *coughs* Not that I knew anything about it.
So back then even with fax machines, its simply not that hard to to find a document of someone signature, cut it out and then tape it and then xerox it and then fax the xerox and no one would be wiser.
These days its simply a cut and paste in photoshop and then printing to a fax printer if you happen to have one.
Re:It's an "older" technology (Score:5, Interesting)
Comment removed (Score:5, Insightful)
Forgery is still forgery (Score:4, Insightful)
We accept and trust people and their submitted documents. Fancy that.
What? They're not real? That's a bad thing. Time to call the prosecutors. Jail for that? Really? Good.
Chicken, meet egg. (Score:3, Insightful)
I think the answer to that, ironically, comes back to businesses. Businesses needed a way to send 'signed' documents quickly, and pre-FedEx there weren't really many options. Fax machines were bulky and expensive. They didn't accept signed documents from just anyone, they had already vetted the other party to some extent.
So, on balance, the convenience of 'legal facsimile' faxes ou
Re: (Score:3, Informative)
Try to have a copy of a legal document, like your driver's license, and show it in court.
You cannot use a duplicate of a legal document in place of a legal document, it is considered hearsay and would get thrown out.
You may get away with a fax for a quick approval, but you need to have an original legal document( for example, by mail) or you run the hazard of it not being valid.
Re: (Score:3, Informative)
Re: (Score:3, Informative)
Re:It's an "older" technology (Score:5, Informative)
Oh, and also because its silly not to accept an electronic signature.
It might surprise people but there's hardly a reason NOT to accept a fax/electronic signature since a signature is really meaningless in the business context. It is essentially EVIDENCE. It's not conclusive. There are certain enumerated situations (like wills and real estate) where signatures are a big deal, but these are not the day-to-day transactions people usually think about.
In a contract, the question is whether the parties intended to form a contract. A signature can be evidence of that. So can clicking a button. So can doing s/First Last/. So can paying for the goods. So can accepting the goods. So can performing. So can stating so in an e-mail with a contract attached. And on and on.
Besides, the risk of fraud exists regardless of whether you get a real signature or otherwise. Again, even when there's a fraud, the signature becomes evidence of the fraud. Heck, even requiring in person signature is not a sure fire way to prevent fraud. Frequently the person accepting an actual signed contract will not be in a position to evaluate whether the signature is in fact true or fraudulent.
Re:It's an "older" technology (Score:5, Informative)
So, YES, the fax machine is OLDER. Much older.
Re:It's an "older" technology (Score:5, Interesting)
Re: (Score:3, Funny)
So, YES, the fax machine is OLDER. Much older.
Re:It's an "older" technology (Score:4, Informative)
Re: (Score:3, Interesting)
However, when was there widespread use? I seem to recall that in 1992, the fax was in use, and friends of the family had one and used it. The first interweb came into existence in september 1993 (hint: ha-ha-only-serious). It has taken people some time getting used to it; some mothers more than others
I think that's ultimately more relevant.
(mod parent informative)
Re: (Score:3, Insightful)
Sadly, many of those "someone else's" problems may become yours when you actually face those people and have to do business with them.
Not just this (Score:4, Insightful)
Actually, I LOVE the CC sig. (Score:3, Interesting)
Re:Actually, I LOVE the CC sig. (Score:4, Interesting)
Re:CC Signature Pranks (Score:5, Funny)
Actually, Zug.com has an interesting tale of the author trying to see how much he could get away with when he signed credit card purchases. He even did musical notation once. Very funny.
http://www.zug.com/pranks/credit/ [zug.com]
http://www.zug.com/pranks/credit_card/ [zug.com]
Re:Actually, I LOVE the CC sig. (Score:5, Informative)
Check out the Rules for Visa Merchants [visa.com], in particular page 34 (page 29 if printed). There is some amusing information in there, such as the fact that merchants are not allowed to require ID for a credit card purchase. I have no idea if MasterCard, Discover, or Amex have similar rules.
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
The purpose of signing the card is to show that you have agreed to the card holder's agreement with the CC company. Allowing you to rack up charges with an unsigned card makes their transaction just as 'fradulent' as allowing you to rack up charges on Jane Smith's card while signing your name as "Sebastian Bach".
CID is the same deal, if
Re: (Score:3, Insightful)
They were protecting themselves (Score:3, Informative)
I managed a retail shop for several years and the credit card companies are dead serious about their rules. The card MUST be signed with a personal signature--"See ID" or "CID" does not satisfy that. The shop must keep the original of the signed copy of the credit charge slip
Re: (Score:3, Informative)
which is a measly two days
That's not quite true. There is a second fall-back of a $500 limit if you, for some reason, do not report the theft after you've learned about it. You get 60 days to report something appearing on your statement - the 2 days is just for physical loss or theft. And EVEN THEN, you are only responsible for further losses after the initial 60 days.
And, as you say, I've never heard of a financial institution enforcing even the $50 liability - let alone the $500. And to be fair, I've never heard of a check card c
Re:Actually, I LOVE the CC sig. (Score:5, Informative)
1) The signature on the back of the card authorizes it for use. Failure to sign the card is supposed to indicate that the card is not authorized.
2) Merchants are NOT allowed to check ID as a condition of credit card acceptance.
3) The signatures do NOT have to match. The signature on the card only authorizes the card for use and is not for comparison.
Re:Actually, I LOVE the CC sig. (Score:4, Interesting)
IOW, is reporting violators of 2) in the above post actually worthwhile?
Re:Actually, I LOVE the CC sig. (Score:5, Informative)
Re: (Score:3, Informative)
Doesn't Make Sense To Start New Trends (Score:5, Insightful)
Furthermore, faxes are relatively secure because it is a one-on-one communication. In contrast, e-mails can be intercepted or become widely disseminated. The risks of using e-mail in a business setting (for signatures and the like) have not been tested too thoroughly, either.
Dilbert already covered this. (Score:5, Funny)
Scott Adams already covered this in "Dilbert".
The accounting trolls told Dilbert that they wouldn't accept copies of his expenses... but he could FAX them.
Animaether Asks Why We Accept Signatures (Score:5, Interesting)
Between people being quite apt at duplicating another's signature good enough for 'at a glance' acceptance
and
people's signatures changing over time (my bank just informed me that the last signature I gave them deviated too much from the one they had on file since 10 years ago, and so as to please put my signature on their form five times to get them a new basis. Guess what, the five looked alike, sure enough, but they could just as well have been forgery attempts from 5 different people...)
I'd say that signatures in general are relatively unacceptable. Except that they're usually 'good enough' for what we need them for. That's why we accept them in 'analog' writing, faxes and even e-mails. In the few cases where it was indeed forged, it's usually found out pretty easily.
Oh, but wait, Bruce already said as much; not included in the summary, of course. So go RTFA, then come back here to complain about Slashdot's shoddy headline/summary policy.. it's too much like an actual newspaper.
Now... where's the discussion of alternatives? One of those one-time 2D barcodes that uniquely identifies -moi- when used with the recipient's public key.. or something.
PGP signed mail is also not enough. (Score:4, Insightful)
They do accept scanned signatures (Score:5, Insightful)
Re:They do accept scanned signatures (Score:4, Interesting)
A friend of mine didn't have enough signatures to pass the class at the end of the semester, so we collected sheets from a few people, and scanned quite a few of the teachers signatures. We then got rid of all the extra stuff, and copied and pasted the signatures onto a blank 8.5" x 11" document, and made some test prints to get the exact placement right. When the time came, we ran his original form sheet through the printer, and printed the new signatures where they would have appeared on the document. It was extremely difficult to tell which signatures were real, and which were printed on, on the final document, even knowing that some were forgeries. The results were essentially perfect, the teacher never noticed, and we never got caught.
This occurred over 10 years ago now, and I haven't helped anybody cheat on anything since. Perhaps relying on signatures to authenticate documents isn't such a good idea anymore, now that they can be so easily duplicated.
Re:They do accept scanned signatures (Score:4, Funny)
You have no idea how depressing this is.
Re: (Score:3, Insightful)
I've signed a load of contracts in the US by having my publisher send me a PDF, which I've returned (by email) having copied and pasted a scanned copy of my signature over it. Interestingly, they would accept this but not a hash of the original PDF signed with a certificate signed by CACert, which had two people verify two pieces of government-issued ID to confirm that I am me.
Perhaps because (outside of computing circles), the idea of electronic signatures isn't very well known?
Credit Card Signatures (Score:3, Informative)
Signatures aren't about security (Score:5, Informative)
Faking a fax signature isn't really that much harder than faking a real one.
Sending a fake signature over a fax isn't that much harder than faking a real one, but is no less criminal.
"Notarized" signatures are supposed to be more secure, though if you can produce a convincing fake ID, they probably aren't.
Vaguely related to the topic at hand (Score:5, Insightful)
It's generally accepted (in UK law, at least, so my source says) that once you reply and / or initiate a conversation over a medium, that that medium is then a valid method of contacting you indefinitely over the course of that action.
So if you email a solicitor, then for that solicitor to send you an email back is perfectly legally acceptable and may even be construed as "delivered" whether or not it arrives. Because *you* selected the method of transit. If your mortgage nearly falls through at the last minute and you need to do something incredibly urgent or lose your house, a solicitor acting on your behalf can just send you an email and they've "done their job". If your servers are down, tough, if you no longer have that email, tough. At least if you read the strict letter of the law.
It may be that this is related - once a person has contacted you by fax, then sending back your confirmation by fax is construed as legally acceptable for "signing" a contract. If you don't like it, then don't communicate with them by fax at all. Ever.
On a personal note, if I weren't able to fax legally-binding forms back to a company, I wouldn't have a house, but I still don't "like" it. My purchase of the house dragged on for six months longer than it should have and the solicitor in charge on my end was a close personal friend, so they were stopping all heel-dragging and pulling out all the stops for us.
However, just as we were approaching the signing date, we had an holiday booked (Hey, we thought a six month cushion on top of a six month estimate for the deal would be long enough!). We arrived in a foreign country for a holiday, and within a day we had a phone call to say that if a particular court didn't receive a signed document on an official form within the next eight hours (time differences etc.) then we wouldn't be able to complete the purchase now, or ever (the house would be sold at auction). We had to find a kind hotel (fortunately, we found a hotel receptionist who had recently had much worse problems selling their house and they let us use the hotel fax machine for free) and recieve several forms, sign them and fax them back (and pay a month's mortgage, in cash, within 8 hours but that was easily resolved by phoning relatives near our solicitor's, although we still technically owe them that).
So it worked out well that we were able. I don't think we could have got back in time on the first plane, and there was nothing we or our solicitor could do to negate the need for us to sign the forms and pay in cash (bank transfers etc. wouldn't have cleared in time, believe it or not). However, the fact that anyone could have signed the form just shows that 99% of paperwork is useless and a waste of time, not that fax machines are somehow "evil".
You know, for someone who thinks he's plugged in (Score:4, Insightful)
They're accepted because they're good enough.
What does that mean? It means that if there is a problem later, the fax is sufficient evidence to resolve most problems, either by providing proof of a signature or proof of a forgery. As long as most businesses have some documentation to cover themselves that's generally good enough. Certainly some issues may not fall into this category, but enough do to make faxes acceptable.
Security, for many businesses, isn't about "making sure something bad doesn't ever happen" it's about having what you need to resolve a problem should it arise in the future.
Even real signatures are not safe (Score:3, Insightful)
What to do if someone asks you to fax a signature (Score:5, Funny)
Tape them together top to bottom, creating one long sheet. On the bottom, place a piece of tape half over the edge.
Insert the long sheet into the fax machine, and dial the number. As it begins to feed through, quickly affix the top to the bottom sheet, creating a long loop.
Go get a cup of coffee.
Courts (Score:4, Insightful)
Hence on a contract, fax is accepted.
-M
Same as credit card numbers over the phone... (Score:3, Insightful)
In general, people's risk assessments are completely out to lunch. Back in 2001, my school had its student trip to Greece canceled by parental concern. Apparently, the parents wanted their kids "safe at home"(never mind that we all lived in a certain large city on the American east coast), rather than facing the foreign dangers of a fairly quiet and moderately obscure neutral country.
I think that there has been some work done on formalizing our understanding of what distorts risk perception; but it makes for depressing reading.
Lame (Score:3, Interesting)
Was just kidding (Score:5, Funny)
Here's my OCR-ed signature: Bruce Schneier
Not that big of a security risk at all. (Score:4, Informative)
Schneier's thinking is backwards (Score:5, Informative)
So, why do companies accept easily faked signatures by fax? They have a signature, so you're bound to the agreement. The burden of proof is on you if you want to prove the signature was faked, not them, so they're protected. They'll either get paid by you, or you'll find the identity thief and they'll get paid by him or her.
The bigger question would be why do we agree to being bound to our faxed signatures? And the answer there is convenience. Sure, they can be faked, but it's a lot nicer than having to wait for the US Mail.
Schneier is too big to understand security (Score:3, Insightful)
Of course, now that the cat's out of the bad, they'll need to reevaluate.
We solved this in 1993 (Score:3, Interesting)
Not really confusing at all. (Score:3, Informative)
Some documents are so important that you must write the whole thing out by hand before signing. This is to make sure you've agree to terms with full knowledge of them. There will *not* be teams of handwriting analysts pouring over it and everything else you've written to make sure it's really you.
Presumably identification is done through more secure means. The signature is just a symbol of acquiescence.
Years ago in the Mortgage Industry... (Score:3, Interesting)
Years later, I worked as an Account Executive for a subprime lender, we accepted EVERYTHING by fax. They're out of business now and the industry on a whole is reeling from rampant fraud.
Another thing I don't get (Score:3, Insightful)
Yet both sides are convinced that this is somehow better than just scanning the document and emailing it normally. Truly bizarre, if you ask me.
All signatures are a joke (Score:3, Insightful)
Seriously how many people who work at a till or even a bank have had the nessary 10 plus years of training to be able to tell a real signature for a fake one? Even if they did would it be reasonable for them to look at all the signatures?
I know personaly of more then one occasion when a bank has cashed a check with th e signature Mickey Mouse on it ( the person who wrote the check was just seeing if it would work and the store still got the money.)
THAT is for a real signature from a real person standing in front of you, and a computer is supposed to do better?
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Joe Public can go buy a FAX machine with a decent multisheet feeder, plug it into a phone line, and quickly send out faxes. You do not have to wait for the scan, you don't even have to wait for it to dial, you can plop in 20 pages, dial a number, hit Start and off you go
Contrast this with a scanning on a PC. Even low-end FAX machine usually has a better multi-sheet feeder than most scanners. If you get a multi-function scanner/printer, the resolution isn't going to be much better than a dedicated FAX an
Re: (Score:3, Insightful)
She has a habitual way of doing business, one that is expected in her industry. The fact that she is technologically ignorant doesn't mean she is stupid.
BTW, the 'older people don't get technology' really only applies to 1 or two generations.
It's pretty much over. At 43 I can hold my own against any generation. This will come to an end with certain types of games do to event do to aging.