e-conveyancing

Nicholas Bohm nbohm at ernest.net
Fri, 30 Mar 2001 10:35:15 +0100 

At 06:42 30/03/2001 +0100, David Swarbrick wrote:
>
>It is quite unmeasurable, but I have little trust in those who say they can
>tell when signatures are forgeries. As an area of expertise there is no
>proper profesional standard that I would pat any great credit to.

Finding good document examiners may be difficult, I accept.  But it isn't
difficult to carry out blind testing of document examiners, and the
academic literature has a good deal of material (briefly summarised in the
paper I cited).  The main flaw is that there is no way of knowing how good
the forgers were as compared with those operating "professionally".  

Have you come across cases where purported signatories convincingly
repudiated documents which examiners said were genuine?  Such forgeries as
I have come across have been obvious at first sight, let alone under a
microscope.

Regards

Nicholas

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone	01279 871272	(+44 1279 871272)
Fax	01279 870215	(+44 1279 870215)
Mobile	07715 419728 (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

>> -----Original Message-----
>> From: ukcrypto-admin@chiark.greenend.org.uk
>> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Nicholas Bohm
>> Sent: 29 March 2001 14:02
>> To: ukcrypto@chiark.greenend.org.uk
>> Cc: ukcrypto@chiark.greenend.org.uk
>> Subject: Re: e-conveyancing
>>
>>
>> At 12:33 29/03/2001 +0100, Ben Laurie wrote:
>> >Nicholas Bohm wrote:
>> >> The underlying problem is precisely the limited security of
>> private keys
>> >> once in widespread use for valuable purposes.
>> >
>> >Is it? How secure is my signature? I would contend that is substantially
>> >less secure than even the most crappily protected private key (and,
>> >indeed, 6k stolen from my bank account shows it is often not even
>> >checked). So how come it works?
>>
>> The issue is tackled at some length in
>>
>> http://elj.warwick.ac.uk/jilt/00-3/bohm.html
>>
>> which I immodestly commend.
>>
>> Pending developments in science unforeseen, you cannot give away, or have
>> stolen or copied from you, the ability to make a distinctive handwritten
>> signature.  Security at this point seems to be perfect.
>>
>> Banks and others who rely on signatures can expend whatever effort they
>> wish on verifying them.  Since they carry the risk of e.g. cheque forgery
>> and you as the customer do not, it is up to them to decide how much effort
>> to expend, depending on the size of the cheque.  This is just as
>> it should be.
>>
>> Good forgeries are hard to detect by casual inspection, but the detection
>> rate rises rapidly if document examination techniques are employed instead
>> of mere visual comparison.  The error rate is a matter of continuing
>> controversy in the academic field, one problem being that the best forgers
>> probably have better uses for their talents than submitting themselves to
>> expert testing.
>>
>> It does seem possible that a very good forgery might deceive experts into
>> the conviction that a forger's signature is yours, but forgery
>> that good is
>> likely to be reserved for high value targets on account of the effort
>> involved; and it is rarely necessary for the forger to achieve that
>> standard anyway, since all he needs to do is fool the bank at the point of
>> payment, and he has no reason to want to go further and fool the bank into
>> throwing the loss on to you.
>>
>> Private keys can be stolen in ways we all know about, quite possibly
>> without their owners' knowledge; and no amount of effort by the verifier
>> can detect this.  Only the owner can manage the risk, and very many owners
>> are likely to be unable to protect themselves adequately if private keys
>> are widely deployed.
>>
>> Regards
>>
>> Nicholas