|
THE CYBERNOTARY:
PUBLIC KEY REGISTRATION
AND
CERTIFICATION AND AUTHENTICATION
OF INTERNATIONAL LEGAL TRANSACTIONS
BY THEODORE SEDGWICK BARASSI, ESQ.
MANAGER, CYBERNOTARY PROJECT
UNITED STATES COUNCIL FOR INTERNATIONAL BUSINESS
INTRODUCTION.
The advent of electronic commerce in international trade has exacerbated a longstanding
impediment to the enforceability of legal acts executed in the United States for use in
non-U.S. jurisdictions. Fundamental differences between countries in the procedural and
content requirements for many types of international transactions, from powers of attorney
to transfers of corporate shares, have long resulted in numerous U.S.- executed documents
being rejected by legal and recording authorities overseas. This is particularly true in
countries whose legal systems derive from the Romano-Germanic civil law tradition, but
also remains a problem in much of the common law world, including the United Kingdom,
Ireland, and South Africa
This existing problem has resulted in a situation in which U.S. parties wishing to assure
the enforceability of their legal acts abroad, have been required to seek extensive legal
advice and intervention in these transactions, greatly, and in many cases, unnecessarily
increasing their business costs.
Heretofore this problem has been dealt with inadequately by U.S. lawyers who specialize in
international transactional law, through a lengthy and cumbersome process in which the
lawyer undertakes a review of the particulars of the transaction and pertinent foreign
legal formalities, and writes an opinion letter affirming that the transaction complies
with both U.S. and foreign law. This process not only costs the client a great deal of
money, but it also exposes the lawyer to potential liability for which he may not be
adequately insured. Furthermore, because the lawyer will inevitably be perceived overseas
as an interested party (thus violating the fundamental civil law requirement for many
important legal transactions that they be undertaken by a non-interested third party), his
opinion letter will in many cases still fail to satisfy overseas authorities. This
situation, far from ideal under current commercial practice, promises with the advent of
electronic commerce, to become much worse.
It has become increasingly clear to both the legal and technical communities in the United
States that electronic commerce will require some sort of heightened authentication and
certification of electronic "documents" to assure the reliability and
enforceability of underlying acts. This is particularly true for commercial applications
in the international environment, where differences in law and practice, and difficulties
in establishing trust relationships between parties, increases the need for mechanisms
which lend security to transactions. The future of international electronic commerce
ultimately rests on the trust which transacting parties place in the security of the
transmission and content of their communications, and in their faith that these
communications will be granted adequate recognition to assure their enforceability in any
domestic or foreign jurisdiction. Presently, neither the technical infrastructure nor the
legal framework necessary to meet these basic criteria yet exists.
The CyberNotary Project proposes to rectify the current lack of security in international
legal transactions originating in the U.S., as well as those taking place electronically,
through the creation of a new quasi-public office, known as the CyberNotary, whose role
will be one in which a technical and legal expertise are combined in a single
specialization, and whose members of will serve two distinct but complementary functions.
INTERNATIONAL NOTARIAL PRACTICE
The first of these functions, which might be termed the CyberNotary's
"traditional" role, will be similar to that currently played by a notary. The
use of the term "notary," however, should not be taken to refer to a notary as
that public officer is generally known in the United States. Rather, this term should be
taken to refer to the notarial office as it is recognized in virtually every other country
in the world: i.e., as a lawyer who has been given a heightened level of trust and
responsibility in certain types of legal transactions. Because this notary is not familiar
to many in in the United States, a brief outline of the notarial profession in non-U.S.
jurisdictions might shed some light on the type of specialization envisioned by the
CyberNotary concept.
Notaries in most overseas jurisdictions are legal professionals whose practice derives
from the Romano-Germanic notarial tradition . They are duly appointed officers, who have
been granted a public office to draw up, attest to, or certify deeds and other documents,
including conveyances of real and personal property and powers of attorney relating to
real and personal property; to certify transactions relating to negotiable instruments; to
incorporate, modify and dissolve limited liability companies; to prepare wills or other
testamentary documents; and to draw up protests and other formal papers relating to
occurrences on voyages of ships and their navigation as well as the carriage of cargo.
For practical purposes, notarial practice can be divided into four primary functions --
administering oaths or declarations, attesting to or acknowledging acts, certifying facts,
and authenticating the legality of acts. These four functions, while distinct from one
another, are often confusingly lumped together under the rubric of
"notarization." Furthermore, a number of these functions, particularly those
relating to oaths and declarations, and attestations, are adequately served under current
U.S. notarial practice. Accordingly, it is necessary to deal with each function separately
in order to establish what the proposed international notarial practitioner will be adding
in terms of transactional security.
Oaths and Declarations
Traditionally, the notary has been given authority to take an oath or declaration
regarding the truth of material statements contained within documents that require such an
oath. This is largely a formal function, requiring the declaring party to take some
symbolic action such as placing his hand on the holy bible, which is designed to lend
solemnity and add weight to a declaring party's affirmation of a factual declaration made
before the notary. Under these circumstances the notary essentially takes on the role of
solemn witness to bolster the credibility of declaring party.
Attestation
Attestation is simply the act of witnessing the signing of a document before the notarial
practitioner. This is a common role of notaries both in the United States and abroad in
which the notary countersigns and seals the document with a statement attesting to the
fact of the signing by a party. In this instance the notary verifies the signer's identity
through some generally reliable means and checks the validity of the signature against an
existing one. This is the primary role of the notary under U.S. law.
Certification
Certification in notarial practice is the act of warranting the truth of a fact that has
been put before the notary, over and above the mere act of witnessing a signature. The
notary can certify the truthfulness of a copy of a document, for example, by comparing it
to an original, or certify a translation of a document which he knows to be accurate.
While many notaries in the United States undertake certification, particularly of copies
of documents, they may not be qualified to certify other facts particularly those
essential to a document's legal enforceability.
Authentication
Authentication, a much more extensive undertaking by an attorney-notary, is the area of
notarial practice that a United States notary is not competent to perform, and is
therefore where the fundamental value of the CyberNotary's "traditional"
practice will lie for documents originating in the U.S. Authentication is a verification
by the notary that the terms and execution of a document are in accordance with the law
under which they are executed, and are therefore given full legal effect. While
authentication does not play a major role in U.S. law outside of the courtroom, it is an
affirmative requirement for many transactions in foreign civil and common law
jurisdictions. The lack of properly authenticated documents coming from the U.S. can
result overseas in the requirement that a notary of that jurisdiction independently
authenticate the transaction. This raises serious problems when the facts and issues upon
which the overseas notary must rely have taken place outside of his knowledge and possibly
turn on issues which he can not possible verify. Alternatively, lack of proper
authentication may result in rejection of the document by public authorities in the
enforcing jurisdiction, requiring a re-execution of the transaction before a competent
(i.e. non-U.S.) notary, and/or attachment of a legal opinion by a U.S. lawyer outlining
how the transaction complies with the law governing the transaction. In both instances the
legal and administrative costs of effecting the transaction are raised significantly.
Authentication is an affirmative requirement in most overseas jurisdictions for many
transactions, including the following: powers of attorney, transfers of corporate shares,
transfers of real property, wills and trusts, maritime shipping contracts, and bills of
exchange. As this list demonstrates, the CyberNotary's role in authenticating
international transactions is potentially quite significant.
The "traditional" notarial function of the proposed specialization, standing
alone, is enormously important to the overall proposal. This function will enable the
CyberNotary to guarantee that his acts will be given full force and effect in foreign
jurisdictions which heretofore have viewed U.S. notarizations with considerable
skepticism, and which have refused on procedural grounds to enforce many documents bearing
a U.S. notarization. Because the specialist will be a common law lawyer whose function
would resemble that of a notary found in civil law jurisdictions, he will be a bridge
between the two legal traditions, assuring that transactions he processes meet the
requisite procedural and legal formalities under both civil and common law based
jurisdictions.
ELECTRONIC NOTARIAL PRACTICE
The second function of the proposed CyberNotary will derive from his electronic
certification and authentication capabilities. The proposed specialist will possess a high
level of qualification in information security technology, allowing him to electronically
certify and authenticate all elements of an electronic commercial transaction which are
crucial to its enforceability under U.S. and foreign law. Using digital signatures, the
CyberNotary will be able to certify the identity of an originator of a commercial message
(thus establishing non-repudiation of the message by the originator), while also providing
a very high level of assurance regarding the content terms of that message, along with the
time and date of "notarization," and protocolization for archival purposes.
These functions are crucial to the success of electronic commerce in open networks, where
identity, capacity, and authority to act cannot be established by traditional means. As a
security officer in electronic commerce who combines a technical and legal expertise, the
CyberNotary will be competent to engage in transactional interventions on a fairly broad
scale. The basic certification and authentication functions of the CyberNotary can be
applied to virtually any transaction that requires the intervention of a trusted third
party. Thus, CyberNotarial practice in a public key infrastructure will encompass
activities ranging from user credentialing for registration of public keys upon which
certificates can be issued, to certification of identity, capacity, and authority of users
for individual transactional purposes, and authentication of the legality and form
requirements of these transactions.
Because the CyberNotary will be engaged in a broad range of activities, it might be useful
to visualize the scope of his practice as one in which he provides various levels of
transactional security, ranging from mere attestations of acts executed before him, to
authentication of all of the legal elements of those acts. Given his high level of
qualification, coupled with bonding and malpractice insurance, the CyberNotary can add not
insignificant value to many of the transactions in which he intervenes. This added value
will be most useful for transactions which require an ironclad assurance as to their
enforceability both domestically and abroad.
The CyberNotary will serve a dual function in an electronic environment based on the use
of public keys. The most basic of these will be in his capacity to undertake a security
investigation into users who wish to register their public keys for use in electronic
commerce. Since the policy guidelines for registration procedures will be largely dictated
by the certification authorities who rely on the CyberNotary's undertaking, the steps
taken by the practitioner to register the user will vary according to the level of
certification which the certifying authority wishes to provide. For low value
certification, the CyberNotary may only be required to establish the identity of the user
and bind that identity to the public key. For extremely high value certification, the
practitioner may undertake an extensive investigation into the user, including credit
history, asset value, criminal history, etc. . ., before the public key is issued and
certified. In this capacity, the CyberNotary functions as a security gateway for users of
the electronic commercial superhighway.
The second electronic function of the CyberNotary will be in the realm of private
international commercial law transactions. In this capacity, the practitioner will provide
transactional certification and authentication independent of any credentialing process
which transacting parties may have already undergone in the acquisition of their public
keys. The CyberNotary's role in transactional certification and authentication will be to
establish the basic elements of the user's ability to undertake a legal transaction,
including legal identity, capacity, and authority, as well as a due diligence inquiry into
the transaction itself. This inquiry will establish that the transaction is legally
enforceable, including conformity to the procedural and content requirements of the
enforcing jurisdiction. As a practical consideration, it may be useful to outline the
various transactions in which a CyberNotary will intervene, and define what level of
security those interventions will provide to electronic commerce generally.
PUBLIC KEY REGISTRATION
The CyberNotary's role as a registration authority upon whose undertaking a certification
authority will issue certificates, may not fall within the scope of his legal practice.
However, because of the he will possess high level of expertise both in law and
information security, he will be an appropriate professional to undertake this function.
Although the registration procedure will vary according to the policy dictates of the
certification authority, there is a basic registration model which can be illustrated to
give a flavor of the practitioner's role in the public key registration and certification
process.
In this basic registration model a user desiring to possess a certified public key
physically appears before the CyberNotary and applies for registration of the public key
so that a certificate binding his identity to the public key can be issued (actually, the
application may not require physical appearance, but its ratification by the applicant
will). This application can be made either in paper form or electronically. Depending on
the type of certificate desired for the public key, the applicant will have to provide
personal information about his identity, including legal name and address, and possibly
other particulars which would tend to establish not only identity, but authority,
financial wherewithal, etc. Upon a showing in conformity with the policy guidelines of the
certifying authority, the CyberNotary will duly register the user, issue (or more likely
ratify) a public key, and send the public key, signed by the CyberNotary's digital
signature, to the certifying authority. The certifying authority will issue a certificate
affirming the CyberNotary's undertaking, thus providing the user with a registered and
certified public key to bind him to any transaction in which the key pair is used to sign.
The CyberNotary will store all user information used to register the user in a
confidential archive for a period of years. If this process is deemed to have created a
client-attorney relationship with the user, the CyberNotary may be bound by
confidentiality to the user not to divulge to third parties any of the information used to
establish the user's bona fides for issuance of the certificate. Similarly, if the
certifying authority relies on the practitioner's undertaking to issue a high value
certificate, the CyberNotary may be in an attorney-client position vis á vis the
certifying authority. The practitioner will need to be bonded, and insured against
malpractice in this process.
The manner in which a CyberNotary, or any other registering entity, may register users of
public keys for use in electronic commerce may vary from that described above. Indeed, the
process described above represents one in which the notarial role is heightened beyond
what may be necessary for many transactions. Accordingly, the CyberNotary may only be
involved in the initialization process of the registration, where he establishes that the
applicant is who he says he is and in fact possesses the public key that he purports to
possess. The rest of the transaction would be essentially an undertaking by the certifying
authority in communication directly with the user. Alternatively, the certification
authority may not require the intervention of a trusted third party such as a CyberNotary
at all, and instead rely on a non-independent registration agent.
Regardless of the certification level desired by the user, the CyberNotary is a useful
registration officer for a number of reasons. For users who wish to have their credentials
established without having to divulge extensive personal and financial information to a
certifying entity, the CyberNotary can provide a means to confidentiality while
maintaining a rigorous registration procedure and guarantee that the certification
authority can rely upon. This is useful, for example, where the certifying entity is
essentially interested only in the fact that the CyberNotary has done a due diligence
inquiry into the user's credentials, and has no claim to or interest in the underlying
user information (i.e. if the certifying authority is a notarial association interested in
facilitating international legal transactions where cross certification by an overseas
association is necessary, or a government agency is interested in establishing the basic
credentials of the user for state or federal law purposes without having to know extensive
personal information). Furthermore, in instances where the certifying authority will be
issuing a certificate for a public key that the user will employ for high value
transactions (possibly exposing the certifying authority to potentially enormous
liability), the certifying authority may demand a rigorous legal and financial review to
establish the user's bona fides. This legal undertaking will demand the expertise of a
highly trained lawyer -- for which the CyberNotary will be uniquely qualified.
ELECTRONIC TRANSACTIONAL CERTIFICATION AND AUTHENTICATION
The second function of the CyberNotary derives directly from his qualification to practice
law. In this capacity, his role in the electronic milieu will mirror that in the
paper-based environment. Accordingly, defining the scope of traditional notarial practice,
and the role of the CyberNotary in certifying and authenticating legal transactions, also
defines what the practitioner's role in electronic transactional certification will be. As
mentioned at page 2, supra, the notary as defined outside of the United States is a lawyer
with a specialized knowledge of the procedural and substantive legal formalities for
transactions in which there is an affirmative statutory requirement of notarial
intervention. The scope of this practice varies somewhat from country to country,
according to the statutory dictates peculiar to each jurisdiction, but as a practical
matter includes the following: drafting, attestation to, certification and authentication
of deeds and other documents, including real property transfers, and powers of attorney
relating to the transfer of real and personal property; certification of transactions
relating to negotiable instruments and bills of exchange; incorporation, modification and
dissolution of corporate entities; the drafting of wills or other testamentary documents;
and the drafting of protests and other formal papers relating to the navigation of and
carriage of cargo by ships.
Attestations, Oaths and Declarations
As in the case of paper based practice, the CyberNotary proposed in this document will be
qualified to digitally attest to the digital signature of a party signing, as well as
making declarations memorialized in, an electronic message. This attestation will take the
form of appending the CyberNotary's digital signature to the message which has been
digitally signed by the party. As with paper-based attestations mentioned at page 3,
supra, the digital attestation requires no extraordinary level of legal skill or expertise
(just a certified public/private key pair) and therefore should not be considered as
falling outside the scope of what a current U.S. notary could perform
Certification
Electronic transactional certification will reflect paper based notarial certification in
number of particulars, but will be distinguished in others (note that transactional
certification is not the same thing as public key certification, the registration model
for which is outlined at page 5, supra). An electronic certification will be a separate
message attached to the message about which certain facts the CyberNotary is certifying,
which is digitally signed by him. The effect of this certification will be similar to that
in a paper-based environment for many purposes. For example, as with a certified copy of a
document, the CyberNotary may issue a certified electronic message, the particulars of
which exactly reflect an existing paper document signed in the practitioner's presence. On
the other hand, a transactional certification may certify particulars about a given
transaction which do not exist in a paper based environment, such as a certified
translation of an electronic message from one message protocol to another.
Authentication
As in the case of the "traditional" notarial function, authentication of legal
transactions will be the area in which the CyberNotary will add the most significant value
to the transactions in which he intervenes. A legal undertaking in the paper-based
environment, this will take on added significance in the use of electronic messages to
authenticate not only the legality of the message, but also its conformity to the norms of
electronic commercial practice. For instance, where an electronic power of attorney is
executed and digitally signed in front of the CyberNotary, the practitioner will issue a
message of authentication attached to the power of attorney which validates the legal
contents of the document, the digital signature used to sign it, the identity, capacity,
and authority of the signing party to execute the document, and the public certificate
used to certify the public key of the signer. In the case of a party whose public key has
been registered by another CyberNotary, or where the public key certificate has been
issued by a certification authority whose guidelines the CyberNotary knows include an
extensive inquiry into the user's identity and authority, this process may not require a
far reaching investigative undertaking by the practitioner. On the other hand, where the
party has a public key with a low level certification or has registered with a
non-CyberNotary, the practitioner may have to resort to re-registration of the user, or
require comprehensive proof of the user's identity and authority. This will be
particularly the case where the user is purporting to execute the transaction on behalf of
another party (i.e., corporate power of attorney) or wishes to have his transaction be
enforceable in a civil law jurisdiction, where there are rigorous authentication
requirements. In either instance, the intervention of an CyberNotary is irreplaceable.
Neither the mere application of a digital signature, nor a legal undertaking of a U.S.
lawyer or notary satisfies authentication requirements for these types of transactions.
The CyberNotary will combine the functions of digital signature verification, legal
practice, and notarial intervention to provide high level international authentication in
a measure far exceeding current practice.
Return to the
CyberNotary Committee Home Page |
