You are viewing bramcohen

Tue, Sep. 29th, 2009, 12:19 pm
Signatures don't do what you think they do

Security people tend to think that we live in a secure world, one in which everyone is constantly auditing the behavior of everyone else, and the end result is widespread mutually ensured honesty. We don't even vaguely live in that world. We live in a trusting world, where most people are mostly good, and the need for auditing is much lower than it would be if everyone were greedy sociopathic automatons. I would not want to live in a world which worked that way, and it would probably not only be an unpleasant place to live, but an extremely unproductive one as well, as every attempt by anyone to get anything done would be destroyed by theft and corruption.

I say this not to engage in broad philosophizing but because I have a very concrete point to make about a very specific thing: signatures. People  think of signatures as being a strong form of physical evidence, useful in court proceeding for proving that a particular person really did sign a particular thing. While this belief being widespread does a good job of denying that things they signed are actually their signature, which is a good thing, the claimed difficulty of forging signatures is simply not true. Anyone can practice forging a signature from a few samples for a few hours and be able to do a passable replica. Anyone with decent skill who practices a bit can get quite skilled. And people aren't very consistent about how they sign their own signatures, making even legitimate matches sometimes look fake. Thumbprints would be far better as a piece of evidence.

Despite that, signatures are still very important and good at what they're used for. What is that? It's to make it clear that someone knows when they're entering into a binding agreement. You can't be forced into an effective contract just because you said 'yeah, whatever' when asked if you want to participate, and you can't be forced into a contract by being tricked into signing a document which says something different than what you think it says. The theory of contracts is based on parties mutually agreeing to be contractually bound, and requires they all go through sufficient ceremony that it's clear when a contract has been entered into (sometimes merchants can get into binding contracts much more easily, but that's because they're expected to be more savvy, the law is big on protecting little old ladies from being suckered).

For example, take the use of signatures for receiving packages. There isn't even a contract entered into when a package is signed for, but the reasoning behind it is the same - it's to make clear that the person receiving the package knew they were receiving a package, and not claim later that there was a misunderstanding. To the extent that the signature has any evidenciary power in this case, it's mostly in that people generally by default put down their real name, and since the delivery person generally doesn't even know what the potential name of a recipient might be, it's hard for someone to lie later and claim that no package was delivered at all.

The hoopla around cryptographic signatures is largely misplaced. Having signatures which were on a web page which clearly stated what was being indicated and the signature was done by moving the mouse like a pen in a drawing area would do a much better job of indicating what signatures are supposed to indicate, and probably be much easier to back up in court later.

Now somebody please explain this to Bruce Schneier, because he doesn't get it.

Tue, Sep. 29th, 2009 08:32 pm (UTC)
jered

What you say about written signatures above is entirely correct. However, I don't know a single security professional who "[...] think[s] that we live in a secure world, one in which everyone is constantly auditing the behavior of everyone else[...]". Security professionals tend to be the most paranoid people around, and are critically aware of the flaws in most of the systems we depend upon.

I guess the big problem is one of naming. Cryptographic "signatures" do something far stronger than what signatures can do, hence the confusion a few years ago when Congress passed a bill to allow "electronic signatures" -- electronic representations of your John Hancock, and nothing more. It's too late to change the name, but really what we talk about in crypto are "authenticators" or "verifiers".

The interesting thing with the world today is that we now have to tools to inexpensively improve security, and yet there is no interest in doing so. For example, modern cryptography could easily make credit card number theft a thing of the past... and yet, when the credit card companies adopted a contactless smartcard standard they designed one where the secret number is still passed off the device where it can be intercepted. Mechanical keys are woefully insecure, yet there is widespread denial that this problem exists. Electronic voting systems could be designed to protect against tampering, and yet the common ones today are more easily tampered with than anything ever seen in the past.

In security, the standard to which new technology is held is entirely based on what the previous generation technology could do. This is in conflict with nearly every other area of technology, where constant improvement (in speed, accuracy, or cost) is demanded. Perhaps this is because near-perfect security has been so rare in the past, or perhaps it is because humans are absolutely terrible at assessing risk. Far more valued than security is accountability -- we don't care if someone can steal our identity information as long as we can track them down and hold them accountable later.

I wonder if this ongoing lack of mathematically enforced security helps prevent us from becoming a society of "greedy sociopathic automatons"? That a lack of rigor in enforcing the social contract allows us to weed out the bad eggs that might be lurking among us? Probably not, I imagine social reciprocity runs much deeper than that, but it's an interesting thought.

Wed, Sep. 30th, 2009 12:38 am (UTC)
bramcohen

Digital signatures do a great job of producing evidence, but a relatively lousy one of making clear that the person knew what they were doing when they did the signature.

The credit card companies have an entrenched interest in keeping things the way they are. They expressly don't want later systems to be more secure, because that would directly cut into the need for the service they provide, and hence their profits.

Wed, Sep. 29th, 2010 09:43 pm (UTC)
jered

Wow, what an elaborate spam response to this post. Surely not an AI? Gold farmer?

Tue, Sep. 29th, 2009 09:05 pm (UTC)
letoams

Re: "It's to make it clear that someone knows when they're entering into a binding agreement."

that's wrong. What it really means is

"It's to make it clear that someone knows they are entering into a binding agreement for which they might or might not have any choice in accepting the sane or insane stipulations, legally enforcable or not, of said contract".

Around 2001, I gave up reading fine print. If I declined based on that, I could have no house, no car, no job, no ISP, no nothing.

Signatures under contracts for consumers are a big fat lie

Wed, Sep. 30th, 2009 12:40 am (UTC)
bramcohen

Yeah, it's weird how many contracts people sign which it would clearly be completely impractical for them to actually read and understand. Their are implied contracts for standard purchases which are well thought out and do what you'd expect, but the state of house, car, employment, and internet service contracts lags far behind. Particularly internet service, which there isn't even much legal and regulatory history of. Those other ones if there's something really egregious it's just plain not enforceable.

Wed, Sep. 30th, 2009 08:01 pm (UTC)
peter_geoghegan

I've often thought that the way in which I'm regularly asked by delivery men to sign a touch screen PDT while vouching for goods somewhat trivialises the whole notion of a signature. Firstly, my "signature" invariably ends up being an illegible, pixelated scrawl packed into an area the size of a business card. Secondly, it's a 1-bit per pixel image that can easily be copied digitally. The use of PDTs in this way is widespread practice here in Ireland, and probably is in most other western countries too.

There has been a big push towards "chip and PIN" (an EMV implementation that requires the customer to enter a 4 digit PIN rather than sign a voucher) verification for point of sale credit and debit card transactions here and in the UK in the last 3 years.

It was argued on http://www.chipandspin.co.uk that the reason the banks made this push was to put the onus of paying for fraudulent transactions on merchants and customers:

"Sales vouchers [for credit cards] were governed by laws that evolved for cheques [that's "checks" in American], of which the most important is that a forged signature is completely null and void. This gives the customer strong protection against abuse of a stolen card. Although some argument can be made about card terms and conditions, and about possible negligence by a customer, in practice the banking industry paid the costs of fraud."

Incidentally, it was also argued that chip and pin amounted to little more than what Schneier would call "security theatre".

You say "To the extent that the signature has any evidenciary power in this case, it's mostly in that people generally by default put down their real name, and since the delivery person generally doesn't even know what the potential name of a recipient might be, it's hard for someone to lie later and claim that no package was delivered at all."

I'd suggest that a bigger problem in practice is people having no record or recollection of having received goods, and claim falsely, perhaps in good faith or perhaps in wilful ignorance, that they never received anything. As you say, most people won't steal at the first opportunity, if only because their reputation is worth more to them than what can be immediately stolen. That's not to say that I believe that good will and morality don't play a large role, but having your reputation harmed in the event of being caught is an obvious deterrent that accounts for why many sociopaths aren't outwardly sociopathic. Prison is another one.