38

Many living politicians' signatures are found online or can handily be acquired (You can write them, and their letters will contain their signature). Thus do they use a different signature for personal private documents? If not, how can they guarantee that their signatures aren't replicated without their consent? I deliberately quote signatures of lesser-known politicians.

The Rt Hon. George Osborne MP

enter image description here

The Honourable Rona Ambrose PC

enter image description here

Some members of the Minnesota House & Senate

enter image description here

  • 8
    What harm do you believe could be done by replicating the signature of George Osborne, for instance? – Nate Eldredge Apr 18 '19 at 15:10
  • 42
    You seem to be missing the fact that signatures don't *actually* mean anything. – user91988 Apr 18 '19 at 15:49
  • 3
    @NateEldredge Someone can use his signature and commit fraud? –  Apr 19 '19 at 02:17
  • 6
    @PostmodernistAntinatalist: But what specific fraudulent acts would those be, and would they actually succeed? I think you'll find that, in this day and age, one cannot really achieve any significant evil ends just by copying a person's signature. – Nate Eldredge Apr 19 '19 at 02:30
  • 1
    OK, and if I write to you, your reply will also contain your signature... – David Richerby Apr 19 '19 at 23:09
  • 1
    Lawmakers and regulators mostly have a different opinion, and handwritten signatures are likely to be interpreted as a form of “biometric data” and thus to belong to the “special categories of personal data” that are worth special protection under the EU’s GDPR, for example. – caw Apr 20 '19 at 08:52
  • 2
    @caw I'm not sure where/for whom you see a GDPR issue here, but it's worth noting that biometric data is only in the "special categories of personal data" if it is processed "for the purpose of uniquely identifying a natural person" (https://gdpr-info.eu/art-9-gdpr/) – thebjorn Apr 20 '19 at 14:20
  • 1
    @NateEldredge I can reckon that a prankster may fill out an order form that requires payment only upon delivery and requires only a name, address, signature. Then the unwanted order would arrive at the politician's home? Ofc, I'm not a criminal and can't conceive other crimes. –  Apr 20 '19 at 22:57
  • 1
    @DavidRicherby I don't have to sign my letter? –  Apr 20 '19 at 22:58
  • 4
    @PostmodernistAntinatalist: But what companies actually offer such an order form, and depend only on signature matching to authenticate? The point I'm trying to make is that you are not the first to realize that it is very common for unauthorized people to have access to a person's signature, and therefore in real life, people do not design systems that rely solely on signatures as an authentication mechanism. Any such systems would have collapsed under rampant fraud long ago. – Nate Eldredge Apr 20 '19 at 23:01
  • @NateEldredge See https://redd.it/bk6fgt, https://redd.it/bk6am4. –  May 04 '19 at 03:06
  • @PostmodernistAntinatalist: But none of those hinge on the *signature*. They would all work (or not work) equally well if you had never seen the person's signature, and just scrawled their name any old way. – Nate Eldredge May 04 '19 at 03:13

5 Answers5

77

They don't. Outside the lowest security scenarios, signatures aren't intended to be security feature to prevent forgery.

In most cases, putting a signature on paper is just ceremonial. The actual details/decision may have been recorded through other means. For example, depending on what exactly is being signed and how sensitive the matters is, by witnesses (whether by sworn individuals or even just casually), through publications in mass media, or filed into a register on a trusted computer system/filing cabinet.

In the latter case, the paper you receive, even when physically signed with ink and even if it's the paper signed when you shake hands in agreement, might just be considered a copy of the true records in the registry you don't really see. This is similar to how a birth/death/university degree certificate is really just a copy of the registration detail in your civil/university records, the only really important detail in that piece of paper is the record number rather than the signature. A person who has reasonable suspicion that the letters might be a forgery should confirm with the office of the relevant signer to check for its authenticity. For important, formal letters, there may be a filing number for the file that you can cite to confirm the content of the letter.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93
  • 2
    Even if there's no filing number, even the most mundane document is likely to be dated and contain *some* kind of reference; for example, both documents shown by OP contain a recipient name and address, and one contains what is presumably a document date (the other contains an effective date). Assuming a half-way decent filing system, that should be sufficient to locate the "true" record. – user Apr 20 '19 at 13:05
24

If not, how can they guarantee that their signatures aren't replicated without their consent?

They can't - but this problem is not restricted to politicians. Many of us leave signatures in various places (bank, rental agreements ...) and we have no control of who has access to these signatures, might scan these and reuse these somewhere else.

In other words: the trust which can be placed in a document just because it seems to be signed is very limited, especially if this is not the original document but just a copy or electronic representation. Everybody who has to rely on such documents need to be aware of this and needs to have additional verification depending on the kind of trust actually needed.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • 11
    In fact, the first letter even states that it wasn't signed by George Osbourne personally - it's just a scan of his signature printed onto the letter... – Matthew Apr 18 '19 at 08:37
  • 2
    Before PayPal, peoplr on eBay mailed paper checks. Hundreds of people got my sig and bank account numbers (on the bottom of every check). Never had a problem with my sig, but someone used my bank account numbers to charge their auto insurance once. I reversed, but by that time they had gotten their proof of insuranve for the DMV ... – Harper - Reinstate Monica Apr 18 '19 at 21:39
9

Signatures have started out as an honor system: before widespread literacy, there was no realistic means of telling one X from another. They haven't come far since.

Currently, the only security measure is that ink signatures on paper can be analyzed by forensic document examiners to determine if a signature matches others produced by the person it's meant to identify. This requires physical access to the paper to examine the ink very closely.

Translating this to modern security concepts, there is no secret in the image of the signature. Rather, the image is public and simultaneously serves as a signature and a sample (certificate) for verifying other signatures by the same person. The secret or the private key is the exact sequence of strokes with the angle, velocity and pressure for each, required to produce the same imprint on paper.

These parameters and their distribution over each stroke are difficult to match manually and will usually differ enough for an expert to distinguish. Non-manual reproduction, be it by photocopy or facsimile, is much easier to detect.

Electronic tablets meant to capture handwritten signatures digitally also record and store these parameters, not just the image, in an attempt to provide similar protection. However, the current industry practice for this, at least in the largest vendor's implementation, relies on steganography rather than cryptography, rendering it insecure.

ZOMVID-21
  • 2,450
  • 11
  • 17
  • *nod*. One *can* get inks with deliberately unusual chemical characteristics -- the Warden's series from Noodler's is onesuch; as I understand it, they send a sample from each batch to the FBI lab that does forgery investigations... but honestly, almost anyone buying that ink is doing so knowing that it's more for their own personal satisfaction rather than as a safety feature that's likely to be of any practical use (except against the most old-school of cheque washers, with regard to whom the deliberate indifference to common solvents may be useful!) – Charles Duffy Apr 18 '19 at 14:59
9

Hand written signature is a very old concept. It is just based on few assumptions:

  • putting one's own signature on a original document is an explicit consent on what is written on the document
  • a copy of the original just have no value at all, unless it is in turned manually signed by an authority that confirms that it is correct
  • forging a handwritten signature is forbidden by law and will lead to legal actions.

That is a totally different concept from digital signature. Once a digital document is signed, it is admitted that it can be copied at will and any copy will have the same value. And the protection is technical while the protection of a handwritten signature is mainly legal.

Once I have said that, there are some caveats:

  • a manually signed telecopy have just no legal value, until you can find the original document - it is just a hint that the original might exists
  • digital archives of manually signed documents have no legal value, unless special procedures are used to have an authority to confirm that they were correct by digitally signing the digital archive. And the force of that archives cannot be greater than the faith on the authority that signed them

Because of that, images of handwritten signatures do not need special protection.

user
  • 7,670
  • 2
  • 30
  • 54
Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
  • 1
    "identity theft, a type of forgery wherein a person forges a writing in order to assume the identity of another, is **a felony under *federal* law**, punishable by a fine and many years' imprisonment." – [criminaldefenselawyer.com](https://www.criminaldefenselawyer.com/penalty-for-forgery.cfm). If you want to tangle with the FBI, go commit fraud somewhere. Bonus points if you mail it (a second federal offense) all but guaranteeing it will then be heard in a Federal court. – Mazura Apr 19 '19 at 00:35
  • There are digital signatures that involve some form of digitally signing a *file*, so they're not images but rather cryptographic digital signatures. These do seem to have legal standing. – bob Apr 19 '19 at 18:15
7

Anyone's signature on anything is subject to verification if challenged in court. Celebrities sometimes have assistants (or machines) sign photos for them. If someone presents them with a check or contract that they apparently signed, they can argue that their signature was duplicated without authorization and the other party has to prove otherwise.

There's even a system in place to avoid this entire problem. A notary public offers a service where they serve as an official, impartial witness for your signing of a document after verifying your identity. They keep a legal record of the event that can be used in court to confirm that a signature was genuine and proper. If a document is important enough that a forged signature is a real problem, then there will almost certainly be a requirement to have that signature notarized.

bta
  • 1,111
  • 5
  • 10
  • 1
    Even notarized documents are to a large extent on the honor system since there is nothing to ensure that all of the pages that are present in the document at any particular point in time are the ones that were there when the document was notarized. – supercat Apr 19 '19 at 22:41
  • 1
    @supercat They don't mark each page? – David Richerby Apr 19 '19 at 23:12
  • 1
    Also what about evil notaries? – beppe9000 Apr 20 '19 at 15:32
  • @DavidRicherby: I don't think I've ever seen a notary do anything with individual pages. I've sometimes been required to initial every page, but if initials were unforgeable there'd be no need for notaries. – supercat Apr 20 '19 at 16:35
  • 1
    @beppe9000 Is that where the word "notorious" comes from? \*baddum-tsh\* – David Richerby Apr 20 '19 at 17:00