Electronic Seals: The Public Sector

In my last column, I reviewed the uses of seals in transactional documents and the means by which seals could be created in electronic communications. Here I will deal with seals on public or official documents, when they are issued in or converted to electronic form. Contracts to which the Crown happens to be a party are of course transactional documents so fall within the previous topic.

Functional analysis

Public sector seals are placed on documents for a different purpose than the seals on transactional documents. They are not used to show that the state takes the subject matter of the document seriously, nor to invoke common law rules about sealed contracts. They are there for authentication: to show that the document does come from the government and deals with official business or shows information in a public register. On paper, that seal may be examined physically and presumably is unique, not available from other sources than the state.

Many official seals are on certificates of fact: that a judgment has been given, that certain information is known to the government, and so on. Sometimes the state insures the accuracy of the information in the sealed record – but only if the record is genuine. Generally speaking, no law requires a certificate to bear a seal, but seals are common in any event because they add to the authenticity of the document. How does one create a functional equivalent of that seal?

In the electronic world one may replace the physical object with a secure electronic object or with a reference to an official verifiable source. (In this the process resembles in some ways the methods use to create electronic transferable records, except that we are less concerned with transfer than just communication.)

Secure object or process

The secure process involves a method that shows that the appropriate official issued the document and that its content has not changed. One uses secure tamper-proof technology (or at least what is called ‘tamper-evident’ technology: if the content has been altered, the document shows it in some way, usually by being rendered unintelligible.) This is the effect of s. 39 of the Personal Information Protection and Electronic Documents Act S.C. 2000 c. 5. (PIPEDA), quoted and explained in the last column. Not only must a ‘secure electronic signature’ be used, but the intention must appear that it is used as a seal and not just as a signature.

Verifiable reference

However, because it is difficult to establish and maintain a public key infrastructure, most official equivalents of a seal do not proceed in this way. The other way to create the functional equivalent of a sealed certificate is to refer to an official and secure source of the information that would appear in the sealed document.

Ontario’s Corporations Information Act R.S.O. 1990 c. C.39, says this about certificates:

20.(1) Where this Act requires or authorizes the Minister to issue a certificate or certify any fact, the certificate shall be issued under the seal of the Minister and shall be signed by him or her or by such officer of the Ministry as is designated by the regulations.

 The regulations allow the certificate to be signed by the director, deputy director or manager responsible for the information. R.R.O. 1990 Reg. 182 s. 7.

When the certificate is issued in electronic form, the function of the seal is in effect performed by a reference to the permanent records of the responsible Ministry. This unique identifier, different for each certificate even when it refers to the same record, helps ensure that the certificate came from the Ministry. The recipient may use the number to check, though the Ministry still wants to verify the paper if there are allegations of tampering. All things considered, there is little incentive for the person providing the certificate to try to modify it. The chances of detection are high.

Note in any event subsection 20(2):

(2) Any certificate purporting to be under the seal of the Minister and signed by a person authorized by or under subsection (1), or any certified copy, shall be received in evidence in any prosecution or other proceeding as proof, in the absence of evidence to the contrary, of the facts so certified without personal appearance to prove the seal, the signature or the official position of the person appearing to have signed the certificate.

This provision does not appear to have been conceived to operate with electronic documents and electronic seals. It contemplates a document on paper with an impressed seal and an ink signature – all of which are then self-authenticating (in the absence of evidence to the contrary). It would be so easy to falsify an electronic certificate that self-authentication seems unduly risky.

One of the risks of this process is that the electronic document may be printed for use as a paper document. The electronic security features may disappear in printing, but the printed version will not have the security features traditionally used for paper documents, such as … the impression of an official seal (or watermarks, ‘official’ paper, and so on). A unique identifier may help, but unsecured paper records may be altered to insert a number, even a correct number. It will still be safer for the recipient in cases of doubt to replicate the search to verify the results from the public record.

Certificates of status under the Business Corporations Act , R.S.O. 1990 c.B.16, on the other hand, are issued over the signature of the Director, with no mention of a seal. These certificates too are admissible in evidence without proof of the signature (s. 276(2)(b)). The Corporations Information Act has a similar provision for minister’s certificates of records stored electronically (though the certificates are not electronic)(s. 9(3)).

A similar process of inserting a unique identifier is used for electronic writs of seizure and sale under the Courts of Justice Act R.S.O. 1990 c.C.43. It is important that the details of a writ permitting the seizure and sale of property be accurate, as to the property and as to the amount to be recovered for the judgment creditor. Electronic writs contain a unique identifier that allows reference to the official court judgment establishing the creditor’s rights. The Act requires that “(e)very document issued out of a court in a civil proceeding shall bear the seal of the court.”(s. 147(2). The Act also provides that “(t)he courts shall have such seals as are approved by the Attorney General.”(s. 147(1)). The Attorney General at the time this system was set up formally approved the unique identifiers in the writs as the seal of the Court for the purposes of s. 147.

Unique identifiers arguably produce authentication superior to the impression of a metal seal on the paper version of the equivalent document. Ideally they can authenticate the data as well as the source of the data. A seal does that only to the extent that it impresses all the pages of the document to which it relates.

Another approach was taken under Ontario’s late lamented photoradar system in the 1990s. Photographs of the speeding vehicles and supporting evidence were transmitted electronically to the court offices to create the tickets. Information on who owned the car came from the Ministry of Transportation. Typically these had been certificates on paper with a seal. The regulation about electronic documents (O.Reg. 499/94, revoked by O.Reg. 77/11) said this:

6(2) In an electronic document or a printed copy of an electronic document, the seal of the Ministry may be represented by an asterisk.

While the presence of an asterisk may show the intention to seal the document – since there is no other reason for it to be there, and the regulation supports the function – one wonders whether it would be effective at all in authenticating the source or the content of the document. Recipients of the document might have other reasons to be confident of the source, but the asterisk/seal would not be among them. This is true especially if the electronic document were printed; inserting an asterisk would not be a problem for a fraudster.

Quebec methods

As noted in October’s column, Quebec’s Act to provide a legal framework for information technologies, R.S.Q. c. C-C.1, proceeds here as elsewhere by looking at the policy functions of the seal rule and saying how the functions are to be satisfied electronically (by a ‘technological document’, in the terms of the statute). For public sector seals, the relevant parts are these:

13. Where the function of affixing a seal, signet, press, stamp or other instrument is

 (1) to preserve the integrity of a document or authenticate the document as an original, the purpose may be achieved, in the case of a technology-based document, by means of any process appropriate to the medium used ;

 (2) to identify a person, an association, a partnership or the State, the purpose may be achieved, in the case of a technology-based document, according to the rules provided in subdivision 1 of Division II of Chapter III ;

Part of the purpose of a public sector seal is showing the integrity of the document, though its originality is not an issue so long as it is accurate. The Quebec Act is permissive but not directory, or particularly helpful, on this point.

The rules in the subdivision mentioned in subsection 13 (2) are found in sections 40 through 45 of the Act. The concern of these later sections is entirely identification of the persons making the seal, and not authentication of the contents of the sealed document. Even for the people identified, the rules aim primarily to protect the privacy of the person being identified, by limiting the methods of identification and the information that can be used or disclosed, and not to making the identification itself more certain.

Apostille Convention

A kind of case study of the development of public sector electronic seals is provided by the work of The Hague Conference on Private International Law.

The Hague Conference’s Apostille Convention provides a method of authenticating seals (and signatures) on public documents to facilitate use of those documents internationally. A ‘competent authority’ in one member state reviews the seal and signature against its records and certifies that they are genuine. Other member states of the Convention (there are over 100 of them) accept the apostille as proof of the signature and seal. (The legal effect given to the underlying document may vary if there are other reasons to doubt it.) The Convention does not distinguish between seals on paper and electronic equivalents, whatever they are. The seals, like the signatures of on the documents, have to be capable of being recorded in the files of the competent authority, in order that the competent authority can check them when they appear on documents that are presented for verification and ‘apostillizing’.

The Convention provides that the apostille itself be signed and also show a ‘seal or stamp’. (The form of the apostille is annexed to the Convention.) In recent years the Hague Conference has been advocating the use of electronic apostilles. Judging from the instructions for creating an e-apostille, the digital signature of the competent authority is intended to replace both the signature and the seal of the paper version. In other words, the Hague Conference (allied with the National Notary Association in the US) is using what was described earlier as a ‘secure electronic object’ to be the seal. Different techniques for the e-apostille are being used or developed in different member states of the Convention, and they may use different approaches to creating the seal on the apostille.

Depending on the method used to generate the digital signature, it could be said that the competent authority is self-authenticating, that is, the competent authority creates the signature on his or her own assertion of identity. The Hague Conference has recommended a more secure issuance of digital certificates. Nonetheless, the result is arguably not less secure than the current ink-on-paper signatures and seals on printed apostilles. (A list of the names of the competent authorities for any country can be obtained from the Hague Conference web site, so that much checking is possible too.)

The e-apostille program also includes an electronic register in which competent authorities record all apostilles they issue. The Convention has always required a register that could in principle be checked to verify that any particular apostille was genuine. Once the register is electronic and online, it becomes easy to check. The number of the apostille is a kind of unique identifier, so both methods of e-sealing described above are in operation. That said, it is not clear on the face of the Convention or in the supporting documents whether a state that received an electronic apostille could refuse to give it legal effect because of concerns about the security of the method by which it was signed.

To deal with the risk of loss of security if the e-apostille is printed, the Hague Conference has recommended a couple of techniques. First, the date that the underlying document was signed can be mentioned in the apostille, so the apostille is not readily transferable to another document. Second, some programs for digitally signing documents allow for the creation of a bar code on the certificate and the underlying document, so the connection between the two can be verified. Both techniques are described in a 2007 technical document, notably at paragraphs 26 – 29. Paragraph 25 points out that recourse to the electronic register will also help deter fraud in any medium. One can of course do an online verification of a number printed on paper.

Work in progress

We see from the foregoing discussion that public sector seals, like transactional seals, are works in progress. Though the policy function of the public sector seal is distinct, some of the techniques of creation or substitution are similar, though the mere assertion of intention to seal will not be good enough to satisfy that policy (as it probably will for transactional seals). It remains to be seen whether one method of sealing electronically will predominate over time, or whether the nature of public documents and their variable uses will justify several paths to the goal of authentication.

Comments are closed.