Originally published in Ingeo Digital Document Digest
It seems like we can’t turn on a television or open a newspaper without warnings about computer crime. We hear about hackers, information espionage, and identity theft. The benefits of electronic recording come from automation and increased accessibility, which are made possible by computers and the Internet. Because of this, industry stakeholders have a real interest in making sure digital document systems are as safe as possible.
The obvious question is why anyone would want to hack into a system that contains public information—land records that are freely available at county courthouses. There are a few possibilities, however remote. It is conceivable that a computer criminal might try to manipulate digital documents to gain ownership of real property, with the intent of obtaining fraudulent loans or selling the ill-gotten property. However, this type of thing is much easier to do on paper, since a handwritten signature is easier to forge than a digital signature.
The truth of the matter is that digital document systems are fairly low on the list of hackers’ targets. While the possibility for fraud is there, digital criminals are much more likely to use their energies to steal information offering more immediate potential gain.
But the unlikelihood of document tampering does not justify ignoring the possibility. Because of this, it is critical that those of us in the digital document industry understand and implement the most effective security technologies available. There are three main ways to protect ourselves and our data as we create and use digital documents: access control, network security, and data encryption.
Access control involves carefully managing physical and electronic entry to the tools that create, sign and submit documents. On the physical side, servers should be placed in secure locations, to prevent physical damage and direct access. On the electronic side, document systems should use password-protected login screens to help weed out unauthorized users, restricting access to those that have explicit permission to use the system.
In addition to these barriers to physical and digital entry, document systems should have role-based permissions that determine who is allowed to interact with a digital document and how, based on each person’s login. For example, some users may only be allowed to view documents, not create them. Some may have permission to sign, while others may notarize. In addition, conscientious audits of activity logs will enable administrators to see who is doing what, and detect any unauthorized activities.
The main tool for network security is a software or hardware device (or a combination of the two) called a firewall. A firewall sits between an institutional network and the Internet, carefully monitoring and controlling all traffic going in and out. Firewalls use a number of different technologies to protect networks and the users that “live” on them. Configuring a firewall is always a balancing act between protection and access, so this is best done with careful research and ample input from system administrators.
Since the Internet is an open, distributed network, information on the Internet is—by its very nature—insecure. Data encryption provides the necessary safeguards to protect sensitive data as it travels from point A to point B over the Internet. Two types of encryption, single key and dual key, provide the level of trust we need to do business with digital documents.
Secure Sockets Layer (SSL) technology makes use of both types of encryption, using public key encryption to establish a secure connection and then the faster single key encryption to exchange protected data. Digital signatures, which use public key encryption as well as critical “hash” algorithms, don’t protect information by making it “secret.” Instead, they serve as “tamper-evident” seals that allow us to determine the origin and authenticity of documents we receive. By leveraging the strengths of both types of encryption, these technologies help establish a level of nonrepudiation equal to or greater than documents that use traditional paper, pen and ink.
Responding to fear
The late Gary Granville, former recording officer in Orange County, California, once told us:
“The industry has been slow to adopt electronic recording—I think due to fear in the industry about security. We’ve found electronic recording to be far more secure than the traditional method. People used to leave packages at our door or on the counter and there is much more potential for fraud this way. In all of the 1,387,000 electronic transactions we’ve done, we’ve never had one incident of fraud.”
If we conscientiously make use of the technological protections described above, we in the electronic recording industry have no reason to fear. By remaining alert, carefully following procedures, and conducting timely audits of our systems, we can ensure that both our customers and our industry can continue to trust current and future electronic recording systems.