Mailinglist Archive: opensuse (878 mails)

< Previous Next >
Re: [opensuse] Signing PDFs
On 08/06/2015 08:41 AM, David C. Rankin wrote:


Anton,

For the past decade or so, the easiest solution for this electronic
quandary for me was simply to sit down, write your signature a couple of
times on a plain sheet of paper (with a fat tipped pen), then scan and
choose the one you like. Pull it into gimp and make the background
transparent and scale it to a reasonable size.

Indeed.
When I got my phablet I used a app on that to do the same thing.
No need for paper, no need for scanner.



While on the subject ...
I seems ridiculous that the agency will accept a FAXed document, faxed
from a corner store. They don't have my registered signature on file.
Since I went VoIP my phone # isn't in the published phone book and cell
phones don't seem to appear anywhere.

It looks to me as if this is piss poor security; anyone could download
the PDF form from the web, fill it in, use any signature that looked
like an scrawl beginning with an A-she and ending with a D-shape and any
phone number then fax it back, all leaving me completely ignorant.

Yes, yes and yes.

You might want to check on the various agencies you deal with, the
revenue/tax people, the people who issue your professional certifications.
You might look into what "proof of identity" it takes to open a bank
account or get a driving licence.

Recently I attended a presentation by a person who worked for a law
firm, and as such was supported in dealing with an identity theft case.
Someone got a photocopy of her driving licence and over-typed, on a
different font, a new name. Used that as ID to get a set of mortgages
and land transfer and stole her house from under her. This too involved
faxing poor resolution, poor quality documents back and forth,
apparently from the 'corner store', with no authentication. The banks
accepted it it, the various civic institutions and land registration
agencies accepted it, the utility companies accepted it, the phone
company accepted it, the locksmith accepted it. The new utility bills
were then used as proof of residence in obtaining a new driving licence...

Eventually and at considerable cost it was all worked out, but took 2
years and a lot of anguish.
She obtained copies of all the documents that had been 'forged'. Quite
honestly they looked such poor quality they would not have fooled me.
She polled the audience and of the 60 or so present only a couple said
they might have accepted it.

Really, though, once you start drilling down you find that despite the
aggression you might encounter, for example with border guards and law
enforcement officers in 'stop with cause' situations identity
verification is weak in our bureaucracies. You only have to read of the
way con men (Kevin Mitnick is one example in the computer world) how
talk their way into things simply by asserting they are someone with
authority.

Think about what it takes, for example, to get a passport.
A friend did that recently. She took along her birth certificate.
I must admit that is lousy ID, its not as if it has fingerprints (though
some places 'foot-print' babies) or picture ID. In fact they asked her
for her driving licence since that had photo-ID. Think how easy it is
to get a driving licence is any name you want...

Our security agencies and government agencies really don't have
meaningful security against intelligent, determined criminals or
terrorists if this is how they manage IDs and records.


This seems arcane, but there are specific legal reasons for it. The
reasons are generally rooted in the statutes of civil/criminal procedure
under the section for "Signing of Documents". There is usually a long
list of what signing signifies (facts are within personal knowledge and
true and correct, not filed for improper purpose, etc, ...) and it also
provides penalties for violation of the rule (being held in sanctions,
contempt, disbarment, etc..) So while yes, anyone could put a big "A..."
and you would be left in the dark, there are laws on the books to handle
that case (not so yet with most if not all of the certificate equivalents)

Most of those laws involve witnesses and a affidavit signed and attested
to in the presence of a notary or lawyer and certified as such under
their seal. Even signing the tax forms in front of my accountant is
"good enough" with him as a witness. But downloading forms from any
number of governmental, non governmental, banking or a host of other
commercial entities (such as, for example, I had to do when telling one
provider I was giving up and transferring my number to another) did not
involve such measures. Just scribble a signature and fax them off.

I don't need the skills of the players in the old TV "Mission
Impossible" to photo a signature (even if it is my own) and make a
digital image, paste it in to the form using the methods in this thread,
then either email it as an attachment (since that does not require a
digital signature on the document or email) or fax it from some
anonymous corner store.

No wonder ID Theft is one of the fastest growing industries.
Its so easy!



--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >