Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/23/2009
08:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

U.S. District Court Judge Issues First Digitally Signed Judicial Order

Action signals a first for U.S. courts, which, despite widespread use of electronic filing systems, still require handwritten signatures by judges on paper

September 21, 2009 -- WASHINGTON, DC -- (Marketwire) -- 09/21/09 -- Ushering in a new era of efficient and secure delivery of legal judicial orders, the Honorable John M. Facciola, Magistrate Judge for the U.S. District Court in the District of Columbia, has issued the first digitally signed judicial order in U.S. history.

The action signals a groundbreaking opportunity for U.S. courts which, despite the widespread use of electronic filing systems, still require handwritten signatures by judges on paper. The ability to implement reliable digital signatures for court filings closes this disconnect, while providing the legal confidence necessary to admit into evidence documents that have been signed electronically.

Facciola's action demonstrated that by using intuitive and cost-effective procedures, justice agencies can exchange digitally signed documents that are highly resistant to tampering or falsification, and whose authenticity can be verified at anytime by any person. The judge received a high assurance signing credential issued by the National Notary Association (NNA) and using services and technologies developed by Science Applications International Corporation (SAIC), VeriSign, Inc., Adobe Systems, Inc., SafeNet, Inc. and ChosenSecurity, Inc.

"A judge signs his or her name many times each day," said Facciola, who issued the first digitally signed court order on Aug. 26 at 12:08 p.m. Eastern Standard Time. "The capability to sign electronically an order or other document should create in the people who see it an assurance that the document was signed by the judge and eliminate corrupt attempts to use forged, electronically created documents for improper ends."

Facciola received his signing credential -- an electronic identity referred to as a digital certificate issued in a highly secure manner -- after his identity was authenticated by a Trusted Enrollment Agent(TM), a Notary Public certified and trained by the NNA in identification and authentication of individuals. "By utilizing a Trusted Enrollment Agent, parties relying on Judge Facciola's judicial orders can have confidence that the person who signed the order was in fact the person identified in the Digital Certificate and that the order was signed by the judge himself," said Larisa B. Gurnick, CEO of the National Notary Association.

A high assurance signing credential is essential in overcoming the lack of confidence in the authentication and legal admissibility of electronically signed documents, and the resulting fear that fraudulent orders could infiltrate the court system. To ensure judicial orders signed electronically are reliable and resistant to fraud and manipulation, digital signing credentials, such as the one issued Facciola, should be at an assurance level equivalent or greater to what the federal authorities refer to as Medium Assurance Hardware -- Federal Bridge Cross Certified. That certification level is based on a high standard of reliability defined by the Federal PKI Management Authority. Signed judicial orders created from this high-assurance credential are self-verifying, thus enabling any person receiving the order to first easily verify the authenticity of the order.

"Any digital signature solution must ensure that court orders are verifiable and cannot be manipulated or fraudulently created," said Adam Geller, vice president of Enterprise and Government Authentication at VeriSign. "By using a Medium Assurance Federal Bridge Cross Certified digital certificate to sign the order, Judge Facciola's 'signature of approval' is visibly embedded into the document in an unalterable fashion."

"This significant milestone reaffirms that digital signatures offer greater assurances than traditionally signed documents, as they meet higher authentication standards and are protected throughout the document lifecycle," said John Landwehr, director of Security Solutions and Strategy, Adobe. "Signers and recipients alike can easily and confidently validate signatures using the free Adobe Reader deployed on millions of desktops around the world. As a result, documents can be processed more quickly and more securely, in a cost-effective manner."

"Critical to the reliability of a digitally signed order is the time the order was issued," said Dean Coclin, vice president of Business Development at ChosenSecurity. "That's why ChosenSecurity provides an on-demand RFC 3161 time stamp to confirm when the document was signed, providing further aspects of reliability to the judicial order."

"SafeNet's eToken, a USB device the size of an average house key, is providing absolute security for electronic signatures for court officers throughout the nation's justice system," said Russ Dietz, CTO, SafeNet. "eToken meets the new Federal Bridge Standard -- FIPS 140-2 certification, is easy to use and is highly portable, providing court officers with powerful authentication by requiring something they have, the tamper-proof eToken, and something they know, a PIN."

Facciola said U.S. courts are overdue for a reliable, end-to-end electronic process that includes signing. "We can hope that it will be universally accepted by all those who have to rely on the contents of an electronic document that is in the court's electronic filing system," he added.

A fully electronic filing system -- that includes electronic signatures -- makes sense for America's courts, Facciola said. "This is the next logical development in the transition from paper to electronic filing," he said. "Implementing electronic signatures will keep the court's processes consistent and contemporary with the actual practices of the society the court serves."

"This milestone sends a strong message of confidence to judges and most importantly to general counsels and lawyers throughout the United States: it is acceptable -- in fact, desirable -- to use digital signatures, so long as they are highly reliable and persistently verifiable," said Jacques Francoeur, Sr. Director, Identity and Information Assurance at SAIC Commercial Business Services, who is credited for orchestrating this event.

Courts throughout the country regularly file electronically and yet this otherwise efficient and cost-effective process breaks down when paper-based signatures are required. In this case, Adobe' Acrobat' software and the Portable Document Format (PDF) were used as the core of the signing process.

"Magistrate Facciola's signing credential was designed specifically for ease-of-validation by anyone who receives the order," added Francoeur.

Both the time stamp and Digital Certificate are rooted under the Adobe Certified Document Services and Adobe Approved Trust List programs, respectively allowing automatic validation using the most current version of the virtually ubiquitous Adobe Reader' software.

About Magistrate Judge John M. Facciola Magistrate Judge John M. Facciola was appointed a United States Magistrate Judge in August 1997. He received an A.B. in 1966 from the College of the Holy Cross and a J.D. in 1969 from the Georgetown University Law Center. Following law school, Facciola served as an Assistant District Attorney in Manhattan from 1969 to 1973, and was in private practice in the District of Columbia from 1974 to 1982. He joined the U.S. Attorney's Office in 1982 and served as Chief of the Special Proceedings section from 1989 until his appointment as Magistrate Judge.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
CVE-2021-3197
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.