Contextual security

Finally, we are heading back to Australia. With all my family, we are excited to be back in Down-Under and get back our lives. I can’t wait to hit the water in the early morning, my wife misses her friends, and my daughter is about to be back at childcare and water-centred activities. An exciting time but stressful at the same time. Since we stopped renting our apartment on our extended overseas trip, we now have nowhere to live. It is a great idea, in theory. We can save tons of cash, but the perspective of going back and crashing at a friend’s place with no guarantee of renting something in a fixed time. The property market in Australia is a bit wild at the moment, at least as it looks from our perspective, so we wouldn’t know how long it would take to get an apartment we would be happy ever after. Fortunately, one evening when I was browsing the properties, I found something interesting. I filled up all the paperwork to apply straight away, and my wife found somebody to inspect the place for us, and it seemed all set. With our fingers crossed, we were waiting for the response. We pushed a bit hard, might be a bit too hard, to get the apartment, and, surprise, surprise, we got it. All is set. We just come, unpack our stuff, and we are good to go to live our Aussie dream.

Great news, all that is left is to sign the lease agreement. And here is where I get to the point of the whole essay. A few days later, I chatted with a friend about the entire thing. I said how we applied, how we got it and that we were stoked to have a place to live. He said something along the lines of:

“That’s cool. You can do it all online without even being there. What about the documents? How are you going to sign them?”

“I will send a pdf doc with my signature pasted in. No issue here.” — I answered with confidence.

“Pasted signature, that doesn’t mean anything. There is no security in it.” — he replied with a bit of doubt.

“Yeah, I’ve been doing it in Australia this way for a while, and there are many places that accept it.” — I lost a bit of confidence, but still, internally, I felt there was nothing wrong with it.

“This signature doesn’t mean anything. You could not even send it at all. It would be the same.”

He has a point. There is no security embedded in the scanned signature that was pasted into the document. It is easy to copy. You have no guarantee that the signature belongs to the person and, even worse, that it wasn’t simply copy-pasted by somebody else. There are ways to solve the digital signature, but a pdf signature is not the secure one. Fair enough, this is not something you can blindly trust. But I still believe it is a good way of confirmation in some circumstances. Not every case is the same, and not every contract needs blockchain-level security. Sometimes a loose acknowledgment could be enough. A flag that I’ve already seen it.

The first factor could be the value of the transaction. For example, if you are getting a loan or selling a house, basically something with a high value, you might want to be sure when somebody tries to cheat, you can go to court and prove the other person is lying. I’m pretty sure the judge would not think of a pdf signature as a valid confirmation, so it might not be enough in that context.

The second thing that comes to my mind is the risk. In the apartment renting example I started with, the docs are just the formalities. The agent has all the emails that we exchanged. He has verified the details that I provided and my references. He secured the deposit for the apartment and the initial rent. The signature on a document would not change much. He has more leverage to pull in this case. If I decided for some reason to break the agreement, I would lose much more than they would.

I firmly believe the level of security depends on the context. It is not always the same. As usual, it is a tradeoff between convenience and safety.