The Straight Dope

Go Back   Straight Dope Message Board > Main > General Questions

Reply
 
Thread Tools Display Modes
  #1  
Old 07-11-2012, 08:34 PM
handsomeharry handsomeharry is offline
Guest
 
Join Date: Aug 2001
Is there a reason that a fax is required, instead of a scan/email?

A year or two ago, I made a contract with some institution (can't remember, bank, mortgage, car loan, etc...). They said that I would need to fax X document with my signature on it. I don't have a landline. So, I said, "May I just scan and fax the document?" Ha! You'd have thought that I asked to send them naked pics of my 6 year old, or asked for one of theirs. (No, I don''t know how they would have got naked pics of my 6 year old!)
At any rate, I got an emphatic 'No.' I knew this was no time to ask what the problem was, and even if it was, the person with whom I was dealing surely wouldn't have known.
So, is there a difference? The only diff I can see is that a scan would probably in color, if not a better quality.

Any answers?

Thanks,
hh
Reply With Quote
Advertisements  
  #2  
Old 07-11-2012, 08:54 PM
gallan gallan is offline
Guest
 
Join Date: Jun 2010
Bank policy is the only reason this would be required. The institution with which you were signing the contract decided that faxing was their acceptable method of receiving a signature without the signing party being present, and whoever you talked to probably wasn't even aware that other kinds of signatures are perfectly legal.
Reply With Quote
  #3  
Old 07-11-2012, 08:56 PM
Fuzzy Dunlop Fuzzy Dunlop is offline
Guest
 
Join Date: Apr 2007
I can't answer with absolute certainty but I sign lots of official documents and scans of e-mails are generally happily accepted in lieu of a fax. I suspect your experience was an anomaly.

Also, color faxes are possible, although obviously not universal.

The only time people have ever rejected my scan is when an original is needed. And if they need the original ink they often need it notarized too.
Reply With Quote
  #4  
Old 07-11-2012, 08:56 PM
njtt njtt is offline
Guest
 
Join Date: Jul 2004
Their systems/routines are not set up for doing it in other ways.

I have experienced this too, and it required faxing internationally. It was a real pain. One day I expect banks will catch up to the late 20th century.

Last edited by njtt; 07-11-2012 at 08:58 PM..
Reply With Quote
  #5  
Old 07-11-2012, 09:01 PM
Topologist Topologist is offline
Charter Member
 
Join Date: Aug 2001
Location: Long Island, NY
Posts: 285
In most contexts now, a pdf is accepted as readily as a fax. But, I'm posting mainly to link to one of my favorite Dilbert cartoons, which is somewhat apropos.
Reply With Quote
  #6  
Old 07-11-2012, 09:12 PM
WhyNot WhyNot is online now
Member
 
Join Date: Jul 2004
Location: Sweet Home Chicago
Posts: 30,597
I've gotten around this at times by using a web based fax service. I scan the document, save it on my computer, go to my fax service website and hit a link that says Fax Out. Then I attach the computer file I want, input the fax number to send it to and hit Send.

I have absolutely no idea why this is acceptable when an email isn't, but I'm more than willing to exploit the system, rather than pay for a land line and fax machine!

This is the service I use, but I'm sure there are many others, possibly even free ones if you don't need to use it often (I do about 25 "faxes" a month, and get many many more incoming through the same website): http://www.extremefax.com/
Reply With Quote
  #7  
Old 07-12-2012, 12:34 AM
Voyager Voyager is offline
Member
 
Join Date: Aug 2002
Location: Deep Space
Posts: 34,934
Quote:
Originally Posted by handsomeharry View Post
A year or two ago, I made a contract with some institution (can't remember, bank, mortgage, car loan, etc...). They said that I would need to fax X document with my signature on it. I don't have a landline. So, I said, "May I just scan and fax the document?"
So, is there a difference? The only diff I can see is that a scan would probably in color, if not a better quality.

Any answers?

Thanks,
hh
By fax the document I assume you mean an on line fax service, right, or direct from your computer. (And not email.) Especially amusing since a fax machine scans the document and sends it over phone lines, much like you'd be doing. And if color is a problem you can scan it in gray scale or black and white.

I can see them not taking email. When I used to fax my insurance forms, it clearly went to a system which converted the fax to an image, so email would have broken the process.

My companies expense account policy, btw, requires scan and email. So it is possible.
Reply With Quote
  #8  
Old 07-12-2012, 01:26 AM
dracoi dracoi is offline
Guest
 
Join Date: Dec 2008
Four reasons I can think of:
1) E-mail is not particularly secure for sending sensitive information. You really don't want to be e-mailing bank account numbers, social security number, etc. The chances of intercept may be slim, but e-mails do pass through numerous servers before arriving at their destination; a fax requires physical access to the machine.
2) If you let people scan their own documents, how sure are you that they're using decent settings? I get scanned documents all the time, and I'm blown away by low contrast (one bank statement was dark grey on medium grey; I pulled out Photoshop to make it readable), low resolution, weird formats, etc. At least with a fax you can guarantee black and white 200 dpi quality.
3) Large files are often blocked by e-mail servers. Yeah, these limits are usually 5+ MBs (often even as high as 25 MB), but an amateur who scans at 32-bit color, 600-dpi as a TIF or BMP is going to hit that limit. Since e-mail servers don't always bother letting you know that the e-mail was blocked when large attachments are involved, you may not have a good explanation of a problem.
4) A fax rings, you answer it, you have the document. E-mails (especially with large attachments) can take minutes or hours to arrive.

Ultimately, it does come down to the bank's internal policy, but they do have good reasons.
Reply With Quote
  #9  
Old 07-12-2012, 07:11 AM
kanicbird kanicbird is online now
Guest
 
Join Date: May 1999
I believe there is some legal standing of a fax as a valid document that goes pretty far back and accepting a fax legally but not a email, though I thought email attachments have caught up in legal standings.

Faxes are required by law to have the fax identifier - basically a signature to verify it's location. Many don't set the Fax ID, some set it to something other then their fax number, but I do believe it is a requirement so does hold some form of legal identification also.

You may be able to fax via a cell phone, I know this worked in the flip phone days, not sure about the smartphones (but check for a app). You hooked up your cell phone to your laptop via USB and the computer recognized it as a fax/modem and installed drivers. Then you could fax from your cell which only used your minutes (not data). Also you could use this for dialup internet as well, again only minutes used, no data charge.

And as stated above I use a email to fax (and fax to email) service also, so i get and send as email attachments they get and send as faxes.
Reply With Quote
  #10  
Old 07-12-2012, 07:22 AM
Musicat Musicat is offline
Charter Member
 
Join Date: Oct 1999
Location: Sturgeon Bay, WI USA
Posts: 17,535
In the real estate business, at least in my state, email is entirely a different animal from fax. If a contract specifies that legal delivery of documents must be by fax, postal mail, or hand-delivered, an email is not legal delivery.

Perhaps because email is such a new technology (to governments and lawyers, at least), in order to use it for delivery, the recipient must first have consented to email by accepting one, printing it out, signing it, scanning it, and returning it by email. No other method or document can be used (i.e., you can't fax back an email consent form), although I imagine the print/sign/scan process could be done in a non-paper mode if the operator was tech savvy enough and no one would be the wiser.

Ostensibly, this procedure is to prove that any such document exchange is possible, and no one is saddled with a critical task that is impossible for them to fulfill. Why this isn't required for faxes, I don't know. It's actually easier nowdays for many people to handle email transactions than faxes, but the law doesn't care.
Reply With Quote
  #11  
Old 07-12-2012, 07:22 AM
Rhythmdvl Rhythmdvl is offline
Charter Member
 
Join Date: Oct 1999
Location: Shakedown Street
Posts: 12,412
Quote:
Originally Posted by handsomeharry View Post
(No, I don''t know how they would have got naked pics of my 6 year old!)
In contrast, I have six-year old pictures of your nakedness. Send me $20,000 in small, unmarked bills or I'll stop posting them.
Reply With Quote
  #12  
Old 07-12-2012, 07:36 AM
Princhester Princhester is offline
Charter Member
 
Join Date: Jan 2001
Location: Brisbane, Australia
Posts: 11,521
Meh, it's just inertia and the usual security phobia about anything new. I had an argument about something similar with our local law society. I can communicate using email on ordinarly file handling matters, taking instructions on things that matter to the tune of millions of dollars. This is normal. But for certain trust account transactions, I must have at least a fax with a signature on it. I don't communicate with my large clients by fax or letter. I wouldn't have a clue what their signature looks like. So apparently I can get into trouble with the law society if I rely on a piece of paper faxed to me saying:

"Princhester, please pay $1m to Joe Bloggs,
yours sincerely,
signed [scribble]"

...which could be sent by anyone at all.

But if I accept the same instruction by email from the email address that I have been using to communicate with my client for years, then I could get into trouble.

They'll catch up, eventually.

Last edited by Princhester; 07-12-2012 at 07:37 AM..
Reply With Quote
  #13  
Old 07-12-2012, 07:49 AM
Omar Little Omar Little is online now
Guest
 
Join Date: Apr 2000
Some clerk has a checklist.
She has to follow the checklist.
Diverting from the checklist requires approval above her paygrade.
It's a hassle to get approval.
Follow the checklist.
Reply With Quote
  #14  
Old 07-12-2012, 09:16 AM
TreacherousCretin TreacherousCretin is offline
Horrified Onlooker
 
Join Date: Oct 2008
Location: Moscow, Idaho
Posts: 3,748
Quote:
Originally Posted by Rhythmdvl View Post
In contrast, I have six-year old pictures of your nakedness. Send me $20,000 in small, unmarked bills or I'll stop posting them.
OK if he faxes them to you?
Reply With Quote
  #15  
Old 07-12-2012, 09:17 AM
CookingWithGas CookingWithGas is offline
Charter Member
 
Join Date: Mar 1999
Location: Tysons Corner, VA, USA
Posts: 9,778
Quote:
Originally Posted by dracoi View Post
1) E-mail is not particularly secure for sending sensitive information. You really don't want to be e-mailing bank account numbers, social security number, etc. The chances of intercept may be slim, but e-mails do pass through numerous servers before arriving at their destination; a fax requires physical access to the machine.
Email is not secure at all. This is the reason I never send PII by email. Faxes are fairly secure because a point-to-point session is established (unless somebody is tapping your phone line, highly unlikely). Encrypted email increases security but the average person has no clue about how to do this and I would daresay neither do most financial institutions.
Reply With Quote
  #16  
Old 07-12-2012, 09:29 AM
gotpasswords gotpasswords is offline
Charter Member
 
Join Date: Mar 1999
Location: San Francisco area
Posts: 14,706
Most likely, they're using a fax server that drops incoming faxes right into their workflow, and they have no way to insert emails.
Reply With Quote
  #17  
Old 07-12-2012, 11:28 AM
ftg ftg is offline
Guest
 
Join Date: Feb 2001
Quote:
Originally Posted by dracoi View Post
Four reasons I can think of:
1) E-mail is not particularly secure for sending sensitive information. You really don't want to be e-mailing bank account numbers, social security number, etc. The chances of intercept may be slim, but e-mails do pass through numerous servers before arriving at their destination; a fax requires physical access to the machine.
We've had to fax one document in the past year or so. (Before that Mrs. FtG did it at work.) I did it thru one of the free online services like WhyNot mentions. Security? Going thru a third party? Not really.

And there's no way for the receiver to really stop something like this.

Everyone, and I mean everyone, has to completely rid themselves of the idea that faxes are somehow more secure than email.
Reply With Quote
  #18  
Old 07-12-2012, 11:32 AM
dracoi dracoi is offline
Guest
 
Join Date: Dec 2008
Quote:
Originally Posted by ftg View Post
We've had to fax one document in the past year or so. (Before that Mrs. FtG did it at work.) I did it thru one of the free online services like WhyNot mentions. Security? Going thru a third party? Not really.

And there's no way for the receiver to really stop something like this.

Everyone, and I mean everyone, has to completely rid themselves of the idea that faxes are somehow more secure than email.
The IRS has added a warning before they fax transcripts that it's not guaranteed to be secure. Nothing is foolproof. But your example is just one of an insecure fax machine (using machine in the loosest sense). It's not a limitation of the technology as a whole. The basics of faxing remain that one machine connects directly to another machine, so that controlling the machine means you control the security.

E-mail, on the other hand, is intentionally designed so that messages fly off into the network, passing from one server to the next. You don't even know which servers it will pass through until after the fact.
Reply With Quote
  #19  
Old 07-12-2012, 11:40 AM
Tastes of Chocolate Tastes of Chocolate is offline
Charter Member
 
Join Date: Aug 2003
Location: slightly north of center
Posts: 4,264
Quote:
Originally Posted by ftg View Post
Everyone, and I mean everyone, has to completely rid themselves of the idea that faxes are somehow more secure than email.
A true fax IS more secure than an email. If you chose to go around that, then the security breach is on you, not on the other party.
Reply With Quote
  #20  
Old 07-12-2012, 12:41 PM
Rhythmdvl Rhythmdvl is offline
Charter Member
 
Join Date: Oct 1999
Location: Shakedown Street
Posts: 12,412
Quote:
Originally Posted by CookingWithGas View Post
Email is not secure at all. This is the reason I never send PII by email.
I no longer understand this. I even started a thread about it (here). In my (very) limited understanding of the responses in that tread suggest that if you're not being specifically targeted by law enforcement or overly attached girlfriend--and assuming your and your recipient's computers are not otherwise compromised, email is fairly safe. But again, I think I might have missed something.
Reply With Quote
  #21  
Old 07-12-2012, 01:27 PM
md2000 md2000 is offline
Guest
 
Join Date: Feb 2009
http://dilbert.com/strips/comic/2005-05-18/
Reply With Quote
  #22  
Old 07-12-2012, 04:59 PM
CookingWithGas CookingWithGas is offline
Charter Member
 
Join Date: Mar 1999
Location: Tysons Corner, VA, USA
Posts: 9,778
Quote:
Originally Posted by Rhythmdvl View Post
I no longer understand this. I even started a thread about it (here). In my (very) limited understanding of the responses in that tread suggest that if you're not being specifically targeted by law enforcement or overly attached girlfriend--and assuming your and your recipient's computers are not otherwise compromised, email is fairly safe. But again, I think I might have missed something.
(where?) I am not a networking expert but the way the Internet works is that your email is broken down into little bits called packets that get handed off from computer to computer until they get to their destination and are reassembled. It is not likely that someone will bother to sniff enough packets to be able to see your email specifically, but it's not all that hard (it's a lot easier than phone tapping; packet sniffer) and you would never be able to tell if someone did.
Reply With Quote
  #23  
Old 07-12-2012, 06:34 PM
FoundWaldo FoundWaldo is offline
Guest
 
Join Date: Apr 2011
I recently did a real estate transaction, where the vast majority of documents were transferred by email, but in two instances (to two recipients), we had to fax. And for BOTH of those recipients (a bank and a law firm), the person cheerfully said something along the lines of "as soon as we get it, it pops up on my computer, so I'll know!" So basically it's ending up in the same place as an email anyway.

It is FAR more common to have a security breach along the lines of a trojan on someone's PC than to have a packet sniffer in line grabbing emails. And in this case, even if they did have a packet sniffer, if it was in the right place (in between the recipient's computer and the server), they'd get it anyway. In most practical senses, this is not more secure than email.
Reply With Quote
  #24  
Old 07-12-2012, 06:40 PM
chrisk chrisk is online now
Charter Member
 
Join Date: Nov 2003
Location: Southern ontario
Posts: 6,013
Quote:
Originally Posted by md2000 View Post
Topologist provided us with the original link in post #5, therefore this is a copy link and we can't accept it.
__________________
Stringing Words Forum
Aspiring writers and authors supporting each other.
Goals and resolutions our particular specialty - also sharing commiseration and triumphs.
Join today!
Reply With Quote
  #25  
Old 07-12-2012, 10:15 PM
Derleth Derleth is offline
Guest
 
Join Date: Apr 2000
Quote:
Originally Posted by Tastes of Chocolate View Post
A true fax IS more secure than an email. If you chose to go around that, then the security breach is on you, not on the other party.
Explain how a fax is more secure than an encrypted email with a digital signature attached, please.
Reply With Quote
  #26  
Old 07-12-2012, 11:00 PM
Princhester Princhester is offline
Charter Member
 
Join Date: Jan 2001
Location: Brisbane, Australia
Posts: 11,521
Most fraud and most security breaches do not come from clever technical schemes involving intercepting electronic communications using technological means. The breaches come from simple human stuff.

It is harder for average Joe Fraudster to make an email appear to come from John.Doe@bigcompanytopleveldomain.com when actually it comes from somewhere else, than it is for Joe to send a fax that appears to come John but doesn't.

As to stealing personal information, it does seem to me that your information is more at risk if you send it by email than by fax. However, this has nothing at all to do with dastardly schemes to intercept emails as they pass through servers. Again, most fraud does not come from that, it comes from abuse of personal information by the person or company to which you send it.

An email may be more likely to attract that sort of fraud simply because it is easier to search across emails stored unsecurely, or to re-transmit emails. Faxes, particulary if they arrive on paper, or as an image file rather than as text, are less likely to be passed on or found by a search. On the other hand, if a criminally minded employee walks out of the office with a paper fax, how is that traced? There may not even be a record of the fax ever having been received, on an old style fax machine. If such an employee forwards an email to themselves, at least that leaves a trail.
Reply With Quote
  #27  
Old 07-13-2012, 12:12 AM
dnooman dnooman is offline
Member
 
Join Date: May 2003
Location: Columbus, Ohio
Posts: 4,750
Quote:
Originally Posted by dracoi View Post
Four reasons I can think of:
1) E-mail is not particularly secure for sending sensitive information. You really don't want to be e-mailing bank account numbers, social security number, etc. The chances of intercept may be slim, but e-mails do pass through numerous servers before arriving at their destination; a fax requires physical access to the machine.
This.

Quote:
Originally Posted by CookingWithGas View Post
Email is not secure at all. This is the reason I never send PII by email. Faxes are fairly secure because a point-to-point session is established (unless somebody is tapping your phone line, highly unlikely)..
Also, this.

Quote:
Originally Posted by ftg View Post
Everyone, and I mean everyone, has to completely rid themselves of the idea that faxes are somehow more secure than email.
I can think of several scams, malware, etc. that target email and anything associated with such. How many people do you think are trying to intercept faxes either over a phone line, or physically at the receiving machine?

Quote:
Originally Posted by Tastes of Chocolate View Post
A true fax IS more secure than an email. If you chose to go around that, then the security breach is on you, not on the other party.
Quote:
Originally Posted by Princhester View Post
It is harder for average Joe Fraudster to make an email appear to come from John.Doe@bigcompanytopleveldomain.com when actually it comes from somewhere else, than it is for Joe to send a fax that appears to come John but doesn't.

As to stealing personal information, it does seem to me that your information is more at risk if you send it by email than by fax. However, this has nothing at all to do with dastardly schemes to intercept emails as they pass through servers. Again, most fraud does not come from that, it comes from abuse of personal information by the person or company to which you send it.

An email may be more likely to attract that sort of fraud simply because it is easier to search across emails stored unsecurely, or to re-transmit emails. Faxes, particulary if they arrive on paper, or as an image file rather than as text, are less likely to be passed on or found by a search. On the other hand, if a criminally minded employee walks out of the office with a paper fax, how is that traced? There may not even be a record of the fax ever having been received, on an old style fax machine. If such an employee forwards an email to themselves, at least that leaves a trail.
I sent a joke email to a pilot friend of mine that seemed to be from the official FAA.gov domain, it's not that hard to do.

I access full credit card numbers and expiration dates on a daily basis. If a merchant just needs a few, I'll read them over the phone, if they have hundreds, I have to ask for a fax. I can't email that sort of thing.

Perhaps encoding has more to do with this than encryption? I could be wrong.

Any way you slice it, emails are far more subject to compromise than faxes are, based on both technology and the value of a potential target for fraud. That's my 2cents
Reply With Quote
  #28  
Old 07-13-2012, 07:18 AM
CookingWithGas CookingWithGas is offline
Charter Member
 
Join Date: Mar 1999
Location: Tysons Corner, VA, USA
Posts: 9,778
Quote:
Originally Posted by Derleth View Post
Explain how a fax is more secure than an encrypted email with a digital signature attached, please.
It isn't, but does your grandmother know how to send an encrypted email with a digital signature? Does her bank know how to receive it?

Quote:
Originally Posted by Princhester View Post
It is harder for average Joe Fraudster to make an email appear to come from John.Doe@bigcompanytopleveldomain.com when actually it comes from somewhere else, than it is for Joe to send a fax that appears to come John but doesn't.
I agree with your overall point that information is compromised more from abuse and invasion than by interception. But on this one point I disagree. It is quite trivial to spoof email addresses, and if the recipient has caller ID it is hard to spoof a phone number (although it is trivial to make the contents of a fax look like it's from whomever you want).
Reply With Quote
  #29  
Old 07-13-2012, 08:59 AM
ftg ftg is offline
Guest
 
Join Date: Feb 2001
There are so many misconceptions in this thread I don't know what to think. Who can so many people on the SDMB be so wrong?

1. Caller ID is trivial to spoof. It's done all that time. All those calls from "Carol in card services"? They use a fake number. Caller ID proves squat.

2. At the receiving end of a fax, there is most likely a fax-modem. The fax doesn't get printed out and it's saved as a file. No more secure at that end than any other file, like an email.

3. While email headers can be faked, if you use encryption and public key signatures, an email can be established as coming from the sender to such a strong extant that any legal eagle would be satisfied. And the encryption ensures no one in between can see it. Something that a fax cannot do. (There are fax encyption devices, but they are rarely used.)

4. Tastes of Chocolate: It's the receiver's error in believing it's somehow magically more secure. There is no security to bypass. You are just doing what is most convenient for you. This is Pointy Haired Boss thinking. "It's secure, therefore anyone bypassing it is a fool." No, the fool is the PHB. Once you realize there is no security, the rest of the statement makes no sense.
Reply With Quote
  #30  
Old 07-13-2012, 09:26 AM
hibernicus hibernicus is online now
Charter Member
 
Join Date: Oct 2000
Location: Dublin, Ireland
Posts: 1,976
Somebody upthread mentioned inertia. This can be a very important reason, and not necessarily an irrational one.

Imagine you work for a trading organisation. One of your processes (involving trades valued in the millions and tens of millions) requires bids to be submitted by fax, in a prescribed format, from pre-agreed numbers, to a designated and secured fax machine, within a prescribed window of time. (Other, very similar, processes are done on screen-based interfaces, so it's not that your organisation is simply living in the past.)

Why don't you just change the process and receive bids by e-mail? Even if you could convince people that e-mail could be made just as secure as faxes (big if!), such a change could not be made instantly on a whim. A change process would need to identify all risks introduced by the change, and demonstrate that any increased risk was justified and had been mitigated. All system and resource implications would have to be quantified and funded. Legal advice would be sought and legal document redrafted.

Numerous stakeholders (including regulatory stakeholders) would have to be consulted and advised on the implications of the change for their processes.

New controls would have to be designed and implemented, new supporting documents would have to be prepared and disseminated.

The change would have to be approved at the appropriate level by people whose job it is to ask tough questions and not to be easily convinced.

Given all of the above, any cost-benefit analysis would be likely to conclude "if it ain't broke, don't fix it".
Reply With Quote
  #31  
Old 07-13-2012, 11:30 AM
dracoi dracoi is offline
Guest
 
Join Date: Dec 2008
Quote:
Originally Posted by ftg View Post
2. At the receiving end of a fax, there is most likely a fax-modem. The fax doesn't get printed out and it's saved as a file. No more secure at that end than any other file, like an email.
Who's talking about "at that end"? Once the fax is received all bets are off.

What we're talking about, primarily, is risk that the transmission is intercepted. An e-mail is easier to intercept than a fax, which is a factual claim for several reasons.
Reply With Quote
  #32  
Old 07-13-2012, 12:57 PM
ftg ftg is offline
Guest
 
Join Date: Feb 2001
Quote:
Originally Posted by dracoi View Post
Who's talking about "at that end"? Once the fax is received all bets are off.

What we're talking about, primarily, is risk that the transmission is intercepted. An e-mail is easier to intercept than a fax, which is a factual claim for several reasons.
An encrypted, digitally signed email cannot be intercepted. A fax sent using one of the Internet services mentioned above can be.

In addition, the biggest security holes are at the ends, sending and receiving. A malware infected machine at either end is what people realistically need to be concerned about.

You apparently have a very different concept of "factual claim" than I do.

People who go along with "fax is more secure than email" are engaged in what is called security theater by experts.
Reply With Quote
  #33  
Old 07-13-2012, 01:30 PM
CookingWithGas CookingWithGas is offline
Charter Member
 
Join Date: Mar 1999
Location: Tysons Corner, VA, USA
Posts: 9,778
Quote:
Originally Posted by ftg View Post
1. Caller ID is trivial to spoof. It's done all that time. All those calls from "Carol in card services"? They use a fake number. Caller ID proves squat.
Caller ID spoofing is not that hard but requires special equipment, a third-party service, or software applications in conjunction with VOIP, and probably some cost. OTOH, email spoofing can be done with any email client, which exist on virtually every computer, not to mention phones.

Quote:
3. While email headers can be faked, if you use encryption and public key signatures, an email can be established as coming from the sender to such a strong extant that any legal eagle would be satisfied. And the encryption ensures no one in between can see it. Something that a fax cannot do.
Absolutely true, but nobody said anything contrary to this, and encryption and public key signatures are not understood by the average person who uses email. So it can't really be seen as the obvious solution to this whole issue. Let me give you a simple example. We had a word document that needed a signature, and we had a PM who referred to using her "digital signature." I was impressed until I found out she meant an image of her signature that she had scanned in.
Reply With Quote
  #34  
Old 07-13-2012, 02:46 PM
dracoi dracoi is offline
Guest
 
Join Date: Dec 2008
Quote:
Originally Posted by ftg View Post
An encrypted, digitally signed email cannot be intercepted. A fax sent using one of the Internet services mentioned above can be.

In addition, the biggest security holes are at the ends, sending and receiving. A malware infected machine at either end is what people realistically need to be concerned about.

You apparently have a very different concept of "factual claim" than I do.

People who go along with "fax is more secure than email" are engaged in what is called security theater by experts.
Traditional fax machines cannot be infected by malware. If infected computers are what people realistically need to be concerned about, then faxes remain the best choice for security.
Reply With Quote
  #35  
Old 07-13-2012, 02:56 PM
cmyk cmyk is offline
Door-2-Door Wikipedia Salesman
Charter Member
 
Join Date: Mar 2001
Location: Detroit Yankee in Memphis
Posts: 11,619
Shoot, lately, I've signed things like NDAs and other contracts, just took a pic of it with my iPhone and emailed it.

In this day and age, anything, can be forged very easily; be it a fax (especially faxes, since the reproduction on the other end is usually very low fidelity), emailed scans, digital encrypted sigs in a PDF, a photo (of which I just shot a pic on my phone of my drivers license last week and emailed it from the phone to the dealership to get my new lease rolling), etc.

So, it's mostly just an archaic status quo thing that no one's bothered to take another look at, depending on policy.

Why do people hate change? Especially very convenient change.

Last edited by cmyk; 07-13-2012 at 02:56 PM..
Reply With Quote
  #36  
Old 07-13-2012, 03:48 PM
Derleth Derleth is offline
Guest
 
Join Date: Apr 2000
Quote:
Originally Posted by dracoi View Post
Traditional fax machines cannot be infected by malware. If infected computers are what people realistically need to be concerned about, then faxes remain the best choice for security.
How do you know a fax came from a traditional fax machine?
Reply With Quote
  #37  
Old 07-13-2012, 07:06 PM
hibernicus hibernicus is online now
Charter Member
 
Join Date: Oct 2000
Location: Dublin, Ireland
Posts: 1,976
Quote:
Originally Posted by cmyk View Post
Why do people hate change? Especially very convenient change.
Did you read my post? For large organisations, legitimately concerned about security, change is never "very convenient".
Reply With Quote
  #38  
Old 07-13-2012, 08:47 PM
urban1a urban1a is offline
Charter Member
 
Join Date: Mar 2002
Location: Denver, CO
Posts: 862
I am currently trying to file a claim with my pet insurance company which allows e-mail submission. But what I have to do is to print a claim form (with prefilled information), then complete the form and sign it. Then I have to scan it, scan the vet bills and then e-mail it to the company.

It would be much faster to just mail it in.

Bob
Reply With Quote
  #39  
Old 07-13-2012, 09:08 PM
cmyk cmyk is offline
Door-2-Door Wikipedia Salesman
Charter Member
 
Join Date: Mar 2001
Location: Detroit Yankee in Memphis
Posts: 11,619
Quote:
Originally Posted by hibernicus View Post
Did you read my post? For large organisations, legitimately concerned about security, change is never "very convenient".
Not in the short run, but it's imperative for the long run. When businesses only care to look at how to make gains by not taking the trouble to keep pace with technology and especially when the world at large adopts new standards and technologies (i.e. their customers), their short sightedness will only come back to bite them in the ass, after it's too late.

The world is digital now. To resist only for the short term bottom line and PITA factor, well, that mentality dooms your business. Look at the RIAA, Blockbuster Video, Microsoft, and probably a billion other companies that resisted the change in catering to their customers, then tried to copy the competition that was current, innovative and willing to go to lengths to make whatever it is they're selling, easy, convenient or even cool for their consumers, a day too late and a dollar short. Ouch.

And it seems like a petty thing, right? They require a fax... no big deal. That is until their competitor employs more modern and convenient policies and technology for their customers, and they start stealing their business.

Yes, a seemingly minor oversight like that can doom your company before you even know what happened.

Tsk, Tsk.

Last edited by cmyk; 07-13-2012 at 09:11 PM..
Reply With Quote
  #40  
Old 07-13-2012, 10:53 PM
Shosy Shosy is offline
Guest
 
Join Date: Jun 2012
Maybe they put all received faxes on the dashboard of the company van for a week before they file them, so if you give them trouble, they can just point to a scroll of dark brown paper and say this is all they got
Reply With Quote
  #41  
Old 07-14-2012, 03:53 AM
benbo1 benbo1 is offline
Guest
 
Join Date: May 2008
This annoys the shit out of me; email is cheap, convenient, & ubiquitous; who has faxes in their homes anymore? Of course, it's exactly the critical institutions that ur forced to deal with that have exclusive lock on ur records or forms (government & doctor's offices typically). The standard bullshit excuse is that it's for our protection, email can be hacked, bla bla bla. Personally, I think it's a stall; person needs critical record (or to submit form). Person tries to email to speed up the process. Person gets told by soulless bureaucrat (or robotic medical office drone) 'we don't do that; it's fax or postal mail'. Person decides it ain't worth a trip to the Kinko's, gives up and surrenders to sending/receiving whatever by snailmail.
Reply With Quote
  #42  
Old 07-14-2012, 03:59 AM
JacSmith JacSmith is offline
Guest
 
Join Date: Jul 2012
Well fax is still on to date. but only few uses it now.
Reply With Quote
  #43  
Old 07-14-2012, 09:46 AM
ftg ftg is offline
Guest
 
Join Date: Feb 2001
Quote:
Originally Posted by dracoi View Post
Traditional fax machines cannot be infected by malware. If infected computers are what people realistically need to be concerned about, then faxes remain the best choice for security.
Only if you assume that fax machines are involved at all. People have been using fax modems since the early 90s. No real fax machine, just a regular old infectable PC. A well run large company will use fax modems.

It is exactly this outmoded, technologically unsophisticated thinking that is at the root of this problem.

As to how easy it is to fake caller id: 1. When I got my VoIP line, there was an entry for what number we wanted to show up on caller ID. Our number wasn't even pre-filled in. We could have put down anything. 2. Not everyone has to be capable of faking caller ID. If only 2% of the caller IDs to a fax line might be fake, the company has no way of knowing which are the 98% trustable ones. So none of them can be considered reliable.

I don't care if grandma doesn't understand PGP, I do. I want to be able to use it for protecting email of important materials. Grandma's issues are hers, not mine.
Reply With Quote
  #44  
Old 07-15-2012, 01:14 AM
handsomeharry handsomeharry is offline
Guest
 
Join Date: Aug 2001
Thanks for the input, everybody.
I just got back to the computer, so, my thanks is a bit dilatory.
Reply With Quote
  #45  
Old 07-15-2012, 02:05 AM
dnooman dnooman is offline
Member
 
Join Date: May 2003
Location: Columbus, Ohio
Posts: 4,750
Signature required things still like faxes because they are basically a scan of a real signature. Of course they can be faked, but you're much more likely to get a legit signature from a lay person via fax, than you are a fake one via email.

Digital, scanned, auto-penned, what have you... Signatures will always be a point of contention, and it deserves it's own thread.
Reply With Quote
Reply



Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:09 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.

Send questions for Cecil Adams to: cecil@chicagoreader.com

Send comments about this website to: webmaster@straightdope.com

Terms of Use / Privacy Policy

Advertise on the Straight Dope!
(Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.)

Publishers - interested in subscribing to the Straight Dope?
Write to: sdsubscriptions@chicagoreader.com.

Copyright 2013 Sun-Times Media, LLC.