Search code examples
securityemailencryptionwatermark

Security when emailing contracts

I would like to know how to protect a contract/email from being altered. The scenario is this:

Me and person X are signing a contract. So first I sign the contract, scan it in and email it to person X. Person X then print, sign, scan and email me the contract back.

My question is, how can prevent person X from altering the contract after I have signed. Is there someway to prevent this? Or a way to prove the altered contract with both our signatures on is not the same as the one I signed.

Keeping the copy I signed is not good enough because person X would simply argue I was the one who altered it. Keeping the email I sent would also not work since altering emails is trivial.

Solution

  • Unfortunately, there's no way to prevent this scenario in the way we currently use technology.

    In many countries, there's technology infrastructure in place to securely sign digital documents, but the "print/sign/scan" cycle people have become used to prevents any kind of meaningful technological protection measures against this scenario.

    If the people you're doing the contract with insists in using analog technology or the country you live in does not have the technological or legal infrastructure to make this work digitally, you'll have to revert, as Artjom B mentioned, to a trusted third party - a witness or a notary.

    From a more legal viewpoint (IANAL and TINLA)

    Keeping the copy I signed is not good enough because person X would simply argue I was the one who altered it. Keeping the email I sent would also not work since altering emails is trivial

    In this last paragraph, the tone of your question indicates that you're more worried about providing technological proof of your claims than the fact that your claims are true. If a contract is ever contested (which may or may not be unlikely), it's not up to you to provide technological proof. It's up to the court to decide using preponderance of evidence.

    Yes, from some programmer's viewpoint, altering a local email is technologically trivial - but for most people that's arcane black arts (or impossible). If it reassures you, the original email is very probably retained in the service provider independently of your local modifications, and will be available on legal request.

    Finally, forgery is a serious offense - my guess is that most people won't engage in it without a very strong motivation. Consider carefully if this is the case.