Death of The Identity Trivia Questions

Show Notes

How do you prove someone is who they say they are when the old methods stop working? In this episode, Eddie Montes Travis and Marylyn Lee Trotter talk about the shift away from traditional identity trivia questions. We look at why these knowledge-based questions are failing in the modern world and what is replacing them to keep your documents safe. • Weak Security: Traditional questions like your first car or your mother's maiden name are no longer safe because of social media and major data leaks. • Modern Alternatives: Why biometric scans and direct ID verification are becoming the new gold standard for checking a person's identity in a digital age. • The Risks of Trivia: How relying on old-school memory tests can actually lead to more fraud and errors during important legal signings. • Workflow Impact: How the end of these questions changes the way you handle remote and in-person signings every day. Staying ahead of security trends is the only way to protect yourself and your clients. Make sure you are prepared for the future of identity verification as the old ways fade away. Please subscribe and like the podcast to stay updated on all the latest industry news.

Show Notes:
• The decline of Knowledge-Based Authentication (KBA).
• How data breaches have made personal trivia public knowledge.
• New technologies replacing outdated security questions.
• The impact of these changes on remote notarization security.

Buy Becoming a Notary on Amazon

Notary Knowledge Reference Guide and Notary Bible on Amazon

Your Sunday Notary Reading:
Notary Public Foundation: Essential Guide to Core Duties, Ethics, and Commissioning on Amazon

Your Monday Notary Reading:
Notary Operational Excellence: Mastering Certificates, Journals, Ink, and Copy Certification on Amazon

Your Tuesday Notary Reading:
Notary Fraud Shield: Real-World Tactics, Red Flags, and Refusal Strategies on Amazon

Your Wednesday Notary Reading:
The Mobile Notary Blueprint: Launching and Managing Your On-Demand Business on Amazon

Your Thursday Notary Reading:
Notary Niche Navigator: Your Guide to Loan Signings, Apostilles, I-9s, and More on Amazon

Your Friday Notary Reading:
Notary Law & Liability: Understanding State Regulations, Insurance, and Avoiding UPL

Your Saturday Notary Reading:
The Future Notary: Mastering RON, eNotary, and Complex Scenarios on Amazon

Quick & Easy Solutions: How to Increase Mobile Notary Business for More Success & Profit: with 37 Professional Tips on Amazon

Executive Producer Derrick Spruill
Writers Marylyn Lee Trotter and Eddie Montes Travis
Graphics & Illustrations by Eddie Montes Travis
Music by Thomas Bynum
This Show is Produced by Magnificent Workz
Business Solutions

Facebook


Instagram


LinkedIn


X

Transcript

0:04

Since you started your notary business, strive for excellence. Introducing the book Notary Operational Excellence by Derek Spruel. Build your business on a beacon of precision and trust with expert advice. Check out Notary Operational Excellence by Derek Spruel from Amazon.com, Barnes Noble, Books of Million, Bookshop.org, Mobile Notary by DerekSpruell.com, or download from Kindle today. Right now, your entire financial life, you know, your mortgage, your retirement savings, your core identity, it is all likely protected by a security system that basically relies on a multiple choice quiz. Yeah, it really is. And I mean a quiz asking you things like uh the color of the Honda Simic you drove back in 2008. Right. Or maybe the exact monthly payment of a student loan you paid off a decade ago. And the terrifying reality here is that a malicious bot operating on the dark web probably knows the answers to those questions significantly better than you do. It is a completely inverted security model. I mean, we have inadvertently built the foundation of our modern digital economy on trivia questions that simply aren't secret anymore. Exactly. The data is out there and it's actively being weaponized against the very people it was designed to protect. Welcome to Notary Knowledge. Our mission for today's analysis of the source material is to really unpack this massive stack of research we have. We are looking at how you definitively prove you are who you say you are, especially when you aren't physically in the room. It's a huge topic. It is. We've got technical white papers on computer vision and artificial intelligence from developers like Precious. Yeah. We're looking at federal cybersecurity frameworks from the National Institute of Standards and Technology. We have industry data from platforms like Notary Cam and Proof. Which is great data, by the way. Oh, absolutely. And we are balancing all of that high-tech algorithmic research with highly practical, incredibly strict legal guidelines from the National Notary Association and state-specific legal blogs. It is a phenomenal juxtaposition of source material. I mean, in one paragraph, we are analyzing the mathematics of convolutional neural networks and you know the deployment of public key cryptography. And then in the very next paragraph, we are looking at centuries-old legal precedents governing the chemical composition of pen ink and the physical security of a paper journal. It's wild. But that is exactly what makes this space so fascinating. We are essentially attempting to digitize one of the oldest forms of human trust. Exactly. And to you, the listener, think about the last time you tried to open a bank account online. Or applied for a lease. Right, or signed a legal document through a web portal. This isn't just an abstract debate for software engineers. The hidden architecture of digital trust that we are going to tear apart today is the invisible shield operating in milliseconds behind your screen. It protects your most valuable assets. It does. We are going to explore the rapid evolution of remote online notarization, examine the critical collapse of those outdated, trivia-based security systems, and figure out how legal professionals are walking an incredibly treacherous tightrope when it comes to biometric privacy. And to really grasp the magnitude of the shift, I think we have to establish the baseline first. Let's do it. For centuries, the notarial act, which is the legal foundation of proving identity and preventing fraud, it was fundamentally anchored to physical presence. Right. You had to be there. Exactly. It was a physical piece of paper, it was wet ink, it was an embossed stamp, or maybe a wax seal, and most importantly, it required two human beings sitting in the exact same room, breathing the same air. The notary's primary job was to act as an impartial, state-commissioned witness. They look you in the eye, they physically inspect your driver's license under the light, and they ensure you are signing a document willingly. But obviously, the digital shift has completely upended that physical requirement. According to the research, this revolution really started to gain legislative traction back in 2012. Right, in Virginia. Yes, the Commonwealth of Virginia became the very first state to authorize remote online notarization, or on as we call it in the industry. But as with so many digital transformations, it was the global pandemic that acted as the ultimate accelerant. It changed everything overnight. It really did. Suddenly you legally couldn't be in the same room as a notary. And today, Auron is authorized in the vast majority of states. Yeah. But bringing a process that is hundreds of years old into a web browser isn't just about, you know, throwing a notary on a standard Zoom call. No, definitely not. The state laws mandate a very rigid anatomy for a RON session. We're gonna dive into all of those strict requirements right after we take a quick moment to pause for a word from our sponsors. Sounds good. And hey, while we take this quick break, if you really want to master this field and elevate your professional understanding, you need to check out the notary knowledge books by Derek Sproul. They are an absolute must-read for anyone navigating this space. We will be right back. All right, we're back. So getting into the anatomy of that RON session, as you were saying, you can't just fire up a consumer video chat app and sign a morning. Right. That would be a disaster. Complete disaster. The sources outline a mandated, multi-factor sequence of events that elevate a RON session into a highly secure, legally binding environment. And the first mandatory step in that sequence is credential analysis. Aaron Powell Okay, so this is where human inspection is entirely replaced by software, right? Precisely. The signer uses their smartphone or webcam to capture high-resolution images of the front and back of their government-issued ID. Then advanced optical character recognition or OCR combined with computer vision just takes over. Wait, let's slow down on the computer vision part. Because I think people assume it's just taking a photograph and like reading the letters. Oh, it is so much more than that. Right. The white papers indicate it's doing something much more aggressive than just reading the name and the address. Aaron Ross Powell Vastly more aggressive. It is actively interrogating the digital image of the document. State IDs are embedded with incredibly complex security features. Like the holograms. Yes, holograms, but also microprinting that is practically invisible to the naked eye. It checks for specific font kerning and it looks at the mathematically encoded barcodes on the back. The computer vision algorithms are analyzing the image at a literal pixel level. Wow. They are checking how light reflects off the supposed hologram. They are looking for compression artifacts. What are compression artifacts? They are these tiny pixelated distortions that occur when someone uses, say, Photoshop to alter a birth date or a name. The AI can spot those inconsistencies. It also reads the PDF 417 barcode on the back of the card. Okay, the squiggly barcode thing. Exactly. It reads that to ensure the encrypted data completely matches the printed text on the front. It's hunting for sophisticated digital manipulation that a human eye would easily miss on a standard webcam feed. Okay, that makes sense. But I want to pull in a really crucial distinction raised by the National Association of Secretaries of State, the NAS, in their white paper. Oh, the validation versus verification argument. Yes. They explicitly warn about confusing two different concepts here. Validation versus verification. If I'm understanding the credential analysis step correctly, we are only validating the piece of plastic. That is the core of the entire security model, yes. Let me try to visualize this for everyone. Imagine we are trying to get backstage at a major concert. Validation is the security guard taking my physical VIP pass, shining a black light on it to reveal the hidden watermark, checking the holographic sticker, and determining, yes, this pass was genuinely printed by the venue's ticket office. Right. It is a valid, authentic document. That is credential analysis. Correct. You have proven the object is real. But verification is the next necessary step. Yeah. That's when the security guard looks at the photo printed on the valid VIP pass, looks up at my actual face, and ensures that I am the celebrity pictured on the badge. Yeah, and not just some random fan who found a legitimate VIP pass dropped in the parking lot. Exactly. That is a perfect analogy. And the NAS source material explicitly warns developers and lawmakers about the peril of disconnected steps. What does that mean in practice? Well, if a digital platform allows a signer to be verified, meaning we prove you are the person presenting the data, but the platform never rigorously validated the underlying identity credential in the first place, the entire trust model collapses. Aaron Powell Because you could be verifying a real human being against a completely fabricated synthetic identity that they literally just printed in their basement. Exactly. If the VIP pass is a convincing counterfeit, it honestly doesn't matter how thoroughly the security guard checks that your face matches the fake photo. Right. You've verified a person against a fraudulent foundation. That's why credential analysis, validating the document with computer vision, is the non-negotiable foundation. So first we know the object is real. Right. But once we know the idea is real, we have to prove the person holding it is the rightful owner. And this brings us to the second step of a Ron's session, which is identity proofing. And this is where the source material gets incredibly dramatic because the historical method for identity proofing is practically crumbling as we speak. It really is. For the longest time, the primary way we verified the human behind the screen was through knowledge-based authentication or KBA. The dreaded pop quiz. Exactly. If you're listening, you have absolutely experienced this. You upload your ID, and suddenly the screen generates five random questions about your life history. Yeah, questions like which of the following addresses did you reside at in 2011? Or what was the exact monthly payment on your auto loan with Chase Bank in 2014? Or which of these four people is a known associate or relative? Yes. And you sit there sweating, trying to remember if your car payment 10 years ago was $314 or $341. The underlying theory of KBA seemed pretty robust at the time it was designed, to be fair. It relies on third-party data aggregators. Like the massive credit bureaus. Right. Credit bureaus, public property records, utility registries. It uses them to pull incredibly specific data points and generate dynamic, multiple choice questions on the fly. The assumption was that only the legitimate individual would possess this deep historical knowledge about their own financial and personal life. And to make it even harder to cheat, state laws put intense statutory parameters around the quizzes. The sources point out the regulations in Utah, for example. Oh, Utah's rules are strict. Very. To legally pass KBA for a remote notarization in Utah, a signer must correctly answer a minimum of four out of five questions, and they are strictly limited to two minutes to complete the entire quiz. That tight time frame is a highly intentional friction point. To stop cheating. Exactly. The two-minute limit is specifically engineered to prevent a fraud actor from simply opening another browser tab, searching through stolen public records, or just Googling the answers in real time. You have to know it off the top of your head. But here is where the research reveals a catastrophic systemic failure. The sources make it undeniably clear that knowledge-based authentication is dying. It's on its last legs. And is dying because it relies entirely on stagnant data. That is the fatal flaw in the architecture. The data that fuels KBA, your previous addresses, the make and model of a car you finance in 2008, the maiden name of your aunt, that information never changes. It is static. Right. And unfortunately, due to decades of massive high-profile corporate data breaches across credit bureaus, retailers, and healthcare providers, that stagnant information is no longer a secret. Right at all. It hasn't been a secret for a long time. The reports from identity platforms like Proof and Secure in our Stack highlight that personal identifying information, or PII, is just floating in massive databases on the dark web. It's completely commoditized. It is. You can buy an individual's entire KBA profile, their whole financial history, social security number, past addresses for as little as one single dollar per record. And this leads to a truly dark irony in the world of cybersecurity. Because this static data is so cheaply and readily available, highly organized fraud rings aren't sitting there trying to guess your old address manually. They use bots, right? Yes. They are using automated scripts and bots to execute the KBA quizzes. The bot has the stolen database preloaded. It reads the question on the screen, instantly cross-references the stolen credit report, and selects the correct answer in milliseconds. So the bot actually performs better on the quiz than the actual human being. Usually, yeah. Because a human forgets the exact dollar amount of a 15-year-old car loan. But a bot reading a stolen CSV file has perfect memory. We have concrete empirical data validating this exact scenario from the sources. A comprehensive data study conducted by Secure looked closely at state agency KBA usage, and the numbers they found are staggering. They discovered that of the individuals who failed the KBA quiz, an overwhelming 92.8% of them were legitimate, well-intentioned users who simply couldn't remember obscure trivia about their own lives. 92.8%. Yes. They were improperly turned away from services they had a legal right to access. That is insane. If any traditional business turned away almost 93% of its legitimate paying customers just because the front door was too hard to open, that business would be bankrupt in a week. That is a staggering false negative rate. But the inverse of that metric is even more alarming from a security perspective. The study also revealed that of the individuals who actually passed the KBA quiz and gained access, 6.1% shade high risk indicators of being fraudulent actors or bots. Wow. So the system is actively punishing the consumer with immense friction while the criminals are slipping right through the front door because they hold the answer key. And beyond just being an annoyance, the sources bring up a severe sociological consequence of relying on KBA, which is the inclusion gap. It actively discriminates against certain demographics. It's a critical flaw in relying on credit bureaus for identity. KBA fundamentally assumes that you have what the financial industry calls a thick credit file. Meaning lots of loans and credit cards. Right. It assumes you have a long history of mortgages, auto loans, credit cards, and traditional banking interactions. But what if you don't? Yeah. Think about an 18-year-old college student who has never opened a line of credit. Or a recent immigrant who hasn't yet established a financial footprint in the United States. Or even just someone who strictly uses cash and debit cards because they prefer to live entirely debt-free. In the eyes of the system, you are considered credit thin. And for credit thin individuals, passing a KBA quiz isn't just difficult, it is mathematically impossible. Because there's no data to pull from. Right. The third-party databases literally lack the data required to generate five unique questions about your life. So through absolutely no fault of their own, these individuals are entirely locked out of essential digital, legal, and financial services. That's terrible. It is a systemic exclusion built directly into the architecture of the technology. Aaron Ross Powell So the system is easily bypassed by hackers, it infuriates legitimate users, and it completely discriminates against younger or credit-thin populations. What does this mean for the future of KBA? Yeah, according to the research that death knell has officially sounded, the National Institute of Standards and Technology, NIST, which is the federal gold standard for cybersecurity frameworks, has officially deprecated the use of KBA. Yes. In their special publication, 8633, which dictates digital identity guidelines. That's a huge deal. It really is. When NIST deprecates a technology, it sends a massive shockwave through the private sector. They are explicitly telling government agencies and the commercial industry to stop using this method for high assurance identity proofing. It simply does not provide the security you think it does. Aaron Powell Which forces the entire industry to pivot. If we can no longer rely on verifying what you know, because every hacker on the dark web knows it too, we have to transition to verifying who you are. Exactly. And that brings us to the biometric upgrade. We're going to dive deep into how algorithms scan your face right after this quick commercial break. Don't go anywhere. We'll be right back. All right, we are back. So before the break, we were talking about moving from what you know to who you are, the biometric upgrade. This is the fundamental paradigm shift. Instead of relying on a memory test, your unique physical biology and your behavior become the credential. The research papers we have, particularly the deep analysis into computer vision from Pratius, outline several different biometric modalities. The most prominent one we see in the RN space today is facial recognition. Yeah, it's everywhere now. But how exactly is this working? Because I assume it's not just taking a flat photograph of my face and playing a game of digital memory. No, no, it's vastly more complex than that. Modern facial recognition utilizes convolutional neural networks or CNNs. Okay. When you look into your webcam, the algorithm isn't just seeing a flat 2D image. It is analyzing shading, contours, and pixel density to map the unique three-dimensional geometry of your face. Like making a 3D model. Essentially, yes. It measures the precise distance between your pupils, the exact depth of your eye sockets, the shape of your cheekbones, and the curve of your jawline. It translates your physical face into a complex mathematical equation. It then compares that mathematical map to the photograph it extracted from the validated government ID during the credential analysis step we talked about earlier. Okay, so it connects the digital face to the plastic card. But facial recognition isn't the only tool in the shed. The texts also discuss fingerprint and iris scanning, which are statistically incredibly accurate. Very accurate. Though, as the sources note, reading the unique patterns of an iris requires specialized infrared cameras. So you can't exactly execute that on a standard $40 laptop webcam. True. But there are also voice and behavioral biometrics. Voice recognition relies on establishing a voice print during an initial enrollment phase, analyzing the unique frequencies and resonances of your vocal cords. But that has issues too, right? It does have vulnerabilities. If you have a severe respiratory cold or you're in a noisy coffee shop, the system might reject you. Behavioral biometrics, however, are utterly fascinating. Why is that? Because they don't look at your physical body at all. Wait, if it's not looking at your body, how is it a biometric? It analyzes how your body interacts with the digital environment. It monitors your typing cadence. My typing cadence. Yes. The exact milliseconds it takes you to move from the A key to the T key. It tracks the specific arc and speed of how you move your computer mouse or how hard you press on a smartphone touchscreen. That is wild. It compiles these microbehaviors to create a unique behavioral signature. It turns out the way you type your email address is as unique to you as your actual physical fingerprint. That is mind-blowing. But the real magic, and the reason the cybersecurity experts constantly use the term multimodal, is about combining these different sensors, right? Exactly. The key to building a robust, resilient system lies in layered defense. If you rely entirely on a single biometric modality, you are highly vulnerable to environmental noise. Like what? Bad lighting ruins facial recognition. A sore throat ruins voice recognition. A paper cut on your index finger ruins a fingerprint scan. But when you fuse multiple modalities together, say, requiring both facial recognition and a behavioral analysis of how you type your password, the mathematical probability of fraud drops exponentially. Because a froster would have to perfectly fake your face and perfectly mimic your typing speed simultaneously. Right. You mathematically crush what we call the false acceptance rate, or FAR, and the false rejection rate, or FRR. Okay. Explain those rates. Sure. If your facial scanner has an error rate of one in one hundred, and your behavioral scanner has an error rate of one in one hundred, combining them means the chance of a fraudster fooling both simultaneously drops to one in ten thousand, it creates an incredible high assurance environment. I understand the math, but I have to push back here. Let's play devil's advocate. Okay, let's do it. If the primary system is just looking at my face through a standard computer webcam, what stops a fraudster from going onto my public social media profile, downloading a high-resolution photograph of me, loading it onto an iPad, and just holding that glowing iPad screen up to the webcam to fool the algorithm? That is a highly common threat vector, and the industry formally calls it a presentation attack or a spoof. Okay. It is the exact reason why modern biometric systems employ a critical defense mechanism known as liveness detection. The camera isn't just looking for the correct geometric map of your face, it is actively working to prove that the face it sees belongs to a living, breathing, three-dimensional human being who is physically present in real time. How on earth does a standard webcam determine if I'm alive or if I'm just a piece of printed paper? The literature outlines two distinct methods for liveness detection. The older, more traditional method is active liveness. This requires the user to perform a specific, randomized action prompted by the screen. Oh, we've seen this. Yeah, it might tell you to slowly turn your head to the left or blink three times or read a sequence of random numbers aloud. Which honestly creates a lot of friction. It feels silly and it's annoying for the user. Aaron Powell It is annoying. And more importantly, as generative AI advances, sophisticated digital deepfakes can sometimes be programmed to mimic those specific movements. That is why the cutting edge of the industry has moved to passive liveness detection. So I don't have to do anything. Nothing at all. It happens entirely behind the scenes in milliseconds. While the camera is capturing your face for the geometric match, the AI is simultaneously running a secondary analysis on the video feed. Checking for what? It uses the reflection of light from the screen to determine 3D depth, proving it's not looking at a flat iPad screen. It analyzes the microtextures of human skin versus the texture of a silicone mask. That's impressive. But can it really tell the difference between skin and a really good high-res printout? It goes deeper than texture. Passive liveness systems can actually detect imperceptible physiological responses using a technique derived from photopletismography. Photo what? Photopletismography. It's a medical term, but basically the AI analyzes the microfluctuations in the red and green pixels of your face. Wait, are you saying the webcam is looking at the color of my pixels changing? Yes. Every time your heart beats, blood is pumped through the capillaries just beneath your skin. This causes a microscopic shift in the color of your skin that is completely invisible to the naked human eye. Oh wow. But standard webcam sensors can pick up those subtle pixel variations. The AI can literally detect your pulse simply by watching the video feed. That is crazy. A printed photo on an iPad doesn't have a heartbeat. A silicone mask doesn't have a pulse. It is a massive, almost science fiction level leap forward in preventing synthetic identity fraud. That is incredible technology. But understanding how deeply it looks at us naturally leads us into a much darker conversation. Because while this technology is incredibly secure, it carries an inherent, immutable risk. Immutable is the absolute perfect word for it. Right. Because if my bank password gets hacked and a massive data breach, it is a nightmare. I have to spend hours on the phone, monitor my credit, dispute charges, but ultimately I can go online, click forgot password, and create a brand new sequence of letters and numbers, my security is restored. True. But if a centralized database containing the exact three-dimensional geometric map of my face or the microscopic details of my fingerprint gets hacked by a state-sponsored actor, I cannot change my face. No, you can't. I cannot reset my fingerprint. That biological data is compromised forever. And lawmakers are becoming acutely aware of the radioactive nature of this data. The legal liabilities surrounding the collection and storage of biometric information are becoming intense. We see that in the sources, right? Yes. The prime example provided in our source stack is the Illinois Biometric Information Privacy Act, commonly known in the legal community as BIPA. BIPA. Right. This law was enacted back in 2008, but it has recently become the absolute template for statutory liability across the United States. What makes BPA so dangerous for tech companies? It's all about consent and enforcement. BPA requires private entities to provide explicit written notice and obtain informed written consent before they collect, capture, or store any biometric identifiers. But the real teeth of the law, the reason tech platforms are terrified of it, is the private right of action. Break that down for me. What does a private right of action actually mean in practice? In many privacy laws, if a company mishandles your data, you can only sue them if you can prove you suffered actual financial damages, like money being stolen from your bank account. Right. Under BPA's private right of action, you don't have to prove a single dollar of financial harm. The mere act of the company collecting or storing your facial geometry without following the strict written consent rules is a violation. And what's the penalty? The law assigns massive statutory damages, up to $5,000 for every single reckless violation. Wait, so if a company scans the faces of 10,000 employees for a time clock without proper consent, that's $5,000 times $10,000. Exactly. It scales exponentially. It has led to catastrophic multi-million dollar class action settlements that have bankrupted smaller companies and forced massive tech giants to pay out hundreds of millions. So if you are a remote online notarization platform or a traditional law firm utilizing Ron software, you are essentially handling absolute toxic waste if you are storing the raw biometric data of your clients. It is extremely risky. So how do they solve this? Because they obviously are still using facial recognition to verify signers. The modern mitigation strategy involves a complete architectural shift in how biometric data is handled, utilizing public key cryptography. In the consumer space, this is often branded as pass keys. Oh, I've heard of pass keys. Yeah, they are becoming the standard. The ultimate goal is to ensure that the platform or the law firm never actually receives, sees, or stores the raw, toxic biometric image. Okay, I need you to explain this to me like I'm five, because public key cryptography sounds like something out of a spy movie. How does this actually work when I'm just trying to sign a mortgage on my phone? Let's walk through it. When you set up biometric authentication, let's use Apple's Face ID or Windows as though as an example. Your device takes the scan of your face, but it doesn't save a JPEG photo. A trusted, highly secure hardware chip, physically isolated inside your own device, uses an algorithm to turn the geometric map of your face into what is called a feature vector. A feature vector. Is that just a fancy word for a string of numbers? Basically, yes. It's a complex mathematical representation of the data. Now here is the crucial part. That feature vector never leaves your phone. It is never transmitted over the internet to a server. So if it never leaves my phone, how does the remote notary platform know it's me? This is where the cryptography comes in. Let's use a lockbox analogy. Your device generates two mathematical keys: a private key that is locked inside your phone forever, and a public key that it gives to the notary platform. Okay. The public key is like an open padlock. The notary platform has the open padlock, but only your phone has the key to lock it. Okay, I'm with you. When you go to sign the document, the notary platform server sends a cryptographic challenge to your phone. Essentially it says, prove you have the private key. Right. Your phone prompts you to look at the camera. The local hardware chip checks your live face against the local feature vector. If the math matches, your phone uses the private key to digitally sign the challenge and sends the signed response back to the server. And the server. The server uses the public key it holds to verify the signature. So the server only ever receives a mathematical thumbs up from my device. Exactly. The website, the ROM platform, and the law firm never see your face. They never receive the feature vector, and they hold absolutely zero biometric data on their servers. That is brilliant. It is. The biometric matching happens entirely locally on your device. You get to harvest all the incredible convenience and security of biometrics without the platform showing the immense legal liability of storing toxic data under laws like BIPA. That is a brilliant, elegant solution to a terrifying high-tech privacy anxiety. We are going to explore how this high-tech anxiety connects to the physical, traditional rules of notaries right after the short break. We'll see you in a minute. Welcome back. So, what I find so deeply fascinating in our sources is how this cutting-edge algorithmic privacy debate bridges directly to the traditional physical privacy rules that notaries have been following for decades. Oh, absolutely. We have these extensive guidelines from the National Notary Association, the NNA, and they are incredibly strict about protecting personal information in the physical world. And they have to be. Even before the internet existed, notaries were entrusted with highly sensitive personal and financial data every single day. They are the gatekeepers of wealth transfer and medical directives. Take the thumbprint debate, for example. We just spent all this time talking about biometric fingerprints on smartphones. Yeah. In the physical notary world, having a signer press an actual ink thumbprint into a physical paper journal is a fantastic way to deter fraud. It's irrefutable physical proof. Exactly. Yeah. It is irrefutable proof that the specific human being was sitting in the chair. But the NNA specifically and aggressively advises notaries to avoid doing it unless state law explicitly demands it. Because of the exact privacy concerns we just discussed, a physical thumbprint in a book is a biometric identifier that notaries shouldn't collect unnecessarily. The sources point out the variance in state laws here, right? Yes. Certain states are massive outliers. Some strictly require a physical thumbprint in the notary journal for real property deeds and powers of attorney. They prioritize the fraud deterrence. But in other states. And this philosophy of data minimization goes way beyond just thumbprints. The NNA sources detail how notaries must actively train themselves to avoid overreading documents. Oh, this is a big one. A notary shouldn't sit there and read the full terms of your mortgage or the intimate details of your living will. They're only supposed to scan the document visually for two specific reasons. Right. To ensure there are no blank spaces that could be maliciously filled in after the signing, and to gather the basic administrative details needed for their journal entry, like the date of the document or its title. They are also strictly prohibited from making or keeping photocopies of a signer's driver's license, or demanding copies of the documents they are notarizing to keep for their own records, unless it is specifically required by state law. It is considered an unwarranted intrusion into the signer's personal affairs. Their job is to witness the signature, record the event in the journal, and hand the documents back. There is even a fascinating comment in the NNA form source we reviewed, where a veteran notary talks about their process for physical data privacy. The sticky notes. Yes. They talk about using large, opaque sticky notes to cover up previous entries in their bound paper journal. Which is so smart. It is. That way, when the current signer is signing the book, they can't casually glance up and see the names, home addresses, and signature types of the people who came into the office before them. It is this intense, highly manual, physical manifestation of data privacy. It perfectly highlights the dual reality of the modern notary. I mean, they are managing physical privacy, using sticky notes to obscure addresses, while simultaneously operating in a digital landscape governed by biometric privacy laws. Which brings up my absolute favorite detail from this entire stack of research. It perfectly captures this bizarre collision of 17th century tradition and 21st century technology. Yeah, I know exactly what you're gonna say. It's from a blog post by the Michigan Notary Association, and it is a heated debate over pen ink. The chemical composition of the pen. Yes. Think about the whiplash here. We are talking about utilizing multimodal convolutional neural networks to execute public key cryptography via passive liveness detection algorithms that read your pulse through pixels. And at the exact same time, professional notaries are having serious debates about whether to use a gel pen or a ballpoint pen. And there is a very legitimate scientifically backed legal reason for it. Right. The source explains the chemistry behind it. Gel ink is incredibly popular on consumers because it writes so smoothly and looks bold on the page. Everyone loves a good gel pen. They do. But gel ink is fundamentally water-based. Over time, it is susceptible to the elements. It will run if it gets damp, it will fade under sunlight. And if a document gets wet in a flood or a spilled cup of coffee, the signature is completely destroyed. It washes right off. Ballpoint ink, however, is oil-based. The thick paste dries quickly and is practically permanent. It won't wash away easily. Therefore, for legacy documents, deeds that need to be recorded for a century, wills, family trusts, they absolutely must be signed in black or dark blue ballpoint ink, not a smooth gel pen. It is a remarkable testament to the expansive knowledge required in the profession. A notary public today must seamlessly navigate the cryptographic security of an online signing platform, ensure compliance with the liability traps of biometric privacy laws, and then simultaneously remember to physically check if the client sitting across from them is using a water-based gel pen that might render a physical property deed completely invalid in 20 years. It's wild. They are the ultimate custodians of trust, balancing cutting-edge AI and basic chemistry. Which leads us to the final part of our discussion: the future of trust and persistent identity. This is where it all comes together. Where is all of this high-tech identity verification actually heading? Because right now, even with biometrics, the process still feels a bit clunky. The end point of this technology, as deeply discussed by digital trust platforms like Proof, is the concept of persistent identity. Okay, what does that mean? Currently, the identity verification model is highly transactional. Every single time you want to execute a high-stakes transaction, whether it's with a different bank, a different title company, or a different government portal, you jump through all the hoops from scratch. Ugh. Yes. You pull out your physical ID, you take photos of the front and back, you wait for the OCR to validate it, you do the KBA quiz if they still use it, you do the biometric liveness scan. It happens over and over. It's exhausting. It's like going through the full TSA security line at the airport, taking off your shoes and unpacking your laptop every single time you want to enter a new building in your daily life. Precisely. But the concept of persistent identity completely changes that paradigm. The idea is that once a signer goes through the rigorous high assurance credential analysis and the initial biometric matching process, their verified identity is cryptographically saved. Saved where? It becomes a portable token bound to their personal device using the public key cryptography we discussed earlier. So they do the hard frictional work exactly once. Exactly. For any future transactions across a federated network of businesses that accept that persistent identity, the user doesn't need to dig out their passport, they don't need to rescan a driver's license under good lighting, and they certainly don't need to take a multiple choice pop quiz about a 2014 car loan. They just use the token. A simple, frictionless biometric facial match, a quick half-second glance at their smartphone camera instantly and securely authenticates them based on that previously established high assurance identity token. It makes digital trust portable. It's the ultimate version of TSA precheck for the entire internet. It removes the massive friction from the digital economy, ending the high drop-off rates for businesses, while simultaneously maintaining or even significantly increasing the actual security against automated bot attacks. But this naturally raises a massive question about the human element. If the AI is doing all the heavy lifting, if the computer vision is validating the holograms on the ID, if the photopletismography is checking the pulse for liveness, and if the cryptography is securely storing the persistent identity. Yeah, I see where you're going with this. Why on earth do we still require a human notary to join a video call? Can't the software just witness the signature? It's a valid question, but it fundamentally misunderstands the dual nature of a notarization. Because despite all of this incredibly advanced computer vision, the human notary remains the ultimate, irreplaceable safeguard in the legal system. Walk me through why. The technology, the biometric facial mapping, the cryptographic PASKIS, the OCR, all of that confirms the identity. It mathematically proves that the person sitting in front of the screen is definitively John Doe. Right. But the live human notary is there to confirm the human condition. Aaron Powell This goes back to what we touched on during the Anatomy of Iran session. Yes. The artificial intelligence cannot tell if John Dirt is deeply confused by the legal jargon on the screen. The AI cannot determine if John Doe is suffering from early onset dementia or cognitive decline and doesn't actually comprehend the massive implications of the power of attorney he is about to sign. That is a crucial point. And most importantly, the AI camera only sees a narrow field of view. It cannot tell if an abusive relative is standing just off camera in the living room, holding a physical threat over John Doe to coerce him into signing away the deed to his house. So the technology definitively confirms the who, but only the human notary can confirm the willingness. Exactly. The human element of empathy, of reading subtle social cues, of assessing tone of voice for duress, of asking an open-ended question to gauge cognitive awareness, that is something that currently cannot be algorithmically replicated by a neural network. Not yet, anyway. Right. The technology simply clears the massive administrative hurdle of identification, pushing the bots and the fraudsters out of the way so the professional notary can focus entirely on their core historical duty. Which is being an impartial human witness to a free and willing act. Per se. So let's wrap this all up. We have covered a massive paradigm shift today. We've traced the evolution of digital trust from physical paper, wet ink, and easily hacked multiple choice trivia questions all the way to multimodal biometric facial mabbing, passive liveness detection that reads your heartbeat, secure audiovisual audit trails that last a decade, and the intense legal responsibility of navigating the toxic privacy liabilities of BPA. It truly is a fundamental architectural rewiring of how modern society establishes trust across vast digital distances. So think about this. The next time you sit down to sign a digital document, whether you are closing on your first house, setting up a living will, or just logging into a secure portal, take a moment to appreciate what's happening behind the glass. There is so much going on. Appreciate the invisible high-stakes architecture of computer vision and cryptography that is working in milliseconds to validate your ID, protect your privacy, and secure your most valuable assets. And as we look toward this rapidly approaching future of persistent identities, where our highly verified selves are stored securely as cryptographic tokens on our personal devices, it leaves us with a profound question about the physical artifacts we've relied on for our entire lives. What's the final thought here? Where does this ultimately lead us? If biometric persistent identities become truly universal and federated across governments and corporations, if our faces, our voices, and our behaviors are mathematically proven to be unique, instantly verifiable, and cryptographically secure without a centralized honeypot of data, will we eventually see the complete death of the government-issued physical ID card entirely? Wow. If the algorithms and local secure enclaves can prove who we are with absolute certainty without a piece of plastic, will our physical bodies eventually become our only required passports? Now that is a massive concept to think about. And remember, if you have any questions about this evolving landscape, be sure to email your questions to Derek at dereksbruel.com. We will try to answer as soon as possible at the end of our shows. Please rate the show, subscribe, and share the podcast with others. It really helps us out. Credits for today's show. Executive producer Derek Spruel, writer Marilyn Lee Trotter, graphics, Eddie Montez Travis, Music, Thomas Bynum. Produced by Magnificent Works Business Solutions, Inc. This is notary knowledge. Since you started your notary business, strive for excellence. Introducing the book Notary Operational Excellence by Derek Spruel. Build your business on a beacon of precision and trust with expert advice. Check out Notary Operational Excellence by Derek Spruell from Amazon.com, Barnes Noble, Books of Million, Bookshop.org, Mobile Notary by DerekSprowel.com, or download from Kindle today.