A fax is not more secure than email


in Internet matters, Rants, Security

The way complex organizations assess technology and security is often very silly:

A: “Here is the signed document, as a PDF file that I scanned and emailed.”

B: “No good. We need a hard copy.”

A: “Well, I can mail one to you within about a week.”

B: “That’s far too long. Why don’t you just fax it?”

A boots laptop

A opens PDF file

A clicks ‘print,’ plugs laptop into telephone, sends the fax.

Result: a lower quality version of precisely the same thing is transferred, at greater expense.

{ 8 comments… read them below or add one }

R.K June 11, 2007 at 9:51 pm

Fax: a completely outdated technology nonetheless taking ages to die.

Anon June 12, 2007 at 11:59 am

In fairness, the person asking for the fax probably doesn’t set policy. If the rule book says that a fax is a ‘hard copy’ and an email is not, there isn’t much that they can do.

Mike Kushnir June 12, 2007 at 1:51 pm

milan, congrats. you have pretty much summed up the inner workings of the french republic in one paragraph.

i’ll see if sarko will give you a better offer to streamline the bureaucracy than EC will to fight climate change.

Edward June 14, 2007 at 4:37 pm

Milan, oh, you’re going to love working for the government…

. June 3, 2008 at 10:55 am

Schneier Asks Why We Accept Fax Signatures

Bruce Schneier’s latest commentary looks into one of my pet peeves: faxed signature requirements. He writes “Aren’t fax signatures the weirdest thing? It’s trivial to cut and paste — with real scissors and glue — anyone’s signature onto a document so that it’ll look real when faxed. There is so little security in fax signatures that it’s mind-boggling that anyone accepts them. Yet people do, all the time. I’ve signed book contracts, credit card authorizations, nondisclosure…” It’s amazing how organizations are sometimes willing to accept low-quality, unverified scans delivered over POTS as authoritative, when they won’t take the same information in a high-resolution scan delivered over (relatively secure) email.

. June 3, 2008 at 10:59 am

Fax Signatures

“On October 30, 2004, Tristian Wilson was released from a Memphis jail on the authority of a forged fax message. It wasn’t even a particularly good forgery. It wasn’t on the standard letterhead of the West Memphis Police Department. The name of the policeman who signed the fax was misspelled. And the time stamp on the top of the fax clearly showed that it was sent from a local McDonald’s.”

Milan September 29, 2009 at 2:58 pm

To clarify the above, there are at least two measures of ‘security’ to consider here:

1) Security from interception.

2) Security from forged documents.

Fax is probably worse than email for (2), since the quality of the images is low and they are in black and white.

When it comes to (1), that depends on the position and resources available to potential attackers. For instance, if you are worried that the IT people at your office might look at an email message, fax is probably more secure.

jason August 25, 2011 at 12:56 pm

Hello, I found this post trying to figure out which method, fax or email, is better for transmitting sensitive information? Also I don’t want to offend you, but because its so important let me please share this with you. Let me ask: Ever lied? Stolen anything at all? Looked with lust (which Jesus said is adultery in heart)? A good judge won’t let a murderer go free. God is so good he will also punish liars, thieves, fornicators, etc. On Judgement Day you will be guilty, sentenced to eternal torment in fire. But, God sent his Son, Jesus, to suffer & die on the cross. He then rose from the dead. It was a legal transaction: you broke God’s law, but Jesus paid the price. If you turn from all sin today & trust in Jesus Christ alone (not in any deeds you do, etc.) God will forgive you & give you eternal life. Please read and obey the Bible daily! Thank you so much for reading this and for your time!

Leave a Comment

Previous post:

Next post: