Cybercrime

E-Signatures: Unsigned, Unsealed, Undelivered

It has been almost a year since former President Bill Clinton signed into law the Electronic Signatures in Global and National Commerce (E-SIGN) Act.

That was the legislation that cleared the way for digital signatures, a move many thought would be pivotal in catapulting electronic commerce into this millennium. Suddenly, everything from auto loans to home mortgages could be signed, sealed and delivered without so much as a Bic pen or a sheet of paper.

Clearly, things have become more complicated than that, because we hear very little about digital signatures these days.

Was it an idea that seemed viable in the planning stage, but more complex in execution? Was it simply a Clinton-era stage show designed to show the administration’s forward-thinking approach to e-commerce? Is it an idea that might still work if the kinks are ironed out?

If you checked “all of the above,” you’re looking at the big picture. Kudos to you for that, since legislators evidently had tunnel vision in their approach to e-signatures.

For those who haven’t noticed, the public at large has not yet rallied behind the concept of digital signatures. In fact, many people, if asked, probably do not understand how a digital signature works. Perhaps if the process of using digital signatures were easier, the masses might get behind the idea.

Too Many Hurdles?

But consider what has to happen before a company can even use e-signatures. First, the seller or provider of service must inform customers that digital signatures are accepted and convince them to use the technology.

Then, the company has to ensure that the customer has the appropriate software to even use a digital signature. Then, if the customer so demands, the company has to supply a hard copy anyway.

Somewhere in there, the company also has to specify whether the customer’s digital signature is for one sale or a series of sales. If it is for one sale, the company has to send the customer verification that the digital signature is being used only once.

Seems like a lot of steps just to use new technology, doesn’t it? Until the process can be streamlined, I may just opt for my Bic pen.

Options Unlimited

If there is one stumbling block that could hand e-signatures a fate worse than Betamax videotapes, it is the lack of a common technology to be used for all transactions. Because no standards have been specified, dozens of developers are racing to get their product to the forefront, leaving both sellers and buyers scrambling.

For example, if your bank does not employ the same digital signature technology as your mortgage company, and your online brokerage uses something different than the company that manages your self-guided retirement plan, will you need four different types of software/hardware to use digital signatures for all of your transactions?

If so, how many of us are going to be willing — or even able — to support that effort?

A Matter of Trust

Meanwhile, as if all of these issues were not cumbersome enough, concern over the potential for identity theft via digital signatures remains.

Ask most consumers what keeps them from doing more business on the Internet, and you’re likely to hear the same fearful, distrustful responses repeatedly.

With a constituency already concerned about revealing credit-card numbers online, the prospect of losing the last bastion of personal security — the handwritten signature — is daunting.

It appears digital signatures have miles to go before we willingly and routinely click. For all of the above reasons.

What do you think? Let’s talk about it.


Note: The opinions expressed by our columnists are their own and do not necessarily reflect the views of the E-Commerce Times or its management.


7 Comments

  • I agree with you whole heartly! I represent a company that does digital signatures and uses certificates from Versign and Entrust.

    I placed a paperless office system worth over $1.4M in 1989. There was over 200 people tied into the system. At that time, that was a lot of money. In 1993, the system was trashed because no one knew how to use the system and trusted it. They relied on their own paper on their desk/s.

    Now in 2001, we seem to be going through this again. No one wants to change. The problem is, with that Sept 11 tragedy, many businesses/organizations are having many problems. The employees NOW have to change. If they resist, they will be left out. Possibly even without a job. I know what I am stating is harsh but it is a reality! We all need to really consider that change is now required and manditory. There are many advantages to using Digital Signatures. The problem is, no one knows what it is, how to use it, and what are the advatanges/disadvantages of using it.

    We are staying with our focus and still applying Digital Signatures. I just wish there was something we can do to move this very valuable commodity along. I agree that the public needs a better understanding of what it is.

    Keep me aware of any changes you see in the market/public.

    Sincerely,

    Rene Salazar

    [email protected]

    PS- If you send me an email where I can send you a brief about Digital Signatures for our customers(not a sales brief), I would be happy to send it to you.

    • I have to agree with Greenburg that it’s possible it was all just posturing on the part of the Clinton administration. So far President Bush does not seem real inclined to promote technological advances that would jump start ecommerce.

      Also, I have to wonder if your average Joe, like me, would feel good about digital signatures. I still like the feeling of a contract in my hand. If I buy a house or a car I think I want to meet face to face with the seller and have us all sign our names and shake hands.

      I think it’s possible e-signatures haven’t advanced any more than they have because we just don’t really feel a big need for them.

      • E-signatures do not exclude handshakes when buying a house or a car. This is all poorly

        understood. E-signatures benefit the routing, speed and storing of documents in electronic form.

        This is where a large part of the savings are realized. Contractual information is also much more

        legible when routed via e-mail than routing offers and counteroffer for a house via fax. After an

        offer has been faxed three or four times back and forth it is almost not legible. iTV aired an

        infomercial on May 26, 2001 about e-signatures. A mortgage company was shown where

        buyers of a house signed on a touch pad in the office of the title company and the handshake

        followed.

        What is mostly assumed is that products will be purchased unseen. That is not the way this

        technology is going to be used routinely. For small items that may be the case, but we do

        that already via charge cards and orders over the telephone even without a signature.

        E-signatures are coming in a big way, but perhaps not quite the way people thought of them.

        There are technologies available today that can accomplish this securely. Ultimately, the comfort

        level of the individuals is going to determine the outcome. I can say this: I have opened brokerage

        accounts and filed tax returns, both very important things to do, and I never shook anybody’s hand

        upon completion. I had to send the signature page by snail mail.

  • >we hear very little about digital signatures these days.

    What does he make of Identrus? Or of large scale B2G PKI like the Australian Tax Office: 70,000 small businesses digitally sign monthly tax returns.

    >Perhaps if the process of using digital signatures were easier …

    It’s as easy as using your Amex Blue Card.

    > if your bank does not employ the same digital signature technology as your mortgage company, and your online brokerage uses something different …

    All this is entirely hypothetical.

    – Few institutions have invested in PKI to the extent suggested.

    – The old fashioned notion that we would wander around cyberspace with a personal digital certificate, using it for all e-business, was always a fantasy and should never have been expected to eventuate.

    Instead, digital certificates are being embedded in specific applications. This neutralises the interoperability and usability fears.

    The killer apps for PKI are very specific — highly structured, highly automated transactions carrying high risk or high value (e.g. e-health, government reporting, equities trading, B2B financial trades etc). PKI is not good for one-off transactions, regardless of value or risk.

    Finally, there is no real prospect of “losing the last bastion of personal security — the handwritten signature”. There is no one-size-fits-all digital signature solution, and the handwritten signature will remain de rigueur for a great many applications.

    Stephen Wilson

    Director Policy & Strategy, beTRUSTed

    PricewaterhouseCoopers

  • An inherent flaw in this article is that the terms e-signature and digital signature are used interchangeably. A digital signature, however, is merely a form of electronic signture using an encryption method for added security. What E-Sign does is far more than enable digital signatures to be valid for binding contracts. The language of E-Sign itself allows for an act as simple as a mouse click on an “I Agree” button to count as a legally valid signature. Sure digital signature technology is expensive and slow, but the E-Sign Act specifically disallows mandating the use of such technology in order to validate a contract. Instead, virtually any conduct that shows a willingness to be bound will do.

    That said, I agree with the article’s recitation of the various hoops that need to be jumped through in order for an e-business to rely on an e-signature. Congress certainly placed a rather lengthy framework in the legislation that e-business needs to be aware of. Overall, E-Sign can open a lot of doors. Hopefully we’ll see them swinging open soon.

  • The digital signatures must be unequivocably tied to a person at all times and under any conditions. Applying a digital signature via password is only as strong as the password.

    An actual manual signature whose image appears on the page as we sign a document. Clearly this image can be pasted onto the document by anyone that has a copy of the

    personal signature. There can be more to it, however. A biometric e-signature, one that measures the dynamics of the stroke pattern as it is created, is extremely personal and can not be forged. Biometric

    e-signatures that appear on a document can also be identified by myself as appearing to be my signature. If a biometric token is embedded with the signature into the locked document and encrypted the

    signature can be examined at any time POST signing for its validity. This method securely ties the signature to a person and it can not be stolen. We now have a signature that securely ties the signature to a person and we have PKI technology to transport the document over the internet to the recipient.

    There are several companies in the business of biometric e-signatures. They are Communications Intelligence Corporation (CIC), PenOp and CADIX/Cybersign. CIC acquired PenOp which leaves

    Cybersign as their competition. CIC has formed an alliance with Verisign for PKI support and can securely attach their biometric

    e-signatures to Word or Acrobat documents. Since Acrobat PDF file format is very universal the capability

    exists to sign almost any document. Indeed title companies, insurance companies, the Dale County, Florida

    police department, and the Orange County Building Permit Department have adopted this technology.

  • I think a lot of the points brought up in this article are valid indeed. Perhaps another way of thinking about digital signatures is to view them as a “technology” (i.e., a physical “thing” or apparatus that does something) that goes through a series of three phases (Elite, Popular, Specialized). Though encryption/decryption technology has been around quite a while, it is, to the vast majority of the population, “new” (i.e., there are a limited or elite number of users). Eventually, however, digital signature technology will (like all forms of technology) move into a Popular phase and (as new forms of technology come onto the scene and reposition it) a Specialized phase. The bottom line: Digital signature technology is still in its “incunabula” or cradle period–eventually it won’t be.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

How often do you receive an email that you suspect is fraudulent?
Loading ... Loading ...

LinuxInsider Channels