Electronic/Digital Signatures
Posted Jan. 5, 2009 by Gabriel Hurley
I've been doing a bit of research into electronic signatures in the interest of simplifying long-distance contract arrangements for Zero Coordinate Inc, and I have to say that the matter as a whole is in a pretty unsatisfactory legal state currently.
In the US, there have been three primary laws passed since the late 1990's (the UETA, GPEA, and E-SIGN act) that do little more than to say that electronic signatures may be legally binding, and lay out in broad terms what the terms electronic and signature mean.
And in legal terms, a signature gives two key elements to a negotiable contract:
- A relatively unique mark on a document that is not easily changed without notice to indicate the authenticity of the signer and the security document.
- A clear intention on the part of the signer to finalize and enter into said contract.
The problems with digital signatures currently ends up being that despite more-than-adequate possible ways of proving both of those facts with innumerable technologies, legal procedent is so spotty that no one trusts it to be upheld against a good team of lawyers.
Various companies have stepped in with cryptographic digital signature technologies (like Adobe's PKI services for Acrobat) and others have come up with fancy ways of digitizing actual signatures into unique secure keys via touchpad and biometric means. They are implemented by-and-large only by large corporations and government agencies with the legal teams available to vet the whole process end to end.
In the end, the bottom line is that to really hold up in court, nobody so far trusts that an electronic signature is going to be enough. So people have turned to secondary methods to verify their claims, such as using proof of payment or ongoing business relationships to substantiate the "intention" part of the signature's purpose.
Key points:
- An electronic signature is the more appropriate term for the computerized form of a traditional pen & paper signature, as opposed to a digital signature, which is more commonly related to cryptography.
- Signatures on a paper contract offer a unique mark to identify the signer and show intent while making the paper document difficult to tamper with without detection.
- Using electronic signatures doesn't get you around any other legal requirements, notification requirements, or anything else.
- Legal precedent for upholding electronic signatures and digital consent to contracts is underwhelming to say the least.
- Secondary means of proving the intent portion of the electronic signature seem to be the most effective.
- EULAs and other web-based click-through agreements generally fall into a psuedo-legal category that has come to be accepted only due to previous legal precedent in their favor even though they meet far less rigorous signature requirements than other cases that have appeared in court.
- If in doubt, get a physical signature or, shocking thought, have a relationship with your client or customer.
Just to be clear, I'm not a lawyer and this is not legal advice. This is a summary of reasonably educated research online. take it with caution but if it helps you, please let me know in the comments!
I got into electronic signature research when I was building a food safety system that was used to store test results for E. Coli and other nasty pathogens. In that case, it made sense because the goal was to secure the test results document more than it was to enforce a contract. Contracts are tricker in that - believe or not - it could be easier for someone to raise the issue of security software bugs in court than to deny an ink signature on a piece of paper. At the end of the day, contracts codify a set of rules around a working relationship, and if that relationship goes bad, then it's just unpleasant, regardless of the method of executing the agreement!
Agreed 100%! For verifying the integrity of a document against possible changes or fraud the technology is definitely there for those serious about doing it (if you don't mind learning about cryptology and hashing).
Particularly in truly negotiable contracts wherein the terms are not some static or arbitrary set of rules that we can determine unilaterally, then the problem of guaranteeing that everyone sees, agrees to, and "signs" the same version is essential and difficult.
And I would like to hope that things wouldn't turn ugly with the types of contracts we're working on at present, but I'd much rather do things as best we're able now than end up regretting it later.
I appreciate Carl's point about "software bugs" being a defense in court. That said, it's generally a hell of a lot harder to tamper with a (properly) digitally signed document than it would be to re-order a bit of text and print out a new second page.
I think we may end up considering GPG for signing. It has a number of (obvious) advantages, including age (the tech has been around since the mid 90's), openness (you want to argue software bug in court, just pinpoint the line number), and the web of trust. The last is particularly useful for business relationships, because it doesn't rely on some mystical third-party solution provider to work properly, and doesn't stop working even if they happen to be conveniently "experiencing technical difficulties".
We actually use electronic signatures and it has been very useful. We are getting contracts signed faster and have eliminated paper contracts from our office. I agree, there are certain applications where they work and do not work. For sales contracts, they are perfect. We use a company called Sertifi