Security

TECHNOLOGY SPECIAL REPORT

Electronic Signatures: The Proof Is in the Process

In the wake of federal e-signature legislation that Congress approved nearly four years ago, the online financial world has seen dozens of Internet companies proffer solutions that promised tamper-proof electronic signatures. The recurring result was a steady stream of solutions that raised lots of business interest but never really materialized in an industry-wide standard.

But a resurgence of interest slowly is building again. Industry watchers note that the use of electronic signatures and electronic records to conduct all types of transactions is rapidly taking hold in the United States, as well as in the global economy. With that growth is a worry over the legality of electronic signatures.

As the number of electronic transactions increases, the potential for disputes involving electronic signatures and electronic records becomes an essential element in the risk-management plans of all types of businesses. The recurring question from organizations seeking to embrace the promise of E-commerce is increasingly, “How do I prove these electronically signed agreements if challenged in court?”

New Software Process

Until the Internet age, express delivery and courier services carried the bulk of written records bearing original signatures. Fax machines and e-mail often expedited document delivery. But the courts had no legislative mandate to guarantee the legality of faxed or scanned signatures affixed to documents.

Those days might be disappearing. DocuSign has developed a service that seems to overcome the failures of proprietary e-sign software and hardware. Most of the solutions in the past have required some complex software that works with a particular application.

What caused the initial loss in interest, some analysts have said, were the restrictions in the solutions offered. Most of the software was pegged to Microsoft applications. Many business entities used older products — such as Microsoft Works or older proprietary packages. The first generation e-sign solutions lacked compatibility or universality. Even more recent solutions like VeriSign’s digital certificate required traditional mail delivery of a paper certificate.

According to Thomas Gonser, cofounder and executive vice president of products and business development at DocuSign, the DocuSign Express online e-signature service works with any business application. In essence, it solves the software compatibility issue.

“We built a system that allows anything that prints to be digitally inserted into a document,” Gonser told TechNewsWorld. “It’s patterned after the law, and it creates a proof trail.”

Federal E-Sign Law

Brian Casey, an attorney with insurance liability experts Lord, Bissell & Brook, said the E-Sign Act of 2001 established the legality of digital signatures in documents transmitted electronically. But there haven’t been any litigations over the validity of electronic signatures since the federal law was created.

The legal definition of an electronic signature requires three components. The digital signature must be an electronic sound, symbol or process. It must be attached to a contract or other record. It must be adopted by a person with an interest in signing, according to Brian Smith, also an attorney with Lord, Bissell & Brook.

DocuSign’s Gonser said that, so far, 43 states have adopted regulations for e-sign compliance. “The national law covers all the big concerns. The state adoptions cover regional concerns,” he said. The crux of the federal e-sign law is being able to prove the digital signature.

“The law says it must be verifiable,” Gonser said. “As defined by law, a signature is a unique representation of one’s signature.”

Not the Supermarket Pen Pad

An electronically signed document under the e-sign law is not the same thing as a digitized signature. For example, when consumers sign their names on a keypad device attached to a cash register or ATM machine, they have signed their name digitally.

This is completely different from a digital symbol inserted into a document on a computer screen. An e-signature does not have to look like a person’s handwritten signature, Gonser said.

The process developed by DocuSign places a graphic border around the object that is the e-signature. A link hidden in the graphic authenticates the signature at DocuSign’s secure server.

Gonser said the key to this process is a locked audit trail that cannot be altered. The e-signed document becomes locked to guarantee that it is the original document after the e-signature is affixed.

The security process involves verification of the signer’s domain name. The next step involves answering verified questions unique to the signer. Then the digital signature is stamped to the document file and must be verified with a password. The last step is to lock the document with encryption and a double-hash system.

“A well-designed e-signature business process presents no greater risks than signing a paper document,” said attorney Smith.

Risk Factors Tested, Sort Of

A team of Lord, Bissell & Brook LLP lawyers, along with electronic signature solution provider DocuSign, and the Georgia State University’s Department of Risk Management and School of Law attempted to answer the question of how much risk the insurance industry faces with e-signed policies from online transactions. The test was provided in the context of a mock trial demonstration from the university on June 17th.

The three-hour mock trial was presented to a live audience of insurance industry leaders and lawyers. The event also was delivered to media representatives, including TechNewsWorld, via the Web.

The premise of the “litigation” was an electronic signature on an electronic insurance application. The signer died several months after purchasing the insurance policy over the Internet from the fictitious E-Mutual Life Insurance Company. The insured died from complications associated with tobacco use. The husband indicated that he was a nonsmoker when he filled in the online policy. The widow sued the insurance company after it denied payment of death benefits because it claimed the husband had checked the yes box indicating he was a smoker.

Attorney Brian Smith told the audience the mock trial would focus on issues pertinent to the insurance industry. But he said the scenario was also applicable to other industries. The scripted testimony detailed the identity authentication process and the properties of the locked original document.

DocuSign Express Highlights

DocuSign Express is a Web service that allows the presentation of documents for signature, certified delivery or carbon-copy creation directly from the user’s computer. It works with any document able to be printed from a Window PC.

The recipient is not required to download or install any new software. All that is needed is an e-mail account and a standard Web browser. Document senders simply print into a DocuSign Instant Envelope where the contents are encrypted and stored on a secured server. Receiving an electronic document requires no special software.

Recipients are invited via e-mail to authenticate, review and sign the documents using a unique “Electronic Signature Stamp” created just for them. Once everyone has completed signing, all parties have the option to print a master copy for their records, download a signed copy for local storage, or archive for secure long-term storage.

E-Sign Law Compliance

“Online signing can actually work this time,” said DocuSign’s Gonser. “It’s never been doable like this before.”

DocuSign’s fees are priced to fit existing land express delivery charges. The company charges one price regardless of how many documents are included.

“We are seeing a steady but slow increase in the number of clients wanting to do this. The fear factor is driving the marketplace,” said Lord, Bissell & Brook attorney Brian Smith. “Companies don’t want to become a test case.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Security

Technewsworld Channels