Security

Digital signatures

Federal and state legislators are debating the validity of digital signatures. Will there come a time when you won't have to sign on the dotted line—on paper?


Your virtual John Hancock, please. That’s right—the time may come when you can decide whether you want to use ink. Should an encrypted data attachment be as legally valid as a handwritten signature? This question and others surrounding it are being debated in national and international political arenas. The implications of the decisions reach to the far edges of the e-commerce world.

What are digital signatures?
Digital signatures are secure attachments of an identifiable, individual electronic mark to an electronic document or message. Ben Wright, author of The Law of Electronic Commerce , cites three basic types of digital signatures:
  1. Classic Public-Key Cryptography: The digital signer gets a private key number that is used with a digital certificate. These are used jointly for verification.
  2. Biometric Signature Method I: The signer registers biometric information, such as handwritten signature dynamics or voiceprint, with a central registrar.
  3. Biometric Signature Method II: The signer simply applies his or her biometric data to a document, primarily a handwritten signature, and prior registration with a central registrar isn’t necessary. Verification, if required, is completed manually by handwriting experts. According to Wright, this is the most common form of digital signatures.

Legislative inquiries into the matter at hand
Currently about 40 states have different digital signature laws on their books. Federal legislation, such as the Electronic Signatures in Global and National Commerce Act (H.R. 1714 ), is intended to explore standardized international and national regulatory options for electronic commerce transactions. The act “will help promote electronic commerce by giving consumers and businesses greater confidence and peace of mind about their online transactions,” said Rep.Tom Bliley (R-Virginia), the act’s cosponsor. The act empowers the Department of Commerce to investigate potential obstacles to the success of digital signatures and report the findings to Congress. The Commerce Department will:
  • Identify if other nations have restraints against the use of digital signatures in e-commerce.
  • Determine if international standards are effective in monitoring the use of digital signatures in e-commerce.

Furthermore, in October 1998, President Clinton signed a digital signatures bill sponsored by Sen. Spencer Abraham (R-Michigan). The Government Paperwork Reduction Act forces federal agencies to accept forms signed with digital signatures in an effort to reduce government paperwork by allowing forms to be submitted electronically.

International regulations
In December 1998, the United Nations drafted an article on the issue that raised questions about how to verify identification and the liabilities involved if another party uses someone’s signature fraudulently. The UN’s WorkingGroup on Electronic Commerce urges people to protect their digital signature and to report the detection of a fraudulent use of their signature immediately to the appropriate agencies. The UN article is intended to be applicable to other digital technology, not just digital signatures.

Obstacles to the use of digital signatures in e-commerce
Besides the search for international and national norms, other issues must be considered. For example, on which documents are electronic signatures acceptable? And where will the signatures be registered?

Now, the answer to this question depends on the state you are in. In Pennsylvania’s Electronic Transaction Act, electronic records, signatures, and contracts are included, but living wills or health-care power of attorney are not.

The Pennsylvania legislation is technology neutral but created certain standards to ensure that the information collected by registrars is accurate. Wright also cautioned against the government setting particular technology guidelines, saying, ”Government should not be mandating particular technology standards. Technology is too much in a state of flux today.…The market should decide which technologies to use and when.”

What does it mean?
Eventually most of the concerns involving e-commerce will eliminated. Some estimates predict online sales will hit $30 billion by 2000 as e-commerce picks up steam. So proponents of the recent federal legislation believe government action would provide additional peace of mind for online customers, indicating that the industry hasn’t done enough to promote the privacy necessary for secure online transactions.

Critics assert that market forces will determine which digital signatures plan survives, but time is necessary to let the industry work it out. This is one area of e-commerce to watch. Think about it the next time you ink your signature on a contract.
We want your comments and opinions on this story. Let us know what you think. Please send replies and submission ideas to cio@techrepublic.com .
 

Editor's Picks

Free Newsletters, In your Inbox