I have been digitally signing quite a few documents lately, and I finally read the notices that pop up when I click on the signature box. A box pops up that says that a digital signature has the same legal effect as a handwritten one or something of that sort. I use it on Pure Edge (.xdfl) documents.
Seems to me that it would be a lot easier to argue in court that someone stole my common access card and somehow got my PIN and signed a document for me instead of someone copied my handwritten signature so well, that an expert analysis could not tell the difference.
So does this notice hold legal ground, or is it like saying that a permission slip can let someone escape all liability?
The U.S. has enacted laws to validate the use of electronic signatures - Wikipedia has an overview. My understanding is that it was pushed for by various businesses who were looking to streamline processes that formerly required paper. (I was told that via the same company channels that tell me my company’s lobbyists were involved in pushing through in the ESign act.)
If you’ve submitted your income taxes electronically over the last several years, you were asked for a “PIN”. They are mostly made up on the spot and never used by the taxpayer again. Its true function is to be an electronic signature.
As noted above, an electronic signature can have validity, depending on jurisdiction. I also think you’re over-estimating the effectiveness of handwriting analysis. The Master speaks :-
I don’t know the legal aspects, and I am sure it would vary. It probably depends more on what is acceptable by the people you are doing business with than law.
I am interested to know, technically, what the OP means by “digital signature.” This phrase most often means signing with a digital certificate issued by a trusted third-party Certificate Authority like VeriSign. That IMHO should be just as acceptable, in fact better than, an ink signature. You just need to protect your private key (which is kind of like a PIN only more sophisticated).
I also less frequently have heard the phrase used to mean “a digital image of an ink signature.” I do work for the federal government and our contracting officer will accept a PDF file with a scanned signature as equivalent to a hard copy with an ink signature.
I have no idea what the IRS does (technically) even though I have filed electronically and gotten my PIN.
And then there is what the OP is talking about, which I don’t really understand. I have never heard of Pure Edge so I don’t know how that works.
I was assuming that he meant the (electronic) version I am familiar with for work, but fair enough question.
An example of a process that we do everyday that electronic signatures simplified is assigning a beneficiary for a life insurance plan. (Life insurance because that’s what I’m familiar with, and because I think pensions and 401(k)s have additional legal hoops to jump through.)
In the bad old days, we would send someone (via the web) through a page where they elected their life insurance amount. They would be notified that beneficiaries were needed for that plan, and they would be receive a form to fill out in 5 to 7 days via postal mail. Some small percentage of people would send the form back to us. An employee would have to look at the form for any mistakes, and if needed mail it back to the person, along with a letter they generated explaining what changes were needed. Once we had a valid form, someone would manually enter all of the information into our system (often resulting in transcription mistakes), and the system would send the person a confirmation letter. The system would also send a file containing the beneficiary information to the insurance company. The paper beneficiary form that we accepted, meanwhile, would be stored on a shelf somewhere so that it was accessable during the claims process.
Unfortunately, there was very little that could be done to smooth out the process, due to the need to have a physical legal signature on a piece of paper. We eventually put in a next web page after your life election, where you could put your beneficiary information on the system yourself, but it wasn’t official until we got the paperwork back. We would then send you a pre-filled out form to sign and return. That helped as it decreased transcription errors and the number of forms that needed to be returned to the person for correction, but paper always slows down the process and increases the number of employees needed.
After the electronic signatures were legal enough to satisfy the federal government and our clients, we were able to change the process to:
Elect life insurance amount on web page.
Put in beneficiary information on next web page.
Hit the “confirm” button.
The system automatically sends you a confirmation notice (to your email if you choose), and a file to the insurance company.
No human interaction needed, less frustration and fewer errors for the customer, and everything is finished up that same day. Customers are also more likely to actually enter the information (paper notoriously goes unread by large percentages of people), and also to keep it updated each year when electing their life insurance for that year. And no paper to store indefinitely.
This is all possible because the government (and insurance companies) consider clicking “confirm” to be your “signature”.
What if there was a dispute and I claimed that I never clicked “confirm” and you said that I did indeed click “confirm”. How would such a dispute be resolved in court? What type of proof would you have that:
1> Confirm was clicked on my page.
2> It was me clicking it
The army issues everyone an ID card called a common access card. This card has a RFID chip embedded in it which stores all kinds of data on it. Among the things it stores is a PIN that you choose.
Pure Edge, a program used by the army to generate electronic forms, has an option where rather than filling out the form, printing it, and signing it, you can put your CAC into a reader, click on the signature box, and it will read your info off of the card, ask for your PIN and then print your name and some other stuff in the signature box. The army, at least, considers this to be the same as if you had printed out the form and signed it with a pen.
Given the fact that it is not uncommon for people to forge their superior’s signatures (usually with the superior’s consent) in order to get the necessary paperwork to accomplish a mission filled out, I would say that a digital signature is actually quite a bit more secure than an illegible scribble. That is just my personal opinion though.
The important thing to realise about digital signatures and their comparision with physical ones is that we didn’t adopt handwritten signatures to authenticate documents because they’re particularly secure against repudiation and forgery. They were adopted because they’re cheap, convenient and only a tiny percentage of documents are ever disputed anyway. And of the tiny percentage that are disputed, there will usually be contextual evidence to resolve the issue other than the physical signature. And of course, for high value cases (wills,some contracts), signatures are witnessed by trustworthy third partners,
As an example,say someone runs up a huge credit card bill, and tries to avoid paying it back by claiming the signature on the card holders’s agreement was forged. The credit card company is going to be able to present lots of evidence establishing that the card was used in lots of places, never reported stolen, and will probably have CCTV of him using it. The forgery claims aren’t going to get very far, and that’s with no analysis of the signature involved at all.
So the answer to the question about clicking “confirm” is that the dispute would likely be resolved by examining contextual evidence :- are there logs proving that you proceeded onto a web page that displayed when you clicked “confirm” ? What IP address was involved , if so ? Was that IP address related to you, and who else had access to it ? In my opinion, clicking “confirm” is probably a pretty weak form of signature, particularly against repudiation, but it could stand up, with sufficent safeguards. Don’t forget, in child porn cases, people have been jailed by computer forensics evidence. A reasonable level of proof could apply in the “confirm” case, if the people running the web site were diligent enought (but they probably won’t be).
Along those lines, some States (like Kansas) have started to allow digital professional seals. I can now (or soon can) digitally stamp Engineering documents with my official seal, for example.
Exactly. What we do have permanently stored (for at least seven years, I think is the minimum, but in practice we never delete any of it) is the above log information - IP address, timestamp, account id, every web page you hit, and that someone clicked the confirm button, plus a whole slew of other related information. I’ve had to go through the logs in the data wearhouse before, and while it takes awhile to slog through it all, we can recreate what was done on the website pretty definitively. And if you claim that you weren’t the one who was logged into your account… shrug you should be protecting your username and password.