Digital Signatures Revisited
July 2010 (No. 3)
It has been ten years since E-Sign—the federal law validating electronic signatures—was adopted, yet there has been little use of them in maritime and other transactions. Lack of familiarity, trust, and comfort in a new process that is fundamentally different from traditional signatures has delayed progress toward electronic contracts. As businesses shift to electronic recordkeeping, however, the need for digital signatures will become increasingly compelling. Deciding how to proceed requires consideration of practical, legal, and technological issues.
E-Sign validated “electronic signatures” are defined as an electronic sound, symbol, or process associated with a contract or other record by a person with the intent to sign the record. 15 U.S.C. § 7006. Digital signatures are a subset of electronic signatures and are more elaborate and secure than a simple symbol or typed name that might be used as an electronic signature. Under such a broad validation, the issue of validity of an electronic signature will rarely arise. The real issue is a question of evidence and proof—whether a particular electronic signature method will provide a party with the means to readily establish the genuine text of the document and the identity of the signatories in the event of a dispute. A simple method could be used for such things as internal documents, and a more elaborate one for important contracts.
The fundamental difference between paper and electronic documentation of a deal is that, in the electronic world, there are no original documents. In the paper world, each party would be given a signed original of the contract that would be stored in paper form. If a discrepancy in contract language later surfaced, each party would rely on its original document to establish the terms of the contract. If necessary, the paper contracts would be examined to detect alterations.
In the absence of a paper original, the parties could still establish the chain of custody and control of an electronic document, but in the absence of a digital signature, it is much more difficult to establish that an unauthorized change was made to the document.
The typical method of documenting a deal today is half electronic. The parties exchange electronic drafts and redlined copies until an agreement is reached on the document. Then, either the entire document or the signature pages are printed and circulated physically to the parties for signature. At the time of signing, there is no efficient way to determine if the document being signed is identical to the form of the agreed draft. Often, when the signed paper original is received, the parties will return it to electronic form by scanning it for filing and archiving. The scanned document is subject to inadvertent and deliberate alteration.
In contrast, a document that is to be signed digitally may be circulated for signature by e-mail, it can be readily compared to the previous draft, and its integrity will be maintained when archived. If the signed document is altered (other than by adding signatures), the signature software will indicate that the document is no longer identical to the one that was signed.
Digital signatures are generated by software that uses public key encryption systems. Each user has a public key, which is made available to others, and a private key, which is kept confidential. The keys, which consist of a long series of numbers, are unique. Anything encrypted by the private key can be decrypted only by the related public key. A document is signed by using the private key to do an encryption. If a public key will decrypt that encryption, then you know that it was encrypted using the related private key. The identity of the holder of that private key must be established separately as described below.
The encryption that is performed in signing a document is essentially a unique digital fingerprint of the document, known as the “hash.” The hash is a mathematical expression of the distribution of the ones and zeroes in the digital form of the document. Signature software verifies the integrity of a signed document by calculating the hash value of the current document and then comparing it to the encrypted hash in the digital signature. If they match, the document has not been altered since the time of signing. Digital signatures do not prevent future alterations to the signed document. Instead, document integrity is established by having the software confirm that the file has not been altered since the time it was signed. The software can detect even the most minute changes to a signed document. Removal of one space from a document, for example, will cause the software to report that the document has been modified.
The most challenging aspect of digital signatures is establishing the identity of the signatory, the holder of the private key. The keys themselves do not provide this information. A separate digitally signed certificate must be obtained that states essentially that “John Smith is the holder of public key 175984236…9.” This certificate is issued by a recognized certification authority such as Verisign or Truste. To confirm the identity of the signer, the certificate can be checked online with the issuer who will also verify the period during which the certificate is valid. If the certificate was valid at the time of signing, the identity of the signer is established.
Adobe has simplified the use and management of digital signatures by integrating some of the steps in signing and verifying signatures into its Acrobat software. In Acrobat, a digital signature can be applied to a pdf document. (Other software companies also provide electronic signature systems. Adobe is used as an example here because it developed the portable document format (“pdf”) and it has had long experience with electronic signatures. In addition, all the courts that have instituted electronic filing require the use of documents in pdf.)
Adobe has collaborated with security companies such as Verisign, Truste, and GeoTrust enabling them to offer an “Adobe credential.” The credential contains a private key and a certificate issued by the security company. Prior to issuing the credential, the security company verifies the identity of the applicant. If the applicant is signing on behalf of an entity, the certificate will reflect such capacity if the entity confirms the applicant’s authority to the security company. A fee is charged for issuing credentials. Verisign, for example, charges $595.
The credential itself is contained in a USB token and access is protected by a password. To sign a document in Acrobat, the user would plug the USB token into the computer, invoke the signatures section of Acrobat, and enter a password. Acrobat will then affix a digital signature to the document together with a certificate of the security company.
The Acrobat software is programmed to recognize the certificates of the security companies that issue Adobe credentials. Thus, a recipient of the document can obtain confirmation of the document’s integrity and the identity of the signer by using Acrobat. If the computer is on-line, Acrobat will check the security company’s list of expired certificates to ensure that the certificate was valid at the time the contract was signed.
Assuming that the security companies use adequate procedures to verify an applicant’s identity and any representative capacity, the Adobe credential provides a secure and reliable digital signature system. Signing in this manner will not be commonplace, of course, until enough people obtain Adobe credentials.
Acrobat also contains a signature generating facility that produces what is known as a “self certificated signature.” Such a signature is like a traditional holographic or “wet” signature in that it is not accompanied by any independent verification that it is the signature of the person purportedly signing the document. It does establish the integrity of the document. A graphic of one’s wet signature can be attached to the digital signatures applied by Acrobat. If you are dealing with a person whose signature is known to you, a self certificated signature could be sufficient. For an important contract, or one for which the identity of the signatory may need to be confirmed when the signatory is no longer available, a self certificated signature would not be appropriate.
Adobe recently started testing a cloud-based service using its LifeCycle software, called Adobe eSignatures. (LifeCycle is enterprise software that manages workflow and digital signatures. eSignatures essentially permits smaller entities to use parts of the LifeCycle program that is running on Adobe’s computers on the Internet, hence in the “cloud.”) To use this system, a user registers with eSignatures on the web by providing their name, e-mail address, and a password. eSignatures then confirms the e-mail address by sending an e-mail to the user containing a return link. Once registered, the user can have a document signed by logging into eSignatures, uploading a pdf document to be signed, and listing the e-mail addresses of the other persons whose signatures are required. eSignatures then applies the signature of the first signer and notifies the other signatories that there is a document to be signed at the eSignatures site. The signatories will then either register (which will be followed by confirmation of their e-mail address) or login if they have previously registered. Once logged in, they will be presented with the text of the document and a request that they sign it by clicking a “Sign” button.
Presumably, eSignatures issues signature keys to each registrant, retains them, then applies them to documents each time eSignatures receives authorization on its website from that user to sign a document. From the user’s perspective, the process is quick and easy and results in a digitally signed document whose integrity is certified by Adobe. Adobe does not, however, certify the identity of the signatories, which is entirely dependent upon the initiator’s providing the correct e-mail addresses of the signatories.
In situations in which e-mail messages are frequently exchanged, sufficient trust can be established that it would not be unreasonable to assume that the person at an e-mail address is who he says he is, particularly if the address follows the usual name@companyname format. If the identity of the signatory is later disputed, it should be possible to obtain information from the company to establish the signatory’s e-mail address, even if the signatory is no longer employed. Then the process used by eSignatures would have to be proved. With eSignatures, we progress from having to know a person’s signature (as with the self certificated signatures) to needing to know only his e-mail address.
While the ease and convenience provided by eSignatures is attractive, there are some drawbacks. Many parties will be reluctant to upload their contracts to Adobe unless they are assured that unauthorized access is prevented. Because eSignatures presents signatories with a static image of the document, comparison of the document to be signed does not appear to be possible.
A great deal of time and expense could be saved by using digital signatures that would be beneficial for commerce. When delays are reduced, commerce usually increases. Adobe estimates that over $7 billion a year is spent shipping paper documents in order to obtain signatures, most of which could be eliminated by using digital signatures.
Notice: The purpose of this newsletter is to identify select developments that may be of interest to readers. The information contained herein is abridged and summarized from various sources, the accuracy and completeness of which cannot be assured. The Advisory should not be construed as legal advice or opinion, and is not a substitute for the advice of counsel. Additional information on Blank Rome may be found on our website www.blankrome.com.