Rupert Neethling The saying “Where America goes, the rest of the world will follow” is likely to come true yet again thanks to the implementation on October 1 of a United States law that gives the official stamp of approval to e- signatures. Globally, the acceptance of electronic signatures as legal tender can certainly save administrative costs – not to mention trees. But consumer uncertainty as well as the initial cost of setting up the required infrastructure point to a rocky road ahead. The main focus of the Electronic Signatures in Global and National Commerce Act (E-Sign for short) is, of course, on e-commerce. It paves the way to a future when car and home purchases will be made online and business contracts will be “signed” using a technology that makes electrons as legally binding as ink. And American President Bill Clinton put his money where his mouth was in June this year when he first signed the Bill using pen and paper, and then using a smartcard.
Described as “purposely broad”, the new law defines an e-signature as “an electronic sound, symbol or process, attached to, or logically associated with, a contract”. Unable to predict a future standard and unwilling to prescribe one, the lawmakers apparently tried to be as vague as possible, leaving it to business to decide on the most effective technology. Meanwhile, with the exception of court documents such as eviction notices, court orders and wills, any e-signature now carries the same legal weight as its paper-based counterpart. There are fears that the field is being left wide open for disputes concerning veracity as well as possible fraud. Indeed, critics have already attacked the legal definition as being far too broad. In effect, it means that an e-signature can be just about anything that can be transmitted electronically – including just pressing a button on a telephone or clicking on a hyperlink. But defenders of the Act’s wording say it also stipulates that if an e- signature is deemed invalid, so is the transaction.
Perhaps because it’s a comforting continuation of an existing standard, some hope is held out for the use of actual scanned-in signatures. One of the leaders in signatures of this nature is OnSign, Inc. (www.onsign .com). With OnSign’s free e- signature software, users can “bind” images of their handwritten signatures to MS Word documents as well as e-mail sent via Outlook and Outlook Express. If such documents or e- mail messages are tampered with – for instance if text is altered or if someone tries to use the signature in a different document – the OnSign signature is automatically crossed out. Passwords, in theory at least, provide an extra level of security.
An even more secure technology that is being held up as a possible new standard for e- signatures is biometrics. Unhampered by the problems inherent in passwords, biometrics makes use of a person’s physical traits to uniquely identify that person. It can be found in eye lasers, fingerprint devices, face-scanners, voice-recognition software and the like. Biometrics also helps make handwritten signatures harder to fake, since it can measure how long it took to write the signature and how many strokes it took. But while it’s an attractive technology, biometrics may prove too costly to implement on a wide scale.
These technologies all have their advantages, but it is debatable whether they can replace the widespread e-commerce standards that are already in use. In fact, the different public key infrastructure (PKI) technologies of big-name developers like VeriSign (www.verisign. com), RSA (www.rsasecurity.com) and Entrust (www.entrust.com) already form the cornerstone of much of the e-commerce taking place on the Net today. PKI isn’t just one thing: it’s described as “a combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet”. Ordinary users are most likely to come across PKI technology in the form of digital certificates, which are issued to all parties involved in an e-commerce transaction.
The E-Sign Act may have opened the door for other competitors, but when it comes to PKI, everyone has a lot of catching up to do. Which may actually be good news, because in the race to make e-signatures more efficient, cost-effective and secure, e- commerce and consumers should be the ultimate winners. Other countries that have approved or adopted digital signatures include the United Kingdom, France, Finland and Thailand