Secondary Marketing Executive Online

Anatomy of the Electronic Signature: You Gotta’ Trust
A signature authenticates writing by identifying the signer with the signed document. The act of signing a document calls to the signer's attention the legal significance of the signer's act.

By Mike Bridges

The move to electronic commerce is like a runaway train that no one can stop. According to a Forrester Research report published this year, “annual B2B e-commerce is projected to soar from $43 billion in 1998 to $1 trillion by 2003.” The future of online processing can not be ignored; reduced processing cost, improved customer service and 7 by 24 customer access to information anywhere in the world is very compelling.

At the center of this new paradigm is the electronic transaction, so what’s the problem? “Trust.” Today we purchase many goods and services through retail channels, contracting and yes, even a simple handshake. All these transactions rely on people doing business with people. For 2000 years this has been symbolized by making your mark on a paper document committing trust to the execution of the transaction.

So what is the power of your signature on a document representing a transaction? Everything! According to the American Bar Association, a signature is not part of the substance of a transaction, but rather of its representation or form. Signing writings serve the following general purposes of evidence, ceremony, approval and logistics.

A signature authenticates writing by identifying the signer with the signed document. When the signer makes a mark in a distinctive manner, the writing becomes attributable to the signer. The act of signing a document calls to the signer's attention the legal significance of the signer's act.

In certain contexts defined by law or custom, a signature expresses the signer's approval or authorization of the writing, or the signer's intention that it has legal effect. A signature on a written document often imparts a sense of clarity and finality to the transaction and may lessen the subsequent need to inquire beyond the face of a document. Negotiable instruments, for example, rely upon formal requirements, including a signature, for their ability to change hands with ease, rapidity, and minimal interruption.

So now the challenge becomes, how do we mimic a 2000-year-old custom in the electronic future? How do we carry forward the tradition of “trust” found in wet signatures on a paper document to an electronic form located 1,000 miles away with people we’ve never met? Is society ready to lose the pen and pick up an electronic certificate?

These questions lay before our speeding train and without careful attention, it could slow down or worst; send it off the tracks of e-commerce.

Different kinds of electronic signatures
Electronic signature means any letters, characters, numbers, or other symbols in digital form (attached to or logically associated with an electronic transaction) including a digital signature, executed or adopted by a party with present intention to authenticate the electronic transaction. Moving forward with the electronic signature, we must first understand the differences that today’s technology offers. There are basically two approaches to electronic signatures--electronic handwriting and document digital signature.

Electronic handwriting signature capture is a technology for signing electronic document files with a handwritten signature. This technology application is typically found today in many retail stores and package delivery services. The signer takes a plastic pen and signs their name across a membrane device, which captures and renders a computer image of their signature.

The end of this transaction usually produces a paper receipt that the signer keeps for their records. The establishment using the technology then allows for the complete elimination of the mailing, storage, filing, copying, and retrieval of paper documents.
Electronic handwriting signature technology through market pressures has evolved with a focus on authentication of the signer. Most handwriting capture solutions include forensic and biometric verification of a signature. You cannot view this forensic and biometric information normally because it’s meant for handwriting experts and the forensic document examiner.

If this data were displayed or printed to show biometric and forensic cues, we would potentially be providing cues to a potential forger.
Biometric data is stored with the signature and includes characteristics on how the signature was created. The pressure of the pen at different parts of the signature, the X and Y axis in which the letters were formed, the order of crossing “t” and dotting “i” and more.
Some applications require the signer to execute two or three signatures for an average. All this is designed to authenticate the signer’s signature if tested in forensics.

Another device for authentication is the fingerprint scanner. Signatures are not completed until the signer places their finger on the device and the fingerprint is captured. The fingerprint data is then married with the signature data and the transaction is completed.
Document digital signature is another approach in binding the signer to an electronic document for authentication. This technology finds its roots in encryption and the application is Public Key Infrastructure (PKI). This is not a new science but a new computer application. At the basic heart of PKI is a mathematical algorithm and a known value called a “seed.” Used together, an electronic document can be encrypted and only opened or authenticated if the receiver knows the seed.

The popular application today is the private/public key combined with a certificate authority. It’s important to note, with PKI there is no requirement for the signer's handwritten signature. While there's more to it behind the scenes, the visible portion of the document digital signature is the signer's name, title and firm name, along with the certificate serial number and the certification authority name.
Document digital signature is a simple process and may vary slightly in the software you use, but your digital signature software does all the work. You select the signature option, then select the document, and finally enter your secret authorization code.

Everything is accomplished electronically; you do not take a pen in hand and sign paper. A digital code is attached to an electronic document that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the electronic document is who they claim to be and also that the document received has not been altered.
When the electronic document is received, the recipient may desire to verify that the document has not been altered in transit. Furthermore, the recipient may wish to be certain of the signer's identity. The digital signature authority can provide both of these services.

A digital signature is an electronic analogue of a written signature in that the digital signature can be used in proving to the recipient or a third party that the signer in fact, signed the electronic document.

With digital signatures, forgery is next to impossible - much more difficult than forging a handwritten signature. First, a digital signature is more of a process than just affixing a signature. For example, when the document is "digitally signed," the digital software scans the document and creates a calculation, which represents the document. This calculation becomes part of the "digital signature." When the recipient authenticates the signature, a similar process is carried out. The sender's and the receiver's calculations are then compared. If the results are the same, the signature is valid; if they are different, the signature is not valid.

Acceptance of electronic documents
Now that we have defined the technology and its applications, what do the prevailing authorities think, legal or not? If (legal), then the second question becomes, will the market accept it? First let’s look at the legal question.

In an overview, there are only two Federal acts adopted today that address the use of electronic signatures, Internal Revenue Restructuring and Reform Bill (1997) and the Government Paperwork Elimination Act (1998). The IRS Act says, “A tax return filed electronically under the provisions of the Act shall be treated for all purposes in the same manner as though signed and subscribed.
Any return filed electronically shall be presumed to have been submitted and subscribed to by the person on whose behalf it was filed.”
Government Paperwork Elimination Act states that, “electronic signature as a method of signing an electronic message that - (a) identifies and authenticates a particular person as the source of such electronic message; and (b) indicates such person's approval of the information contained in such electronic message.”

There are 18 other bills introduced and pending which focus on Federal agencies as to the guidelines for accepting electronic signatures and interstate commerce.

Two bills though focus on interstate commerce and are much broader, designed as a blueprint for Federal agencies and states. The Millennium Digital Commerce Act of 1999---this measure features a technology-neutral standard for electronic authentication. The measure, if adopted this year, would be out ahead of a National Conference of Commissioners on Uniform State Laws' effort to craft a Uniform Electronic Transactions Act, a uniform law that seeks to accomplish much the same goal.

These bills are to regulate interstate commerce by electronic means by permitting and encouraging the continued expansion of electronic commerce through the operation of free market forces, and other purposes. One bill provides legal effect nationwide to agreements made in electronic form, such as contracts entered into online.
The second bill (H.R. 1320) provides that state governments remain free to enact electronic commerce laws consistent with its terms, and further provides that states adopting NCCUSL's UETA proposal will be deemed to have met this criterion.
The general position of the Federal government is to leave it up to the states to enact laws and statutes. The interesting twist in all of this is the parallel efforts to review taxation impact of e-commerce. Many states feel that e-commerce will have a negative impact on their ability to collect taxes associated with commerce and are looking to tie the two efforts together. Bottom line, depending on the nature of the e-commerce solution, be sure to check all Federal, State and Local statutes because they do differ and you may find you’re not in compliance.

Cost of electronic signature solutions
The costs of deploying an e-commerce solution varies, depending on the nature of the transaction and solution provider. Business-to-Consumer (B2C) solutions center around a credit card payment, which today is considered an electronic signature. Forms-based solutions which are not associated with credit card payments have a different challenge. First question is, do you require an electronic handwriting signature, a digital document solution or both?

In general, e-commerce solutions today are custom-programmed solutions outsourced or hosted by an Application Service Provider (ASP). These projects are running well into the millions of dollars but if properly done, can save much more. Specific to electronic signatures, the below pricing addresses both electronic handwriting and digital signatures.

Electronic handwriting solutions have two components, software and hardware. Many vendors provide the complete solution, which in quantity cost about $200 to $1,000 per user. The software can range from $100 for simple handwriting capture to $700 depending on the level of biometric desired.

Signing tablets that connect to a personal computer or notebook computer range from $100 to $400. The more expensive signing tablets provide hardcopy signature layout on the signing membrane designed to give the customer a wet signature copy while capturing the electronic handwriting at the same time.

Document digital signatures or PKI solution costs also vary by breath of solution and provider. A recent Aberdeen Consulting Group report compared three vendors with three levels of rollout. VeriSign, Netscape and Entrust priced out solutions based on 5,000, 50,000 and 500,000 users. The average cost for a 5,000-user rollout was $125 each, $34 each and $12 each respectively.

A combined solution of electronic handwriting and digital signature solutions could cost as much as $325 per user. Indirect costs would include other requirements of the total solution such as a personal computer, Internet access, electronic form processing software, database management and support.

Electronic signatures will be an essential tool for conducting e-commerce. Early adopters will find many problems proportional to the scope of the transaction they need to capture. Challenges focus on the dynamics of emerging e-commerce standards, legislative process and finally market acceptance.

There are active standard bodies trying to address the first hurdle of PKI, which is interoperability. A draft for standardizing electronic business transactions compiled by the European Telecommunications Standards Institute's (ETSI) is now available on the Web. The draft, under the European Electronic Signature Standardization Initiative (EESSI), follows the European commission’s proposal for a directive to provide a community framework for electronic signatures. The focus of research is to determine the legal validity of electronic signatures. The aim of the first set of standards is to meet the minimum requirements required for the interoperability of electronic signatures used in secure business transactions, thereby encouraging the development of secure e-commerce.

The legislative process concerning electronic signatures is moving but it will take time (2-to-3 years). Many states are waiting for the Federal government to adopt guidelines as well as standards bodies to conclude their work. The real agenda here though, is taxation. The taxation effort is lagging behind and with Internet groups opposing taxation of Web business, this further delays the entire process. Reality is Internet groups opposing taxation must yield on this matter if they want e-commerce to spread.

Our e-commerce pioneers can only determine market acceptance. There are only two outcomes, good or bad, nothing in-between. Spending millions with no return will have its own accountability. Being a success can have just as bad a result. The recent e-commerce problem at Thomas & Betts Corporation as reported in Computerworld (2/21/00) cost the company $62 million in revenue because the solution could not handle the volume.

The basic question to ask yourself is “Are my products or services brought or sold?” If the latter, then e-commerce may not be the way to go. The point being, determine if e-commerce is right for you, then worry about electronic signatures.

Will the potential ROI support such a challenge - yes. e-commerce can reduce the cost of doing business by an order of magnitude, which will translate into a significant competitive edge.

Mike Bridges is president of PaperClip Software, Hasbrouck Heights, N.J.

This article was previously published in the October 2000 Issue of Secondary Marketing Executive.