“A signature always reveals a man’s character – and sometimes even his name.”
— Evan Esar
A digital signature is an electronic, rather than a written scribble that
can be used to authenticate the identity of the sender.
It can also be used to ensure that the original content of the message or
document that has been conveyed is unchanged. Digital signatures are easily
transportable, cannot be readily repudiated or imitated, and can be
automatically time-stamped.
Pretty simply stuff really. All the same it’s safe to assume that when the
Electronic Signatures in Global and National Commerce Act (E-Sign Act) goes
into effect on Oct. 1, the law that grants e-mail the same legal leverage
as a signed contract is sure to be tested in court.
A digital signature can be used with any kind of message, whether it is
encrypted or not.
For example, let’s say I send a final draft of my will to an attorney. I
need to assure my lawyer that the document is unedited and verify that the
will really is from me. All I have to do is cut-and-paste the document
into an e-mail.
Using special software, I can translate my e-mail message into a
mathematical summary of the document. The translation process is commonly
known as hashing. I pickup a private key from a public authority to encrypt
the hash. This is a one of a kind key, so the encryption transforms my
common e-mail into my one-and-only digital signature.
At the other end of the e-mail message, my lawyer receives the document. To
make sure it’s intact and from me, my attorney makes a hash of the received
message and uses my now public key to decrypt the hash and decipher the
will. My attorney knows that the received message is valid and from me,
only if the hashes match.
If you prefer tech speak, digital signatures are created and verified by
cryptography, the branch of applied mathematics that concerns itself with
transforming messages into seemingly unintelligible forms and back again.
By using public key cryptography, digital signatures employ an algorithm
using two different but mathematically related “keys.” One key creates a
digital signature by transforming data into a seemingly unintelligible
form, and second key for verifies the digital signature by returning the
message to its original form. Computer equipment and software utilizing two
such keys are called an “asymmetric cryptosystem.”
Anyway you talk about it, digital signatures and the issues surrounding the
technology about to explode. Analysts are predicting great things for
digital signatures forecasting that the financial and realty markets will
be early adopters of authenticated e-mails.
Townsend Analytics anticipates that the traditional system of “open-outcry”
trading in the U.S. could soon become obsolete, replaced by a fully
electronic trading system that eliminates old inefficiencies. Forbes
published a recent article that describes how we will be able to purchase a
new house, with the click of a mouse.
The question that remains is whether the online public will trust an online
system to deliver sensitive information over the Net.
The World Wide Web Consortium is one group
that attempts to clearly define user benefits of the E-Sign Act by creating
interoperable solutions to conquer Internet trust concerns.
W3C’s mission in life is to develop interoperable technologies that help
the Web reach its full potential. The organization believes it’s critical
that end users to be able to decide what e-mail content they can trust and
more importantly, authenticate.
W3C contends that both needs are addressed by attaching hashing digital
signatures into online documents. However, e-commerce security lapses and
blunders have taken a toll on the industry and many users may require
additional information for an e-mail to earn their trust.
In terms of e-comme
rce guarantees, “trust me” has taken the form of third
party endorsements. TRUSTe seals of
approval and VeriSign secure server
certificates dot the dot-com industry.
But human nature may mandate other forms of verifying the authenticity of a
binding e-mail transaction.
W3C believes that market forces have created a variety of software that
overcomes the human trust barrier, but authenticity is another matter.
The W3C initiated a project designed to specify the framework, protocols,
and formats that would address authenticity issues and hopes to produce an
industry-wide method of implementing the core of its e-sign framework. The
project remains on going, but the group maintains that it is steadfast in
its goal to create interoperable solutions that conquer the problem of
Internet trust.
Unfortunately, the formal requirements for legal transactions, including
the need for signatures, vary in different legal systems. There is no
global uniform legal consequence for failing to secure a transaction in a
required format. Several counties still cut off the hand that thieves,
would that punishment translate to having ones e-mail severed in digital terms?
Although the basic nature of transactions has not changed with the advance
of technology, laws have only begun to adapt. Naturally the U.S. will step
into the void and lead the way to develop first national, then worldwide
standards for employing digital signatures across vertical industries.
Courtroom disputes over authenticated e-mail will eventually shape and
guide digital signatures down the path of ubiquitous standards for
origination and acceptance.
But that does not mean the legal and business communities will give up
paper anytime soon. It will take time for the industry to develop new rules
and practices that allow digital signature technology to make paper forms
and contracts obsolete.
After all, we’re going to have to have some bona fide back-up system in
place that also stores e-contracts for safekeeping at both ends of a
digitally signed e-mail.