How Far to Trust Digital Signatures

By John Borland

A law passed in 2000 makes electronic signatures as binding as written signatures.

For all the digital age's promise, the reality of a paperless office remains elusive as mounds of paper continue to accumulate on your desk and those around you. It doesn't have to be this way. Paperless contracts are real, and they growing more common everyday.

It is increasingly routine for any transaction, from the simplest consumer purchase to million-dollar procurement deals between companies, to be completed online without anyone ever physically signing a piece of paper.

Thanks to a law passed in 2000 by the U.S. Congress, any signature made electronically -- whether it's typing your name at the bottom of an e-mail, pushing an "Accept" button, or using an electronic pen and pad -- is just as binding as an old-fashioned pen-and-paper John Hancock.

"The general rule is that any electronic signature is fine," says Tom Smedinghoff, an attorney at McBride Baker & Coles, of Chicago, who has written extensively on e-commerce law. "You can substitute an electronic signature where you'd ordinarily use paper in almost every case."

Digital signatures upheld in court

In most cases, all-digital agreements with clients or customers can safeguard a company’s interests. State and federal laws are squarely on the side of the virtual contract, and courts have repeatedly upheld the notion that electronic signatures -- at least in the context of typing a name at the bottom of an e-mail -- are valid, as long as it's clear to both parties that a signature is intended.  

But contracts, online or offline, are ultimately a matter of trust. Handwriting can be forged, or deals challenged after the fact. To this end, signatures are often made in front of witnesses as an added layer of security to be certain the signer is not a forger.
Verifying identities is just as important online. Digital signatures are legally binding, but if one party is pretending to be someone they're not, problems naturally arise. Here are some tips for ensuring your paperless transactions are secure and binding.

Password-protect yourself

Under the federal Electronic Signatures in Global and National Commerce Act (ESIGN), as well the similar Uniform Electronic Transactions Act adopted by many states, electronic signatures do not require any encryption or high-tech proof of identity to be valid. Thus, a simple "Click to Accept" form is technically binding. However, many companies add at least a log-in feature, with a unique user name and password, in order to add security to e-commerce or other transactions.

Encrypt identities

An added layer of security is provided by deploying digital identity certificates, which use strong encryption technology to lock information about a person or company's identity to the digital equivalent of a calling card. Because this information is protected by strong encryption, it can't be spoofed, and can be used only by the person who created it unless that person has lost or otherwise given away their private encryption key -- a kind of password on steroids. Digital certificates are often issued by third-party companies such as Verisign, an e-commerce security company based in Mountain View, Calif. As a result, the certificates are viewed as an extremely secure way of verifying identity, even though they are not required by law.

"The problem with the technology is that implementation, and getting people familiar with it, is so difficult," says Maury Shenk, a partner with Steptoe & Johnson, in London, who advises clients on digital issues. "But we do see a lot of large organizations starting to adopt digital signature systems internally."

It’s working, slowly

Lawyers say the six-year old system in the United States for treating digital signatures as the legal equivalent of their paper counterparts has so far worked with few hiccups. Initial concern from consumer groups has been largely allayed by elements that require companies to use paper contracts if one party asks for them.

Yet it is clear that commerce and contracts are moving to an increasingly secure electronic form, if only a little at a time.

"It is working," Smedinghoff says. "But people are still sticking their toes in the water in terms of implementation."