This week both chambers of the U.S. Congress approved legislation that outlines national standards for electronic record keeping and gives digital signatures the same legal validity as those written in ink.

As a result of this new legislation, e-documents signed with digital signatures will carry the same rights and liabilities as their paper and ink counterparts. This should result in cheaper, faster business transactions of all kinds: loans, business supplies, even insurance!

Once digital signatures are legally recognized as valid and safe, many consumers' fears about the security of e-commerce will be calmed, which will open the door to more online business.

The Benefits

There are a number of reasons this legislation will benefit e-businesses and their customers:

  • Faster, cheaper, and more accurate transactions will save businesses billions of dollars in transaction costs, and those cost savings can be passed on to customers.
  • Online transactions between businesses will be facilitated, increasing efficiency and further supporting the new B2B market.
  • Certain industries, such as insurance and financial services, that have traditionally relied on large amounts of paperwork will be able to fully conduct business with customers via the Web.
  • Companies could throw away the tons of paper that they are now required to keep on file -- as long as they have copies of the records in readable electronic form.
  • Huge amounts of paper will be saved, thus benefiting the environment.

A handful of documents, such as wills, court orders, mortgage foreclosures, and utility cancellations, will still need to be exchanged in paper form. But by legitimizing the use of digital signatures and electronic documents, Congress has effectively made a huge step toward oiling the e-commerce machinery, which is currently clogged with faxes, overnight document packages, overheated copy machines, misprinted documents, and miles of file cabinets that e-documents could replace.

The Legal Basics

If passed, the digital signature bill will legalize e-documents that are signed with digital signatures and electronically delivered. Why is a signature so significant? According to the American Bar Association, signatures serve the following functions:

  • Evidence. A signature authenticates a document by identifying the person making the distinctive mark as being the writer of the document.
  • Ceremony. By signing a document, the signer's attention is drawn to the significance of the act, helping to prevent "inconsiderate engagements."
  • Approval. A signature can express the signer's approval or authorization of a document, and the signer's intention that the document will have legal effect.

Democratic legislators were initially worried that passage of the digital signature and record keeping bill would put unsuspecting customers at risk. Therefore, provisions were added stating that companies may only send notices to customers via electronic means if they have the customers' prior consent. Companies will be required to actually verify their customers' ability to receive and open e-documents before entering into an online-only relationship with them. This will prevent customers from being unaware of important activity regarding their accounts ? or from being unaware that the accounts exist!

On the security front, it has been proven that digital signatures will actually provide higher levels of integrity and authenticity than those written in ink. In the paper world, it is much easier to mimic a signature and surreptitiously modify a document than it is in the cyberworld.

How the Technology Works

In order for a signature to succeed in fulfilling the functions of evidence, ceremony, and approval, it must be difficult for a person other than the signer to produce, and it should clearly identify what document has been signed. To this end, digital signature technology utilizes cryptography, an area of applied mathematics that transforms information into unintelligible forms and then transforms it back again. The three main components of a basic digital-signature cryptosystem are as follows:

Private/public keys. These keys consist of two different but mathematically related algorithms. The private key (accessible only through the use of a secret authorization code) and the public key both belong to the signer. The signer uses the secret authorization code to gain access to the private key in order to create a digital signature. When the signer sends a document to a recipient, the public key is automatically sent with it. The receiving party then uses the public key to verify the electronic signature: If the public key corresponds perfectly to the private key, the signature is valid. Properly designed signature systems should make it impossible for forgers to obtain a private key through access to a public key.

Hash function. This function helps create a new private key for each particular document, to ensure that each signature is unique to the document it's associated with. This makes it impossible to modify the document after it has been digitally signed, without it being apparent to either the signing or receiving parties.

Certification authority. In order for the receiving party to have assurance that the appropriate person has issued the public key that goes with a digitally signed document, a trusted third party called a "certification authority" enters the picture, verifying that "Jane Smith" is indeed the owner of that specific public key. Each signature contains the signer's name as well as the associated certificate serial number and the name of the certification authority that was used to make this verification.

For signers to obtain a set of keys in the first place, they must complete an application proving their identity and send it to a valid certification authority. If the certification authority approves the application, a verifying certificate is then issued for the keys and made available to all receiving parties upon their request, either through a repository or other means. Therefore, if a receiver is uncertain that Jane Smith is actually the owner of a digital signature, he or she can check with the certification authority to see if the key matches the purported identity of the signer. If the computer containing the private key is stolen and its authorization code jeopardized, the signer can revoke the certificate associated with that key, thereby making it invalid.

Where the Technology -- and the Law -- Is Headed

The digital signature and record keeping bill provides for the improvement of signature technologies by leaving room for the use of still-evolving e-signature methods, such as retinal scans and digital fingerprints. If it is passed, it will benefit consumers, businesses, the economy, and the environment all at once.

Copyright © 1995-2000 Pinnacle WebWorkz Inc. All rights reserved. Do notduplicate or redistribute in any form.