The first part of the Electronic Signatures in Global and National Commerce Act went into effect on October 1, making e-signatures legal. Other parts allowing electronic documents with e-signatures to replace paper copies are scheduled to take effect in March and June of 2001.
An e-signature must meet specific technical requirements before it can be implemented. To qualify as an e-signature under the law, a signature record must be unique, must verify the identity of the sender, and must be unalterable. Copies must be readily identifiable, and it must be easy to tell if a copy is authorized or unauthorized. Transmitted documents must have a means of verifying that neither the documents nor the signatures have been altered while in route from sender to receiver.
There are many potential advantages of e-signatures. A significant amount of time could be saved in complex negotiations by exchanging documents electronically instead of passing physical documents back and forth. Storing documents electronically instead of in paper form could save tremendous amounts of space.
Implementation of e-signatures is expected to be a slow, deliberate process. It took nearly 2 years for Congress to pass the law, and it still doesn't specify exactly what technology is approved for creating and tracking e-signatures. Companies must evaluate the law and decide which technology to use. Today's technology presents many options, including credit-card-sized smart cards that can be scanned into a computer and various encryption methods.
For example, digital signatures that use encrypted algorithms, in combination with passwords, can be employed to identify an individual. Public-key infrastructure (PKI) is one such technology. With PKI, senders and receivers each have two "keys," one public and one private. Passwords and specialized software encrypt and "lock" the document and signature, and a second set of passwords act as the "key" to open the "lock." PKI technology ensures that a document came from a particular computer, but the e-signature is only as secure as the computer from which it is sent. You must guard against unauthorized access to individual PCs when you use this method.
Other methods are also making their way into the marketplace, including some that use biometric identifiers such as fingerprints or retina images. Still, e-signatures must overcome a few barriers before they become mainstream. The law applies only to interstate or global commerce, so each state will need to implement its own rules for intrastate transactions.
Getting people to trust the technology is another hurdle. For someone leery of an Internet credit card purchase, committing to a large electronic transaction could be a real challenge.
The law does not apply to family law matters such as wills, adoptions or divorce, and it also excludes various credit transactions such as termination of health or life insurance and termination of utility services. Product safety information and residential rental agreements are not covered either.
Insurance, software and healthcare industries are likely to be among the first users of e-signatures. Insurance companies could use the technology to obtain signed applications. Software companies could require a digital signature on software use agreements. Doctors could use e-signatures on e-mailed prescriptions.
Before these consumer transactions become commonplace on the Internet, most e-signatures will probably be used for business-to-business transactions on private networks.
You can find out more about digital signatures on the Web. Check out the Uniform Electronic Transaction Act information at The National Conference of Commissioners on Uniform State Laws site.
For more background information, see the tutorial at the American Bar Association site.
This story, "Electronic signatures" was originally published by NetworkWorld.