The E-Signature Act went into effect October 2000. Its goal is to put contracts in electronic form with electronic signatures on equal footing with their paper-based counterparts. The act says an electronic contract, signature or record is legally equivalent to a hard-copy contract, signature or record. But the act does not detail the technical requirements of an electronic or digital signature and does not recommend implementation models. This lets vendors offer a range of options for signing electronic documents. Many of these options, however, do not take into account the risks inherent in electronic signatures, including fraud and the liability for insecure signatures. Companies need to know when it makes good business sense to use electronic signatures and proper implementations that reduce their risks.
Electronic Contracts and Agreements
Many electronic transactions are agreed on when terms are offered and accepted or when the parties' actions demonstrate recognition of a contract. Contracts can be formed through an exchange of e-mail or by accepting an online order, such as when you shop online with a user name and password linked to directory and credit information. In the future, the UCITA (Uniform Computer Information Transaction Act) may apply a law that recognizes the formation of electronic contracts in any manner that shows agreement. It also allows independent, electronic agents to act or respond to electronic messages to form the basis of a contract.
In many cases, however, the law requires a contract to be in writing and signed by the person bound by the contract. For example, commercial law requires that contracts for the sale of goods priced at $500 or more and contracts for services lasting more than one year are not enforceable unless they are in writing, signed "by the party against whom enforcement is sought." With the E-Signature Act, the traditional definition of "in writing" includes electronic documents and their associated signatures.
The E-Signature Act will not impact infrequent, high-value transactions, such as contracts for mergers and acquisitions. The risk of loss is too high. It could, however, have a noticeable impact on high-volume transactions with low values, like contracts in sales and order fulfillment. The risk of loss is reduced and spread across multiple transactions. The act could also help in the transmission of insurance forms, negotiable instruments and secured transactions, and pave the way for other e-commerce services related to trust and security, such as electronic performance bonding and transaction insurance.
During the past century, the U.S. legal system relaxed many rules governing commercial transactions. A signature has come to mean any symbol that is used to authenticate writing. Names on letterhead, mailgrams, telegrams and fax transmissions have passed muster as signatures.
However, signatures do not have a bearing on the substance of a contract, agreement or transaction. They are representations or forms that authenticate a contract by identifying the signer as well as providing a ceremony that brings the signer's attention to the legal significance of his or her act. For example, mortgages and wills often require witnesses when the parties sign. These ceremonies reduce the chance that someone will later repudiate his or her intention to be bound to a contract.
To make repudiation of a contract difficult, enterprises can set up their own ceremonies for electronic signatures. Such a ceremony goes beyond electronic and digital signatures per se and includes a PKI (public key infrastructure) system.
A PKI system can include a framework of policies and procedures to initially authenticate a person and, based on that authentication, issue a digital ID (see RFC 2527 at www.ietf.org/rfc/rfc2527.txt). Digital signatures in a PKI system can authenticate a document and provide sufficient evidence of a signer's intent to hold him or her bound to an agreement. They can also maintain the integrity of the writing and guard against alterations and amendments to the original agreement.
Electronic Signatures
Electronic signatures use a variety of methods and are created using different technologies. Although all electronic signatures are represented in digital or binary form, at base an electronic signature indicates who signed a document and, ideally, when that document was signed. An electronic signature can be the name in the body of an e-mail message, a digitized image of a handwritten signature attached to an electronic document or a unique biometric authentication, such as a fingerprint or a retinal scan. Note that biometric devices that use fingerprints show promise, but iris- and facial-recognition systems are drastically affected by lighting conditions and have not been thoroughly tested in the real world.
Short of using cryptography, most electronic signatures can be obtained easily on public networks and fraudulently reproduced, leaving an enterprise holding the bag as a buyer or seller. Assume that someone obtains the electronic signature with which I identify myself. Suppose also that person uses my signature and other information obtained from a message to impersonate me and obtain valuable equipment from a vendor under the pretext of a review.
Six months later, I receive a call from the vendor asking for the publication date of the review. Excuse me? In this scenario, the vendor would have to look elsewhere for a remedy. The risk of fraud, however, is greatly reduced if applied cryptography was used to create my digital signature.
A signature should make reproduction or forgery of a signature without authorization difficult. And a signature should identify the document signed and make it problematic to alter the text of the document without detection, such as with signatures created using public key cryptography.
REPORTS
ANALYTICS
Follow 
