The response to the new electronic signatures law, known formally as the Electronic Signatures in Global and National Commerce Act, or E-SIGN, which took effect October 1, has been a bit of a yawn. Americans, Italians and Irish citizens have been filing their tax returns electronically for several years. Whether they get a tax refund or not, consumers are buying things on the Web with mouse clicks, and have been since even before Amazon.com patented "one-click shopping." Click-wrap contracts ("Click here to agree to all our invisible terms") have been upheld in court. So what's the big deal with the federal government recognizing electronic signatures? Will the E-SIGN law change the Webbed world as we know it? "Yeah, right," says John E. Thomas sarcastically.
Mr. Thomas, an e-commerce partner at Arent Fox Kintner Plotkin & Kahn in Washington, D.C., who lectures on electronic contracts, says his clients have been conducting business electronically for some time, and the E-SIGN law won't change much.
The most solid electronic deals flow from strong, real world relationships, says Mr. Thomas. "Our clients have existing business relationships that they then build electronically. We have a lot of closings where money is wired on the basis of a faxed signature page, for example." Frequently, someone is on the phone with the other party, he explains, and after they say they've signed a document, the money is wired to them.
The Skinny on Signatures
In brief, the new E-SIGN law establishes that a contract or signature may not be considered invalid simply because it is in electronic form. E-SIGN defines "electronic signature" broadly, as the common law does, to include any "electronic sound, symbol or process" that signifies a person's intent to sign the contract. In the olden days, a person could sign a document with an X (or send a telegram "signed" with a typed version of their name), and form a binding contract.
There's nothing new in the E-SIGN law in terms of legal issues, says Arent Fox's Mr. Thomas. "It comes down to the risk of fraud or forgery," and verifying that the document that both parties have signed is the one that they intend to sign. "People have initialed pages on important documents for ages to indicate that this is the page. It's back to the future--there's nothing different here," he says. The E-SIGN law makes people more comfortable doing what they've already been doing.
Cases challenging the validity of signatures today are rare, says Mr. Thomas. "I'm aware of one case in which the parties disputed what document was signed." The paper-based transaction was a mess of disparate versions of a contract, he heard. "You had signature pages, breakaway signature pages, and questions about whether the signature pages were attached to the right documents." How could it be resolved? "Through litigation," he says. In such litigation, the signature is merely one piece of evidence among many, including testimony from the parties about what they intended to sign. Digital encryption technologies that lock in one of the documents might have helped in such a dispute. "But the disputes are so rare, in my experience, that I don't think that such single issues will drive the use of the technology," says Mr. Thomas.
Sign--Oops, Click, That Is, Speak--Here
The E-SIGN law is product-neutral. At present, there are many types of electronic signatures, and even more companies offering them. Some entities, including the IRS, require a PIN (personal identification number) or password that together constitute an electronic signature. Most commercial Web sites are content if you type in your name, address, credit card number and then a button labeled "click here to confirm your order."
With the improvements in videoconferencing, some signing ceremonies are now videotaped, allowing both an extra level of security and a chance for an attorney to impress the client with fancy video technology.
Ben Wright, a sole e-commerce practitioner in Dallas who has written a textbook on electronic signatures, says electronic signature technologies are becoming more consumer-friendly. "Experimentation is the name of the game these days," he says.
Pen-Op, at www.cic.com, uses a tablet attached to the computer. The consumer signs his or her name with a special pen, or stylus, but there is nothing else out of the ordinary, explains Mr. Wright, who has represented the company. It's currently used by insurance companies and by some courts to allow online filings. Cryptography, which "locks" the signature and the signed contract, is handled by PenOp on its end, invisible to the consumer. "There's no PIN number, nothing to remember," notes Mr. Wright. "The consumers need no special education. They know--hey!--if I don't sign my name, it's not legal."
Pen-Op, though, requires moving equipment--the tablet and the pen, which could be torn off from the computer.
But voice signatures require no special hardware. "You'll have a cell phone, and you talk into it, and say, 'I, Ben Wright, sign this document,' and it captures your voice signature," explains Mr. Wright. He believes that voice signatures have broad applicability--for consumers buying flight or travel insurance at an airport kiosk, for example. "There will be just a microphone buried in the kiosk."
Although there is no such thing as perfect security, emphasizes Mr. Wright, voice signatures are quite a bit safer than paper signatures. "A voice is hard to fabricate these days. It's not practical for someone to fabricate a voice--it's possible, but not practical. Imagine trying to come up with the words, spliced from various conversations, or try to invent all that yourself. It's difficult to create voice files," he says. He believes that although voice signatures are not in common use now outside rarified corporate environments, they may become more common in the next five to ten years, since they are convenient and easy to use, he says.
Before the E-SIGN federal law took effect, seven states had passed laws favoring digital signatures, a specific subset of electronic signature which uses sets of encrypted keys to verify both the identity of the signer and the authenticity of the agreement.
Some of the major providers of digital signatures include Verisign, www.verisign.com, Baltimore Technologies, www.baltimore.com, EnTrust Technologies, www.entrust.com, and GTE, at www.gte.com, which recently merged with Bell Atlantic to become Verizon.
Although the federal law preempts those state preferences for digital signature technology, some lawyers--especially litigators, who have to pick up the pieces of broken contracts--remain diehard advocates of digital signatures above all. "Litigators think, 'What will give me the best evidence in front of a judge?'" says Arent Fox's Mr. Thomas, who is not a litigator. "Transactional lawyers think, 'I want to balance risks and be safe, and weigh my client's needs to get the agreement. Sign the document.'"
Charles R. Merrill, a partner at McCarter & English in Newark, N.J., a litigator who practices in the firm's IP/tech law practice group, is a tireless preacher of the advantages of digital signatures. "There will be people who take advantage of E-SIGN," he acknowledges, to use other signature technologies. But those transactions might not be sufficiently secure. "How do you know who's at the other end?" Mr. Merrill asks.
The security of digital signature technologies, says Mr. Merrill, is that it reduces the chances of a signer repudiating the document by saying, "That's not my signature." Non-repudiation is the cornerstone of digital signatures.
Some people, though, think non-repudiation is oversold. "My public statement on non-repudiation is that it is nonsense," says Mr. Wright, adding that people will always be free to say, "That's not my signature--I am not bound by that agreement" and present evidence to that effect. The private keys used in digital signatures can be stolen, notes Mr. Wright, and used without someone's knowledge or authorization. "There will never be a perfect world." Digital signature advocates who crow about non-repudiation should "come down to reality from their high horses," says Mr. Wright, and admit that there can be security breaches.
Digital signatures, despite the inherent complexity of their encrypted key system, are spreading. The University of Pittsburgh recently issued digital certificates to 2,000 students and staff, to allow them to make purchases on the school's online store. The certificates interact with the university's new automated system that contains a centralized database of student and employee computer accounts, linked to the university's enrollment and payment databases.
Here Come the Notaries
Notaries, who verify the identities of people signing contracts, are gaining in importance as online identity verification becomes an issue. "Notarization is a very hot area," says Mr. Wright.
Much as lawyers are worrying about their clients' signing online contracts, notaries are in a tizzy of their own. The National Notary Association, at www.nationalnotary.org, rose up about six weeks ago in a rage, says Mr. Wright, when the idea was floated by proponents of digital signatures to state that a digital signature would be considered notarized, whether or not the person using the key to sign a document saw a notary.
"The Notary Association said, 'That's absurd,'" recalls Mr. Wright. " 'You can't say something is notarized just because someone has a certificate.'"
Online notaries, such as iSecuritas, Inc., at www.isecuritas.com, may take off in the future.
"Let's say you're a bank and you want to loan money to a consumer," explains Mr. Wright. "Let's say that some consumer comes to your Web site and he or she signs a document somehow, using any technology you like."
How do you verify the person's identity? Proponents of digital signatures would argue that their system of relying on a private key to authenticate identity would be sufficient, but Mr. Wright counters that a private key is vulnerable to theft, and requires the signer to master the technology involved in creating a private key.
But asking the signer to visit an electronic notary, quickly, to verify his or her identity is more familiar to consumers are arguably as safe as a digital signature. Have the signature notarized, online. "If someone made a fake I.D. and claimed to be you in front of a notary, you could present evidence of the fraud," notes Mr. Wright.
"I Didn't Sign That!"
But wait a minute. There are still real issues involved with signing documents online, many raised by credit card companies who are stuck with the bill by people who claim they never authorized the charges that appear on their credit card bills. Only two percent of all commercial transactions in the United States occur online. But more than 50 percent of the disputes facing credit card merchants concern online transactions, says Rick Dalmazzi, president of Certicom, a company that offers digital signature technology, a form of electronic signatures.
Additionally, consumer protection issues have been slighted, say consumer advocates. If clicking equals consent, consumers are very vulnerable to online scams, says Margot Saunders of the National Consumer Law Center.
Of course, credit cards also get stolen in the physical world, and consumers are defrauded more often by thieves using a telephone than by an inviting Web site. But on the online world, shouldn't we have greater protection? Is that possible?