Digital Signatures Offer Potential, if not Protection

Does the E-Sign law, which took effect on October 1, 2000, mean the days of e-security worries are over? If you're a security professional, don't bet your job on it...yet.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Posted November 21, 2000

Martin Goslar

(Page 1 of 2)

Electronic/digital signatures accomplish three goals: protection from data tampering; signature authentication; and nonrepudiation, which means all parties are legally bound by digitally signed agreements. To endow transactional parties with the ability to establish digital signature mechanisms to make online contracts and transactions legally binding, President Clinton, on June 30, 2000, signed into law the Electronic Signatures in Global and National Commerce (E-Sign) Act. The electronic signature provisions took effect on Oct. 1, 2000. Electronic record-keeping requirements will take effect on March 1, 2001.

Motivated by the wide disparity in state electronic signature and commerce statutes passed in the past five years, the E-Sign Act supports added corporate protection in the process of building more efficient business-to-business (B2B) and business-to-consumer (B2C) e-commerce systems. With E-Sign's passage, electronic signatures essentially gained equal legal status with those created by using pen and paper. Businesses can now accept electronic signatures in the transaction process, thereby enabling faster, easier, more efficient, and less expensive alternatives to conduct online trade.

However, the E-Sign Act's approach is both endorsing and damning due to the open-ended definition of electronic signatures. As stated in the E-Sign Act, electronic signatures can be an "electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record." It's up to the sender and receiver to agree upon the form of signature acceptable to both.

Considering that electronic signature products impact online privacy and fraud as well as transaction efficiencies, there is little doubt signature-related technology will get a boost from the E-Sign Act. In fact, thanks to E-Sign's passage, several vendors have developed or expanded signature products and services to take advantage of what will ultimately be a significant revenue increase for the security market (see text box, Signature Alternatives). However, corporate security professionals and individual consumers must look out for operational inconsistencies, such as software conflicts, that vendors won't disclose when rolling out their new signature products and services.

Benefits That May Bite

By embracing electronic/digital signatures, companies involved in high-volume, online B2B transaction activity may benefit from several advantages. Digital signatures offer a greater degree of security than handwritten signatures because recipients of digitally signed messages can confirm message origination and can also verify that messages were not altered. In addition:

  • Paper-based transaction authorization inefficiencies, such as transportation, notarization, deterioration, and falsification are largely avoided.

  • Authenticity can be granular from document down to packet level.

  • Online commercial interaction can take place from negotiation to relationship agreement through operational transaction certification until ultimate mutual or unilateral withdrawal.

  • Ultimately, e-commerce can be deployed faster and information mass-marketed more rapidly. Innovative competition will be dynamically rewarded.

    Unfortunately, the wide variation of acceptable signatures enabled by law places further pressure on corporate security professionals to closely oversee signature conveyance to ensure transactions cannot be repudiated or later disowned with signature forgery claims.

    Here lies a conundrum. Given the broad range of signature alternatives available, the wide range of related state laws previously passed, and the lack of standardized technology for message authentication and validation, can corporations moving high volumes of electronic transactions and communications find a seamless, straightforward, inexpensive, and robust signature solution?

  • Page 1 of 2

    1 2
    Next Page

    0 Comments (click to add your comment)
    Comment and Contribute


    (Maximum characters: 1200). You have characters left.



    IT Management Daily
    Don't miss an article. Subscribe to our newsletter below.

    By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.