Electronic Signatures

This Act, also known as the "Electronic Signatures Act," was recently passed by both the House and the Senate, and was signed into law by President Clinton June 30, 2000.

As all legal systems are based on paper messaging, there is a natural suspicion about the legal enforceability of electronic messages. This relationship is being forced to change due to the massive growth in electronic commerce, particularly business-to-business e-commerce. Thus, the adoption of protocols for electronic signatures is paramount to ensuring the necessary security and enforceability of such messages.

The term "electronic signature" is generally used for all possible forms of electronic signing, while the term "digital signature" is usually used for describing encrypted signatures using asymmetric keys. Electronic signatures are often created using "signature dynamics" technology, which involves the signor's use of a stylus upon an electronic pad which re-creates the user's signature into electronic form. Signature dynamics technology (which is acceptable under California law- see California Code of Regulations Title 2, Division 7, Chapter 10, Sections 22000-22005) measures the way a person writes his or her signature by hand and binds these measurements to a message through the use of cryptographic techniques. Signatures bound to messages using this form of technology must be capable of verification by handwriting examiners, and they must be incapable of being bound to any other document. Although signature dynamics technology is acceptable under the Act and the laws of the state of California, this technology is disfavored due to the potential for fraud and abuse- it is not reliable enough to meet more rigorous security standards being promulgated in Europe for example.

Digital signatures utilize a technology known as "Public Key Cryptography" or "Asymmetric Cryptosystem." A digital signature is a computer algorithm or series of algorithms, which utilize two different keys. One key, or code, is a "public key," the other is a "private key" or PIN type code. The keys have the property that, knowing one key; it is computationally infeasible to discover the other key code. Thus, a user may send a document signed with his or her private key, while the recipient then uses the public key to verify the document and signature.

Although the authenticity created by such a system is unquestionably greater than actual handwritten signatures, the security of codes may be subject to tampering. To address this issue, digital signatures are created by, and messages are certified by a third party.

An added form of security for messages, which thus far has been the dominion of sci-fi movies, is the use of "biometrics identification." Biometric identification, which may be utilized in conjunction with either electronic or digital signatures, involves the use of fingerprints or voice recognition as an additional authentication technique. Commonly used within the military-industrial complex, these technologies are becoming faster, cheaper, more reliable and more readily available to the public. Their utilization along with other forms of electronic and digital authentication is being heavily promoted within the European Community.

Two final notes on the Act: 1) in adopting the Act, Congress has specifically preempted state laws, and has severely limited states' rights to modify or supersede the terms of the Act (see sections 102 and 104 of the Action); 2) the use of electronic signatures has been approved for medical records by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) and the Health Care Financing Administration (HCFA), which administers Medicare.

Free Articles - Table of Contents

Electronic Signatures