January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Sept 2016 Digital Edition
Aug 2016 Digital Edition
July 2016 Digital Edition
June 2016 Digital Edition
E-signatures provide assurance and efficiency…but what about independence?
By John Harris
With the 1998 implementation of the Government Paperwork Elimination Act, the United States government made clear its intentions to become more efficient and save taxpayer dollars by reducing its dependence on paper documents.
However, nearly two decades later, many state and local governments are still hesitant to transition away from paper. That’s partly because of a perceived (and unwarranted) lack of security, even though most realize that continuing to rely on paper is inefficient, expensive and burdensome to constituents. Aside from the time wasted when constituents come to a government office to sign a document, the costs to print, copy, process, file, store and ship paper documents can eat up many thousands, or even millions, of taxpayer dollars.
A transition to digital files could solve these problems, and the right compliance strategy can assure that a digital system is actually more secure than a paper-based system. In fact, digital documents validated by e-signatures can serve as the evidence, ceremony and approval needed for government transactions – at a fraction of the cost of a paper system.
Security That Meets Government Requirements
The Uniform Electronic Transactions Act, the model for 47 states nationwide, provides a legal framework for using e-signatures and digital records in government and business, though it is fairly broad in nature. In fact, a few states previously developed more stringent regulations. For example, California, Illinois and Arizona require that e-signatures on public documents be backed by digital certificates issued by a state-approved certificate authority. These digital certificates certify ownership and control of a public key used to validate the authenticity of an e-signature.
But no matter what specific regulations apply, government officials have a duty to protect the evidence behind e-signatures on public documents. Technologies that can facilitate this include:
- Tamper-evidence: Tamper-evident technology identifies any changes to a document or an e-signature, alerting readers to potential fraud or other elements that may compromise the document’s validity.
- Identity authentication: Formally vetting a signer’s identity may be required in some jurisdictions, and this process always improves e-signature security. Such methods can scale from a simple identity authentication method, such as sending the signer a link in an email that must be clicked for the transaction to continue, to high-level Knowledge-Based Authentication (KBA), in which signers must correctly answer multiple choice questions about personal data drawn from public databases, such as automobiles owned or former home addresses.
- Audit trails: Comprehensive audit trails provide complete, transparent tracking of evidence from the first signature on. Such evidence includes important moments in the e-signature’s history, such as proof of user authentication, acknowledgement of receiving the document, agreement to use an electronic signature, party information changes and cancellations or opt outs. The audit trail contains any evidence needed to legally verify an e-signature.
Independent Versus Dependent E-Signatures
Though there are many ways one can classify the technologies used to create e-signatures, a useful way to differentiate them is to think of them as being in one of two columns – those that are dependent on an e-signature vendor for verification and those that can be verified independently of the vendor. The difference between the two significantly impacts the longevity, transparency, control and safety of the signature and document.
Independent e-signatures are designed to outlast technology trends, because they are based on international, published standards. Even if these standards change, because they are published, it will always be possible to access the e-signatures and validate them. Dependent e-signatures, however, are often based on a vendor’s proprietary standards, which may not endure the test of time and, since they are not in the public domain, may not be always accessible in the future.
In addition, an independent e-signature and its cryptographic information are embedded directly into the PDF document itself, so that evidence of validity is completely transparent and accessible both immediately and for the long-term, online and offline. It is self-contained.
A dependent e-signature, in contrast, must link to the e-signature vendor to access evidence of its validity, which presents two security challenges. One, a broken link will make the evidence inaccessible, making long-term validation problematic. Two, the evidence is only available online, so proving a dependent e-signature’s validity is neither convenient nor immediate in all situations.
As such, independent e-signatures provide a much higher level of ownership and security. Just as with paper, you are in control of the documents and the signatures. Should your relationship with your vendor change, it will not impact your ability to gain access to documents, signatures and the associated legal evidence.
Beauty is in the Eye of the Taxpayer