Quick Reference Guide: Electronic Signatures & the ESIGN Act

electronic signatures and the ESIGN Act

We’ve previously covered a general description of what electronic signatures are, let’s look at it from the perspective of the ESIGN act.
For the sake of this post, we’ll first look at what the ESign act is. Wikipedia defines the Electronic Signatures in Global and National Commerce Act or ESIGN act as, “a United States federal law passed by the U.S. Congress to facilitate the use of electronic records and electronic signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically.”   
Breaking down the ESign Act
As defined by the ESIGN Act here (more on this foundational piece of legislation shortly), an eSignature is “any sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” If that definition sounds vague or unclear, don’t worry. That’s sort of the idea; it is, after all, “legal-ese”. In plain English, however, the above definition simply “states” an eSignature as a legal concept. That is, its legal definition simply means that it is possible for an electronic signature to carry the same sort of legal “weight” as its pen-and-paper equivalent. That probably doesn’t make too much sense at this very moment. So, let’s take a closer look.
First, there is one critically important point you should understand: In a strictly legal sense, the term “electronic signature” does not refer to an actual signature. Instead, the term refers more broadly to the process requirements (we’ll call them components) that must be met in order for an electronically signed document to be considered legally binding in a court of law.
As far as the law is concerned, a signature is simply one component of an electronically signed document. By itself, it carries no legal authority. In order for an electronic document to stand up in a court of law, all of the components must be present. The ESIGN Act (again, more on this shortly) explicitly outlines these components in an attempt to standardize, well, the process by which an electronic document must be handled so that it carries full, legal authority. Let’s take a quick look at the basic components of an electronic signature.
As we just reviewed, the signature itself is only one component of a legally-binding electronic contract. However, there are four, primary components that you should care about most:

  1. Consent:
    Basically, any individual who signs an electronic document must explicitly consent to do so in the first place. Should an individual choose not to consent to an electronically signed agreement, a non-electronic option must be made available.
  1. Intent:
    In the simplest terms, this means that the signer clearly understands his or her intent to sign the document, and the process by which the individual signed the document was clear and understood from beginning to end.
  1. Verification:
    For an electronic document to be considered legally binding it must be signed by the same person whose signature appears on the dotted line. In turn, most electronic signature solutions have built-in verification methods.
  1. Auditability:
    This is the electronic equivalent of a “paper trail,” (popularly know in the electronic signature industry as an ‘Audit Trail’) whereby each party involved in an electronic agreement (or a legal entity, for instance) can, if necessary, easily access each step of the electronic signature process. You can read more about the anatomy and importance of an audit trail in our post titled “The Anatomy of an Audit Trail: Electronic Signature Simplified”.

We realize that navigating through the world of electronic signatures can be tricky, so we created “A Brief Introduction to eSignatures”. You can download if for free here.

The Breakdown: Electronic Signature vs. Digital Signature

Electronic Signature vs Digital Signature: A Breakdown

The summary 

You may have heard of electronic signatures and digital signatures before. Maybe you were looking into it for your business or just needed to sign something personally. But what often gets confused is what the difference between electronic signature vs digital signature is. In this post, we’ll be going over what each entail and how they differ so you have a better understanding when using a solution!
An electronic signature is information in electronic form (can be sound, symbol, process, etc.) that is associated or attached to a document. This means that so long as we can demonstrate that the signature is associated with a person and that there was intent to sign, everything is legally binding and accepted (all of this can be seen in Signority’s audit trail).
A digital signature is actually a form of electronic signature that uses an encryption algorithm that helps validate who the signer is. It also ensures that the document cannot be tampered with, as the signature becomes invalid if the document is changed after signing. This helps prevent repudiation by the signer, making it almost impossible to deny having signed the signature. Essentially, these issues are some of the biggest challenges to electronic signatures, and digital signatures are able to help overcome these issues.
[socialpug_tweet tweet=”A digital signature is actually a form of electronic signature that uses an encryption algorithm that helps validate who the signer is.” style=”1″]

Electronic Signatures: an overview

You may be wondering how electronic signatures even work in the first place? Before we can get to the difference between digital signatures and electronic signatures, let’s discuss what an electronic signature is first.
According to the Canadian Uniform Electronic Commerce Act (UECA), an electronic signature “means information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to, or associated with the document.”  The American equivalent is the Uniform Electronic Transaction Act (UETA) and the Electronic Signature in Global and National Commerce Act (ESIGN). Their definition is “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.”
At the heart of both definitions is the capture of the intention with which a signature is added. What that implies is that the electronic signature doesn’t have to look anything like your handwritten signature when it’s applied. It can be a symbol, a typed text, or even an image or sound. So long as the intention is present, then it is legally accepted and binding. In this sense, if the association with a person is demonstrated and the intent to sign is also demonstrated, the signature will meet the signature requirements stated above. This is done through the audit trail and by authenticating and determining who the signers are and what was signed.
Signority’s electronic signature solution is able to capture all of this data through its detailed audit trail with time stamps, multi-factor authentication methods to validate the signer’s identity, and by securely storing the data to prevent tampering.

Digital Signatures: an overview

We’ve explained what an electronic signature is in the previous section. The digital signature further improves the security and authenticity behind each electronic signature, acting like a digital “fingerprint” for a signer of a specific document.
The biggest challenges with regards to secured signatures have always been:

  • Is the signer who they say they are?
  • Is the signature valid and hasn’t been forged?
  • And has the document been tampered with?

In history, to counteract these challenges, the existence of notaries were introduced and played a key role in assuring authenticity and trust of a document.
Similar problems still exist today for the electronic world. However, digital signatures were created to help serve the purposes of notaries in the past. Certification Authorities (CAs), a trusted third party, now serves as the notary in terms of verifying a signer’s identity. Rather than being present at the time of signing, like a notary would, a CA acts as a trusted third party organization that ensures the security of the Public Key Infrastructure (PKI) and providing digital certificates for signers, both of which are necessary for a digital signature transaction.

The Technology Behind Digital Signature

A digital signature is unique to each individual signer. To ensure this, electronic signature solution providers follow a protocol called the PKI. The PKI uses a mathematical algorithm to generate two keys for the signer, a public key and a private key. The two keys together make your digital certificate, which help validate the signer’s identity.
When a document is electronically signed and completed, a unique “fingerprint” of a document (called a hash) is generated by using a mathematical algorithm. This hash is, then, encrypted by the signer’s private key. The encrypted hash and the document certificate issued by a trusted CA are both attached to the digitally signed document, thereby completing the digital signature transaction.
To validate the signer’s identity and verify the signature, the signer’s public key is used to decrypt the document hash. During decryption, a new hash is calculated and matched with the original encrypted hash. If the two are the same, the signer is validated, as the two keys must match and create the same hash, as highlighted in the diagram below.

Benefits: Electronic Signature vs Digital Signature – Which is the Best for Me?

All of this finally brings us to the question, what’s the point of all of it and how will it benefit my business? As stated at the beginning, an electronic signature captures the intent and also helps prove who the signer was and what was signed in the first place.
The key benefits of digital signature are that it works with the electronic signature rather than replacing it. When you apply the digital signature to a document, the cryptographic operation helps bind the digital certificate and the data being signed into one unique digital “fingerprint”, the uniqueness of the certificate and the data is what makes digital signatures so viable.
As a result, you can be assured of 3 things:

  1. Signer identity is valid – you will know that the signers are who they say they are
  2. Tamper-proofing – you can be ensured that the document hasn’t been tampered with, otherwise, the signature would be invalidated
  3. Non-repudiation – the signer cannot deny having signed the signature and is possible to prove in court

 

HSM or Hardware Security Module

For Signority to have digital signatures available for users, it uses a GlobalSign Hardware Security Module (HSM) to help store and manage the digital keys that are used in the digital signing process. It also acts as the key generator for the digital certificate.
Adobe AATL Certificate Policy requires that digital certificates are stored on FIPS-compliant hardware. HSM is FIPS-compliant, which allows Signority to provide digital signatures.
In the next post, we’ll cover the importance of Audit Trails and how the affects your business.
Still curious about Digital Signatures for your business? Sign-up now and get free access to Signority’s Business Plan.
 

Do You Live in British Columbia? Read This.

Canadian laws about e-Signature are changing!

 
We know for sure that the legal foundation exists for the use of e-signatures in Canada both federally and provincially.  So how do Canadian laws apply to e-signature?  First of all, both Federal and provincial laws can be applied to determine the legal validity of e-signature.  However, contract law in Canada is a matter of provincial law, so in most cases e-signature is considered within the legal framework of the provincial law. Contract law is used the same way for electronic documents as it is for paper documents. All of the provinces and territories also have their own electronic commerce laws.  This is why it’s important to know what laws and regulations there are specific to your province.Continue reading