The Electronic Signatures and Authentication bill is expected to crack the marketplace wide open, with businesses and consumers embracing the recently implemented law as a secure and legal way of completing online documents. But the signature may also create unseen legal problems for companies.
The bill, which went into effect October 1, 2000, allows businesses to capture consumers' e-mail signatures in documents and transactions without fear of being denied. The law also provides some exemptions, including court orders, wills, adoption and rental agreements.
Benjamin Wright, Dallas-based attorney and author of the first edition of the book The Law of Electronic Commerce, says we will see a lot of new security technology companies competing in the space. Industries, such as insurance and mortgage companies, will rapidly adopt the technologies. "It's such a complex process and so many documents need to be signed, the e-signature can make that more streamlined and less expensive," Wright says.
Arabella Hallawell, senior analyst at Gartner, says banks will set up accounts online. On the consumer side, we will see human resource departments placing financial applications on the Web, and online travel businesses will offer speedier services. New media companies will offer online subscriptions. "This is an enabling legislation. Enterprises will start thinking about how to do this online," Hallawell says. "We will see companies coming out with new ways of doing things for customers."
Dan Sommerfield, CEO of Seattle-based security software provider IS Networks, says the new law will create a surge of deployments of technologies for the legal profession, government, notary services and B2B e-commerce. He says the government will use it for online documents, such as court records. Banks will offer it to sign loans and open accounts.
Hallawell says companies must first carefully plan and research their authentication processes before deployment or else risk facing consumer protection issues. She says companies must educate consumers before expecting them to agree to sign a contract online.
"We will see businesses not understanding the requirements. They have to think everything through before they deploy the new types of services," Hallawell suggests. "I think that without testing it through, there is potential for a lot of things to go wrong, both in the consumer and business spaces. I think consumer education is paramount. It certainly is appropriate when consumers sign up for something."
"If the electronic process used isn't clear as to what is being signed and what the person is agreeing to, or at what point a person's signature is being captured, the signed document may not be legally enforceable," Tommy Petrogiannis, president of Silanis, says. "The majority of legal disputes involving signed contracts are rarely about the signature, rather they are about the signing intent," he explains.
"This is much safer than paper signatures," says Michael Laurie, co-founder and vice president of alliances at Silanis. "People keep hearing about databases being hacked, so I think it's normal for people to be paranoid. But the reality is digital signatures are secure, and some of the most technical online processes employ them."
The most common method of verification, Hallawell says, is the user ID and a password. In fact, she says 80 percent of American corporations are currently using a user ID and password method. To ensure a more secure authentication process, companies must turn to encryption technologies, such as the smart card and password, or a Web tablet, fingerprint encryption or biometrics to authenticate, non-repudiate and secure the data.
The ApproveIT technology from Silanis ensures e-signatures are secure, says Laurie. When documents are signed, ApproveIT embeds the image of an electronic signature into the file. Security components, such as a fingerprint of the document, are also embedded, making it much like a paper-signing process. The user ends up with a private key and a digital certificate that verifies the document was signed by that person.
Already In Use
Because hundreds of companies, such as SignOnline, Litronic, VeriSign and iSign, have been delivering digital signature hardware and software long before the bill signing, Wright says consumers and businesses will eagerly adopt the e-signature. "People have been embracing them for some time," Wright says.
Security software provider Silanis has already deployed its ApproveIT technology to more than 100 government bureaus this year. Signature Pharmaceuticals manages its FDA-regulated documents using ApproveIT, and National City Bank improved customer service by 50 percent after adopting the Silanis technology. The bank's Private Investment Advisors Resource Center grew its account base from 1,000 to 12,000 in less than three years without a proportionate increase in service staff.
Seattle-based ID Certify, which provides individual identity management products and services to allow individuals to sign documents electronically, implemented the e-signature on its own Web site a year ago. The company had deployed a combination of Sommerfield's application software, as well as the signature technology developed by ID Certify. Chief Operations Officer Linda Mackintosh says adding the option to sign online has saved significant time and money. "Now we shrink-wrap the types of processes. Every time we had a customer, we created an individual solution. Now you can sign a generic contract on the Web," Mackintosh says.
To avoid identity theft, Mackintosh says her company issues smart cards to its customers. Each card carries a micro processing chip, which creates the digital signature. If someone were to try to steal the chip, the signature would automatically be destroyed. Also, only the card carriers know the PIN. If a hacker inputs code in an attempt to learn the PIN, the signature would erase after the fourth try.
The Price of Security
"We really work to push security. Could we be more secure? Yes. But then there's the question of what we can afford," Mackintosh says.
Unfortunately, the price tags for these technologies are still out of the league for most small- to midsize businesses, according to Sommerfield. For instance, the smart card technology costs between $100 and $200 per user, but the bulk of the cost is in the management of the system. "It can be a bit pricey," he says. There's also Microsoft Passport, a security technology that has carried a less expensive price tag than competitors', but only large corporations have been deploying the Passport. "Right now, they are only putting this into large companies with large resources that can afford to have systems with digital signatures," Sommerfield adds.
Sommerfield expects many corporations will adopt the Smart Certificate technologies within a year or two due to media attention and lowering costs. And he would like to see an introduction of smart cards into all PCs, like a floppy drive.
If companies can afford to find the balance between application software and electronic signing products, Wright says, they will capture the intent of the consumer. "There's nothing for business to be fearful about with this."