Everything you wanted to know about Digital Signatures, but were afraid to ask

by David G. Propson

Last fall, president clinton enacted a law that made digital signatures legally equivalent to their inky counterparts. This could simplify many common processes, from approving building plans to grudgingly accepting non-disclosure agreements. For some fields, it could jump-start streamlining efforts that have stumbled over too much paperwork in the past.

But for all the high hopes, many people — including most journalists — don’t understand what digital signatures are, the rules that govern them, or the technology that is needed to use them securely.

A Tale of Two Terms
The best way to start is to define our terms. The most generic one might be “electronic signature.” The press sometimes discusses digital signatures (incorrectly) under the rubric “e-signatures.” The distinction is important. An electronic signature could include just about any mark that indicates approval. Even typing your name at the bottom of an e-mail could be considered “signing” it. An employee who follows orders he received in an e-mail from the boss accepts on faith that his boss was actually the author.

But for legally binding documents, people want some way to confirm that the boss actually is who he claims to be. On line, this is often accomplished using a digital signature.

Digital signatures take advantage of the standard encryption methods on the Internet (which, whatever rumors you may hear, are well-nigh unbreakable by anyone but a bored mathematician with a few idle supercomputers). First, the sender must have a digital certificate, which contains a unique identification code. That code is, in turn, used to produce a digital signature — a small, encrypted file attached to the document, which indicates it could only have been created by the sender.

Digital signatures can already be used to secure all sorts of data transmissions. Now they have the force of law.

Sign Language
When a person pens her signature, she is really doing two things: “enacting” a document– saying “I agree” or “OK by me,” just as Clinton did with the d-signatures bill — and making the distinctive scrawl that helps people identify who, exactly, agrees. On line, the encrypted digital signature acts as the distinctive mark. But the process of enacting documents must be automated by software as well.

Several companies will soon offer these services. Once you check a box, type in a password, or otherwise indicate agreement, the service will digitally secure the document and send it off to the recipient. The technology needed to do this has been available for some time, and is used internally within corporations (and some government offices) as a sort of secure approval-routing service.

Many common applications, including word-processing programs and e-mail suites, will eventually let you add an electronic signature (secured by a digital one, of course). A bunch of companies want to make the signing process more secure by connecting it to peripherals that scan users’ fingerprints or even retinas. Others want users to sign a touchpad with an electronic pen. Software would recognize a person’s physical signature, and then attach the correct electronic one to the document.

Fill in the Blank
If you’re a lawyer or someone else whose business gets bogged down by too much bureaucratic paperwork, you should see the benefits of digital signatures soon. If not, you may be limited to only occasional, personal, use.

Still, there are stumbling blocks. For one, the new federal law only covers part of the equation. States must enact similar laws, and while many have already done so, a consistent, easily understood national policy is still not in sight. Most people won’t be able to track differences in local law (if they even know they exist). That could either slow the adoption process or simply cause mass pandemonium (possibly both).

What President Clinton signed was essentially a blank check. We still need to perfect the technology and laws. The ultimate payoff — and who’ll be the primary recipients — is still unclear.

Small Business Computing Staff
Small Business Computing Staff
Small Business Computing addresses the technology needs of small businesses, which are defined as businesses with fewer than 500 employees and/or less than $7 million in annual sales.

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.