In today’s hyper-connected world, traditional methods of signing and authenticating documents are increasingly being replaced by technological innovations such as electronic signatures in general and digital signatures in particular. For more than a decade, federal law has recognized the legality of electronic signatures.
An electronic signature is not in and of itself either a signature typed into an email or a signature that has been handwritten and scanned. The term refers to an online signature attached to a record and adopted by an individual with the intent to sign it.
The differences between digital signatures and electronic signatures can often be confusing. An electronic signature is a blanket term for a broad grouping that includes digital signatures as a specific subset. An electronic signature, or “e-signature,” is an umbrella term that applies not only to the distinct digital signature format, but to other types of electronic means of signing and signature authentication, as well. An electronic signature allows a person to handwrite his or her signature into a document or to sign with a click.
Electronic signatures generally consist of four basic components: a means of signing, a way of authenticating the related data, authentication of the signatories, and the capture of the signatories’ intent. E-signature technologies include items such as personal identification numbers (PINs), biometric markers, and other user identification processes.
Electronic signatures in general and digital signatures in particular allow users to speed up the signing and documentation process online. However, there are a variety of features that distinguish digital signatures from other kinds of e-signatures. They pertain to the variety of legal acceptance, geographical applicability, and technological modalities used.
Digital signatures as provided by DocuSign and other leading companies in the industry offer several advantages over other types of electronic signatures, namely:
1. Added security
A digital signature offers more security than an electronic signature. The unique identifying “fingerprint” data in a digital signature remains permanently embedded within a document. Signs that someone has tampered with or altered a document after signing it can be easily detected.
Through the use of encryption verification technology, known as Public Key Infrastructure (PKI), a digital signature offers the highest and most verifiable standard for identifying an individual by an electronic signature. The coded message in a digital signature uniquely identifies the signer and links him or her with a particular recorded document. DocuSign’s procedures meet all PKI requirements for safe signing and maintenance.
2. A high standard
The PKI standard is common to DocuSign and its peer companies in the digital signature industry. PKI offers an algorithmically based protocol in which a vendor generates two “keys,” the lengthy numbers that define the signature. One of the keys is private and the other is public.
The PKI standard mandates that vendors make and save keys in a safe and secure fashion. The standard generally also states that the services of a trustworthy Certificate Authority be used to ensure such security.
The standard works in this way: At the time that a signatory signs a document electronically, the vendor facilitates the creation of a signature based on the signer’s private key. Each signer has safe and secure access to his or her own key. The algorithm works as an encrypted code to produce data that match the “hash” — the signed document in question — and then to encrypt the same data. The long-term security of the data, the document, and the signature are supported by the fact that any alterations to the original document will invalidate it. In addition, each signature includes a date stamp to verify the time of signing.
For example, the seller of a car concludes an agreement with the buyer, and both agree to use electronic means to sign and share the related documents. The seller uses his or her individual private key to sign the paperwork and then makes it accessible to the buyer, along with the seller’s public key. If the public key can open the seller’s signature to the document, then the buyer will know that the document is an authentic one originating with the seller. If the public key cannot decrypt the seller’s signature, the buyer has proof that the document did not come from the seller or that some of its text has been altered, since the seller sent it.
PKI is a comprehensive system that can manage both certificates and keys to foster a safe and reliable environment in which to record, share, store, and retrieve signatures and signed documents. Moreover, the PKI standard is usable in conjunction with a range of applications.
3. Global acceptance and legal compliance
More countries are starting to accept digital signatures on legally binding documents because they understand that the security protocols offered by vendors such as DocuSign are in compliance with international standards in the field.
Today, a great majority of the world’s governments recognize digital signatures provided by DocuSign and other similar companies. Two federal acts officially recognize the legality of digital signatures. The more recent one is the Electronic Signatures in Global and National Commerce Act of 2000. DocuSign’s products have been certified as meeting all of the act’s statutory requirements.
Many European, Asian, and South American nations have different requirements than North America, Australia, and the United Kingdom in regards to the use of electronic and digital signatures. The latter group of countries adheres to a technology-neutral set of regulations in an open environment, whereas the former promotes a tiered model of e-signature implementation tied to regional standards.
4. Long-term retention and access
The signatories to a digital signature document do not need to rely on a vendor’s continued presence in the marketplace in order to continue to verify its authenticity.
Many other kinds of e-signature companies have their own means of regulating and safeguarding their signature data, but these have not necessarily achieved universal legal acceptance. Moreover, a number of e-signature providers require customers to check back in with them in order to attest to the authenticity of a document. If a customer later switches to another vendor, he or she could lose access to signatures stored with the original company.
5. Independent verification
Digital signatures from companies such as DocuSign can withstand stringent independent verification and cannot be altered by unauthorized parties.