Electronic Signatures
101 Federal and state e-commerce laws provide that electronic
contracts and signatures cannot be denied enforceability solely because they are
electronic. Electronic records must satisfy similar requirements to their written
counterparts so that the enforceability of a record or signature remains valid
despite its electronic form.
The Laws E-Sign:
Under the Electronic
Signatures in Global and National Commerce Act, as amended ("E-Sign"),
e-signatures are defined as "information or data in electronic form, attached
to or logically associated with an electronic record by a person or an electronic
agent." E-Sign applies to domestic and international
documents, but generally excludes certain documents relating to probate and insurance,
notices of cancellation, termination, court orders/notices, default/recalls and
the Uniform Commercial Code (UCC) other than Section 1-107, 1-206 and Articles
2 and 2A. E-Sign supersedes state law where no state electronic
signature law exists and provides that states may supplement electronic signature
law where the federal version is considered to fall short. UETA:
Uniform
Electronic Transactions Act: Uniform Electronic Transactions Act (UETA) has
been enacted in most states and applies to transactions that parties have agreed
to conduct electronically. UETA broadens the definition of e-signatures
slightly to "an electronic sound, symbol or process attached to or logically
associated with a record and executed or adopted by a person with the intent to
sign the record." UETA also supplements federal law by broadening other provisions
such as, admissibility and remedies for mistakes and errors.
Types
of Electronic Signatures As provided by E-Sign, an electronic
signature is "information or data in electronic form, attached to or logically
associated with an electronic record by a person or an electronic agent."
Digital Signatures: A digital signature (a/k/a digital
certificate or "cert") is a specific type of electronic signature that
requires authentication via encryption technology such as the Public Key Infrastructure
(PKI). PKI technology essentially creates and distributes two keys (strings of
binary numbers). A public key encrypts a message and a private key decrypts it.
The sender applies the private key to an electronic message. Upon receipt, the
receiver applies the public key in order to authenticate the message thereby,
confirming the identity of the sender. Certifying Signatures:
With the wide use of electronic documents, it may be desired to simply certify
a document rather than applying the formal digital certificate. Adobe Acrobat®
(6.0 or higher) allows users to create certifying signatures (as well as digital
signatures). Certifying signatures allow a signatory
to electronically sign a document and protect its integrity by prohibiting unauthorized
changes to the certified document. Any unauthorized changes to the document automatically
invalidates the document certification. Documents can be easily certified by choosing
to create a "self-signed digital ID". The digital ID certification can
certify that the signatory is the author, approves of the content of the document,
for instance, and that the document is authentic.
Third
Party Verification and Certification Services Obvious concerns
with electronic signatures are authentication and verification. In some instances,
it may be enough to certify a document via Adobe®. In other cases, a third
party verification service may be in order. As electronic documents become increasingly
popular, authentication alternatives increase. Adobe® Certified
Document Services: Certified Document Services (CDS) is the first digital
signing solution that allows authors to create Adobe® PDF files that automatically
certify to the recipient that the author's identity has been verified by a trusted
organization, and that the document has not been altered in any way. According
to Adobe, CDS is the first broad implementation of PKI based document-validation
technology, and anyone using Adobe Reader (6.0 or higher) can easily take advantage
of it. With CDS signatures, trust is built-in to the Adobe Reader
and no additional software download or configuration is required by the recipient
of a certified document in order to validate its authenticity. CDS signatures
help ensure the highest level of document integrity because the user's digital
credentials must be stored on a cryptographic hardware device, and they must be
issued by a WebTrust certified authority using strict verification guidelines.
For more information, visit Adobe.
Third Party Credentials: Adobe® users can also
easily create third party digital signatures by using an Adobe partner such as
GeoTrust's True Credentials® for enterprises or GeoTrust's My Credential®
for individuals. For more information, visit GeoTrust.
Certification Authorities
A Certification Authority ("CA") (see list on LeapLaw's
E-Commerce
Connection) or digital signature escrow service is a third party verification
entity used in the administration of PKI issuance and distribution. CAs are licensed
by individual states and are responsible for issuing keys and verifying the identity
of an individual's or organization's public key. Certain states provide statutes
and registration requirements for certification authorities.
Cybernotaries
The concept of the "cybernotary" will perform two functions
in international business transactions. First, the cybernotary (an attorney-notary)
will be authorized to authenticate that the terms and execution of documents are
in accordance with the law under which they are governed, and are therefore given
full legal effect. This is an affirmative requirement for many transactions in
foreign civil and common law jurisdictions. Second, the "cybernotary"
will be a hybrid of the typical notary who would also possess the authority and
responsibility to perform all the standard acts of a notary in countries which
follow the Romano-Germanic civil law tradition by electronically certifying and
authenticating all elements of an electronic commercial document necessary for
its enforceability under United States and foreign law. A cybernotary
uses digital signatures to certify the identity of a person or entity originating
a commercial message, thereby preventing the originator from later repudiating
the message (attestation and registration). Therefore, a cybernotary will need
to possess expert knowledge of information security technology. For
more information, see ABA
Cybernotaries. Electronic Notary Public Although
state laws vary, generally an electronic notary public completes the notarial
act without the imprint of the notary seal if all of the following apply: 1.
The electronic message or document is signed pursuant to the applicable state
law in the presence of a notary.
2. The notary confirms that the electronic
signature on the electronic message or document is verifiably the electronic signature
issued to the signer.
3. The notary electronically signs with an electronic
signature that is consistent with the applicable state or other applicable law.
4. The following information appears: - The notary's
full name and commission number exactly as it appears on the notary's commission.
-
The words "electronic notary public", "[NAME OF STATE]" and
"my commission expires on (date)".
- The address of the
notary's principal place of contact exactly as it appears on the notary's commission.
-
The notary's e-mail or other electronic address exactly as it appears on the notary's
commission.
Additional Resources: ABA
Digital Signatures Tutorial ABA
Cybernotaries Adobe
Certificate Document Services LeapLaw's
E-Signature Best Practice Summary |