More than patriotic: Independent e-signature technology

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By Pem Guerry
 

Connecting state and local government leaders

By Pem Guerry

|

No one denies that John Hancock signed the Declaration of Independence. An e-signature should provide same irrefutable verification for centuries to come.

As agencies adopt electronic document software in the continuing digitalization of government services, they must source the right technology to assure that what is signed electronically today is still valid 25, 50 or 100 years from now. Just as no one denies that John Hancock did, in fact, sign the Declaration of Independence, e-signatures must provide irrefutable verification for centuries to come.

Because the definition of a compliant “electronic signature” under the Electronic Signatures in Global and National Commerce Act and the Uniform Electronic Transactions Act is relatively broad in nature, e-signature architecture varies across solutions. Most e-signatures can fit into one of two varieties: independent and dependent.

Independent e-signatures

Independent e-signatures are defined by the autonomy and freedom associated with their technology. Also referred to as “digital signatures,” independent e-signatures directly and permanently embed into the signed document itself the signature’s advanced cryptographic information, which holds the legal, digital evidence of a signature.

Wherever the digital document goes, so goes the signature and the data to certify the signature. Independent e-signature technology uses published standards and  public key infrastructure (PKI) to show documents are indeed valid and unchanged. As such, any free, dedicated PDF viewer can display not only a visual representation of the signer’s signature (a drawn signature or font-based signature), but also the digital proof of that signature, even offline. Any changes to the document or signature are immediately detectable, even years after the signing occurred. Therefore, proving the integrity and provenance of an independent e-signature is not dependent on a vendor, signer or any proprietary technology.

Published rules governing PKI require that the owners of private keys maintain the secrecy of those keys so no one else can reproduce the signature, meaning independent e-signatures are unique to each individual signer. Cloud-based systems can now manage those keys transparently, eliminating the complexity historically associated with that task.

Finally, through comprehensive audit trails, independent e-signature technology also tracks and records all data relevant to the signing process from its inception – including signer authentication, document presentation and all signing and other data input events – with a highly granular level of monitoring and tracking that enables a high level of self-sustaining, legally defensible evidence that will support an e-signature’s validity for the long term.

Dependent e-signatures

Dependent e-signatures, by contrast, do not include the same advanced evidence or cryptographic technology. Existing outside of PKI and published standards, their framework is much more loosely defined, which can present challenges to a signature’s long-term legality.

Dependent e-signature solutions often apply images of a signature (or a representative text) to an uploaded document. While that image of a signature may travel with a document, the digital evidence that supports the validity of the signature does not. Instead, a web link ties that image back to an e-signature vendor’s server, accessible by an Internet connection.

While a dependent e-signature may look and feel much like an independent e-signature to a signer, its fundamental shortcomings can present significant legal challenges to those relying on the e-signed documents.

For one, links fail over time. “404 Not Found” errors are commonplace on the Internet, and if such errors occur within the scope of a document’s life cycle, the signature may be found to be invalid.

And while there are a number of published international standards in place for independent e-signatures – such as ISO 32000-1 (PDF), X.509, RSA and DSA – there are essentially no guidelines in place for dependent e-signatures. Many e-signature vendors use proprietary technology that may not be discoverable or accessible in the future.

Deploying e-signatures in the government space

For the scope of government work, transactions and processes, independent e-signature technology provides the highest level of assurance. E-signatures could be used to authorize housing agreements, employment contracts or procurement bids, and so they may need to be legally defensible for many years. In fact, the technology behind these signatures is already part and parcel of many federal government programs, including the Common Access Card (CAC)  and Personal Identity Verification (PIV) card systems.

By maintaining independence within e-signature technology, government agencies can:

Exercise control: Government offices control where documents reside and can access evidence offline if needed.

Promote long-term thinking: With adherence to international, published standards, e-signature evidence will always be discoverable.

Keep evidence in plain sight: Providing immediate and complete access to evidence, independent e-signatures offer the highest level of transparency over the signing process, which ensures that signatures and documents maintain their integrity.

Assure safety: Because of the above, there is a decreased risk of signatures being compromised by external factors, like hackers, technology obsolescence or changing vendor relationships.

Independence is a revered concept in all levels of American government. In an age where so many processes are becoming increasingly dependent on the Internet and web-based services, it provides an impetus to use efficiency-driving technology like e-signatures without being tied to any one technology or business.

NEXT STORY: NIST drops NSA-backed random number generator

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.