Smart Cards Only Meet Two Out Of Five Legal Requirements
President Clinton's e-signature may not be legally binding
Montreal, Qc, July 7, 2000 — If the smart card used by President Clinton to electronically sign the Electronic Signatures in Global and National Commerce Act (E-SIGN) wasn't combined with electronic signature capabilities to provide both permanent data authentication and clearly demonstrate a signer's intent, it did not duplicate the legally binding features of a traditional handwritten signature, announced Silanis Technology Inc. President Tommy Petrogiannis today.
Responding to reports stating that White House lawyers have been debating the legally binding status of Clinton's electronic signature, Petrogiannis said that without additional features, the card only met two of the five legal requirements of e-signing outlined by the American Bar Association and State Legislation prior to E-Sign's passing.
"This is a concern for both consumers and businesses," said Petrogiannis, a developer of electronic approval management software. "E-Sign doesn't outline what specific legal requirements need to be met in order for those signatures to stand up in a court of law and protect users. As a result, the Act leaves the door wide-open for vendors to enter the market with products that don't meet signing expectations and therefore increase the likelihood of fraud."
Smart cards, PKI-based digital certificates and biometrics only provide a digital method of identifying the signer, Petrogiannis explained. Aside from being unique to a person and verifiable as belonging to a specific user, electronic signing must also permanently attach the e-signature to data in such a way that it authenticates both the attachment of the signature and the integrity of the data transmitted. This requirement is critical for ensuring that data cannot be modified or signatures used fraudulently.
To verify the integrity of a signed document and attached signature, smart cards, digital certificates and biometrics must therefore be combined with an electronic signature application. An electronic signature application permanently embeds a token along with the digital signature and compares the original document with the contents of the document each time it is opened by a recipient. If any changes are detected, the e-signature becomes visibly invalidated.
The process by which a person electronically signs must also reproduce the same intent as a signature affixed by hand. In a traditional signing act, intent is shown each time a person applies wet ink to paper. In the electronic world, intent is demonstrated when a person performs an act at the moment of signing, such as entering a private password, to apply an e-signature to a document. By entering his password, the person is indicating that he has read the contents of the document and that he agrees to be bound to it.
Smart cards, digital certificates and biometrics do not necessarily require that users perform an act each time they attempt to sign. After logging in to a system with their electronic identification for the first time, e-signatures can then be automatically or accidentally applied to documents. In contrast, electronic signature applications require individuals to input a personal password or biometric pattern each time they sign. In addition, unlike these other technologies, electronic signature applications also include some form of visible mark, like the image of a person's handwritten signature or a time stamp, to illustrate a person's intent towards a document.
Finally, a signature must be under the sole control of the user. Although the password and biometrics pattern are unique and only known to the person using them, once a system is accessed for the first time, it can be left open on an individual's computer for anyone to use. This means that other people could fraudulently sign in the name of the true owner. By virtue of the fact that electronic signature applications require a person to enter a private password each time he signs a document, fraudulent use of signatures is extremely difficult to achieve.
Electronic signature technology, such as used in Silanis's ApproveIt software, meets all legal requirements for signing and is capable of working with any type of digital identification such as digital certificates, smart cards and biometrics. ApproveIt's heightened signature and data authentication features are being used by over 100 U.S. government agencies, including the Joint Chiefs of Staff, the Military District of Washington, the State of Florida, Kansas Department of Transportation, USAMISSA – a component of the US Army MEDCOM – and NORAD Space Command.
Founded in 1992, Silanis Technology Inc. develops ApproveIt, the industry's first and only multi-signature electronic approval management software. Over 400 organizations use Silanis products in government, business, insurance, medical, and health care sectors, including the US Joint Chiefs of Staff, TRW, Williams Group, Nationwide Insurance, and National City Bank. Silanis software is recognized for its mature feature set, security, ease-of-use, and simple integration.