Electronic signatures or digital signatures: What does my organization need?
Digital Signature May 28 Resolve Tech Solutions
Quite frequently, one comes across the phrases electronic signatures and digital signatures being used interchangeably. But are these two equivalent? And if not, which of these should organizations adopt as they start their journey towards a paperless office.
The legal interpretation of electronic signatures
In the United States, the laws governing electronic signatures are the Electronic Signatures in Global and National Commerce Act, more commonly known as the ESIGN Act; and the Uniform Electronic Transactions Act (UETA). Both these acts define an electronic signature as:
An electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
The acts do not mandate any specific technology for the creation of an electronic signature. Instead, the laws focus on improving the acceptance of electronic signatures in business and commercial transactions.
Given that underlying technology implementation of electronic signatures is not prescribed, what does constitute an electronic signature? Some examples include:
- Pressing an Agree / Disagree button at the end of an electronic form or web page
- Authorizations using a biometric identifier such as thumbprint or a face scan or retinal scan
- A handwritten signature that’s captured on a touch device or a signing pad
It is important to note that all these techniques are acceptable as electronic signatures only from a legal standpoint. There may be more significant functional concerns when setting up signing mechanisms in electronic systems. For instance, the process of signing a digital document should ideally make that document tamper-proof – lest the document is modified after being signed off. This is where digital signatures come in.
Digital signatures: what and how?
While electronic signatures are a legal concept, digital signatures are an implementation technique. Digital signatures are a form of electronic signatures that are unique to both the signer and the signed document.
Digital signatures rely on the mechanism of public-key cryptography. Once a user has enrolled on a Public Key Infrastructure (PKI) network, they can sign documents using their private key. A mathematical algorithm computes a hash of the document and encrypts it using the user’s private key as a cipher. This encrypted hash is effectively the digital signature: a timestamped digital fingerprint that is embedded within the signed document. Recipients of the document can validate the document using a public key: this mechanism verifies if the digital signature indeed corresponds to the source document. If the document in question were tampered with, the digital signature validation would fail, and the recipients would be alerted about the invalid digital signature.
Electronic signatures can be implemented in a variety of ways while digital signatures are a specific technique that makes use of public-key cryptography. Electronic signature solutions such as DocuSign’s Agreement Platform typically use digital signature technology as the backbone for signing workflows; additionally, they also allow techniques such as In Person Signing which accommodate users who may not be on the DocuSign platform (and thus do not have their public & private keys set up).
For organizations taking the first step to adopting electronic signatures, they should evaluate what implementation techniques solution provider uses and whether it serves their needs for adequately verifying the integrity of signed documents and transactions. While digital signatures are a robust mechanism to sign static documents, the average enterprise user would greatly benefit from a user-friendly electronic signature solution, such as the DocuSign Agreement Platform, to get started with e-signing.