E-signatures provide assurance and efficiency…but what about independence?
By John Harris
With the 1998 implementation of the Government Paperwork Elimination Act, the United States government made clear its intentions to become more efficient and save taxpayer dollars by reducing its dependence on paper documents.
However, nearly two decades later, many state and local governments are still hesitant to transition away from paper. That’s partly because of a perceived (and unwarranted) lack of security, even though most realize that continuing to rely on paper is inefficient, expensive and burdensome to constituents. Aside from the time wasted when constituents come to a government office to sign a document, the costs to print, copy, process, file, store and ship paper documents can eat up many thousands, or even millions, of taxpayer dollars.
A transition to digital files could solve these problems, and the right compliance strategy can assure that a digital system is actually more secure than a paper-based system. In fact, digital documents validated by e-signatures can serve as the evidence, ceremony and approval needed for government transactions – at a fraction of the cost of a paper system.
Security That Meets Government Requirements
The Uniform Electronic Transactions Act, the model for 47 states nationwide, provides a legal framework for using e-signatures and digital records in government and business, though it is fairly broad in nature. In fact, a few states previously developed more stringent regulations. For example, California, Illinois and Arizona require that e-signatures on public documents be backed by digital certificates issued by a state-approved certificate authority. These digital certificates certify ownership and control of a public key used to validate the authenticity of an e-signature.
But no matter what specific regulations apply, government officials have a duty to protect the evidence behind e-signatures on public documents. Technologies that can facilitate this include:
- Tamper-evidence: Tamper-evident technology identifies any changes to a document or an e-signature, alerting readers to potential fraud or other elements that may compromise the document’s validity.
- Identity authentication: Formally vetting a signer’s identity may be required in some jurisdictions, and this process always improves e-signature security. Such methods can scale from a simple identity authentication method, such as sending the signer a link in an email that must be clicked for the transaction to continue, to high-level Knowledge-Based Authentication (KBA), in which signers must correctly answer multiple choice questions about personal data drawn from public databases, such as automobiles owned or former home addresses.
- Audit trails: Comprehensive audit trails provide complete, transparent tracking of evidence from the first signature on. Such evidence includes important moments in the e-signature’s history, such as proof of user authentication, acknowledgement of receiving the document, agreement to use an electronic signature, party information changes and cancellations or opt outs. The audit trail contains any evidence needed to legally verify an e-signature.
Independent Versus Dependent E-Signatures
Though there are many ways one can classify the technologies used to create e-signatures, a useful way to differentiate them is to think of them as being in one of two columns – those that are dependent on an e-signature vendor for verification and those that can be verified independently of the vendor. The difference between the two significantly impacts the longevity, transparency, control and safety of the signature and document.
Independent e-signatures are designed to outlast technology trends, because they are based on international, published standards. Even if these standards change, because they are published, it will always be possible to access the e-signatures and validate them. Dependent e-signatures, however, are often based on a vendor’s proprietary standards, which may not endure the test of time and, since they are not in the public domain, may not be always accessible in the future.
In addition, an independent e-signature and its cryptographic information are embedded directly into the PDF document itself, so that evidence of validity is completely transparent and accessible both immediately and for the long-term, online and offline. It is self-contained.
A dependent e-signature, in contrast, must link to the e-signature vendor to access evidence of its validity, which presents two security challenges. One, a broken link will make the evidence inaccessible, making long-term validation problematic. Two, the evidence is only available online, so proving a dependent e-signature’s validity is neither convenient nor immediate in all situations.
As such, independent e-signatures provide a much higher level of ownership and security. Just as with paper, you are in control of the documents and the signatures. Should your relationship with your vendor change, it will not impact your ability to gain access to documents, signatures and the associated legal evidence.
Beauty is in the Eye of the Taxpayer
Secure, independent e-signatures offer government agencies and offices the freedom and ease of digitally handling most transactions that require a signature – from change of address forms to tax documents. Because a digital system is much easier to automate than a paper-based system, government employees who were formerly shackled to managing mountains of paper can be deployed in ways that more directly benefit constituents. And constituents are able to interact with government agencies remotely and on their own schedule, freeing them also to be more productive, or to simply have more free time to enjoy.
Consider San Diego County, nestled in the southwest corner of California and home to approximately three million people. When the county government initiated a pilot program in 2013 to use e-signatures for change of address forms, it was estimated that around 10 percent of citizens accessing the form would adopt the technology. In the first three months of deploying the e-signature-based system, its ease of use led to 60 percent of those changing their address to use the online system. Today, that figure stands at about 75 percent each month. Not only is user satisfaction high, the county is also saving more than $225,000 a year just by transitioning this one process from paper to digital.
Can a switch from ink to e-signatures mean significant gains in efficiency, cost savings and constituent service? No doubt. Can it be done without compromising the security of public information and while maintaining all the evidence you need to prove the signatures took place? Absolutely – as long as you establish and follow the right policies and assure that your e-signature vendor incorporates strong, long-lasting security measures into its technology, such as those typically employed by an independent e-signature company.
John Harris is the senior vice president of product management at SIGNiX, a Chattanooga, TN-based electronic signature solutions provider that makes signing documents online safe, secure and legal for any business. SIGNiX offers the only independently verifiable cloud-based digital signature solution, which combines workflow convenience with superior security. Learn more about what makes SIGNiX different at www.signix.com.