Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Linux-based rifle scope lets beginners hit targets a quarter mile away, view results on free iPad Mini
Dell dumps OpenStack and VMware for public cloud, focuses on private clouds
Amazon Web Services gets FedRAMP certification for US government cloud use
Skill shortages? Not if you pay or train
Bit9, FireEye, Palo Alto Networks team to hit zero-day malware
Aruba Networks latest to unveil 802.11ac access points
IT on the fly: The art of quickly building, then dismantling
Pressure mounts for building in security during application development
Corning taps into optical fiber for better indoor wireless
Yahoo on Tumblr: We won't 'screw it up'
How VMware will try to shake up the cloud market this week
Peculiar malware trail raises questions about security firm in India
Reddit IAmA this week to feature Ethernet inventor Bob Metcalfe
US Defense Department approves Apple's iOS devices for its networks
Canadian Tire forgoes BYOD, issues BlackBerries to workers
Smartphones take center stage in two-factor authentication schemes
Researchers uncover new global cyberespionage operation dubbed Safe
iPhone 6 rumor rollup for the week ending May 17
Newvem expands to monitor Azure and Amazon clouds
Forrester: Windows 8 faces uphill battle as corporate desktop
iPad 5 rumor rollup for the week ending May 16
Former Amazon cloud engineer spills to Reddit audience
/

The pen is mightier than the electronic signature

By In the Works . Paul Hoffman
Network World, 07/24/00

It's not often that you can get Internet legislation passed nearly unanimously in both Congress and the Senate, then signed with a flourish by the president. To some people, such a law must seem a truly wonderful thing, sure to bring peace and harmony and increased profits through e-commerce. To the rest of us, it's a sure sign the law doesn't do anything useful. Such is the fate of the new Electronic Signatures in Global and National Commerce, dubbed the E-Sign law.

The first tip-off to security experts that this law might be less than it seems is in the title. Notice that it uses the word "electronic" instead of "digital." A quick review of the law shows that, in fact, the new signatures do not have any security associated with them. This means that when you sign a document, you have no assurance that what you are signing is in fact what you think you are signing. Furthermore, the person receiving the signed document has no assurance that it was in fact you who signed the document.

In other words, a contract that is "signed" with an electronic signature is worth less than one on paper. It is approximately as valuable as an oral contract, where either party can later claim to have heard or said something different than what the other party says. If you sign a document by clicking on a button in a Web form, or even by sending e-mail, the receiving party can easily claim that what you clicked on or sent is different than the copy you kept on your hard drive.

Unfortunately, the E-Sign law is probably just another FEFL (full employment for lawyers) action by Congress. They could have easily done the right thing by saying that only digitally signed agreements, using the kind of security Network World readers have been using for many years, were legally binding. Crafting such a law isn't easy, but it's not impossible, either. It is certainly too soon to say "all digital signatures must use Secure Multi-purpose Internet Mail Extensions" or "all digital signatures must use Pretty Good Privacy," but a reasonable law could simply state "all digital signatures must use industry-standard formats and best practice security policies."

The general state of glee among those passing the bill was probably due to the promises of the lobbyists supporting the bill that this will be "good for e-commerce." That's not likely, given that the result will surely be less-than-scrupulous e-commerce sites starting to claim that users "signed" contracts that the users don't remember signing. Of course, these sites will have copies of the Web pages that the user clicked "OK" on, but nothing other than logs to prove the signature. This will end up in the newspapers, and maybe even the courts, and the result will probably be that most of the less-savvy users will trust e-commerce less than they do today.

RELATED LINKS

Hoffman is director of the Internet Mail Consortium and the VPN Consortium. He can be reached at phoffman@imc.org.

Hoffman is director of the Internet Mail Consortium and the VPN Consortium. He can be reached at phoffman@imc.org.

In the Works archive


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.