Ken Moyle, DocuSign’s Chief Legal Officer, recently taught an online CLE (Continuing Legal Education) class, E-Commerce 2009: The State of the Law of Electronic Signatures and Records.

In addition to his role at DocuSign, Ken also serves as the Chairman of the Public Policy Committee for the Electronic Signature and Records Association (ESRA) of Washington D.C. Ken discussed information on the state and federal statutory framework, case law and regulatory updates. He also dispelled myths on evidence and proof, provided practice tips and shared practical considerations associated with electronic signatures and records.

CLE Course Highlights include:

• Statutory framework (state and federal) including Washington’s non-uniform statute
• Case law update
• Regulatory update
• Evidence and proof (dispelling myths)
• Practical considerations
• Practice tips

This course, offered through the Washington State Bar Association, was delivered to participants via hour-long webinar. As electronic signature technology evolves, understanding the legal landscape around electronic signatures and records positions you well to understand the implications and benefits of adoption electronic contract execution services. For more of Ken’s thoughts on electronic signature, online contract execution, and public policy, take a look at his previous blog posts.

I was just reading Schneier on Security, a blog on security and security technology. According to Schneier, the security of a purple process is sorely lacking:

“It’s trivial to cut and paste — with real scissors and glue — anyone’s signature onto a document so that it’ll look real when faxed. There is so little security in fax signatures that it’s mind-boggling that anyone accepts them.”

In another post from his archives, Schneier commented on the story of a prisoner being freed from jail on the basis of a forged fax – a fax was sent to the jail, stating that a decision had been reached to release the prisoner immediately. Because faxes are treated as if they were original documents, people do accept fax signatures and do so all the time. However, faxes lack authentication mechanisms of original documents, such as letterheads, watermarks and signatures. We also have the issue of unsecured data within the fax process, such as exposed credit card numbers, personal contact information and other potentially sensitive data.

Security Considerations of a ‘wet’ Signature:

• Is unique to the signer, but each one may look slightly different
• May not be known by the recipient, so there is no certain way to rely on it
• Is subjective in that handwriting experts can indicate ‘likelihood’ that it belongs to a given individual, but it is often arguable
• Can be easily copied and used on other documents via “real scissors and glue”
• Does not ensure the underlying document has not been modified
• Has to be physically moved around, as in faxed

What if Security Were Highly Important to You?
DocuSign’s electronic signature and online contract execution process captures the identity of the party to the agreement, generally via an email address associated with the individual. DocuSign also captures the individual’s consent to use electronic signatures and adoption of a GUID/Symbol combination. This combination serves as the individual’s signature which can then be applied to an unalterable document with a unique envelope ID number. Combine the above with an audit log of the sending and signing process with a hash value to the actual image of the signed document, you have a process that would take more than cut-and-paste to fake. DocuSign can issue a digitally signed (sealed) electronic record of the transaction for true reproduction of the electronic version of the document. Eliminating the manual document handling eliminates data leakage via fax in the physical world.

Security Considerations of a DocuSign Signature:

• Both the visible and invisible aspects of the signature are completely unique to the signer and cannot be copied
• Arrives with evidence about the signer’s identity such as email, IP address, authentication information, time stamps, etc.
• Is not subjective, as experts can easily determine from the extensive audit log exactly who signed, when they signed, and where they signed on the document with evidence.
• Cannot be copied anymore than a picture of the Mona Lisa is the actual Mona Lisa
• Affirms the fact the underlying document has not been modified
• Does not have to be physically moved, as it is electronic

In our ‘mock trials’ the judge indicated that if a person wanted to commit fraud, the first thing they would do is to request a paper transaction because

How important is your and your customers' data?

Image courtesy of flickr user L.Marie under Creative Commons. v