What Is an Electronic Signature?
As mentioned above, an electronic signature is technically data about data that proves a person’s intent to sign something, whether it is a legally binding contract, such as a lease or rental agreement, or something else like a timesheet, invoice, or insurance contract. Electronic signatures have been valid in the court’s eyes for quite some time, and have come into common use as more and more data is transmitted from one place to another electronically. However, not all electronic signatures are the same, so it’s important to understand a few key differences before you start using e-signatures to sign everything that comes your way.
The Technology Behind Electronic Signatures
According to the ESIGN Act of 2000, “The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” What’s important in that definition is the phrase “with the intent to sign the record,” because in order for an electronic signature to be valid, a process needs to be in place to capture and retain proof that the signature was rendered with intent. That’s where technology comes in.
How Digital Signatures and Electronic Signatures Differ
It’s also important to understand that the terms ‘electronic signature’ and ‘digital signature’ may be used interchangeably, but they are not the same. A digital signature is a cryptographic technology used to verify and record the intent to sign when an electronic signature is used. The most common way digital signatures do this is with Public Key Infrastructure (PKI). The best way to think of PKI is to consider having two keys that you only use when signing important documents. One key belongs to you exclusively and no one else can access it. In order to obtain that key, you have to provide proof of who you are either using your own security certificate or through someone (like a third-party signing provider) who holds a security certificate. When you create an electronic signature, you can then lock the signature with that key. When you lock the signature, information is captured, including who you are, how your identity was verified, a timestamp, and a long number (called a hash) that is associated with the second key. When you send the electronic document, with your electronic signature on it, the recipient also receives the second key—called a public key. If the key is used in a mathematical equation to determine a number of things including if the number your key generated matches, if the recipient is authorized to access that document, and if the document has been tampered with in any way since you signed it. If everything matches then the signature is considered a valid, legally binding signature. If, on the other hand, if something doesn’t match or the document was tampered with, the signature becomes invalidated. Attached to that signature is the data that is required to prove your intent to sign and your identity so that if there is ever a legal question about your signature on the document, it can be proven in court that your signature is binding. Knowing all that, it’s also important to understand that not all electronic signatures are the same, nor do they have the same level of security.
Different Types of Electronic Signatures
There are three common types of digital signatures:
The process described above for creating an electronic signature is one that is commonly used by electronic signature providers such as DocuSign and HelloSign. It’s what is called an Advanced Electronic Signature (AES) or a Qualified Electronic Signature (QES). It’s the most secure type of electronic signature available. A step down from that are basic electronic signatures, which are still protected by cryptographic key, but rather than you personally holding one key while the recipient has the other, your key is held on an electronic server. These are considered witness signatures, and documents are still protected from tampering or changes once a signature has been applied, but the cryptographic element used isn’t necessarily PKI. The least secure method of electronic signatures is the click-to-sign method. Essentially, it’s providing a tick in a box, a scanned image of your real signature, or a typed name as a method of signing. These types of signatures are often not protected by any cryptographic method, which means the document can be changed once the signature is applied.
Electronic signatures are a great way to quickly sign important documents without the hassle of having to be somewhere in person or the wait of having to send a signed document through the mail or a carrier service. As long as you know the basics, you can use electronic signatures confidently, knowing that your signature is still a binding agreement.