Are eSignatures Secure?
The pandemic accelerated trends towards working from remote locations more often and with more flexibility.
Many business activities that require people to work together have matured in the virtual world. Even so, signing contracts requires a high level of trust and security that needs to be fully understood when using a virtual process.
Electronic signatures are an important development for all businesses navigating their way forward in the post-pandemic era. This article explains the levels of electronic signature security.
For semantic clarity, electronic signatures – commonly called “eSignatures” – are easy to use but less secure than using “digital signatures” which use encryption techniques.
Using an eSignature when a more robust form of signature documentation is required is an easy mistake to make. This article will help your company address this issue.
DocuSign™ and Adobe™ :
For this article, we are leaning on information provided by DocuSign because they are the largest enabler of digital signatures. Roughly 61% of all digital signatures are enabled by DocuSign’s software.
DocuSign and Adobe are intertwined because the vast majority of documents that require a digital signature are circulated as PDFs but Adobe’s own signature solution called “Adobe Sign” has less than a 5% market share.
For readers of EO Advisor, using DocuSign and Adobe PDFs together is the easiest way to gain signatures on documents using a virtual process. The probability that all parties will already be able to use DocuSign and Adobe software is very high.
Levels of Security for Electronic Signatures:
There are different levels of security that can be leveraged when executing documents that require signatures. By design, the simplest agreements can be signed using an easy process while the most sophisticated contracts require a lot more effort and complexity in pursuit of security and authenticity.
Level 1: “eSignatures”
For many simple agreements, eSignatures are fine. For example, if your company is interviewing job candidates and wants the candidates to sign an NDA, an eSignature is sufficient.
This is the level of eSignature most people have already experienced. DocuSign claims that “hundreds of millions of users” have signed agreements with an eSignature. Basic sales contracts and job offer agreements are signed this way. During the pandemic, most of the home buying documents that the buyer needs to sign before the closing have been handled with eSignatures.
If there is very little financial motivation for a bad actor to misrepresent the signature on a document, and if there is very little basis for a lawsuit over disagreements, eSignatures are commonly used.
If your company is not already using basic eSignatures, you want to have this capability and you can get started HERE.
Level 2: Digital Signature Keys:
Many contracts are too important to rely on simple eSignatures because they must hold up in court, they disclose financial and proprietary information, and the level of privacy protection needs to be much higher.
When we need to be absolutely certain that the person signing a document is who they say they are and when we want to be sure that their signature is legally binding, we need to use digital signature keys.
Digital signatures are encrypted using Public Key Infrastructure (PKI). A “public” key is created for the distributor/verifier of the document and a private key is created for each signer of the document. The keys use algorithms generated by software that will match the public and private keys in order to guarantee that the signer is exactly who the creator of the document thinks they are:
DocuSign calls this level of security Advanced Electronic Signatures (AES).
Some companies today are using eSignatures for virtual contracts that should be protected by the higher level of security and authenticity that comes with the use of a digital signature key. Make sure your company is not making this mistake.
Level 3: Digital Contracts with Notary Public Requirements:
For contracts that require a 3rd party (a Notary in most cases) to acknowledge that the signers of a document are who they say they are, the digital signature key process needs to be integrated with real time streaming video content that shows who all of the participants are.
DocuSign refers to this situation as Qualified Electronic Signatures (QES). Companies that work with DocuSign for their AES needs will have the support necessary for specific situations where Notary Public documentation is needed.
To be clear, situations requiring a Notary are still more commonly handled in a real-world environment instead of a virtual environment but business is changing and bringing people together physically is time consuming and expensive in many situations. We believe that QES will grow in the post-pandemic work environment.
Level 4: Smart Contracts:
Smart contracts are growing in popularity with large enterprises executing very big and complicated financial agreements that need to evolve over time. For example, contracts to buy, ship, refine and distribute oil around the world are managed using smart contracts.
Imagine a contract for buying, selling and distributing oil that keeps track of where all of the oil in the contract actually is in the physical world in real time. Smart contracts do that. The oil industry depends on them today.
Few readers of EO Advisor need smart contracts right now but this article would be incomplete without addressing them. This is the future and it’s coming quickly – if you are in the healthcare industry, for example, smart contracts may emerge soon as a universal solution for managing patient data.
Imagine a “contract” that is defined by an individual human being that keeps track of everything related to their healthcare as they move through life. Health data, insurance, transactions, doctors, hospitals, privacy laws and protocols, and everything else that’s relevant all connected to a “contract” that is unique and inviolably connected to one human being. Some countries with nationalized healthcare programs are issuing RFPs for this type of smart contract solution today.
A smart contract is built using a blockchain. Today, if you ask 1000 people about cryptocurrency you will get 1000 different opinions, but the fact of the matter is that Ethereum is a purpose-built cryptocurrency designed to make the creation of smart contracts efficient and useful. Ethereum is purpose-built cryptocurrency for very complicated transactions and it has been widely adopted already.
Given the speed of digital evolution, smart contracts will probably be useful for businesses of all sizes in the near future. But right now, the critical requirement for all businesses is to leverage eSignatures for simple agreements while making sure that they are using digital signature keys for more robust contracts.