1. Electronic Signatures Vs. Digital Signatures: Two Dissimilar Things In A Pod

    by Benjamin Bourdon, Esq.
    Legal Counsel

    Those that do not have a reason to know the differences between electronic signatures and digital signatures could reasonably conclude that they are the same thing. Or, they may have a vague notion that there is a technical difference, but that the difference is not significant to them. However, electronic signatures and digital signatures are very different things altogether. They have entirely different functions, and cannot be used interchangeably.

    A good deal of the confusion about the matter can be attributed to the words “electronic” and “digital.” Unfortunately, these two words are used in common parlance with an almost nonchalant disregard for context to the point that it’s almost silly to think that they don’t mean the same thing (they don’t – but that’s a discussion for another time). On top of that, these two words are being attached to the same word “signature,” which is a word that most people absolutely believe they understand completely (they probably don’t – but they probably do understand it well enough). Finally, when the terms “electronic signature” and “digital signature” are both used in the context of describing a process that replaces or substitutes for a traditional “ink on paper” signature, well…who else but a subject-matter expert wouldn’t reasonably assume that “digital signatures” and “electronic signatures” are the same thing?

    Definitions

    How, then, does an electronic signature differ from a digital signature? Before we can answer this question, we must define the terms precisely:

    • An electronic signature is an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.[1]
    • A digital signature, by contrast, is a secure digital code attached to an electronically transmitted message that uniquely identifies and authenticates the sender.[2]

    If you don’t think that those two definitions seem helpful at first, you’re not alone in thinking so. This article will hopefully illustrate exactly how electronic signatures and digital signatures are used to fulfill the functions of ink signatures and the formalities of certain practices associated with paper contracts.

    Signatures – Familiar Formalities

    It is almost universally understood that when a person signs a contract with a pen, that person agrees to its terms. In contract law language, that is an ‘unambiguous manifestation to assent to be bound.’ At that point, there is an assumption of a ‘meeting of the minds,’ and the contract is formed. However, we also know that contracts can be made in other ways – a handshake, an exchange of money, or a verbal agreement can be the basis of a contract. The contract “signature,” or stylized script written in ink by a person when that person intends the script to be a representation of that person’s agreement to the contract, is convenient because it is virtually universally accepted and understood, but it is of course limited to paper contracts.

    Electronic Signatures – More Familiar than You Might Think

    An electronic signature is merely the way a party “signs” a contract that is not a “paper” contract. A “sound, symbol, or process” can be, for example:

    • A voicemail message, or a recording made of a telephone order,
    • A PIN number used with an ATM card,
    • A password for an internet retailer’s website,
    • A signature made on an electronic signing pad at a retail establishment when paying with a credit card,[3] or
    • A person’s name typed at the end of an email message.

    A thousand and one other examples could apply. The point is that for most practical purposes an electronic signature on a non-paper contract serves the same purpose as an ink signature on a paper contract. The concept is not new, and electronic signatures have been recognized in U.S. law since the time of the telegraph.

    Trust and Verify…?

    Many who are nervous about the shift from the paper world to the paperless world have concerns about fraudulent uses of electronic signatures – hackers can guess a password, people will refuse to honor a contract made without signing anything, and so on. These concerns are valid to a degree, but largely rely on the misplaced belief in the inherent integrity of the “wet ink” signature – after all, who hasn’t heard of a forged signature? What is really at issue are the elements of authentication (WHO is signing) and nonrepudiation (WHAT is being signed).

    In the paper contract world, these same issues exist, but over time the way people transact with each other has evolved to make different signature practices applicable to different levels of trust and security. For instance, some contractees may require notarized signatures as proof of the identity of the signer. Similarly, some contractees may insist upon witnesses to the signatures on the document. In cases where a contract is many pages long, or where there are specific provisions in the contract to which specific assent is required, a contractee may be required to initial each page of a contract, or even several places on a single page. In the end, whether these additional formalities are effective or not, they do in some way speak to these specific and heightened concerns for authentication and nonrepudiation.

    Digital Signatures – Not Just a Signature

    This is where digital signatures are useful. A digital signature is not merely an electronic signature. A digital signature is a signature that can be authenticated as being that of the person who signed the record, and can also be used to verify that the record has not been altered since it was signed. This is typically done via electronic encryption and decryption using computer-generated pairs of “keys:” one “key” is the signer’s secret key (or “private key”), which is used to encrypt the record; the other “key” (or “public key”), which has no special security requirement[4], is used to decrypt the record. The record can be read by anyone with the public key, but the message can only be created (“signed”) by the holder of the private key. Thus, anyone with the public key would reliably be able to verify that: a) the person who “signed” the record, the holder of the private key, is the only person who could have signed it; b) everything that is contained in the encrypted record was agreed to, by the simple fact that it was encrypted by the private key; and c) the record has not been altered since it was encrypted, for if anything in the record had been altered, the public key could not decrypt the record. The strength of a digital signature, then, relies on two things alone: first, the strength of the encryption, which is a purely mathematical function and performed by computer; and second, the ability of the holder of the private key to keep his key private.

    This encryption is the entire point of digital signatures – in this way, you can see that it really isn’t useful to compare digital signatures and electronic signatures, because to do so would be like comparing apples to oranges. But after reading this article, not only the definitions at the beginning of the article but also the following should make sense:

    Like Apples and Oranges

    • One uses an electronic signature in almost the same way as one would use one’s ink signature. For contracts, an electronic signature is merely a method that two parties can agree upon to formalize a contract in electronic form, just in the same way that two parties can agree to sign a paper contract with a pen.
    • A digital signature is not so much a mere signature as it is an encrypted and signed document which: a) is accompanied by proof of the identity of the signer; and b) can be mathematically proven to be the precise, unaltered document that was signed.

    So, hopefully we can see now that a digital signature and an electronic signature are two different things that can’t really be compared in that one isn’t any “better” or “worse” than the other – they are simply two very different things that have very different uses. By way of analogy: when you purchase and finance a home for your family, you go to a specific place at a specific time for the closing, you bring with you a lot of documentation, you sign multiple papers in the presence of witnesses, etc., because these formalities are appropriate in these circumstances to ensure the integrity of the exchange. However, this type of formality is completely unnecessary when, say, purchasing a television. In both situations, you are accomplishing the same thing at a very basic and overly-simplified level: you are purchasing something. But yet it is that very over-simplification that illustrates why you can’t really compare the purchase of a home with the purchase of a television. You similarly cannot compare apples and oranges, and you cannot compare digital signatures and electronic signatures – they are simply two very different things that fulfill very different functions in today’s electronic (or “digital,” if you like) world.

    [1] ESIGN Act (15 U.S.C. 96)

    [2] Black’s Law Dictionary 657 (Third Pocket Ed. 2006)

    [3] Note that the image created by this act is a “digitized signature,” which is not the same as a digital signature.

    [4] It is, of course, possible to have two-way encryption security for digitally signed documents, but this is not necessary to verify the origin or integrity of the document as to a single signer.