What’s in a name?
When it comes to knowing the difference between a digital signature and an electronic signature, the distinction is important. And while it’s easy to become cavalier about interchanging them, it’s technically not a choice between one or the other.
Rather, it’s better to look at the concept of e-signatures as a broad category that includes digital signatures.
Electronic Signatures Encompass Many Formats
Today, we take it for granted that we can quickly authorize transactions or give individuals or companies permission to act on our behalf without physically signing a piece of paper. As the Internet and e-commerce have driven the need for a speedier way of approving contracts and moving business forward, gone are the days of couriering or faxing back documents.
However, the fax machine is in a sense an early transmission method of electronic signatures. In the 1980s, it became acceptable for time-sensitive documents to be signed and faxed; the copy of a signature written on paper but sent as a scanned image became a legitimate electronic signature.
With the growth of the commercial Internet in the mid-1990s, technology to support electronic signatures began to gain traction, and the definition of what constitutes an electronic signature has been broadened and formalized. Signing your name on a handheld device when a courier delivers a package is an obvious example, as is entering your PIN into a bank machine or making an agreement via email.
The law also began to catch up with electronic signature technology. The UNCITRAL Model Law on Electronic Commerce published by the United Nations in 1996 influenced the global development of electronic signature laws, and led to the creation of the UNCITRAL Model Law on Electronic Signatures in 2001.
How an electronic signature is defined does vary from country to country. In the United States, the legal definition outlined in the Electronic Signatures in Global and National Commerce (ESIGN) Act is “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” ESIGN was enacted in 2000 to facilitate the use of electronic records and electronic signatures in interstate and foreign commerce.
The Digital is in the Details
People often interpret “electronic” and “digital” as synonyms, but when it comes to signatures, they are not equal. The ESIGN legislation, for example, includes a definition of “electronic” as “relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.”
The accurate way of defining a digital signature is as a type of electronic signature, with its primary distinguishing characteristic being a deeper level of security. And while electronic signatures are outlined by legal nomenclature, digital signatures are mathematical, and go beyond the stroke of a stylus on a handheld device.
Digital signatures have three components: authentication, non-repudiation, and integrity. This ultimately means it’s possible to track whether a document with a digital signature has been tampered with. They are also unique to each signer.
A key supporting technology for digital signatures is public key infrastructure (PKI). Its history goes back to the 1970s, but it wasn’t until the 1990s that PKI became widely known as a means to secure electronic communications. It can be complex to implement, but the methodology has been widely adopted internationally because it adheres to an agreed upon security standards.
What ultimately makes a digital signature different from just an electronic signature is independent verification, and the ability to audit it to see if it’s been tampered with. An electronic signature doesn’t have the same level of security.
Secure Sign Off in a Paperless World
As organizations look to do less on paper, digital signatures will become increasingly commonplace. Companies should also standardize repeatable processes, whether they deal mainly in one-time transactions, like getting non-disclosure agreements signed, or frequently used ones, such as bulk-signing invoices. Healthcare organizations are recognizing electronic signatures as equal to those on paper, reducing the amounts of paper that must be stored while remaining compliant; supply chains moving to support real-time fulfillment and inventory updates will not want to be slowed down by paper-based authorization.
Ultimately, cyber threats will continue to escalate as businesses continue to go digital, and they will require digital signatures with encryption to protect data and streamline operations to be competitive.