ESIGN Signature

ESIGN

ESIGN provides that, despite any statute, regulation, or other rule of law governing any transaction in or affecting interstate or foreign commerce, a signature or other record may not be denied legal effect merely because an electronic signature or record was used in its formation. Most provisions of ESIGN took effect on October1, 2000. On March1, 2001, portions of the law governing record retention will become effective with respect to records required by a federal or state statute, regulation, or other rule of law administered or promulgated by a state regulatory agency, although state or federal agencies may extend that date to June 1, 2000.

ESIGN Signatures

Under ESIGN, the term "electronic signature" means an electronic sound, symbol or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. Again, no particular technology is required by ESIGN for electronic signatures. Instead, the law allows the parties to select the method of authentication that best suits their needs and security concerns. Both HIPAA and UETA provide more guidance on authentication of electronic signatures than does ESIGN.

HIPAA Electronic Signatures

Introduction to HIPAA Electronic Signatures

An electronic signature under HIPAA means the attribute affixed to an electronic document to bind it to a particular party. HIPAA electronic signature secures the user authentication (proof of claimed identity) at the time the signature is generated; creates the logical manifestation of signature (including the possibility for multiple parties to sign a document and have the order of application recognized and proven); supplies additional information such as time stamp and signature purpose specific to that user; and ensures the integrity of the signed document to enable transportability of data, interoperability, independent verifiability, and continuity of signature capability. Verifying HIPAA electronic signature on a document verifies the integrity of the document and associated attributes and verifies the identity of the signer.

Requirements to HIPAA Electronic Signatures

Electronic signature. If electronic signature is employed, the following three implementation features must be implemented: Message integrity, Non-repudiation, User authentication. Other implementation features of HIPAA electronic signature are optional. No specific technology is mandated by HIPAA, and it also appears to be technology neutral.

HIPAA Electronic Signatures Implementation

Ability to add attributes.
Continuity of signature capability.
Counter signatures.
Independent verifiability.
Interoperability.
Message integrity.
Multiple Signatures.
Non-repudiation.
Transportability.
User authentication.

Infopath Digital Signature

Briefly about digital signatures

You can enable digital signatures when designing a form so that users can add digital signature when filling it out. This digital signature proves that the form originated from the signer and has not been changed. Also the signature can include some comments from the author. After signing, the data in the form cannot be changed without cancellation digital signature.

When adding a digital signature, the user must use a digital certificate. Digital certificate is an attachment for a file, macro project, or e-mail message that assures authenticity, provides secure encryption, or supplies a verifiable signature. Digital certificates, which you can get through commercial certification authorities or from your internal security administrator, establish the authenticity of the signature.

About InfoPath digital signatures

In addition to enabling digital signatures so that users can sign your form, you can add a digital signature to your form template which authenticates you as the author of the form template in the same way that a digital signature on a form authenticates the user who filled out the form. Form template in InfoPath is a file or set of files that defines the data structure, appearance, and behavior of a form. For example, form templates that have been distributed to users in an e-mail message can be updated more effectively if they have been supplied with a digital signature.
When you put a digital signature in a form, InfoPath uses only those certificates that have a private key and a Digital Signature or Both value for the Key Usage attribute. Also the purpose of the certificate must be set as Client Authentication or Code Signing. If you are using a certificate to add digital signature to a form template, the certificate must be set as Code Signing. These limitations are applied because InfoPath uses XML Signatures to digitally sign forms.

• Because a digital certificate you create is not issued by a formal certification authority, forms signed using a certificate you created are referred to as self-signed forms. These certificates are considered unauthenticated and will generate a security warning if the form's security level is set to Domain. InfoPath trusts self-signed certificates only on computers that have access to the private key for that certificate. In most cases, this means that InfoPath trusts self-signed certificates only on the computer that created the certificate, unless the private key is shared with other computers.

• The information in this topic may not apply if you are working with a form designed using Microsoft Office InfoPath 2003 without the service pack installed.

Legal Digital Signatures

Digital signatures (unlike electronic signatures) are more often used as a method of showing affirmative purpose. The troubles with digital signatures do not ensue from agreement to terms, but rather from the security and confidentiality of the digital signatures. Virtually, digital signatures are encrypted electronic signatures that a third party (certification authorities) authenticates as original. Unlike the more general electronic signature, a digital signature must be unique and rigorously under the sole custody of the party using it. Unlike electronic signatures, where a typed name, a company name or even a logo can all bind the party to be charged by its mere presence, digital signatures offer the agreeing party greater levels of security and efficiency. The general types of signatures will not be enforceable as a digital signature. Because of the authentication requirements, digital signature should be recommended that clients rely on the use of digital signatures for any high-profile or high liability electronic contract.

Digital signature use will only increase in use in the future, as parties to all transactions will seek a heightened level of information security without the fear of accidentally agreeing to unfavorable terms. While there is an inherent fear of paperless transactions, especially with more traditional attorneys and companies, the use of digital signatures makes commerce faster, more secure and more effective and should be recommended to clients when appropriate. The use of digital signatures is even more effective when dealing in international trade, making it no longer necessary to fly overseas in order to demonstrate intent to sign a contract.

While understanding and diligent advising clients to the use of different forms of signatures for electronic commerce is significant, it is also very important to understand that we are still in the early years of a technological revolution, and that part of being an effective advocate is keeping up to date on advancements in the law. Electronic and digital signatures are only the beginning. Progress in technology will soon allow for the widespread use of biometric identification as a method of showing purpose of contract. Rules of contract law will continue to evolve with technology and while the application of contract principles and the Statute of Frauds will not substantially change, their interpretation and use surely will.

Read about Legal Electronic Signatures.

Legal Electronic Signatures

The Uniform Electronic Transactions Act (UETA) defines electronic signature as “an electronic sound, symbol, or process attached to or associated with, an electronic record and executed or adopted by a person with the intent to sign the record.” UETA, §2. Often referred to as ‘click-wrap’ agreements, these forms of electronic signatures are given a broad presumption of enforceability through acts such as UETA and the Electronic Signatures in Global and National Commerce Act (ESGNCA/ “E-Sign”). These acts make it clear that binding contracts may be created by the exchange of email or by simply clicking “yes” on those click-on licensing agreements that we have all accepted with all types of internet transactions. Like the UETA, the ESGNCA does require that consumers affirmatively consent to the click agreements and that the vendor must provide the consumer with a clear and conspicuous statement regarding the effect of agreeing to click, but parole evidence is rarely allowed in order to prove or disprove intent to contract. ESGNCA§101(c)1. By simply clicking “I agree” intent is presumed.

The widespread enforceability of electronic signatures is also recognized as completely valid for purposes of liability protection by the Digital Millennium Copyright Act. DMCA§512(3)(A)(i). As a relatively settled area of internet law, it is important to understand the enforceability of electronic signatures, whether or not intent is manifest from the face of the agreement itself. Since these click wrap agreements are presumptively enforceable, it is important to advise your clients regarding the potential pitfalls accepting terms of an online transaction without fully understanding what they are agreeing to. Simply accepting these terms may interfere with your client’s right to the judicial system for dispute resolution, as click-on arbitration clauses are also generally enforceable. Your clients will not be able to rely on the Statute of Frauds in order to demonstrate that there was no intent to contract. With electronic signatures, intent is an objective standard, generally determined by the simple click of a mouse.

Read about Legal Digital Signatures.

Legal Electronic and Digital Signatures

A copestone of United States contract law is the general application of the Statute of Frauds to contractual agreements. Emerging forms of electronic commerce and new types of contractual relationships have begun challenge the very idea of determining the four corners of a contract. Many difficulties regarding contractual relationships emerge with the rapid increase of electronic commerce, most notably determining what creates a valid signature. Traditionally, the Statute of Frauds is a collective term describing several statutory provisions that deny enforcement of certain forms of contracts unless they are reduced to writing and signed by the party to be charged. The question with this traditional idea of the Statute of Frauds is how it refers to electronic commerce in defining whether the party being charged with the contract has actually “signed” the contract for purposes of enforcement.

Different forms of legislation dealing with internet law have attempted to define and specify digital and electronic signatures for purposes of determining enforceability. Generally, there are two broad categories of signatures when dealing with electronic contracts.

1. Electronic Signatures (“E-Signatures”)
2. Digital Signatures