A great editorial popped up on Federal Computer Week a few days ago speaking about the importance of establishing identity in our complex online world. The editorial highlights the dichotomy between our technical ability to achieve a national solution to online identity and the massive political obstacles preventing us from pursuing it.
Identity is really at the heart of all of our conversations about signatures. Our identity at home and in the office is defined by our conversations, our personality, and our interactions. Our identity online is defined by social media tools like Facebook, LinkedIn, and Twitter. Our government identity is represented by driver's licenses, passports, and the like. Yet when it comes to contracts, agreements, and our identity in a legal capacity, we're really talking abolut our handwritten, wet ink signature. The challenge? Signatures are also tied up with intent and agreement, and link the signer directly (via pen & ink) to the document to be signed.
Moving to electronic signatures therefore presents an interesting challenge to our legacy conceptions of identity on documents. Online signature services need to consider not only how to identify the signer, but also capture intent, link the signer to the content to be signed, and finally how to make sure that the documents and signatures haven't changed after the signatures are applied.
The editorial posits that a national identity card utilizing digital certificates (digital identity credentials) could be one way to solve this problem, with digital signatures being enabled from the cards themselves. True digital signatures do provide all of the necessary capabilities that would be required, but while this approach has worked abroad, tying them to personal identity cards hasn't worked in the United States, apart from within the government itself or within specific industries or enterprises.
Until we have that identity card in place, or some manner of identity credential that could be shared across multiple online services (and various proposals have been made on this), electronic signature services like SIGNiX use a combination of (1) standards-based digital signatures to secure integrity, (2) user actions and detailed audit logs to secure intent and consent, and (3) strong authentication features to identify the signers in a transaction.
Balancing risk with user ease-of-use is critical, and we allow customers to set varying levels of authentication for each signer, from basic email verification at the low end, to sending a one-time code to a signer via SMS/text message on their mobile phone, to asking signers a variety of questions from various public databases to firmly establish their identity (a process known as 'knowledge-based authentication' or KBA) at the high end.
The debate about national identity will rage on...but that doesn't mean organizations can't take advantage of the inherent technology to close business faster, save money and dramatically improve on employee productivity.
If you'd like to find out more about the SIGNiX digital signature service can make this happen for your organization, schedule a demonstration with one of our representatives be clicking the button below.