E-signing

Whilst the first traces of signatures date back to 3,000 BC, when Egyptian scribes would sign their work, the signing of the Magna Carta in 1215 illustrates perfectly some aspects of e-Signing. In 1215 English barons forced King John to agree to a charter of rights, documented in the Magna Carta, the first version of a constitution of liberties in the western world.

However, King John did not actually “sign” the Magna Carta as we commonly understand it today. In line with XIIIth century customs, he placed his royal wax seal, identifying him as the King of England, at the bottom of the Magna Carta. The Oxford English Dictionary definition of "to sign" is "to put a seal upon (a letter or document) as a means of identification or authentication; to stamp with a seal or signet; to cover with a seal." This definition gives us an idea of some key elements of signing.

Why did King John “sign” the Magna Carta?

The use of a seal or signature demonstrated the binding nature of the contract. The Magna Carta guaranteed certain rights. After years of wars and arguments over royal power, it was inconceivable for England’s barons simply to take the King’s word on such an important agreement. They required a signed document which they could rely on; it was too risky to accept a mere verbal agreement. This fundamental risk tolerance concept is the same which, centuries later, drove the enforcement of “written form” requirements in legislation across the world, strengthening the credibility of agreements and laying the foundations of the rule of law. There were also ceremonial reasons behind the King’s signing of the contract. There were too many important witnesses to the signing for Magna Carta to be denied or forgotten. While the ceremonial aspect of signing may not apply to most of us, the “written form” requirement and risk tolerance concept do. We will elaborate further when we discuss the types of e-Signatures and the legal frameworks in another dedicated blog.

How can we be sure that the King signed it?

The use of the King’s unique seal provided proof that it was really the King who had signed the document. The seal was recognised by everyone in the Kingdom and though it could be forged, the consequences for so doing would have been severe. Another prominent example of the use of a seal is the “fisherman’s ring”, used by the Pope as Head of the Catholic Church. When a Pope dies, his seal is also destroyed in front of the high clergy, effectively revoking his “mandate” to sign. This example shows how the lifecycle of a digital identity is linked to that of the authority to sign.

The same applies in the world of e-Signing. We often encounter a so-called certificate authority (in our example, the high clergy) which issues/revokes a person’s digital identity (the ring), and whenever this person signs (seals), a certificate proves that the identity (the ring) has been used to sign (seal). In an upcoming blog, we will explore the mechanics behind the certification provided by a certificate authority.

What happened to the Magna Carta?

A document of the importance of the Magna Carta had to be kept safe. Indeed the Magna Carta has been so well looked after that the best preserved of the four original copies can still be viewed today in Salisbury Cathedral in the UK. The intention of displaying the Magna Carta in a public place is that people can continue to see and inspect the signed document and conclude for themselves that it is authentic. In our digital world we can sign documents to ensure their integrity and, when necessary, confidentiality. We thereby protect them from tampering while still allowing access to the document to check the signatures.

The first primitive digital signature was created in 1977 by Ronald Rivest, Adi Shamir, and Len Adleman, American computer scientists, who invented an encryption algorithm named RSA, after their surnames. It was not, however, until 1988 with the advent of Lotus Notes 1.0 that the use of digital signatures became more widespread, and not until 1999 that PDF documents could embed a digital signature. A major milestone was reached in 2000 when the ESIGN act in the United States made an e-Signature legally binding.

Today, despite its several advantages over traditional physical signatures -- such as avoidance of forged signatures or the loss of documents), the use of e-Signatures is not as widespread as one might expect. We see significant differences in the level of adoption across countries and regions and in the validation levels being used to sign. Three countries or regions illustrate these differences.

Bill Clinton said in 2000 after e-Signing was introduced that, “If this had existed 224 years ago, the Founding Fathers wouldn’t have had to come all the way to Philadelphia for the Declaration of Independence” .

Today the U.S. stands out as an example of a country with permissive laws on e-Signing, driving relatively strong adoption compared to other countries. Its laws recognise the enforceability of e-Signature without specifying any technical requirements. While this typically allows for more simple solutions to be rolled-out quickly, it comes at the cost of a lower degree of assurance, with a digital identity verification often a pain point. In many of the cases we encounter, e-Signing was perceived as a cost optimiser.

Ninety-eight per cent of Estonians have a state-issued digital identity which provides an e-Signature solution. By definition, such signatures have a high assurance level given that they rely on a strong digital identity. A similar trend can be observed in the Nordics where digital identity adoption is very high, driven by financial services providers. Despite different implementation approaches, all four Nordics have achieved similar rates of penetration. “Norway’s BankID has 74% penetration, Sweden’s BankID 78% penetration, Denmark’s NemID 85% penetration, and Finland’s TUPAS 87% penetration” . Similarly to Estonia, these digital identity providers also offer an e-Signature solution.

While the European Union (EU) provides certain standards, implementation and adoption varies greatly across countries within the EU and European Economic Area (EEA) region. The absence of a strong digital identity in most countries has led to a fragmented landscape. Furthermore, obtaining a strong digital identity often requires in-person verification of the signatory’s identify. The cost to set up a solution for companies and individuals is a barrier to rapid adoption.

Contributors