LETTERS from CRICKET SONG

 

Missive the Third

Digital Signature?

Maybe.

 

Dateline:  Friday, July 28, 2000, at 2300 hours CDT.

Conway, Arkansas, USA

By D. Ebenezer Baldwin Bowles

CornDancer & Company

 

On Wednesday, the realization hit me.  The e-Sign Bill would become law in two months time.  I decided I wanted my very own digital signature.  I wanted it now.

 

I set out to get one.  To the process of getting it, I attached but one codicil:  Do it entirely online, computer-to-computer, mano-a-mano.  No telephone calls to a help desk, no E-mails to a support center, no active human intervention whatsoever.  It was a personal rider that seemed to honor the spirit of the legislation.

 

Between midnight and three on Friday, I got two.  I think.  (It took a while because I had to research the issue.)

 

I may not have obtained the kind of digital signature envisioned in the Electronic Signatures in Global and National Commerce Act, which President Clinton signed on June 30, 2000.  Probably not.  Although the legal standards are now established, the business standards need work.

 

The good part:  Both of my signatures were free. 

 

They don't last long.  My Class 1 Digital ID from VeriSign, Inc. is good for 90 days. The TrustID Personal Certificate from Digital Signature Trust Company expires after 60.  (A free ride does have its mileage limits.)  The signatures do work, however.  Kinda.  They're useful for verifying my identity on E-mail, and they could be helpful if I wanted to send you a top-secret message, but I don't think the bank would let me sell the house with either of 'em.

 

Degrees of Certainty for a Cyber Identity

Even the fifty dollar Platinum edition digital certificate from ARCANVS Licensed Certification Authority may not swing enough weight to close a mortgage -- and this baby includes biometric extras.  The sticking points are the imprecision of language and the lack of agreement about the degrees of certainty necessary to establish one's cyber identity. 

 

Disparate naming conventions (in the judge's chamber, words do mean something) and the lack of procedural codification inspire less than full confidence when one looks long and hard at the issue.

 

When (if ever) is a digital certificate a digital signature? 

 

What is the difference between a personal digital ID, a digital fingerprint, a Class 1 Digital ID, an electronic signature, and various other expressions of the concept?

 

How deep should the encryption code go?  

 

"Online contracts will now have the same legal force as equivalent paper contracts," President Clinton said on June 30.

 

A Tour of Definitions

How, then, do industry leaders in e-Sign technology define the encrypted signatures necessary to seal and deliver those online contracts?

 

From VeriSign, Inc. Internet Trust Services

"What is a digital signature?  A digital signature functions for electronic documents like a handwritten signature does for printed documents. The signature is an unforgeable piece of data that asserts that a named person wrote or otherwise agreed to the document to which the signature is attached.  A digital signature actually provides a greater degree of security than a handwritten signature.  The recipient of a digitally signed message can verify both that the message originated from the person whose signature is attached and that the message has not been altered either intentionally or accidentally since it was signed.  Furthermore, secure digital signatures cannot be repudiated; the signer of a document cannot later disown it by claiming the signature was forged.  In other words, digital signatures enable 'authentication' of digital messages, assuring the recipient of a digital message of both the identity of the sender and the integrity of the message."

 

From the USERTrust Network

"A digital signature is a unique electronic code that authenticates its signer and tamper proofs the digital message so it cannot be altered once signed.  How does a digital signature work?  A digital signature is a unique electronic code that encrypts a message so that it cannot be altered and so that, when it is decrypted, the signer of the message will be known with certainty."

 

From Digital Signature Trust Co.

"A digital signature is a type of electronic signature that businesses and consumers can use to execute legally binding agreements. It enables a signed online document to be sure that the message has come from a particular sender and that the message has not been altered in transit. Digital signatures cannot be 'forged' by someone else, and can be automatically time stamped. With digital signatures, users can now get car loans, home loans and sign legally binding contracts all online."

 

From ARCANVS, Inc. (Zubeldia and Romney, 1998)

"The remarkable, innovative concept of a digital signature was also presented in the work of both Diffie/Hellman and RSA. The digital signature associated with an electronic record or document was not the digitization of a handwritten signature but, rather, the creation of a digital record that 1) attests to the integrity of the document content and 2) confirms the identity of the individual who created the digital signature. One can virtually eliminate the risk of forgery by affixing a digital signature to an electronic document."

 

From Ilumin Corporation

"A digital signature is an electronic rather than a written signature that can be used by someone to authenticate the identity of the sender of a message or of the signer of a document. It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. Additional benefits to the use of a digital signature are that it is easily transportable, cannot be easily repudiated, cannot be imitated by someone else, and can be automatically time-stamped. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real."

 

Come into My Signing Room, Meet Your Digital Clerk

Obviously, we will need experts and advisers to make a go of it when we come, browser in hand, to the digital closing table.  I suspect the legal language will be codified quickly enough to meet demand.  I suspect the wise will tread cautiously in the early going. 

 

Those pacesetters with a grasp on the nuts and bolts of the process are the ones who stand poised to make a fast bundle.

Ilumin Corporation (ilumin.com) has a solid handle on the practical aspects of cyber contracts. Because Utah's Digital Signatures Act of 1995 was the first of its kind in the United States, the Orem-based Ilumin has the advantage of experience.  It shows.  If web sites are an accurate indicator, Ilumin is well ahead of the field. 

 

(In this realm, online technical prowess is an absolute requirement.  A web site's logical structure, organization of data, and overall substance are telling indicators of the company's ability to execute the instruments of commerce.)

 

The "Digital Handshake Server Suite" is Ilumin's reasoned, practical solution to the fundamental issue of online contractual transactions:  How do we come together in trust and take care of the business at hand?

 

At Ilumin, the buyer and seller enter the "Online Signing Room."  There a "Digital Clerk" stands ready to identify the participants, manage the flow of documents, affix the digital signatures, and secure the documents in an "e-Cabinet."  These steps are accomplished using internet browsers and E-mail.  The results stand-up in court.

 

(The e-Sign bill embraces the concept of an e-Cabinet, an electronic vault to replace safety deposit boxes and paper document warehouses, but delays its legal status until March, 2001.  NOTE:  "Online Signing Room" and "e-Cabinet" are trademarks of Ilumin Corporation.)

 

An 87-0 Shutout Portends a Deeper Federal Incursion

If companies like Ilumin already do it successfully, and if 48 of the 50 states already have variations of Utah's Digital Signatures Act, and if the private sector is sufficiently equipped to move several billion dollars of merchandise online like it did in 1999, then why was the Clinton Administration's e-Sign bill necessary?  Why did the Senate pass the bill 87-0, the House 426-4?

 

The federal spin revolves 'round the wonders of information technologies, the injection of fresh momentum into the ever expanding economy, and the ease and comfort e-Sign will afford consumers and business owners.  Surely it will save millions of dollars for somebody.  Besides, a standard was needed.  Who better than the federal government to set standards for electronic commerce?

 

For lawyers and computer technology professionals, e-Sign is another opportunity to mine for billable hours or amaze clients with one's technical prowess.  Insurance salesmen are also enthusiastic about the new opportunities.  Encryption and security firms are ecstatic.

 

At its core, e-Sign legislation provides a sly foot-in-the-door for deeper federal involvement in the management of data flowing o'er the Internet.  It is a pathway to control, an avenue of taxation, and another broad boulevard for corporate consolidation. 

 

On the internet, an Age not yet named is quickly drawing to its end.  The time of eclectic individualism and playful anarchy is done for.  The free-wheeling protocol, the audacious interconnect, the elegant simplicity of form is come to an end.  So be it.  I am authenticated, certified, digitally verified, encrypted, and online.  Another Age dawns.  Bring it on.

 

E=ebenezer@corndancer.com; CN=David Ebenezer Bowles; OU=Digital ID Class 1 - Microsoft; OU=Persona Not Validated; OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98"; OU=VeriSign Trust Network; O="VeriSign, Inc."

 

 

 

RECOMMENDED:  The USER TRUST Tutorial by Paul Toscano is a thorough, precisely written, non-technical guide to Digital Certificates and Internet Security.

 

 

 

WATCH FOR MISSIVE THE FOURTH in your mailbox just before sundown on Tuesday, August 1, 2000.  If you don't want any of my missives, let me know.  I'll remove you from the subscription list immediately upon demand.  On the other hand, if you want to add a friend or associate to the list, please forward their name and email address to ebenezer@corndancer.com

 

Visit the web site at www.corndancer.com

 

| ©2000 by David Ebenezer Baldwin Bowles | Send e-mail | 501.450.7989 |