LETTERS from CRICKET SONG
Missive the Third
Digital Signature?
Maybe.
Dateline: Friday, July 28, 2000, at 2300 hours CDT.
Conway, Arkansas, USA
By D. Ebenezer Baldwin Bowles
On Wednesday, the realization hit me. The e-Sign Bill would become law in two months time. I decided I wanted my very own digital signature. I wanted it now.
I set out to get one. To the process of getting it, I attached but one codicil: Do it entirely online, computer-to-computer, mano-a-mano. No telephone calls to a help desk, no E-mails to a support center, no active human intervention whatsoever. It was a personal rider that seemed to honor the spirit of the legislation.
Between midnight and three on Friday, I got two. I think. (It took a while because I had to research the issue.)
I may not have obtained the kind of digital signature envisioned in the Electronic Signatures in Global and National Commerce Act, which President Clinton signed on June 30, 2000. Probably not. Although the legal standards are now established, the business standards need work.
The good part: Both of my signatures were free.
They don't last long. My Class 1 Digital ID from VeriSign, Inc. is good for 90 days. The TrustID Personal Certificate from Digital Signature Trust Company expires after 60. (A free ride does have its mileage limits.) The signatures do work, however. Kinda. They're useful for verifying my identity on E-mail, and they could be helpful if I wanted to send you a top-secret message, but I don't think the bank would let me sell the house with either of 'em.
Degrees of Certainty for a Cyber Identity
Even the fifty dollar Platinum edition digital certificate from ARCANVS Licensed Certification Authority may not swing enough weight to close a mortgage -- and this baby includes biometric extras. The sticking points are the imprecision of language and the lack of agreement about the degrees of certainty necessary to establish one's cyber identity.
Disparate naming conventions (in the judge's chamber, words do mean something) and the lack of procedural codification inspire less than full confidence when one looks long and hard at the issue.
When (if ever) is a digital certificate a digital signature?
What is the difference between a personal digital ID, a digital fingerprint, a Class 1 Digital ID, an electronic signature, and various other expressions of the concept?
How deep should the encryption code go?
"Online contracts will now have the same legal force as equivalent paper contracts," President Clinton said on June 30.
A Tour of Definitions
How, then, do industry leaders in e-Sign technology define the encrypted signatures necessary to seal and deliver those online contracts?
From VeriSign, Inc. Internet Trust Services
"What is a digital signature? A digital signature functions for electronic documents like a handwritten signature does for printed documents. The signature is an unforgeable piece of data that asserts that a named person wrote or otherwise agreed to the document to which the signature is attached. A digital signature actually provides a greater degree of security than a handwritten signature. The recipient of a digitally signed message can verify both that the message originated from the person whose signature is attached and that the message has not been altered either intentionally or accidentally since it was signed. Furthermore, secure digital signatures cannot be repudiated; the signer of a document cannot later disown it by claiming the signature was forged. In other words, digital signatures enable 'authentication' of digital messages, assuring the recipient of a digital message of both the identity of the sender and the integrity of the message."
"A digital signature is a unique electronic code that authenticates its signer and tamper proofs the digital message so it cannot be altered once signed. How does a digital signature work? A digital signature is a unique electronic code that encrypts a message so that it cannot be altered and so that, when it is decrypted, the signer of the message will be known with certainty."
From Digital
Signature Trust Co.
"A digital signature is a type of electronic signature that businesses and consumers can use to execute legally binding agreements. It enables a signed online document to be sure that the message has come from a particular sender and that the message has not been altered in transit. Digital signatures cannot be 'forged' by someone else, and can be automatically time stamped. With digital signatures, users can now get car loans, home loans and sign legally binding contracts all online."
From ARCANVS, Inc. (Zubeldia
and Romney, 1998)
"The remarkable, innovative concept of a digital signature was also presented in the work of both Diffie/Hellman and RSA. The digital signature associated with an electronic record or document was not the digitization of a handwritten signature but, rather, the creation of a digital record that 1) attests to the integrity of the document content and 2) confirms the identity of the individual who created the digital signature. One can virtually eliminate the risk of forgery by affixing a digital signature to an electronic document."
From Ilumin
Corporation
"A
digital signature is an electronic rather than a written signature that can be
used by someone to authenticate the identity of the sender of a message or of
the signer of a document. It can also be used to ensure that the original
content of the message or document that has been conveyed is unchanged.
Additional benefits to the use of a digital signature are that it is easily
transportable, cannot be easily repudiated, cannot be imitated by someone else,
and can be automatically time-stamped. A digital signature can be used with any
kind of message, whether it is encrypted or not, simply so that the receiver can
be sure of the sender's identity and that the message arrived intact. A digital
certificate contains the digital signature of the certificate-issuing authority
so that anyone can verify that the certificate is real."
Come into My Signing Room, Meet Your Digital Clerk
Obviously,
we will need experts and advisers to make a go of it when we come, browser in
hand, to the digital closing table. I
suspect the legal language will be codified quickly enough to meet demand. I suspect the wise will tread cautiously in
the early going.
Those
pacesetters with a grasp on the nuts and bolts of the process are the ones who
stand poised to make a fast bundle.
Ilumin
Corporation (ilumin.com) has a solid handle on the practical aspects of cyber contracts.
Because Utah's Digital Signatures Act of 1995 was the first of its kind in the
United States, the Orem-based Ilumin has the advantage of experience. It shows.
If web sites are an accurate indicator, Ilumin is well ahead of the
field.
(In
this realm, online technical prowess is an absolute requirement. A web site's logical structure, organization
of data, and overall substance are telling indicators of the company's ability
to execute the instruments of commerce.)
The
"Digital Handshake Server Suite" is Ilumin's reasoned, practical
solution to the fundamental issue of online contractual transactions: How do we come together in trust and take
care of the business at hand?
At
Ilumin, the buyer and seller enter the "Online Signing Room." There a "Digital Clerk" stands
ready to identify the participants, manage the flow of documents, affix the
digital signatures, and secure the documents in an "e-Cabinet." These steps are accomplished using internet
browsers and E-mail. The results
stand-up in court.
(The
e-Sign bill embraces the concept of an e-Cabinet, an electronic vault to
replace safety deposit boxes and paper document warehouses, but delays its
legal status until March, 2001. NOTE: "Online Signing Room" and
"e-Cabinet" are trademarks of Ilumin Corporation.)
An 87-0 Shutout Portends a Deeper Federal Incursion
If
companies like Ilumin already do it successfully, and if 48 of the 50 states
already have variations of Utah's Digital Signatures Act, and if the private
sector is sufficiently equipped to move several billion dollars of merchandise
online like it did in 1999, then why was the Clinton Administration's e-Sign
bill necessary? Why did the Senate pass
the bill 87-0, the House 426-4?
The
federal spin revolves 'round the wonders of information technologies, the
injection of fresh momentum into the ever expanding economy, and the ease and
comfort e-Sign will afford consumers and business owners. Surely it will save millions of dollars for
somebody. Besides, a standard was
needed. Who better than the federal
government to set standards for electronic commerce?
For
lawyers and computer technology professionals, e-Sign is another opportunity to
mine for billable hours or amaze clients with one's technical prowess. Insurance salesmen are also enthusiastic
about the new opportunities. Encryption
and security firms are ecstatic.
At
its core, e-Sign legislation provides a sly foot-in-the-door for deeper federal
involvement in the management of data flowing o'er the Internet. It is a pathway to control, an avenue of
taxation, and another broad boulevard for corporate consolidation.
On
the internet, an Age not yet named is quickly drawing to its end. The time of eclectic individualism and
playful anarchy is done for. The
free-wheeling protocol, the audacious interconnect, the elegant simplicity of
form is come to an end. So be it. I am authenticated, certified, digitally
verified, encrypted, and online.
Another Age dawns. Bring it on.
E=ebenezer@corndancer.com;
CN=David Ebenezer Bowles; OU=Digital ID Class 1 - Microsoft; OU=Persona Not
Validated; OU="www.verisign.com/repository/RPA Incorp. by
Ref.,LIAB.LTD(c)98"; OU=VeriSign Trust Network; O="VeriSign,
Inc."
RECOMMENDED: The USER TRUST Tutorial by Paul Toscano is a thorough, precisely written, non-technical guide to Digital Certificates and Internet Security.
WATCH FOR
MISSIVE THE FOURTH in your mailbox
just before sundown on Tuesday, August 1, 2000. If you don't want any of my missives, let me know. I'll remove you from the subscription list
immediately upon demand. On the other
hand, if you want to add a friend or associate to the list, please forward
their name and email address to ebenezer@corndancer.com
Visit the web
site at www.corndancer.com
| ©2000 by David Ebenezer Baldwin Bowles | Send
e-mail | 501.450.7989 |