Now for a little on IP

October 28, 2009

In the absence of any really interesting e-signature news  I decided to opine on an important intellectual property case that will be heard by the Supreme Court in November. The Supreme Court has agreed to hear arguments on “in  re Bilski” where the Federal Court of Appeals imposed a “machine or transformation test” (i.e. did you decribe a machine or a method for transforming something?) on business process patents and upheld the USPTO decision to reject a patent on a process for hedging commodities trades.

Not surprisingly the Free and Open Source community is filing briefs in support of the decision and patent attorneys and large patent holders such as IBM are filing briefs urging the court to overturn the Circuit Court’s decision and/or test.  For a some coverage of the range of opinions this article in The H is informative, even though it arises from an “Open Source” perspective.  And for a nicely written brief in support of the Circuit Court and the “machine or transformation” test Red Hat’s amicus brief is a fairly readable statement of many of the arguments in defense of open software.

Then there is a Microsoft et. al. brief which supports rejecting Bilski’s patent but also rejects the “machine or transformation” test and strongly supports the patentability of software, reaching way back for precedent:

To be patent-eligible, therefore, a claimed method must involve one or more disclosed physical things–that is, it must describe a series of steps that use physical means to produce a result or effect in the physical world.

Indeed, this standard (and not “machine-or-transformation”) has been the law for more than a century. See Tilghman, 102 U.S. at 727 (“Whoever discovers that a certain useful result will be produced, in any art [i.e., process], machine, manufacture, or composition of matter, by the use of certain means, is entitled to a patent for it”) (emphasis added). As explained in a Nineteenth Century treatise, the patentee must describe “a practical application to some useful purpose . . . and his specification must show the application of the principle to such a special purpose, by its incorporation with matter in such a way as to be in a condition to produce a practical result.” George Ticknor Curtis, A Treatise on the Law of Patents for Useful Inventions as Enacted and Administered in the United States of America § 242 (4th ed. 1873) (emphasis added).

I don’t know much about Mr. Curtis’ Treatise but it sounds pretty authoritative. In fact the filers of the brief even chose to add emphasis to the parts that one presumes make their software patentable!

The “machine or transformation” test is a major bone of contention for many of the “in support of neither party” briefs.  These are often filed by patent attorneys or companies such as Microsoft, IBM and Yahoo that own lots of patents and spend lots of money on patent attorneys.

So you may have concluded that eSignature is sympathetic to the arguments of the Software is Free group and you would be correct! My sympathies originate from the pragmatic perspective that it is almost impossible for a small software business to be certain that they aren’t violating somebody’s patent.  This is made even more odious by patent trolls and world domination quotes from the likes of Mr. Gates and Mr. Myhrvold. This can’t be good for encouraging innovation and rewarding invention.

I am strongly in favor of copyright protection for software.  I believe that copyright protection combined with compilation and obfuscation should be adquate protection for software.  Awesome algorithms should be worth something!

I once asked a very smart friend that had invented some speech algorithms and founded a speech recognition software company  if his company had many patents.  His reply was no, they published instead.  Not enough detail to give away their secrets but enough to “make sure nobody else can patent it.”  This struck me as a beautiful thing at the time.

Leave a Comment » | Uncategorized | Permalink
Posted by Mike Ambrose

State Government Electronic Signature Guidelines

June 3, 2009

Somebody pointed out to me that the state of Minnesota has guidelines/considerations for deploying electronic signatures, Electronic Records Management Guidelines – Electronic and Digital Signatures.  I may add this to my sidebar. Much of this is discussed on other pages or posts on this blog.

Utah, Washington, Oregon, North Carolina, California, Nebraska and Texas have all adopted electronic record and signature guidelines where they have chosen to license or register certificate authorities to do business with the state. In many cases they have updated laws that specifically required handwritten signatures as a response to their states ratification of UETA.

I am not sure how well they deal with the distribution aspect of issuing credentials, this has proven to be a challenge for the federal government as well when trying to deploy credentials for FDA and other governmental applications.  In fact, FDA regulation 21 CFR Part 11 on Electronic Signatures and Records, approved in 1997, is still not being enforced and when enforcement commences it is likely to be relatively lax.

As I have stated on other postings and papers this is still the crux of the problem.  This has led governments to adopt an ad-hoc array of electronic signature methodologies with some success but has thwarted ubiquitous adoption of electronic signatures government.  If people have any updates or success stories in this area I would love to hear them.

2 Comments | digital signature, electronic signature | Permalink
Posted by Mike Ambrose

How Green are Esignatures?

May 26, 2009

This just out in the Ankara Daily News:  E-signatures save forests!

“According to the Consumer Protection Law, the processes for warranty papers and after-sale service papers have been done via electronic media since Jan. 1, 2008.

In 2008, as a result, 2.6 million signatures were not scribbled on paper in 54,214 transactions, thus saving 1.9 million pages of A4 size paper, which weighs 9.4 tons. This amount saved the felling of 1,600 trees, which equals 8 square kilometers of forestland. It also prevents 3,382 tons of greenhouse gas from being released into the atmosphere.”

Interesting math as it seems to assume that the documents are never printed, maybe a good assumption for this category of document.

1 Comment | electronic document, electronic signature, esignature | Tagged: , , | Permalink
Posted by Mike Ambrose

Georgian version of ESIGN “most fair and effective law”

February 10, 2009

Who says that this is just about streamlining business.  Hot from the Georgia Times:

Justice

The Best and Worst Laws of 2008

The NGO Law for People named the most fair and unfair laws of 2008 last week.

Law for People says the most fair and effective law of 2008 was the one adopted on March 14, 2008 about Electronic Signing and Electronic Documents. This law enables people to use an electronic document which has the same power as the hard copy of the document. Both documents are valid if they are approved by electronic signature. This would cut red tape and make the citizen’s relations with various organizations easier. The amendments to the Law About Public Registry is also a positive improvement, the NGO says. The amendments allow for a faster payment service, grant the Public Register the authority to identify the owner of a property, clarify the rights and obligations of the owners of immovable assets etc.

Law for People has been conducting annual monitoring of new laws since 2004, saying it wants to encourage the creation of just laws.

Leave a Comment » | electronic document, electronic signature, esignature | Tagged: , | Permalink
Posted by Mike Ambrose

Tax Time and other eSignature Events

February 2, 2009

The IRS reports that last year nearly 90 million (around 58%) of US tax returns were submitted electronically, using the IRS approved PIN-based signatures.  These simple electronic signatures show the increasing comfort of the American public with use of electronic signatures on extremely important legal documents.

Also – Silanis had a recent webcast where Patrick Hatfield of Locke Lord Bissell and Liddell, LLP presented on recent case law around use of electronic signatures. You can download the presentation from Silanis or get a PDF summary from Locke Lord Bissell and Liddell. The gist of it is: Make sure that the intent is confirmed, i.e. make it very clear that the signer is aware of the affirmative action of the electronic “I agree.”  The courts will enforce the signature like any other, even in insurance recission cases!

An interesting point made by Patrick in the presentation: there are still no cases where the purported signer has denied that he signed the contract.  Does this mean that we are spending too many calories worrying about signer authentication?

1 Comment | digital signature, electronic document, esignature | Tagged: | Permalink
Posted by Mike Ambrose

Welcome President Obama – Reporting for Duty

January 23, 2009

This post may seem pretty much off topic, but its my blog!

This has been a momentous week indeed. Regardless of background or political affiliation, many agree that some of the excesses of our recent past have triggered a financial calamity that will affect us for some period of time.

Similarly, we have not seen enough progress on many of the more intractable global problems. Environmental issues, nuclear proliferation, tribalism/nationalism, starvation and war all continue to plague us and we are assaulted by these facts whenever we see the news. Surely there is a silver lining in this gathering gloom…

As of this week we have a new leader. I watched the inaugural events on television and was moved in ways that I can’t really put into words.  I also felt a call to action.

We, the American people, are being asked to contribute to the remaking of America. Our new president says that our nation was built by “the risk-takers, the doers, the makers of things — some celebrated but more often men and women obscure in their labor, who have carried us up the long, rugged path towards prosperity and freedom.”

I ask who is better equipped to rebuild America than the engineers and techies? That’s what we do, build things, right? To again quote President Obama: “We remain the most prosperous, powerful nation on Earth. Our workers are no less productive than when this crisis began. Our minds are no less inventive, our goods and services no less needed than they were last week or last month or last year. Our capacity remains undiminished.”

We know this, intuitively and instinctively. Our priorities may have been misguided, our efforts misdirected. Still, we have the same strength and energy that has always served this nation. The topic of this blog – electronic signatures and electronic workflow – is targeted at improving productivity. But surely we can do more.

Have we created any revolutionary productivity enhancers? What are the powerful collaborative tools, the ones that will change the office place as much as the word processors and spreadsheets of yesteryear?  I know that Web 2.0 tools like blogs, social networks and wikis have impacted us deeply – but surely there is more. Where is the talking, thinking computer?

Hopefully good will ultimately come from this burst bubble of faux liquidity. And part of the good that comes from it will be based on us creating the technology and tools that lead to meaningful improvements in productivity, efficiency and quality of life for ourselves and the rest of the world.  Let’s do it.

1 Comment | electronic document | Tagged: , | Permalink
Posted by Mike Ambrose

MD5 Bites the Dust

January 6, 2009

The MD5 hash algorithm, invented by Ron Rivest, has historically been a key part of digital signatures. It has been considered weak for use in modern digital signature and cryptographic applications but has continued to see use in many systems. However, the long known weaknesses in MD5 are finally exploited in a demonstrable (and disastrous) way.

Many electronic signature solutions use the ubiquitous MD5 hash algorithm to insure the integrity of digital documents. While methods for creating “collisions” for data signed with the MD5 hash have been known for a while, it is highly unlikely that such a collision would actually be a readable document.  So the use of MD5 as an internal document checksum for document integrity is probably not a big problem.

The problem is that researchers created a collision that produces a bogus digital signature.  This is foundational for SSL on e-commerce sites, and may also be used in electronic  signatures that use SSL digital signature algorithms and certificates as part of an authenticating signature.  This can be a big problem for electronic signatures.

Fortunately Verisign and many other certificate authorities had already begun the transition to SHA-1 as the signing algorithm of choice.  Now everyone can make sure that they update their SSL certificates for their digital signing solutions to certificates that are signed with the more modern SHA-1 algorithm and the makers of electronic signing/verifying applications should not honor MD5-based digital signatures on certificates associated with newly signed documents.

1 Comment | XML digital signature, XML electronic signature, digital signature, electronic document, esignature | Tagged: , | Permalink
Posted by Mike Ambrose

New EU Action Plan on Esignatures

December 29, 2008

It is interesting that the EU, whose Esignature Directive  generated much of the impetus and direction for the ETSI TS 101 903 and the W3C XAdES standards, has now acknowledged that they have not been successful in standardizing electronic signatures for cross border use of member states. I suspect that the trusted credential infrastructure challenge referenced in my paper XML Electronic Signatures has created at least part of the problem.

The original European Directive mandated that they would have interoperable e-signatures and electronic identification for government by the end of 2009, but it doesn’t look to me like they will make it. It seems that they now have an “Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market”

Gosh – and I thought that they were so far ahead of us!

1 Comment | XML digital signature, XML electronic signature, digital signature, electronic document, esignature | Tagged: , , | Permalink
Posted by Mike Ambrose

Let’s Get Started..

December 18, 2008

One of the hardest things about using electronic signatures in enterprises seems to be getting started. Or, as it was once put to me, “How do I justify putting this in my top 10 projects that will actually get done this year?”

One way that I think works well is to just begin by using one of the easy, hosted services for a couple of the occasional needs that you may have.  I use Echosign, a pioneer in this area, for executing NDAs and the like in my personal business. I have  found that the people that I send them to are ok with this, it is faster, and gives me a signed electronic document so that I don’t have to keep as many faxed copies and originals on hand.  In fact the money saved on FedEx can probably pay for the service!

I would suggest that anyone considering electronic signatures can easily get started by using a hosted service provided by one of a few providers.  You can start with just something relatively simple like NDAs that probably run outside of your standard workflow system anyway.  And once you get started you will find that a number of signature suppliers already integrate with the top CRM or ECM systems.  If you use Salesforce.com, the current version of Echosign supports it. Of course you would have to upgrade from the free version that I use for my small business!  (0;

2 Comments | electronic document, esignature | Permalink
Posted by Mike Ambrose

A little on E-notarization

July 16, 2008

OK – I talked about this a long time ago and got busy and haven’t written anything. So I will try to at least say a little bit:

Notaries Public have a distinct place in society as being state licensed trusted witnesses. This has made the role of a notary public invaluable in many high value transactions such as real estate sales. The human notary’s function is to insure that the person is who they represent themselves to be and that they are executing the transaction of their own volition, i.e. they are not being coerced or in a state where they are unable to make decisions for themselves.

Many people have wanted to use PKI to replace this function, just as they want to use PKI for nearly all authentication functions. Unfortunately for PKI as a standalone solution to this problem the function of confirming that the person is not under duress or incapacitated is still best performed by a human agent.

Many states have enacted legislation to foster electronic signatures for electronic notarization. One notable effort has been put on hold, Virginia passed electronic notarization guidlines that were to take effect on July 1, but on June 24th got cold feet. They decided that much of the text, which was lifted verbatim from the Esign Act, was too ambiguous and offered too much opportunity for fraud. Maybe they believe that notarization must be more prescriptive in its implementation to help the poor county clerks that have to decide whether to accept signing methods!

One widely discussed electronic notarization method is Colorado’s. Colorado recommends the use of Document Authentication Numbers which is a very simple and clever method to electronically sign the document. The way that the Document Authentication Number works is that if a notary wants to obtain a license for electronic notarization they are assigned a unique notary identification number and are given a log that contains a sequence of random numbers. This sequence of numbers that is assigned to the notary is private to the notary and a copy is maintained by the Secretary of State for future validation purposes.

When a document is notarized the notary attaches his seal information, his identification number and one of the numbers from his log-book. He uses a different number for every document that he notarizes. This combination of notary number + random Document Authentication Number forms a unique signature for every electronic transaction.

Colorado also allows notaries to use other, non-specified electronic notarization methods by special approval:

3. Notification of intent to notarize electronically shall be on forms prescribed by the Secretary of State, and shall include a statement whether the applicant or notary will use only document authentication numbers as his or her electronic signature. If the applicant or notary indicates an intention to use a different electronic signature than document authentication numbers, then the notification of intent shall also be accompanied by an example of the electronic signature that will be used by the applicant or notary, and shall include the following information:

(a) A description of the technology that will be used for the notary’s electronic notarizations, specifically for the creation of the notary’s electronic signature;
(b) The name, address, telephone number, and web or e-mail address of the supplier or vendor of such technology; and
(c) Such other information as the Secretary of State finds necessary to confirm that the technology complies with the requirements of the Colorado Notaries Public Act, article 55 of title 12 of the Colorado Revised Statutes.

I don’t know what other technologies are being accepted in Colorado, this seems to pose the same county clerk dilemma as Virginia has. Perhaps there are other guidelines published by the Secretary of State, does anyone out there know the answer to this?

In any case I will join the list of bloggers and pundits that applauds Colorado for making the whole electronic signature issue something that is very easy for anyone to understand!

2 Comments | digital signature, electronic document, esignature | Tagged: , , , , | Permalink
Posted by Mike Ambrose

« Previous Entries