Sue the B@57&%!

July 5, 2011

I was browsing the internet recently and found that a couple of Esignature providers have ended up in the crosshairs of a company that provides guaranteed email delivery services.  Rpost recently announced that they are suing RightSignature and RightSignature customer Farmers Insurance as well as Docusign for violating Rpost patents related to guaranteed email delivery.

Rpost clearly spends a lot of money  protecting their IP as you can see from this page featuring all of the infringement suits in process.  If you look a little harder you can find even more, one of the companies that isn’t listed but was also sued in East Texas is Amazon.com.

These lawsuits also show the mythical status that East Texas courts have for patent lawuits.  RightSignature (Santa Barbara), Farmer’s Insurance (Los Angeles) and Rpost (Los Angeles) all have their principal place of business within a couple of hours of each other, so why have a trial in East Texas?

This tactic is so common that a local Tyler Texas directory site even has a post on it: East Texas and Patent Trolling.   Isn’t the US patent system grand?

Leave a Comment » | electronic document, electronic signature, esignature | Permalink
Posted by Mike Ambrose

Legal Esignatures for Elections

March 10, 2011

Electronic signatures have obvious applications to government.  One area that is evolving rapidly is the election system at the core of the US democratic government.  The internet has already had dramatic impact on the practice of politics, and electronic signatures combined with electronic documents and social networks seem destined to change politics and and policy in ways that we are only now beginning to comprehend.  Recent court cases are setting precedents for the role of electronic signatures in US elections, we will highlight a couple in this post.

Last summer Utah’s Supreme Court ruled that electronic signatures on a petition to nominate a gubernatorial candidate must be honored.  The court overruled the state’s election commission and required that signatures on an online nominating petition be accepted, see Anderson v. Bell.  As a result of this ruling Mr. Farley Anderson was listed on the ballot for Utah governor in 2010.  While Mr Anderson was not successful in his campaign to become the governor of Utah this ruling is likely to have significant impact on electronic signature gathering in elections in Utah and beyond.

Meanwhile a case in California is wending its way through the courts.  Michael Ni, a founder of Verafirma, submitted an electronically stored petition containing his electronic signature to the San Mateo County Elections Office.  Verafirma is an electronic signature technology company focused on use of electronic signatures in politics.  His submission was rejected by the elections office and the rejection was upheld by the Superior Court in San Mateo County.  This is now being appealed at the state Court of Appeals and will probably be heard soon.

Briefs have been filed on behalf of Mr. Ni by the Asian American Action Fund, Citizens in Charge, the Humane Society of the United States, the National Taxpayers Union, the Electronic Signature and Records Association, Antonio Gonzalez, and Joe Trippi.  Links to many of the filings and briefs can be found on Verafirma’s Twitter feed.

Verafirma believes that the use of electronic signatures can dramatically reduce the cost of qualifying ballot initiatives, encourage more citizen involvement and increase the quality of legislation submitted to voters.   This seems reasonable and  I think that the effects of reducing friction and increasing participation in our democratic process could be staggering.  What will a democracy of the late 21st century look like?

3 Comments | digital signature, electronic document, electronic signature, esignature | Tagged: , | Permalink
Posted by Mike Ambrose

How Green are Esignatures?

May 26, 2009

This just out in the Ankara Daily News:  E-signatures save forests!

“According to the Consumer Protection Law, the processes for warranty papers and after-sale service papers have been done via electronic media since Jan. 1, 2008.

In 2008, as a result, 2.6 million signatures were not scribbled on paper in 54,214 transactions, thus saving 1.9 million pages of A4 size paper, which weighs 9.4 tons. This amount saved the felling of 1,600 trees, which equals 8 square kilometers of forestland. It also prevents 3,382 tons of greenhouse gas from being released into the atmosphere.”

Interesting math as it seems to assume that the documents are never printed, maybe a good assumption for this category of document.

1 Comment | electronic document, electronic signature, esignature | Tagged: , , | Permalink
Posted by Mike Ambrose

Georgian version of ESIGN “most fair and effective law”

February 10, 2009

Who says that this is just about streamlining business.  Hot from the Georgia Times:

Justice

The Best and Worst Laws of 2008

The NGO Law for People named the most fair and unfair laws of 2008 last week.

Law for People says the most fair and effective law of 2008 was the one adopted on March 14, 2008 about Electronic Signing and Electronic Documents. This law enables people to use an electronic document which has the same power as the hard copy of the document. Both documents are valid if they are approved by electronic signature. This would cut red tape and make the citizen’s relations with various organizations easier. The amendments to the Law About Public Registry is also a positive improvement, the NGO says. The amendments allow for a faster payment service, grant the Public Register the authority to identify the owner of a property, clarify the rights and obligations of the owners of immovable assets etc.

Law for People has been conducting annual monitoring of new laws since 2004, saying it wants to encourage the creation of just laws.

Leave a Comment » | electronic document, electronic signature, esignature | Tagged: , | Permalink
Posted by Mike Ambrose

Tax Time and other eSignature Events

February 2, 2009

The IRS reports that last year nearly 90 million (around 58%) of US tax returns were submitted electronically, using the IRS approved PIN-based signatures.  These simple electronic signatures show the increasing comfort of the American public with use of electronic signatures on extremely important legal documents.

Also – Silanis had a recent webcast where Patrick Hatfield of Locke Lord Bissell and Liddell, LLP presented on recent case law around use of electronic signatures. You can download the presentation from Silanis or get a PDF summary from Locke Lord Bissell and Liddell. The gist of it is: Make sure that the intent is confirmed, i.e. make it very clear that the signer is aware of the affirmative action of the electronic “I agree.”  The courts will enforce the signature like any other, even in insurance recission cases!

An interesting point made by Patrick in the presentation: there are still no cases where the purported signer has denied that he signed the contract.  Does this mean that we are spending too many calories worrying about signer authentication?

1 Comment | digital signature, electronic document, esignature | Tagged: | Permalink
Posted by Mike Ambrose

MD5 Bites the Dust

January 6, 2009

The MD5 hash algorithm, invented by Ron Rivest, has historically been a key part of digital signatures. It has been considered weak for use in modern digital signature and cryptographic applications but has continued to see use in many systems. However, the long known weaknesses in MD5 are finally exploited in a demonstrable (and disastrous) way.

Many electronic signature solutions use the ubiquitous MD5 hash algorithm to insure the integrity of digital documents. While methods for creating “collisions” for data signed with the MD5 hash have been known for a while, it is highly unlikely that such a collision would actually be a readable document.  So the use of MD5 as an internal document checksum for document integrity is probably not a big problem.

The problem is that researchers created a collision that produces a bogus digital signature.  This is foundational for SSL on e-commerce sites, and may also be used in electronic  signatures that use SSL digital signature algorithms and certificates as part of an authenticating signature.  This can be a big problem for electronic signatures.

Fortunately Verisign and many other certificate authorities had already begun the transition to SHA-1 as the signing algorithm of choice.  Now everyone can make sure that they update their SSL certificates for their digital signing solutions to certificates that are signed with the more modern SHA-1 algorithm and the makers of electronic signing/verifying applications should not honor MD5-based digital signatures on certificates associated with newly signed documents.

1 Comment | digital signature, electronic document, esignature, XML digital signature, XML electronic signature | Tagged: , | Permalink
Posted by Mike Ambrose

New EU Action Plan on Esignatures

December 29, 2008

It is interesting that the EU, whose Esignature Directive  generated much of the impetus and direction for the ETSI TS 101 903 and the W3C XAdES standards, has now acknowledged that they have not been successful in standardizing electronic signatures for cross border use of member states. I suspect that the trusted credential infrastructure challenge referenced in my paper XML Electronic Signatures has created at least part of the problem.

The original European Directive mandated that they would have interoperable e-signatures and electronic identification for government by the end of 2009, but it doesn’t look to me like they will make it. It seems that they now have an “Action Plan on e-signatures and e-identification to facilitate the provision of cross-border public services in the Single Market”

Gosh – and I thought that they were so far ahead of us!

1 Comment | digital signature, electronic document, esignature, XML digital signature, XML electronic signature | Tagged: , , | Permalink
Posted by Mike Ambrose

Let’s Get Started..

December 18, 2008

One of the hardest things about using electronic signatures in enterprises seems to be getting started. Or, as it was once put to me, “How do I justify putting this in my top 10 projects that will actually get done this year?”

One way that I think works well is to just begin by using one of the easy, hosted services for a couple of the occasional needs that you may have.  I use Echosign, a pioneer in this area, for executing NDAs and the like in my personal business. I have  found that the people that I send them to are ok with this, it is faster, and gives me a signed electronic document so that I don’t have to keep as many faxed copies and originals on hand.  In fact the money saved on FedEx can probably pay for the service!

I would suggest that anyone considering electronic signatures can easily get started by using a hosted service provided by one of a few providers.  You can start with just something relatively simple like NDAs that probably run outside of your standard workflow system anyway.  And once you get started you will find that a number of signature suppliers already integrate with the top CRM or ECM systems.  If you use Salesforce.com, the current version of Echosign supports it. Of course you would have to upgrade from the free version that I use for my small business!  (0;

2 Comments | electronic document, esignature | Permalink
Posted by Mike Ambrose

A little on E-notarization

July 16, 2008

OK – I talked about this a long time ago and got busy and haven’t written anything. So I will try to at least say a little bit:

Notaries Public have a distinct place in society as being state licensed trusted witnesses. This has made the role of a notary public invaluable in many high value transactions such as real estate sales. The human notary’s function is to insure that the person is who they represent themselves to be and that they are executing the transaction of their own volition, i.e. they are not being coerced or in a state where they are unable to make decisions for themselves.

Many people have wanted to use PKI to replace this function, just as they want to use PKI for nearly all authentication functions. Unfortunately for PKI as a standalone solution to this problem the function of confirming that the person is not under duress or incapacitated is still best performed by a human agent.

Many states have enacted legislation to foster electronic signatures for electronic notarization. One notable effort has been put on hold, Virginia passed electronic notarization guidlines that were to take effect on July 1, but on June 24th got cold feet. They decided that much of the text, which was lifted verbatim from the Esign Act, was too ambiguous and offered too much opportunity for fraud. Maybe they believe that notarization must be more prescriptive in its implementation to help the poor county clerks that have to decide whether to accept signing methods!

One widely discussed electronic notarization method is Colorado’s. Colorado recommends the use of Document Authentication Numbers which is a very simple and clever method to electronically sign the document. The way that the Document Authentication Number works is that if a notary wants to obtain a license for electronic notarization they are assigned a unique notary identification number and are given a log that contains a sequence of random numbers. This sequence of numbers that is assigned to the notary is private to the notary and a copy is maintained by the Secretary of State for future validation purposes.

When a document is notarized the notary attaches his seal information, his identification number and one of the numbers from his log-book. He uses a different number for every document that he notarizes. This combination of notary number + random Document Authentication Number forms a unique signature for every electronic transaction.

Colorado also allows notaries to use other, non-specified electronic notarization methods by special approval:

3. Notification of intent to notarize electronically shall be on forms prescribed by the Secretary of State, and shall include a statement whether the applicant or notary will use only document authentication numbers as his or her electronic signature. If the applicant or notary indicates an intention to use a different electronic signature than document authentication numbers, then the notification of intent shall also be accompanied by an example of the electronic signature that will be used by the applicant or notary, and shall include the following information:

(a) A description of the technology that will be used for the notary’s electronic notarizations, specifically for the creation of the notary’s electronic signature;
(b) The name, address, telephone number, and web or e-mail address of the supplier or vendor of such technology; and
(c) Such other information as the Secretary of State finds necessary to confirm that the technology complies with the requirements of the Colorado Notaries Public Act, article 55 of title 12 of the Colorado Revised Statutes.

I don’t know what other technologies are being accepted in Colorado, this seems to pose the same county clerk dilemma as Virginia has. Perhaps there are other guidelines published by the Secretary of State, does anyone out there know the answer to this?

In any case I will join the list of bloggers and pundits that applauds Colorado for making the whole electronic signature issue something that is very easy for anyone to understand!

2 Comments | digital signature, electronic document, esignature | Tagged: , , , , | Permalink
Posted by Mike Ambrose

Administrivia

February 14, 2008

Since PDF is so important I added a PDF page, see Portable Document Format (PDF) signature, in the Esignature technology section. It has more information than the post on this topic.

In the process of writing this page I was struck by the way Adobe evolved from the company that wrote printer software… but I digress.

Hope to get up some stuff on eNotarization and authentication real soon now. Anything else you would like to see?

Leave a Comment » | digital signature, electronic document, esignature, PDF | Permalink
Posted by Mike Ambrose

« Previous Entries
Follow

Get every new post delivered to your Inbox.