Was I alone ignorant of Echosign before that client dragged me into using it?
Recently, a client sent me a document for signing through Adobe’s Echosign service. At first I was surprised by this new eccentricity. However, a contract is a contract so I just signed it. I printed the signature – not out of suspicion of the technology but as material reminder to look into Echosign later on. It rested on my desk until Simon’s reminder about Lexum’s column which made me look around to retrieve the name of the signing system: Echosign. A proven leader in web contracting and eSignature solutions said the web site. Are we entering an era of easy to use digital signature? Could this be that simple? Before trying answering that I just want to move time back to the first years of electronic commerce.
In the nineties, I was teaching at the Faculty of Law at the University of Montreal a course on Internet technologies. At the time, the scene of ecommerce technologies was vibrant. In my course four weeks were dedicated to the presentation of emerging tools and approaches: Cybercash, FirstVirtual, CyberCoin, NetCheque, Digicash, Millicent and SET. FirstVirtual was a “virtual” bank and the consumers had to call them by phone in order to provide their credit card number to get a personal identifier that would be used to pay. Believe it or not, for some time, FirstVirtual was the leader in Internet payments. Cybercash was another darling of virtual payment. Cybercash required the installation of a digital wallet on the consumer’s computer and the seller was also to install some sort of software on its server. Payment information could then circulate between these proprietary software devices. Digicash was the most innovative system developed by a well-known cryptographer David Chaum to make possible anonymous payment – really anonymous – yet capable to prevent fraud and double spending – a pure marvel. Digicash never took off: the appetite among bankers and authorities for an unbreakable anonymous payment system was not as big as Chaum’s genius. The biggest hack of them all was very corporate: Secure Electronic Transaction (SET). SET was pushed by everyone who counted at the time: VISA, MASTERCARD, IBM, ORACLE and Netscape. It was a complete cryptographic solution capable to protect consumer privacy, prevent fraud, and at the same time to ensure payments.
At the end, a much more minimalist approach emerged as the F-150 of electronic payments. Netscape developed protocols to secure web communications, Secure Socket Layer (SSL) and Hypertext Transfer Protocol Secure (HTTPS). The e-businessmen of the time, Bezos at Amazon and others, turned their back on the super-hacks in favour of a very basic approach to ecommerce: payments with credit card over a SSL secured channel. This modest solution progressively led to the disappearance of the übersophisticated e-payment solutions.
Back to Echosign and digital signatures: could it be that again the mere action of typing one’s name at the end of a document on a web site while being protected by the simple SSL (nowadays renamed Transport Layer Security (TLS)) will put an end to the search for a useful and simple, yet secure way of signing? I am inclined to think so. For sure a lot of the success of the approach depends on how much you trust Adobe, the current owner of Echosign. If you accept to entrust their service with your contracts to be signed, then your co-signers and yourself will have a safe site where to mark your approval. I believe that we could have finally found a product usable and simple to move in the cyberspace the signing act without too much suffering.
Clearly, however, this may not qualify as a “secure electronic signature” as defined in PIPEDA and the relevant regulation: Secure Electronic Signature Regulations, SOR/2005-30. That later piece provides for a detailed description of the preparation of a digital signature in the context of using asymmetrical cryptography, digital signature certificate, certification authorities and what-not. I wonder if real life procedure for signing will not establish itself to serve real life business purposes and if consequently the framework based on personal authentication described in our laws will not remain limited to the narrower field of government uses.
It goes without saying that I have no interest in Adobe, the owner of the Echosign brand and software. I did not check competing products, such as Docusign or Rightsignature. A comparison of these offerings can be found on FindTheBest. I am interested in reading what your experience with these products is.
SEND. SIGN. DONE. – as they say.