If you have ever been asked to send sensitive data over the internet, you may have been asked to provide your “electronic signature”. I was recently, but I noted a statement in bold above the entry field:
Please note that an electronic signature is the equivalent of a hand-written signature.
I wholehearted disagree for various reasons, which I will discuss, but first, let’s think about what this statement implies.
First, this statement implies than an unknown individual with no connection whatsoever to the person to whom the data belongs can provide what is considered in the “mind” of this company a valid, legal signature. We would have nothing to fear if the judicial system did not also agree, but in indeed may! I haven’t heard of a dispute where this arose, but I have no doubt there are multiple cases.
There are a few reasons companies allow this kind of “signature” (which I contest is not a signature at all). One such reason is that it is convenient both for the company and the individual. This also makes it convenient for both imposters and those who seek to damage or skew the reputation of the prospective employee. The second reason supposedly counters the issues with the first reason – no one except “friends” should know both an email AND the person to whom it belongs, amongst other details. … NOT!
Once upon a time, there was such a serious problem with identity theft that there were advertisements on television warning people about the problem. Some areas of society were bolstered to counteract the issue, and those advertisements have disappeared. However, the problem still persists in other, more subtle forms.
For instance, unless I’m mistaken, it’s still legal for you to sign documents sent to you in the mail and have them be legal without being notarized. Hence, if a person steals your mail and signs you up for credit card opportunities, you could be in serious trouble. While I’m not aware of all the countermeasures out there, it’s a bit more difficult to do this (… in some cases), and you can prove in court that the document does not contain your signature.
And therein lies the issue with electronic signatures – so much is dependent on trusting the person behind the keyboard with an email address. There is no other way of verifying that they are legitimate except by reviewing the other questionable information they provided, except that, note, this validity of this information is unknown (hence, the company asks for it). If the information is incorrect, it can mean one of two things: 1) The form was filled out by the wrong person or 2) the person is dishonest. An employer or credit card company is only interested in the latter, thus increasing the chances that the former possibility will slip by unnoticed.
It may occur to you that there are very few reasons why I person would go to the trouble to filling out a form (noting that in many cases every field in the form must be filled in) just to ruin your reputation. While this isn’t the point of my article, it is something to address, but without bringing up a specific example, what I can say is this: be nice to your friends. I am not aware of all the possible reasons for filling in a form, but I am aware of the ease by which it is done.
That said, what is important here is the principle: electronic signatures are considered too reliable when all they are is text. Real signatures are distinct, unique, and require the ability to copy the style correctly. A scanned duplicate has a likelihood of being caught or leads a trace. If someone is given the signature – what is needed for copying – guess who is going to be a suspect.
Incidentally, however, I do note that maintaining identity will be very difficult in the future. Some people have proposed using DNA signatures, but those are as worthless in this high-tech age as fingerprint scanners – it can easily be duplicated without the source’s authorization or knowing! A similar problem has been occurring in Japan because of how it is stuck using a system of stamps that, while often elegant, are now easy to “forge”. While I’m not aware of their current countermeasures for the problem, I can with confidence that a hand signature is much more secure.
In conclusion, NO signature given online should be considered “legal” or “legitimate”. It is an insecure form of confirmation in a world where digital forgery is becoming every bit more prevalent. A signature is hand-written. Let’s keep it that way.