If you draw a smiley face instead of your signing your name to seal a contract, is it a legally valid signature? It probably is, provided it's a properly authenticated digital signature, based on what DocuSign founder Tom Gonser told me a last week:
"Today, it doesn't matter what your signature looks like.
"You need to attach something to that document to indicate that you agree. It needs a visual signature to indicate that you agree, that's linked to your identity.
"That visual indicator can be anything, it doesn't matter what it looks like."
Gonser's point was that his company's platform takes care of the authentication when you use DocuSign to digitally sign a document. It records the IP address and physical identifier of the device, the timestamp for when you signed and the geolocation if available, along with the email address you used to return the signed document.
"What's important in a digital document is that that signature is linked to something that is me ...
"It has to be connected to me — and in such a way that if someone tampered with that document later, [the change] is not valid."
The image is not the act
The corollary of this is that, when someone pastes a scanned image of their signature into a PDF without using a proper digital signature service, then even though it may look more respectable, that signature is not legally valid — and sooner or later that's going to become painfully evident, he warned:
"Someone is going to court with one of those signatures and they're going to lose."
The problem is that people have confused the signature itself with what it represents. It's the act of signing that matters. A document that has an image of your signature pasted into it has the right look, but it hasn't captured the act. Says Gonser:
"It can't be as good as the paper it's not written on."
A copy-and-paste signature has no legal value, because anyone could have pasted it in. Therefore it won't stand up in court — you can't rely on a contract with such a signature, and neither can a fraudster who used it without your knowledge, explains Gonser:
"You have look at, what am I really doing here? If you go on YouTube, there are lots of videos about how you can take your signature and paste it into a PDF ...
"If you were to go to court, the court wouldn't accept either one of those as evidence."
This is of real concern for enterprises in a world where emailing signed documents is becoming more and more commonplace. If there's no digital framework in place, signatories should print out the document, sign it and then scan the validly signed document (in its entirety, that is) and email it back. The whole process is inconvenient, time-consuming and requires access to a printer and scanner.
When people are in a rush, out on the road, or simply see signing as a meaningless formality, it's no surprise that they fall back on pasting in a copied signature. We've all done it.
It's interesting, isn't it, that none of us get caught out? Shouldn't a bank or other large corporation have some kind of system in place that compares signatures and sounds an alert if they come up perfectly identical on separate documents? It's a compliance loophole that exposes them to extra risk. Gonser concludes:
"You need to ask for more than an image when you ask for a signature online."
No wonder that DocuSign is signing up banks every month. One confided to Gonser that they estimated they had been losing nearly a million dollars to signature fraud every year. He said:
"It's astonishing that we still do business with faxes and signatures the old way ...
"We're providing more of a platform that lets business save time and reduce risk."
DocuSign emphasizes that it targets enterprises with an offering that not only provides reliable digital signatures but also links into the workflow of document capture, approval and archiving within the organization:
"Getting a secure electronic signature is one step. There's a process that hasn't been automated because it requires a signature. We allow them to automate that workflow."
Providing support for global e-signature standards is another enterprise-friendly attribute. Gonser explained that there are three main frameworks in use globally. In the English-speaking world, including countries such as the US, UK and Australia, the law typically recognizes electronic signatures as having equal weight as traditional handwritten signatures. Countries elsewhere follow a similar framework enshrined in the UN's model law on electronic commerce.
In Europe, there's an EU directive that not only recognizes the validity of electronic signatures but also defines the process of creating and certifying them. As with all EU directives, each country can choose how to enact the law, which has led to some variations in implementation. Says Gonser:
"It is starting to come together. We actually are educating companies about what [the directive] actually says."
After Adobe's acquisition of EchoSign, which is now embedded within its Acrobat PDF technology, DocuSign has become the largest independent electronic signature platform. It is currently raising a $100 million funding round at a rumored valuation of $1.5 billion, and plans an IPO at some point, though there is no word yet as to when that will be.
DocuSign's task in the meantime is to continue spreading the word and encourage adoption of its services. One advantage for any signature service is that it's an inherently viral activity, since by definition contracts are part of the fabric that connects businesses to each other and to the individuals they interact with. Every time a DocuSign user signs a contract with a new counterparty, that's another individual or business introduced to the service.
One weapon for spreading the word is a free-of-charge iPhone app that allows the user to make a digital signature on their phone using DocuSign. The document can be anything from a photograph to an email attachment or a downloaded PDF. The app allows the recipient to sign it and send it back. The rationale is simple, said Gonser:
"If you're just signing we want people to have a secure digital signature.
"If you're a business who's sending out documents the wrong way, we want them to use DocuSign."
Of course the latest iPhone 5 includes biometric authentication, which becomes part of the aggregated authentication that validates the signature.
DocuSign is also able to track its users' behavior over time, building up what Gonser called "a trust graph" based on the number of times an identity has participated in a successful digital signature transaction:
"It creates a profile that, the more your identity gets used, the more it's trusted."
Scribble away ....
So the next time you sign a document using your finger to scrawl an ugly signature on a contract, don't be ashamed. It doesn't have to look like your signature: what's crucial is the action of placing a sign of your assent. You might just as well draw a smiley face — though that may appear less businesslike than you'd be comfortable with.
As a hangover from the era of physical documents, any kind of hand-drawn signature is unnecessary. So long as your identity is verifiable, then any gesture of assent should be enough. But that may be a leap too far for the present day, said Gonser:
"We may evolve to a point where it's just an identity. That may be fify years away. People are people ...
"Human beings like to scrawl something that they recognize as theirs ... I'm not going to tell culture that they have to stop scribbling on the page. Scribble away and I'll attach your identity to it.
"It's still new. We are changing the way people have been doing things for 4000 years. We have a long way to go."
Image credit: Pen and at-sign © manipulateur - Fotolia.com; Tom Gonser headshot courtesy of DocuSign