During the course of our lives, we sign our name many thousands of times - on checks, applications for loans, marriage licenses - the list is endless. People in positions of authority can certify the existence of a person with a signature on a birth certificate, or end a life with a signature on a death warrant. Signatures have been applied in much the same way since ancient times - by scribing one’s own name. Within the past few years, cryptography has made a new way to affix signatures practical. The legal and business communities are rushing to adopt these new cryptographic signature techniques to replace handwritten signatures - but how analogous are handwritten and digital signatures? This paper will explore the similarities and differences between traditional and cryptographic signatures from a technical, legal and practical perspective. Finally, the paper will suggest that although digital signatures will likely revolutionize electronic commerce, handwritten signatures will almost certainly continue to be used for some purposes into the foreseeable future.
It is probably not surprising that the inventors of writing, the Sumerians, were also the inventors of an authentication mechanism. The Sumerians used intricate seals, applied into their clay cuneiform tablets using rollers, to authenticate their writings. Seals continued to be used as the primary authentication mechanism until recent times. [1]
Use of signatures is recorded in the Talmud (fourth century), complete with security procedures to prevent the alteration of documents after they are signed. The Talmud even describes use of a form of "signature card" by witnesses to deeds. [2] The practice of authenticating documents by affixing handwritten signatures began to be used within the Roman Empire in the year AD 439, during the rule of Valentinian III. The subscripto - a short handwritten sentence at the end of a document stating that the signer "subscribed" to the document - was first used for authenticating wills. The practice of affixing signatures to documents spread rapidly from this initial usage, and the form of signatures (a hand-written representation of one’s own name) remained essentially unchanged for over 1,400 years. It is from this Roman usage of signatures that the practice obtained its significance in Western legal tradition. [3]
In 1677, England passed "An Act for Prevention of Frauds and Perjuries," which required that "some note or memorandum in writing" that is "signed by the parties" exist for certain types of transactions. [4] This "Statute of Frauds" had a profound influence on U.S. commercial law, and is the antecedent of the Uniform Commercial Code (UCC), which is the basis for most U.S. state and Federal laws governing "transactions in goods."
Samuel Morse’s telegraph, first used in 1844, introduced the problem of authenticating electrically transmitted messages. In the legal dispute Trevor v. Wood, 36 N.Y. 307, in 1867, the court found that telegraphed "signatures" met the legal requirements for "written signatures" under the Statute of Frauds. One might say that this was the first legal victory for electronic commerce! [5]
Use of networked computers to conduct electronic commerce began in the 1960s, starting with proprietary systems to move data within individual corporations, and later within industry groups, such as the railroad and food industries [6]. During the early days of Electronic Data Interchange (EDI), there was no way to apply cryptographically based signatures to electronic documents, so the industries relied heavily upon "trading partner agreements." These paper agreements, signed by the parties involved, described the rules to which the EDI trading partners agreed with respect to honoring purchase order requests, dispute resolution, and so on. Trading Partner Agreements have been remarkably successful, with legal disputes regarding EDI transactions being exceptionally rare.
Trading Partner Agreements still remain an important part of Electronic Commerce. However the world-wide-reach and extremely dynamic population of the Internet makes establishing Trading Partner Agreements with all the possible participants in electronic transactions practically impossible. Furthermore, the Intenet is now used for functions other than electronic commerce with legal requirements for authenticated transactions. For example, medical records are transferred via the Internet, and privacy concerns regarding this information demand authenticated access control.
The means to provide digital signatures for computer communications that are roughly equivalent to handwritten signatures on paper documents became available with the advent of public key technology. [7] In 1976 Whitfield Diffie and Martin Hellman published their landmark paper New Directions in Cryptography. This paper outlined how the difficult problem of solving discrete logarithms in finite fields could be used to develop asymmetric public/private key pairs which had clear potential for use in data networks. Diffie and Hellman suggested, quite prophetically, that the "one-way authentication" services offered by public key schemes would ultimately be of more importance to the business community than the confidentiality services for which cryptography had traditionally been used. [8] In 1978, Ron Rivest, Adi Shamir and Len Adleman invented the RSA cryptosystem, which allowed both encryption and the application of digital signatures. Other digital signature schemes soon followed, including the ElGamal technique in 1985 and the U.S. Government’s Digital Signature Standard (DSS) in 1991. The signing and verification process for each of these algorithms is similar:
1. The signer generates (or is provided) a "private signature key," and an associated "public signature key." It is computationally infeasible to determine the private signature key from knowledge of the public signature key, so the public key can be widely and freely disseminated.
2. The signer generates a "digest" of the message to be signed. A "message digest" is the product of a "hash function," that maps a message of arbitrarily large size to a specific, small size. For example, message of 25,000 bytes might be "hashed" to create a message digest of 128 bits (16 bytes). A good hashing algorithm will have the following properties:
• A modification of any bit in the message will result in a deterministic modification of the message digest;
• Given a specific message digest value, it should be computationally infeasible to generate a message that will hash to that message digest value.
3. The signer provides the message digest and a "private signature key" as inputs to the signature algorithm. The output is a "signature value" which is normally appended to the signed data.
4. The verifier, having obtained the signed message, uses the same hash function as the originator to generate a message digest over the received message. If the message has not been changed since the signer applied the signature, the signer’s and the verifier’s hash calculation will result in the same message digest.
5. The verifier obtains and authenticates the signer’s public signature key, and provides the message digest, signature value, and signer’s public signature key to the signature algorithm, which will indicate whether the signature is valid or not. If the signature is valid, then the verifier has an indication that the originator signed the message, and that the message was unchanged during the time between when the message was signed, and when it was verified.
Whether signatures are handwritten or digital, they are applied to achieve three security services:
• authentication, which is concerned with assurance of identity. [9] When a sales clerk compares the signature on the back of a credit card with the signature on a sales slip, the clerk is using the handwritten signatures as an authentication mechanism, to verify the person presenting the credit card is the person the card was sent to by the issuing bank.
• data integrity - assurance that data has not been modified since the signature was applied. While a handwritten signature does not in itself provide data integrity services, the security practices traditionally surrounding handwritten signatures, including the use of indelible ink and tamper-evident paper, provide some measure of data integrity. Digital signatures provide excellent data integrity services by virtue of the digital signature value being a function of the message digest; even the slightest modification of digitally signed messages will always result in signature verification failure.
• non-repudiation, which is concerned with providing evidence to a third-party (like a judge, or jury, for example) that a party participated in a transaction, and thereby protect other parties in the transaction against false denials of participation. The buyer’s signature on the credit card sales slip provides evidence of the buyer’s participation in the transaction, and protects the store and the card-issuing bank from false denials of participation in the transaction by the buyer.
No security mechanism, whether manual or automated, provides absolute assurance. There is evidence that forgery was practiced shortly after the invention of writing, and that it has remained a problem ever since. In the year 539 AD (100 years after the Romans started using signatures) the Romans generated legislation (in the code of Justinian) that established requirements that forensic document examination experts be sworn, and specifying under what circumstances their testimony may be given in cases of forgery. [10]
Modern forensic document examiners commonly compare a suspect signature with several examples of known valid signatures, and look for signs of forgery, which include: [11]
• Signatures written at a speed which is significantly slower than the genuine signatures;
• Frequent change of the grasp of the writing implement;
• Blunt line endings and beginnings;
• Poor line quality with wavering and tremor of the line;
• Retracing and patching;
• Stops in places where the writing should be free.
These techniques are supplemented with ink and paper analysis, electrostatic detection of writing imprints, and so on.
It is difficult to quantify the strength of handwritten signatures. It seems that the level of assurance that one can place in a handwritten signature depends largely on the technical expertise of the forensic document examiner used to investigate the signature. Certainly, expert forgers have succeeded in some cases, but handwritten signatures continue to be used, because they generally provide a strength of security services sufficient for the purposes to which they are applied. Where stronger authentication mechanisms are required, notarized, witnessed signatures are used - sometimes in elaborate "signing ceremonies," such as those associated with signing bills into law, and entering into treaty agreements. The basis of the assurance provided by a digital signature is fundamentally different than that of a handwritten signature. Whereas the judgement of whether a handwritten signature is valid or not depends on the skill of the examiner (be it the clerk comparing the credit card against the sales slip, or the forensic document expert), the judgement of whether a digital signature is valid depends on a great many processes and procedures working correctly.
If one were to argue in court that "I didn’t sign this document, my pen did," the result would probably be tittering in the courtroom, a lost case, and a possible court-ordered psychiatric evaluation. However, if one were to argue in court that "I didn’t sign the data, my computer did," the response from the court might be more sympathetic, as anyone who has used a computer has had the experience of the computer doing something the operator didn’t want it to do. In addition to accidental programming errors (such as one that caused a British bank to replicate each payment request, with a consequential temporary loss of about $ 4 Billion), there are many documented instances of networked computers being manipulated by malicious "outsiders" to do things the legitimate user would never have approved. [12]
Ultimately, people do not sign electronically - they command their computers to sign electronically on behalf of the signer. Someday an attacker will seize control of a victim’s signing application to fraudulently sign data, and when this attack becomes public, confidence in digital signatures may be forever shaken. The impact of such an attack on juries and judges is difficult to estimate. U.S. Federal Rule of Evidence 901(9) requires "Evidence describing a process or system used to produce a result and showing that the process or system produces an accurate result." [13] It seems that a single instance of a particular signing application being subverted might call all signed evidence produced using that application (or perhaps even using similar applications) into question. A fundamental difference, then, between digital signatures and handwritten signatures is that digital signatures require the intervention of a computer to be applied - and computers are subject to both accidental errors and malicious subversion. Handwritten signatures, by virtue of their simplicity, are not subject to these vulnerabilities.
Another difference between handwritten and digital signatures concerns the mechanism of association between the signer and her signature. A handwritten signature is biologically linked to a specific individual, but cryptographic authentication systems bind signatures to individuals through technical and procedural mechanisms. There are strong, mathematical links between a private signature key, its associated public key, and the message signature, but the association between the signer and her private key depends on the protection afforded the private key. The association between the signer and her public key depends on the honesty and diligence of the Certification Authority (CA) issuing the signer’s public key certificate (a public key certificate is a digitally signed statement by a CA that binds a public key to a signer’s identity). [14] Hence, the strength of the security services provided by a digital signature is a function of the methods used to safeguard the private signature key, methods used by the CA to identify and authenticate those applying for digital certificates, the protections provided against corrupt CAs, safeguards against the computers used by the CA being subverted, and so on. The standards, practices and procedures used to ensure the validity of the binding between a signer and the signer’s public key represent a "certificate policy." The Internet Engineering Task Force (IETF) Public Key Infrastructure/X.509 (PKIX) working group has developed a guide for developing certificate policies that describes certificate policies more precisely as:
"A named set of rules that indicate the applicability of a certificate to a particular community and/or class of application with common security requirements." [15]
The IETF goes on to list about 250 "policy elements" which can be factored into the establishment of a certificate policy. These policy elements include methods used to identify an individual, how the public/private key pairs are generated, how the private keys are protected, liability limits, and so on. Since different CAs establish and follow different policies, the strength of digital signatures varies according the policy of the CA who issued the signers’ certificates. Furthermore, digital signature certificates normally state a "validity interval," determined by the CA, during which the certificate may be used to verify signatures. The matter of what to do about signatures applied using a private key for which the associated public key has expired is one of many associated with the long-term validity of digital signatures.
When Anwar al-Sadat was negotiating the Egyptian-Israeli peace treaty of 1979, he insisted that the peace document be written on papyrus because of the superb archival qualities that papyrus offers. Egyptian documents and art represented on papyrus have survived in excellent condition through nearly 5,000 years. Anwar al-Sadat wanted the peace treaty signatures on papyrus to symbolize his hopes that the peace between Egypt and Israel would last, like the papyrus, for another 5,000 years.
There are, of course, many situations where documents must be signed and archived, with the signatures remaining valid for the duration of the archival. The signatures on deeds, for example, may be called into question many decades after they are applied. Other examples of signed documents requiring archival, taken from everyday experience, include medical documents, military discharge papers, and mortgages. Within the government, the Federal Records Act, 44 United States Code § 3301 states that "any document or material made or received in the course of government business, which is or should be kept either as evidence of the conduct of business or because it contains valuable information, is a record..." [16] This act also specifies that in many cases, these records must be archived. The National Archives and Records Administration maintains electronic (as well as other) records for the United States Government, some of which are punched card systems dating back to World War II! [17]
When considering digital data archival, it is important to remember digital signature verification requires each and every bit in the signed document be preserved and read correctly, just as it was when the signer applied the signature. For example, the flipping of a bit that changes an "s" character to an "S," while undesirable in any electronic document, would render a digitally signed document completely unverifiable, just as if every word in the document had been changed.
There are at least four problems associated with the long-term archival of signed electronic records. Briefly, they are:
• Deterioration of the source media;
• Obsolescence of the record data format;
• Evolution of cryptographic algorithms and related standards; and,
• Certificate life-cycle.
Source media (tapes, optical disks, floppy disks, etc.) are subject to deterioration over time. Magnetic media are prone to hydrolysis of the binder in which the magnetic particles are embedded. Hydrolysis causes the binder to become soft and sticky, and transfer from the media substrate to read/write heads and other surfaces. Another problem with magnetic media is the magnetic domains within the media "top coat" can reverse, thus changing recorded 1’s to 0’s and vice versa. The length of time a tape may be used to archive data varies from a minimum of about one year under tropical conditions, to about 64 years under ideal (cool, dry) conditions. [18]
The "weak link" in terms of optical disk archival is the metal reflecting layer, used to reflect the optical disk reader’s laser. This reflecting layer is typically made of aluminum, and subject to oxidation, because the reflecting surface is enclosed in materials that can be oxygen-permeable. As with magnetic tape, quality of the media and storage conditions play the dominant role in determining the useful archive lifetime, but manufacturers estimates and independent studies indicate that read-only optical disks should last for 100 years under ideal conditions. Lifetimes for writable optical disks are usually less - between 10 - 50 years (Dual alloy disks being an exception, with an estimated life of 100 years.) [19]
Physical deterioration of digital record archives can be fairly easily addressed by careful attention to storage conditions, and periodically transferring records from old media to new. This approach can also address the problem of changes in standards associated with physical storage media. Peter Graham, Associate University Librarian for Technical and Networked Information Services at Rutgers University, lists over 22 physical media in various configurations (punched cards, 7-track tape, 9-track tape, magnetic drums, and so on) that have been used for long-term data storage. Only a very few of these media are still in use. [20] For example, 5 1/4 inch floppy disks, so common ten years ago, are now very rarely used - but during the transition from 5 1/4 to 3 1/2 inch disks, many computers were available that accepted both media types. Because hardware capable of using both formats was available, data originally stored on 5 1/4 inch disks could be moved to the newer format - as long as someone recognized the data on the old disks as being worth saving!
A more intractable problem is associated with changing standards for representation of the data on the media. Very few documents written with the Disk Operating System (DOS) based word processors available ten years ago are readable with the word processing applications available today. Simon Pockley asserts in his essay Lest We Forget that devices used to store, process and retrieve data currently have a life cycle of only two to five years. Some historically important data has already been irretrievably lost to data processing system obsolescence. For example, the data collected from the first Landsat satellite, launched in 1972, can no longer be read. [21]
Digital signatures exacerbate the problem of technological obsolescence. They make the most common coping technique - conversion to new formats during transition periods - impossible unless the original signer can resign under the new format - a solution which is always burdensome and often impossible. From a digital signature perspective, a change to a document format is indistinguishable from a change to the document content, and will result in an unverifiable signature.
A similar problem is associated with the mercurial nature of cryptographic algorithms and standards. Aside from the signer’s private signature key, a digital signature is a function of:
We have already seen that the formatting of data is changing continuously. It appears that digital signature standards are also likely to undergo continuous evolution. Hashing algorithms that have been used in the short history of digital signatures include MD2, MD4, MD5, and the Secure Hashing Algorithm - 1 (SHA-1). There are frequent proposals for improving upon these algorithms as new cryptanalytic attacks are found, more efficient hashing mechanisms are devised, and computer hardware (for example the move from 16 bit to 32 bit machines) changes algorithm requirements. Similarly, the signature algorithms are undergoing rapid evolution in terms of cryptographic key size, and even adoption of entirely new cryptographic techniques, such as the move to elliptic curve based algorithms from those based on factoring products of prime numbers. The net result of all this constant improvement is that signatures applied to messages today will likely not be verifiable even ten years hence, unless verifying applications maintain a complex and ever growing array of hashing and signature algorithms. If the old signature and hashing algorithms were replaced for reasons of security, there is a question of whether the old signature should be verified at all.
Earlier we explored the role of the Certification Authorities in binding identities to public keys. It must be stressed that digital signatures cannot be verified without certificates. Certificates expire. VeriSign Corporation, for example, issues certificates to end-entities for one year periods. [22] Certificate validity dates vary from one Certification Authority to another, and a single CA can support several certificate policies with different certificate validity periods. Certificates can be renewed, but if they are not renewed, they expire, and are not supposed to be used to verify signatures thereafter.
Even if the problem of expiring certificates were solved, it may become difficult over time to determine where to go to find the certificate required to verify a signature applied by a particular signer. Corporations come into existence, then are bought-out, or go out of business. The status of certificates issued by Certification Authorities sponsored by long-dead corporations is not clear. Handwritten signatures, of course, have none of the problems associated with aging, because they are intrinsically bound to an individual for life - and thereafter.
While handwritten signatures are subject to forgery in a way that digital signatures, by virtue of their cryptographic properties, are not, digital signatures are subject to compromise (loss or disclosure) of the signer’s private key, just as Sumerian and Roman seals were subject to loss or theft. Compromise is a vulnerability not associated with handwritten signatures. Well designed public key systems have mechanisms for "revoking" public key certificates associated with compromised private keys. Lists of revoked certificates can be published, or centralized verification centers can be set up, so verifiers can confirm a certificate is still valid. [23] These revocation mechanisms bring new problems of their own, though. Suppose Bob Bigwig of Sleazy Inc. submits a signed electronic bid for a contract, then learns through his corporate intelligence that he could have bid $500,000 more, and still have submitted the lowest bid. In theory, at least, Bob could "accidentally on purpose" compromise his private signature key, and request the CA to revoke his certificate. Once Bob’s certificate is revoked, the signature on Bob’s bid will no longer verify. Bob could then obtain a new private signature key with a new certificate, and submit a new bid that would verify. The solution to this kind of problem is "trusted time stamps," which involve sending messages to "trusted third parties" who verify the existence of a message at a particular time. In Bob’s case, he’d send his bid to the trusted third party, who would digitally sign a statement that the message existed at a particular time. Bob would then send his timestamped bid. Future claims of key compromise would not constitute repudiation of messages signed prior to the compromise. This process is very similar to the concept of a "public notary" who confirms existence of documents, witnesses handwritten signatures and so on. The trusted third party is sometimes referred to as a "digital notary."
To address the problem of long-term archival of digitally signed documents, the Federal Public Key Infrastructure Technical Working Group has broken the life of a digitally signed document into three phases. During the first phase, the certificate is still valid, and revocation data should be available through "normal" channels - directories, on-line verification, and so on.
The second phase begins upon expiration of the certificate. For some time after the certificate expires, a public key infrastructure should be able to support non-repudiation dispute resolution by providing evidence concerning the history and status of the certificates it issued. In other words, a Certification Authority should be able to state that a particular certificate was valid at a particular point in time, or be able to say when and why a certificate was revoked.
It would be burdensome and unrealistic to expect public key infrastructures to provide a dispute resolution service for every certificate they issue in perpetuity. To solve the problems associated with media deterioration, technological obsolescence, and the infrastructures ceasing operations, documents that require long-term archival should be sent to digital archivists. If the record has been digitally signed, then the archivist verifies the signature upon receipt, and generates a statement indicating who signed the record. Thereafter, the archivist is responsible for ensuring the availability and integrity of the archived digital data. During this final phase of long-term data archival, preservation of the originally applied digital signature and the precise bit-patterns of the original data need not be maintained. The originator’s digital signature will probably be unverifiable after five to ten years anyway, due to cryptologic and application obsolescence. The archivist would be responsible for implementing procedures to ensure the content of the archived data is not changed - though format changes would be allowed. [24]
As was mentioned earlier, the legal standing of handwritten signatures for business contracts is based on the Statute of Frauds, which states that for certain kinds of contracts to be enforceable, "some note or memorandum in writing," "signed by the parties" must exist. [25] The Uniform Commercial Code states that:
" ‘Signed’ includes any symbol executed or adopted with present intention to authenticate a writing." [26]
By this definition, a record is "signed" if such a symbol is included with the record, regardless of the degree of security associated with that symbol. For example, the initials some people place at the end of an e-mail could be considered a "signature," even though forgery of such a "signature" is trivially easy.
There is little doubt that if someone fraudulently signs a document, whether the authentication mechanism is handwritten signatures, digital signatures, or typed initials, that a crime has been committed. 18 United States Code § 1343, Fraud by wire, radio, or television, states:
"Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than five years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both." [27]
Similarly, 18 United States Code § 1001 would cover cases in which digital signatures were fraudulently used to authenticate messages sent to the United States government:
"Whoever, in any matter within the jurisdiction of any department or agency of the United States knowingly and willfully falsifies, conceals or covers up by any trick, scheme, or device a material fact, or makes any false, fictitious or fraudulent statements or representations, or makes or uses any false writing or document knowing the same to contain any false, fictitious or fraudulent statement or entry, shall be fined not more than $10,000 or imprisoned not more than five years, or both." [28]
The question, then, is not whether digital signatures have legal standing, since they can be used to commit to a contract under the UCC, and can be used to put people in prison if abused - but whether digital signatures provide an equivalent level of evidence of fraud (or the lack of fraud) as do handwritten signatures. There are differing opinions on this matter. The Food and Drug Administration commissioned a study, completed in 1992, to examine the use of electronic authentication, and found digital signatures to be proscribed by regulation for certain applications because of the perception that they provide a lower level of assurance than handwritten signatures. [29] The Federal Public Key Infrastructure Legal and Policy Working Group, composed primarily of Federal Government lawyers, has expressed a somewhat contrary opinion that is more in line with that of the American Bar Association - that use digital signatures should be adopted widely within the Federal Government. It seems likely that use of digital signatures within the Federal bureaucracy will start with low-assurance applications where the risk of fraud is minimal, and increase in scope over time as practical and legal experience with the technology is acquired.
State governments have been engaged in a flurry of legislative action concerning digital signatures since Utah passed its groundbreaking Digital Signature Act in 1995. Some of these laws are concerned primarily with the requirements and liabilities of Certification Authorities, but many, like California’s, explicitly state that "digital signatures shall have the same force and effect as a manual signature" if these digital signatures meet certain requirements, such as being unique to the signer, providing data integrity, and compliance with regulations imposed by the state. [30] In general, the states have been eager not to be left behind in any digital signature spurred commercial revolution and are trying to provide the legal infrastructure that would promote their own states as electronic commerce leaders.
Several national governments have passed digital signature laws for much the same reasons as the American states - and these national laws are similar in many respects to the U.S. state laws. The German Bundestag passed a Digital Signature Law on June 13, 1997 that describes requirements for a public key infrastructure. The law does not address the legal validity of digital signatures, though the German Federal Justice Ministry is working on follow-on legislation that will. [31]
On the international level, the United Nations Commission on International Trade Law (UNCITRAL) composed the UNCITRAL Model Law on Electronic Commerce in 1996. This model law recognizes the legal validity and force of data messages:
"Article 6. Writing
(1) Where the law requires information to be in writing, that requirement is met by a data message if the information contained therein is accessible so as to be usable for subsequent reference." [32]
Article 7, concerning signatures, goes on to stipulate...
"(1) Where the law requires a signature of a person, that requirement is met in relation to a data message if:
(a) a method is used to identify that person and to indicate that
person’s approval of the information contained in the data
message; and
(b) that method is reliable as was appropriate for the purpose
for which the data message was generated or communicated,
in light of all the circumstances, including any relevant agreement."
[33]
To summarize then, there is generally a movement in the legislative bodies of the United States and the rest of the world to augment existing laws concerning electronic fraud with laws specifically oriented toward promoting the use of digital signatures for electronic commerce.
Handwritten and digital signatures share some similarities:
• Both provide the security services of authentication, data integrity, and non-repudiation.
• Both handwritten and digital signatures have legal standing, and the legal standing of digital signatures is increasing with the passage of various state and national laws to become the equal (or more) of handwritten signatures.
Differences between digital and handwritten signatures include:
• A handwritten signature is biologically linked to a specific individual, whereas a digital signature relies on the protection afforded a private signature key by the signer, and the procedures implemented by a Certification Authority.
• Handwritten signatures are under the direct control of the signer, whereas digital signatures must be applied by a computer commanded by the signer.
• Forgery of handwritten signatures has been practiced for centuries, whereas forgery of digital signatures, in the absence of compromise of the private signature key, or hijacking of the signature mechanism, is virtually impossible. The mechanisms of forgery for handwritten and digital signatures are fundamentally different.
• The detection of handwritten signature forgery depends on the skill of the examiner. Many handwritten forgery attempts will not be detected until after action is taken on the basis of the suspect signature (e.g., after the check is cashed). Due to the cryptographic nature of digital signatures, attempted forgeries are immediately obvious to any verifier, except in the case where a private signature key has been compromised, or control of the signing mechanism has been seized. In these cases, distinguishing between a valid and invalid digital signature may be impossible, even for a computer forensics specialist.
• The data integrity service provided by digital signatures is much stronger than that provided by handwritten signatures.
• Handwritten signatures can be witnessed, whereas digital signatures cannot be - though they can be notarized.
• Handwritten signatures can be verified in perpetuity, whereas digital signatures will likely become unverifiable after ten years or so due to data processing equipment and cryptographic standards obsolescence, certificate expiration, and other factors.
• Handwritten signatures are inherently secure against repudiation (again, to the extent of the skill of the document examiner), whereas digital signatures require third party time-stamping to augment their non-repudiation security service.
• Handwritten signatures are all roughly equivalent in the level of security they provide (though their level of assurance can by augmented by techniques such as use of special inks and papers, witnesses, notaries, and signature cards). Digital signatures vary widely in the strength of the security services they offer, depending on the certificate policy associated with the signer.
• Handwritten signatures are extremely simple, and easy to understand. The forensics techniques used to detect fraud are easily explained to lawyers, judges, and juries. Digital signatures are fiendishly complex, involving arcane number theory, the workings of computer operating systems, communications protocols, certificate chain processing, certificate policies, and so on. There are very few people on this planet (if any) who completely understand every process involved in generating and verifying a digital signature. The potential for confused lawyers, judges and juries is extreme.
Digital signatures have the potential to have the greatest impact on commerce since the invention of money. Digital signatures allow us to identify ourselves and make commitments in cyberspace in much the same way as we do in actual space. Nonetheless, digital signature have important limitations, the most significant being their temporary nature. The differences between handwritten and digital signatures will likely have some practical consequences:
• The use of digital signatures for high-value financial transactions outside the protection of trading partner agreements is likely to proceed relatively slowly, until experience with the risks associated with use of digital signatures is accrued.
• Initial use of digital signatures is likely to be limited to applications where long-term archival is not very important, such as purchase orders, electronic funds transfers, authentication to on-line services, and the like. Applications requiring long-term archival (birth and death certificates, deeds, government records, etc.) will probably require the establishment of electronic data archival centers capable of verifying digital signatures, and associating the verified data with the identity of the signer. Current laws dealing with digital signatures seem to have glossed over or overlooked long-term non-repudiation. These laws will likely be revised over the next five years or so as the practical limitations of digital signature archival manifest themselves.
• Applications requiring high levels of non-repudiation assurance will likely require the use of digital time-stamping (or notary) services. These services may be provided by commercial or Government entities.
• At some point a clever cyber-criminal will commit a fraud through compromise of a private signature key, or by seizing control of the legitimate signer’s computer. When this happens, it will probably be a major news event, and the whole concept of digital signatures will be called into question, notwithstanding the fact that handwritten signatures do not provide perfect security assurance either. The future of the use of digital signatures will depend greatly on the early court decisions concerning who is held liable for losses, and the success of the prosecution’s efforts.
It seems unlikely that digital signatures will fully replace handwritten signatures in the foreseeable future. Handwritten signatures have a lot going for them - they are fast, cheap, easily understood, and last forever. Digital signatures will probably never be used for treaty authentication, signing bills into law, or other ceremonial or historical occasions.
When handwritten signatures were invented, they augmented seals, which had been in use for over 3,000 years - they did not replace them. In fact, seals continue to be used today. Instead, handwritten signatures took their place beside seals as an authentication mechanism useful for particular purposes, and over time, handwritten signatures gradually increased in the frequency and scope of their usage. It is likely to be much the same with digital signatures, which are the latest authentication tool in the continuing advancement of communications technology.
Acknowledgement
I would like to thank. Les Perelman of the MIT Writing Program for his contributions to this paper.
Endnotes and Sources:
[1] J.N. Postgate, Early Mesopotamia - Society and Economy at the Dawn of History, Routledge, New York, NY, 1992, page 282.
[2] Ketubot (with commentary by Rabbi Adin Steinsalz, The Talmud, Volume VIII, Tractate Ketubot, Part II, Random House, New York, NY, 1992, Section 18B, page 57.
[3] J.K.B.M. Nicholas, An Introduction to Roman Law, Clarenden Law Series, Oxford, 1962, page 256.
[4] Ford, Warwick and Baum, Michael, Secure Electronic Commerce, Prentice Hall, Upper Saddle River, NJ, 1997, page 42.
[5] Ibid, page 42.
[6] EDI - Some History, http://www.edi.road.com/history.htm
[7] A seal is applied using a device the originator "has," whereas a handwritten signature relies on unique characteristics of the signer. In this respect, digital "signatures" are more akin to seals, in that they rely on application of something the originator has - a private key - as opposed to some characteristic biologically unique to the originator.
[8] Whitfield Diffie and Martin Hellman, "New Directions in Cryptography," IEEE Transactions on Information Theory, Volume IT-22, Number 6, November 1976.
[9] Ford, Warwick, Computer Communications Security, Principles, Stand Protocols and Techniques, Prentice Hall, Englewood Cliffs, NJ, 1994, page 109.
[10] Anderson, Chris, Document Examination, http://www.docexam.com.au/docexam.txt., page 1.
[11] Ibid, page 6
[12] Neumann, Peter G., Computer Related Risks, Addison-Wesley Publishing Company, 1995, page 170.
[13] Ford, Warwick and Baum, Michael, page 49.
[14] Some public key systems, such as the "Pretty Good Privacy" (PGP) application, do not rely on certificates, but these systems have scalability problems when applied to broad commercial commerce applications. This paper is concerned primarily with public key systems that use certificates.
[15] S. Chokhani, W. Ford, Certificate Policy and Certification Practice Statement Framework, Internet Engineering Task Force Draft, http://www.globecom.net/%28nocl%29/ietf/draft/draft-chokhani-cps-00.shtml
[16] http://www.law.cornell.edu/uscode/44/3301.shtml
[17] National Archives and Records Administration, Center for Electronic Records, Frequently Asked Questions, http://www.nara.gov/nara/electronic/faq.html#time.
[18] National Library of Australia, From Digital Artifact to Digital Object, http://www.nla.gov.au/3/npo/conf/npo95rh.html#od.
[19] Ibid.
[20] Preserving Access to Digital Information, http://www.nla.gov.au/dnc/tf2001/padi/obs.html.
[21] Pockley, Simon, Killing the Duck to Keep the Quack, http://www.cinemedia.net/FOD/FOD0055.html.
[22] VeriSign Certification Practices Statement, https://www.verisign.com/repository/CPS1.2/CPSCH6.HTM#_toc361807045.
[23] Interestingly, the parallel between 5,000 year old Sumerian seals and "modern" digital signatures is very close in this respect. J.N. Postgate reports in Early Mesopotamia - Society and Economy at the Dawn of History, page 282:
"On the loss of a seal it was the practice to publicize the loss and its date through the herald - so that documents sealed with it thereafter would be invalidated..."
The parallels with the modern Certificate Revocation List and Digital Timestamping are striking!
[24] TWG 17 April 1997 Meeting Report, http://csrc.nist.gov/pki/twg/twg97_4.html.
[25] Ford, Warwick and Baum, Michael, page 42.
[26] Uniform Commercial Code - Article 1 - General Provisions, Part 2, http://www.law.cornell.edu:80/ucc/1/1-201.html
[27] United States Code. http://frwebgate2.access.gpo.g
[28] U.S. Department of Health and Human Services, Food and Drug Administration, Electronic Identification/Signature Working Group, Progress Report - February 24, 1992, Reformatted November 1996, page 17. http://www.fda.gov/cder/esig/part11.htm.
[29] Ibid, page 29.
[30] Johnson, James, A., Enacted State Digital Signature Legislation, http://nii.nist.gov/pubs/enstsign.html
[31] German Digital Signature Law (SigG), Translation and Commentary by Christopher Kuner, Esq., http://ourworld.compuserve.com/homepages/ckuner/digsig4.htm
[32] United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce, Article 7.
[33] Ibid.