Practice Tip: <B>Electronic & Digital Signatures in Word</b>

Have you ever had to print out a document just because you had to sign it before faxing it? Or have you ever done a merge mailing, only to have to print out and sign each letter individually? Wouldn't it be better if you could just sign all these documents electronically and send them electronically to their respective recipients? This article will shed some light on what is meant by electronic and digital signatures as well as provide details of how you can digitally sign a document in Word.

On June 30, 2000, President Bill Clinton signed into law the Electronic Signatures in Global and National Commerce Act (E-SIGN Act), which became effective throughout the U.S. on October 1, 2000 (for a copy go to http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s761enr.txt.pdf). The E-SIGN Act implemented a national standard for all electronic transactions that broadly encouraged the use of electronic signatures, contracts and records by providing legal validity for these instruments as long as the signatories complied with the standards of the Act. The E-SIGN Act does not mandate any specific method of technology be used in order for business to conduct electronic transactions. It simply provides a framework within which parties can conduct business electronically with the assurance that their signed documents are legally valid and enforceable. Since the E-SIGN Act is so broad in scope, a “signed” electronic transaction can comprise anything from a simple e-mail exchange to a complex public key/private key authentication procedure.

Although E-SIGN is the most highly publicized piece of legislation concerning electronic signatures, other laws have been equally influential in encouraging their use. For example, the Government Paperwork Act, passed in October 1998, requires that by October 2003 all federal agencies allow any individual or organization the option of submitting information to them electronically. The Social Security Administration is working with a 3rd-party digital certificate provider to allow employers to file their wage-reporting forms electronically. On the pharmaceutical side, companies like Bristol-Myers Squibb are using electronic signatures to comply with federally mandated training regulations. An online example of an electronic signature is when you click on the “I Agree” button when purchasing a product online with a credit card.

Electronic Signatures in Word

A simple example of an E-SIGN transaction would be the use of an electronic signature in a Word document. This can be realtively easily accomplished by using Word's AutoText entry feature (for more details on the AutoText feature, see my article “Maximizing AutoText” in the June 2003 issue of Legal Tech Newsletter).

The first thing you need to do is to scan your signature. Write your name on a sheet of paper and place it in a scanner. From within Word XP, select Insert, Picture, From Scanner or Camera. A dialog will display which will let you select your scanner device. Select “Custom Insert” so that you can set the type of scan, resolution (DPI) and size of the scanned image before actually performing the scan and insert. With a little bit of luck, you may not have to change any of the default settings. If you prefer, you can scan the signature using third-party image software such as Microsoft Paint or Adobe Photoshop. Save the resulting image to a TIFF or BMP file and insert the file into Word by selecting Insert, Picture, From File from within Word.

To set up the signature as an AutoText entry, all you need to do is to select the image in the document and choose Insert, AutoText, New and enter an abbreviation (ie, your initials). When you wish to insert the signature into a document on screen, you simply type your initials and press the F3 key. Voil', your signature is inserted into the document at your cursor position! You could further automate this process by writing a macro which performs this series of keystrokes. You could then assign this macro to a button on a toolbar, so that “signing” a document would be as simple as clicking on that custom button.

Digital Signatures/Digital Certificates

Although an electronic signature is quite easy to set up, it is also unreliable as regards to authentication of your identity. That is, anyone who has access to your computer, and who knows the AutoText entry name for your signature, could easily “sign” documents on your behalf. However, under the rather loose standards of the E-SIGN Act, documents signed by you in this fashion are legally binding, as long as both parties agree to it. However, a third-party might be reluctant to agree to this process, since they would have no way of knowing that it was really you who signed the documents.

The technology of digital signatures completely resolves this electronic quandary. Digital signatures are created and validated by a technology based on cryptography, a branch of mathematics concerned with the coding and decoding of data. For digital signatures, two different encryption keys are generally used, one for the creation of the signature (private key) and the other for the validation or authentication of the signature (public key). The private key, of course, belongs to the signer, while the recipient must have the public key in order to validate that the digital signature is, indeed, the signer's. Since the recipient does not have access to the sender's private key, it would be impossible to forge the sender's signature.

Public Key Certificates

But how does the recipient of a digital signature described above know that the sender is, indeed, the person he/she claims to be? Without face-to-face contact, the recipient is still taking the sender's claim of identity on faith alone. This process is not much more secure than the electronic signature process using AutoText described earlier in this article. To insure that each of the parties is identified with a specific key pair (public/private), a third-party trusted by both sender and recipient must be engaged. This third-party is typically referred to as a “certification authority.”

Digital certificates are, thus, more secure than simple digital signatures, because they require the user to apply to a certificate authority, such as VeriSign, Inc. The certificate authority will verify the identity of the user or organization by asking a series of questions and by doing a series of background and financial checks. Once approved, the certificate authority will issue a Class 2 certificate (for individuals) or a Class 3 certificate (for organizations) which will have a life-span of 12 months. After 12 months the certificate will have to be renewed. Signing a document with a Class 2 or Class 3 certificate (the level of security adhered to by most commercial software vendors) not only guarantees the recipient the identity of the signer, but also guarantees that the document has not been tampered with since it was signed.

For a list of vendors offering digital signature and authentication technology, go to: www.cyberwalker.net/features/digital-sig-links.shtml.

Have you ever had to print out a document just because you had to sign it before faxing it? Or have you ever done a merge mailing, only to have to print out and sign each letter individually? Wouldn't it be better if you could just sign all these documents electronically and send them electronically to their respective recipients? This article will shed some light on what is meant by electronic and digital signatures as well as provide details of how you can digitally sign a document in Word.

On June 30, 2000, President Bill Clinton signed into law the Electronic Signatures in Global and National Commerce Act (E-SIGN Act), which became effective throughout the U.S. on October 1, 2000 (for a copy go to http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s761enr.txt.pdf). The E-SIGN Act implemented a national standard for all electronic transactions that broadly encouraged the use of electronic signatures, contracts and records by providing legal validity for these instruments as long as the signatories complied with the standards of the Act. The E-SIGN Act does not mandate any specific method of technology be used in order for business to conduct electronic transactions. It simply provides a framework within which parties can conduct business electronically with the assurance that their signed documents are legally valid and enforceable. Since the E-SIGN Act is so broad in scope, a “signed” electronic transaction can comprise anything from a simple e-mail exchange to a complex public key/private key authentication procedure.

Although E-SIGN is the most highly publicized piece of legislation concerning electronic signatures, other laws have been equally influential in encouraging their use. For example, the Government Paperwork Act, passed in October 1998, requires that by October 2003 all federal agencies allow any individual or organization the option of submitting information to them electronically. The Social Security Administration is working with a 3rd-party digital certificate provider to allow employers to file their wage-reporting forms electronically. On the pharmaceutical side, companies like Bristol-Myers Squibb are using electronic signatures to comply with federally mandated training regulations. An online example of an electronic signature is when you click on the “I Agree” button when purchasing a product online with a credit card.

Electronic Signatures in Word

A simple example of an E-SIGN transaction would be the use of an electronic signature in a Word document. This can be realtively easily accomplished by using Word's AutoText entry feature (for more details on the AutoText feature, see my article “Maximizing AutoText” in the June 2003 issue of Legal Tech Newsletter).

The first thing you need to do is to scan your signature. Write your name on a sheet of paper and place it in a scanner. From within Word XP, select Insert, Picture, From Scanner or Camera. A dialog will display which will let you select your scanner device. Select “Custom Insert” so that you can set the type of scan, resolution (DPI) and size of the scanned image before actually performing the scan and insert. With a little bit of luck, you may not have to change any of the default settings. If you prefer, you can scan the signature using third-party image software such as Microsoft Paint or Adobe Photoshop. Save the resulting image to a TIFF or BMP file and insert the file into Word by selecting Insert, Picture, From File from within Word.

To set up the signature as an AutoText entry, all you need to do is to select the image in the document and choose Insert, AutoText, New and enter an abbreviation (ie, your initials). When you wish to insert the signature into a document on screen, you simply type your initials and press the F3 key. Voil', your signature is inserted into the document at your cursor position! You could further automate this process by writing a macro which performs this series of keystrokes. You could then assign this macro to a button on a toolbar, so that “signing” a document would be as simple as clicking on that custom button.

Digital Signatures/Digital Certificates

Although an electronic signature is quite easy to set up, it is also unreliable as regards to authentication of your identity. That is, anyone who has access to your computer, and who knows the AutoText entry name for your signature, could easily “sign” documents on your behalf. However, under the rather loose standards of the E-SIGN Act, documents signed by you in this fashion are legally binding, as long as both parties agree to it. However, a third-party might be reluctant to agree to this process, since they would have no way of knowing that it was really you who signed the documents.

The technology of digital signatures completely resolves this electronic quandary. Digital signatures are created and validated by a technology based on cryptography, a branch of mathematics concerned with the coding and decoding of data. For digital signatures, two different encryption keys are generally used, one for the creation of the signature (private key) and the other for the validation or authentication of the signature (public key). The private key, of course, belongs to the signer, while the recipient must have the public key in order to validate that the digital signature is, indeed, the signer's. Since the recipient does not have access to the sender's private key, it would be impossible to forge the sender's signature.

Public Key Certificates

But how does the recipient of a digital signature described above know that the sender is, indeed, the person he/she claims to be? Without face-to-face contact, the recipient is still taking the sender's claim of identity on faith alone. This process is not much more secure than the electronic signature process using AutoText described earlier in this article. To insure that each of the parties is identified with a specific key pair (public/private), a third-party trusted by both sender and recipient must be engaged. This third-party is typically referred to as a “certification authority.”

Digital certificates are, thus, more secure than simple digital signatures, because they require the user to apply to a certificate authority, such as VeriSign, Inc. The certificate authority will verify the identity of the user or organization by asking a series of questions and by doing a series of background and financial checks. Once approved, the certificate authority will issue a Class 2 certificate (for individuals) or a Class 3 certificate (for organizations) which will have a life-span of 12 months. After 12 months the certificate will have to be renewed. Signing a document with a Class 2 or Class 3 certificate (the level of security adhered to by most commercial software vendors) not only guarantees the recipient the identity of the signer, but also guarantees that the document has not been tampered with since it was signed.

For a list of vendors offering digital signature and authentication technology, go to: www.cyberwalker.net/features/digital-sig-links.shtml.