A Cyberspace Perspective

Eggs in Baskets: Distributing the Risks of Electronic Signatures


Benjamin Wright


VOL. XV • Winter 1997 • NO. 2 (table of contents)

Order this issue

Cite as:

15 John Marshall J. of Comp. & Info. Law 189


Many risks are prevalent with the traditional signing of a paper document. The most notable is forgery. Under current law, the burden of proving the authenticity of a signature is on the recipient, not the signer. This burden motivates the recipient to be responsible. For instance, when accepting a signature, the recipient may wish to elicit further evidence of genuineness and request the signer to acknowledge his or her signature before a notary public. Considering the many risks associated with the authentication of paper documents, the authentication of electronic documents and signatures will not be different. Strategies have been developed which attempt to address these risks to more perfectly bind a signer to his electronic words.

The Utah Digital Signature Act was adopted in 1995 and uses a system of public-key cryptography. Public-key cryptography involves the use of two mathematically linked keys, a private key and a public key, which are assigned to a user. The private key is intended to be kept secret and accessed only by the user. The public key is published so that the key may be obtained by others and used to determine whether a document was electronically signed with the user's private key. Under public key cryptography and the Utah Act, the user is obligated to safe-guard his private key. If this obligation is neglected, the user will be held liable for any damage which results.

Another strategy employed to allocate the risk in the signing of electronic documents is PenOp. Through a complex method using pen biometrics technology, the PenOp system creates a biometric token which is attached to an electronic document for the purpose of a signature. After a biometric token is created, a Signature Verification Service is employed by the recipient to evaluate whether the token is a product of an authentic signature inscription belonging to the user identified in the token. The PenOp strategy is similar to the traditional pen and ink strategy. The full burden of proving the validity of a signature rests with the recipient. However, like the traditional paper document, the validity of a signature is tested considering the numerous circumstances surrounding the signing. Thus, the eggs in a PenOp System are spread across many baskets. In comparison, the Utah Act system emphasizes the risky investment of all the eggs in just one basket, the safeguard of the private key.

Related Articles: