CNET tech sites: Price comparisons | Product reviews | Tech news | Downloads | Site map
Front PageEnterpriseE-BusinessCommunicationsMediaPersonal TechnologyInvestor

News.context: Special Reports | Newsmakers | Perspectives
 
Beware: E-signatures can be easily forged
By Brian Livingston
July 14, 2000, 4:00 AM PT


You may need to be more careful about whom you do business with from now on.

Consumer groups say the electronic signatures recently authorized by President Clinton are easy to forge.

"This law has very, very lax standards as to what constitutes your electronic signature," says Vergil Bushnell, e-commerce policy analyst for the Consumer Project on Technology in Washington.

Many people believe that the Electronic Signatures Act (ESA) requires "digital signatures." Digital signatures, which are a type of e-signature, make it practically impossible to alter a document without the changes being detectable.

Digital signatures rely on encrypted algorithms that must be used with a single password to identify an individual. The password uses special software to lock, or encrypt, the signature, which a freely given public key--or second password--can open.

But the ESA does not require digital signatures--or any form of verification. In fact, the term "digital signature" does not appear anywhere in the ESA.

As a result, businesses and consumers face uncharted waters. Many familiar legal protections may or may not apply. The ESA gives legal force to things that are not electronic and are not signatures.

"The problem with not having a digital signature is that you're open to forgery," says William Allen Simpson, a co-author of the Internet security protocol IPSec.

The House version of the ESA, which included some minimum privacy and security standards, was rewritten in the Senate. The final bill defined an e-signature merely as any "electronic sound, symbol or process."

Technology experts say the following are now legally binding "signatures" under the "sound, symbol or process" rule:

 Pressing a touch-tone key. As Simpson puts it, "Telemarketers can now call people and execute electronic contracts by saying, 'Press 1 to agree.'" The touch-tone beep is considered an "electronic sound."

 Sending fraudulent email. A malicious novice could fake the identity of an email to make it look like part of a legitimate purchase order process. "Someone sending email with your name on it to a company would constitute an electronic signature under this law," Bushnell says.

 Clicking "OK" on a salesperson's computer. An auto salesperson might inform a buyer that a sales contract must be signed electronically on his or her laptop computer. When the buyer clicks "OK" (an electronic symbol), a legally binding contract has been signed.

In none of these three examples does the ESA require a copy of the contract to be made available to both parties immediately. A copy can be sent by email. One party might accidentally or deliberately change text in the contract. Lacking a digital signature, it's hard to prove which of two versions is genuine.

Of course, no responsible business is going to deliberately falsify contracts. But it might take only two or three widely publicized frauds to frighten consumers away from all kinds of e-commerce.

Legal rights groups such as the National Consumer Law Center say the ESA wipes out many common-sense protections.

Take the all-too-familiar case of the elderly woman who is convinced by a door-to-door salesman to sign a loan contract for overpriced repairs on her home.

"Today, consumer laws give the woman a chance to review the documents, or get help to review them, and cancel the loan within a certain period of time," the center said in a statement. But if she clicked "OK" on a salesman's portable computer under the new law, "the woman would be effectively deprived of these rights."

Consumer groups say existing credit card laws should have been used as a model. Under the Fair Credit Billing Act of 1975, Congress gave consumers protection such as defense against fraud over $50, the right to dispute the quality of goods purchased within 100 miles of their home, and so forth. These protections made credit cards (which were rare in 1975) popular with consumers and profitable for business.

Because the ESA now prohibits states from requiring digital signatures or credit card-like protections, only Congress can fix the insecure environment it has created.

For a copy of the ESA, go to the Thomas site. Search for bill number S.761. Then click S.761.ENR and select "Full Display" or "PDF."

Consumer advocate Brian Livingston appears at CNET News.com every Friday. Do you know of a problem affecting consumers? Send info to tips@BrianLivingston.com. He'll send you a book of high-tech secrets free if you're the first to submit a tip he prints.

 
More Perspectives


biography
Brian Livingston has published 10 books, including "Windows 2000 Secrets" and "Windows Me Secrets." He has been a contributing editor at PC World, Windows Magazine, InfoWorld and other magazines for more than 10 years. Before his work as an author, Livingston was a management consultant advising financial institutions on computer technologies. In 1991, he received the Award for Technical Excellence from the National Microcomputer Managers Association for his efforts to develop standards in the computer industry.


 Search
 
   

Latest Headlines
display on desktop
GE sparks market rally
Loss grows for Corel
Microsoft puts a price on IM features
Prices fall for CD rewritable drives
Homestore execs agree to plead guilty
Hotwire double-bills customers
Penguin on the prowl
Web leak of Linux lets Hat out of the bag
PayPal goes international
Who's living large at Terra Lycos?
Crooks will still be crooks
Handspring lays off 20 percent
Nvidia chips grease faster PC link
Bell Labs fires researcher
Enron auction hampers DoveBid site
China arrests Web writer for subversion
Vivendi lays out new strategy
Study: Stop trying to lock out pirates
Computer makers gird for holiday battle
Ulead updates photo software
This week's headlines

News Tools
Get news by PDA
Get news by mobile
Listen live to CNET Radio

CNET newsletters

News.com Daily Dispatch

News.context (weekly)

Investor Daily Dispatch

Week in Review





All newsletters | FAQ
Manage my newsletters

Send us news tips | Contact Us | Corrections | Privacy Policy

   Featured services: CNET SearchBar | Hosting Providers | IT Resources | Back to School Guide | Tech Jobs   
  CNET Networks: Builder.com | CNET | GameSpot | mySimon | TechRepublic | ZDNet About CNET  

Copyright ©1995-2002 CNET Networks, Inc.All rights reserved. CNET Jobs