Signing digital documents : technology transitions that don’t make sense
My wife had knee surgery today. (All went well. She’s now in recovery.) As we were in admission, we went through various things with the hospital worker. At some points along the line, my wife had to sign some documents. One was permission to treat and to tell our insurance about it. Another was notification of having received a “Patient’s Rights” document. Another was some Medicare form or another.
Rather than doing everything on paper, the signatures were all kept in documents on the computer. And, here’s how they were done : there was one of those little “signature” widgets that you may have seen in stores where you can swipe your credit card, only here there was just the screen for the signature. The woman, facing us and looking at her monitor (which we could not see), would ask my wife to sign something, and say, “OK, you’re signing now to say that you received this document,” or some such.
If you sit back and think about this, none of this makes any sense at all.
Of course, while it makes no sense, it’s the obvious thing to do. Too often, the obvious thing doesn’t make sense if you really think about it. Let’s sit back and think this through.
First of all, we have this notion that a signature is something like a fingerprint, something that is uniquely yours and is evidence that you have approved or recognized something. Yes, signatures can be forged, but let’s leave this aside for now. On a paper document, there is line at the bottom you can sign indicating that either you have read and understood the document, or that you agree to what is written in the document. Your signature is on the paper with what you are agreeing to. In a world where exact reproduction of documents is difficult, this makes sense and is a great way to do it.
Unfortunately, that world hasn’t existed for some time. Even without computers, one can use a technique that I once heard seriously described as “xerography” (in the laughable document describing standards for presentation of your PhD thesis at Caltech) to move a siganture from one document to another.
But with a digital document, it’s even worse. What they’re taking is a digital scan of your regular paper signature– not a “digital signature” in the true meaning of that term– and including it inside a document just as any other image might be included in that document. Of course, as you know, you can easily move images around inside documents. I don’t believe that the hospital does this, of course, but the fact is that we have at this point become very far removed from the whole notion that you have signed on the document that you’ve read and agreed to. This is only emphasized by the fact that we weren’t even seeing the document into which the scan of my wife’s signature would be pasted, but rather relying on the woman telling us basically what it was.
(Irrelevant Aside: The alert reader will point out that in modern society, all of us all the time sign that we’ve read and agree to things we haven’t read. It’s simply impossible to read all the way through and think about all the terms and conditions that we’re asked to sign. How many people read software licenses before clicking “I Agree”? How many people stand and hold up the line at the rental car counter in the airport reading through the several pages of text you must agree to in order to rent the car? When you go to a closing on your house and have to sign mutliple times in a stack of documents that would take at least two solid days of focused work to read, do you in fact spend the two days? We’ve got this “sign to agree” mentality in our society that has us, in order to cope, signing things without having really read them. This in turn, really, should render the whole notion of a signature as indicating any sort of legal agreement null and void. But this isn’t the main point of my rant here, which is why I leave all of this as an irrelevant aside. It’s not unimportant, just irrelevant to the current rant.)
What’s going on with the signing of digital documents here is the same sort of thing that went on when automobiles were described as “horseless carriages.” We’re trying to take something that really is new, and make it fit into our old way of thinking. There is a way to do digital signatures that are at least as meaningful as cursive signatures on paper documents. You delineate a segment of text, calculate a cryptographic checksum, and then encrypt that checksum with a secure, private-half of a public-key cryptography key. You are required to somehow authenticate that key in order to use it– often with a password, but potentially also with some sort of biometric data (fingerprint, whatever). Anybody can use the public-half of that key to unlock that checksum and compare it to the data you signed. The fact that they use the public-half of that key proves that it was your key that encrypted the checksum, and the fact that the checksum they calculate themselves on the document matches what was encrypted with your key proves that it was in fact that document that you had signed.
I use this kind of cryptographic signature all the time. Indeed, seeing some others at the place where I work doing it, I’ve started routinely signing my e-mails with my PGP key. The thing is, to my knowledge there are not systems out there for public key cryptography that require you to be at least a little bit of a geek, or to be briefed by a geek, to use and understand. Certainly they are not in use at the hospital. And, certainly, the general public does not understand the idea well enough that they would be able to be put into use without a fair amount of public education.
In the mean time, instead of taking what signing a document means and trying to translate that into something real in the digital world, we try to replicated signatures as directly as possible, giving us something that superficially looks just like a signature, but in reality is very far removed from whole point of signing documents in the first place. You see the same effect in a lot of other places dealing with modern technology– trying to take the non-digital-technology way of doing things and impressing it directly on the digital technology way of doing things, even though the very nature of digital technology renders those old ways of doing things fundamentally meaningless.
January 27th, 2008 at 10:58 am
Good post, Rob.
This little issue of signatures could become more of a problem in health care when the electronic medical record becomes more prevalent. I like the idea of a password/keycard scanner to access information at doctors offices, pharmacies and hospitals.
March 23rd, 2008 at 5:46 pm
I agree with you that secure digital signatures would be great, but the current situation makes more sense than you might think. Handwritten signatures have never been very useful for security or authentication purposes, since forgery is just too doable. (At best, there’s a weak level of security against casual criminals.) The point of handwritten signatures is the legal aspect: the ceremony of signing makes an agreement legally binding, and the penalties for forgery are severe.
For example, consider signing the receipt when paying by credit card. Nobody even tries to use the signatures for authentication, and any evidence they offer is so weak that it would never settle the issue in court. The only purpose is the legal weight signatures carry (if the facts can be determined by other means). If you are caught repudiating your signature, or forging someone else’s, then you’re in big trouble.
Another issue to keep in mind is the flexibility of handwritten signatures. You can choose your signature, which may be an unreadable scribble or even essentially an X. In fact, as long as you have no dishonest intent, you can arbitrarily vary from signature from time to time. It’s the act of signing that carries legal weight, not what you actually write down.
The current insecure electronic signatures have the same legal standing as insecure handwritten signatures. Cryptographic digital signatures would be much better, but they require quite a bit of infrastructure. In the meantime, the security properties of electronic signatures are nonexistent, but the legal aspects still carry over, and that’s 95% of what we cared about even in the handwritten case.
July 1st, 2008 at 10:40 pm
Me, I would have asked to take a look at what I was signing. Yes, nobody has time to actually *read* those things, but you *can* skim through and see if anything hinky jumps out at you. If you’re really smart and persuasive, you can get them to give you a copy of what you just signed so you can go over it at your leisure and at least know what you have agreed to, just in case it comes up in court.