How To Create A Contract Using Email And Digital Signatures

Certainly, if the practical realities of your business require you to accept a digital signature on an agreement, I say go for it. A digitally signed e-mail is better than a completely unverified e-mail. It's probably also better than a faxed signature since you can't really verify a faxed signature. You "sign" your e-mail using software which creates what's known as a "digital signature", an encrypted piece of data added to an electronic message such as an e-mail. It is not a scanned picture of your actual signature; rather it looks like an unintelligible string of alphanumeric characters. However, it can serve the same functions as a traditional penned signature and more.

A typical agreement by e-mail might look like this:

Pete: I hereby accept your offer to sell me 100 widgets for $500.

Sincerely, Mark Grossman.

---------BEGIN SIGNATURE---------
FJAD8QWheiW73Nu63WHtyUWKMYW26gW9ffNCLAuKJKJi128324ugndasdajj8hTewufhafjh
asXHp9876bnpesfFY8895Kifsdaljfihasdhfiowu8ruuwqj
---------END SIGNATURE-------------

This is the image of what a digital signature looks like. It takes specially designed software to both create it and verify its authenticity. Digital signatures require the use of secret passwords (or keys) and encryption. Understanding them requires an elementary understanding of a few cryptology concepts.

Cryptology 101
Encryption systems fall into two categories: single key (or password) or dual key encryption. With a single key (or password) encryption system, I encode my message with the password. Once encoded, the message becomes an unintelligible string of seemingly random characters. The message cannot be read until you decode it with the same system.

This simple single key encryption method has problems. If we want to share secret information using a single key encryption system, I need a secure way to tell you the password. Barring that, we would have no way of sharing encrypted messages. Encryption doesn't work well if the conveyance of the password is intercepted.

Dual key encryption solves this dilemma. With a dual key system, I encode the message directed to you with your "public key." This is a key or password that you reveal to the entire world. You tell the world (and even your competitors) that if anybody wants to send you a confidential message, they should encrypt it using the public key . Your public key is absolutely NOT a secret. You want the public to know it so that they can send you encrypted messages.

When you receive the message, you do NOT decode it using their password. In fact, their password cannot decode it. You decode with a secret key or password that only you know.

Great, you say. Now you can receive and read encoded e-mails, but what does that have to do with a digital signature? The answer is that a digital signature is essentially a reversal of the process. If I want to "sign" the e-mail which I encrypted using YOUR public key, I create the digital signature with MY private key (the key that only I know). If you want to verify that I truly sent the message or prove that I signed or assented to the message, you try to decode the "signature" with my public key. My public key will only decode the "signature" properly if I encoded it with my secret key and it had NOT been altered since I sent the message.

This second requirement, "NOT been altered since I sent the message," is what makes a digital signature superior to a traditional penned signature. Digital signatures verify the sender and the INTEGRITY OF THE CONTENTS. If anyone has altered the contents of the message, the software knows that it's not the document I signed. With paper documents, an alteration could be as easy as removing the staple and replacing a page which can be difficult to detect.

Uncertainty Slows Down the Growth of Electronic Commerce
So, you can sign an electronic contract with a digital signature. But is the contract legal and binding? Unfortunately, there is some uncertainty in this area and this uncertainty hinders the growth of electronic commerce.

One problem is the law. This is a recurring theme in Cyber Law. The law always develops behind new technologies. So, while it's apparent that a signed paper can create a contract, it's only by careful analysis and thorough analogies that you can reach the same conclusion about a contract by e-mail. Although it's clear to those who are familiar with cyberspace that the jumps from paper to electronic mail, and from pen to digital signature, are truly minor ones, until the legislatures and courts unequivocally reach this conclusion, there is some element of uncertainly. Uncertainty and large contracts don't mix well together unless you live to create stress for yourself.

A recent Georgia case illustrates the need for a cautious approach in adopting new technologies to create legally binding agreements. There, the judge ruled that a fax could not be a "writing" because a fax is only a series of beeps and chirps. This ruling is clearly a bad one; nonetheless, where there is legal uncertainly, there is a greater possibility of bizarre rulings.

Until digital signature law is crystal clear, I think that you have to balance your risk against your potential gain. If you can obtain a traditional signature on a significant contract, you should. Nonetheless, I strongly believe that a digital signature will carry the day in a court battle.