Today’s WWDC plethora of announcements included a nifty mention of some new features to OS X Yosemite’s Mail application including the ability to embed a graphical representation of your signature on a pdf document. Although the embedding of this feature in the Mail application is new, the feature has been a part of OS X since OS X Lion, available in the Preview application and is similar to the features available with the DocuSign for Outlook app. It seems like Apple has been interested in signatures for awhile now including filing a patent application that discusses new methods of adding signatures to documents. A blogger has gone as far to say that the new feature will put DocuSign in the “Loser” column as pertains to Apple encroaching on their product turf.
I wouldn’t put a death nail quite yet on DocuSign, as there are common misconceptions of what it means to be a legal electronic signature in the US (my past self included); which the Mail feature does not provide. I am no lawyer, so here is some further reading from one related to the legality of the embedded signature in Canada based on the similar technology that was available in the Preview application.
My take on the situation is below:
First, let’s look at a couple compliance areas as it relates to ESIGN:
(f) Document integrity and signature authentication. Each System institution must verify the legitimacy of an E-commerce communication, transaction, or access request. Document integrity ensures that the same document is provided to all parties. Signature authentication proves the identities of all parties. The parties to the transaction may determine how to ensure document integrity and signature authentication.
(g) Records retention. Each System institution may maintain all records electronically even if originally they were paper records. The stored electronic record must accurately reflect the information in the original record. The electronic record must be accessible and capable of being reproduced by all persons entitled by law or regulations to review the original record.
As it pertains to document integrity, there is no verifiable means of ensuring the document exchanged via Mail is the identical from one party to another. With DocuSign, there is a verifiable single copy of the document, stored on DocuSign servers. The document is sent and signed by each party which creates an auditable trail of all the interactions related to the document.
Furthermore, the Mail technology that embeds the graphic image on the pdf does not uniquely identify the parties that signed the document in anyway. For example, I could hypothetically take the signature layer that was provided on the original pdf and embed it to another document without any way to determine if it was the original signer or myself that embedded the graphic.
Last, by using DocuSign, the final document is stored safely in the cloud, and always available. This is far superior to an email inbox that may be tampered with or simply lose the data via accident or force of nature.
Second, how about Digital Signatures? Well, it’s fairly complicated so I won’t bore you with the details but it is something that DocuSign supports, especially as it pertains to legal compliance in other countries that require a Digital Signature like Brazil.
A Digital Signature means an electronic signature that transforms a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can determine whether: The transformation was created using the signer’s private key; and whether the initial message has been altered since the transformation.
DocuSign is expanding its technology footprint and creating the DTM platform so that customers can digitalize every aspect of a paper process; think what Visa / Mastercard has done with cash. The DTM framework includes: preparing the document with use of templates, using workflow mechanisms to ensure proper data entry, leveraging approval rules to route documents across interested parties, signing securely, and meeting compliance and reporting requirements.
Conclusion: I am not saying that Apple isn’t forging ahead with more sophisticated signing features; mobile id and signing seems promising and a natural fit for an Iphone, but as it currently exists, its legality seems risky at best, and isn’t anything that closely resembles the full feature set provided by DocuSign.