The House and Senate passed a bill this week that permits the use of so-called electronic signatures to form legally binding contracts, and President Clinton has agreed to sign it. It sounds like a good idea, but what's an electronic signature?
Oddly enough, the bill doesn't say. In the language of its supporters, the bill is "technology-neutral." In other words, it's up to the participants to agree on a format.
Under the law, you could use a very simple technology, such as merging a scanned handwritten signature into the electronic text of the contract. That is certainly no less secure than the common practice of secretaries' reproducing their bosses' signatures with customized rubber stamps.
But a far more secure practice--which seems almost certain to become the industry standard--is to use so-called public-key encryption technology. Here's how it works. Every company that wants to use electronic contracts develops a private key and a public key. The keys are actually small computer programs that translate between text and a series of numbers. The private key translates text into numbers, and the public key translates numbers back into text. For instance, the private key might translate the words "the party of the first party" into a series of numbers like "1837456384." And the public key translates the "1837456384" back into "the party of the first party."
The mathematical trick is that it's nearly impossible to derive the private key from the public key. That is, even if I gave you the program that translates from numbers into text you would not be able to reverse-engineer a program which translates the text into numbers. This is important, because it allows me to let you read a document encoded as set of numbers, but to deny you the ability to write a document in the same format.
So here's how a company uses this system to send an electronic contract: First, it registers its public key with a third-party organization, whose job is simply to record that Corporation X has registered a particular, unique public key. This third-party--a sort of digital notary--will make this public key available to anyone who asks. Second, Corporation X uses its private key--which it keeps secret--to translate the text of its contract into numbers. It then sends these numbers in lieu of the contract to Corporation Y, which simply uses the generally available public key to translate the numbers back into text.
The beauty of this system is that Corporation X cannot deny that it wrote the numbers that comprise the contract. Only someone with the private key--which only Corporation X has--could have written it. If someone without the private key tried to piece together a string of numbers to be translated with Corporation X's public key, it would simply come out as a string of gibberish. In other words, the very fact that the numbers can be turned into readable text with Corporation X's public key is good evidence that Corporation X created the numbers in the first place.
Moreover, Corporation Y cannot change the contract. If it tries to change even a single number, the text will come out completely garbled. So there's no danger of illegally altering the contract after it's been sent. And if Corporation Y, the receiver, agrees to the terms of the contract, it simply sends the same contract back using its own public/private key operation, and both parties to the transaction have proof that they agreed to the same terms.
Finally, it's worth noting that this law won't have much of an effect on most consumer transactions. When you buy a book from Amazon.com, for instance, you agree to certain conditions in the fine print that are legally binding depending on what the terms say, not upon whether you signed them in an appropriate way. Instead, the law will have an effect on business-to-business transactions and major personal transactions, like mortgages and insurance. Its proponents say that it will allow businesses to save enormous sums of money currently expended in mailing routine contracts back and forth.