The Integrity News
Vol. XI No. 7 ISSN 1081-2717 April 1, 2002
The Integrity Center, Inc.
"objective risk management services"
The ESIGN Act, enacted in June, 2000, addresses
the notion of being able to "electronically sign" a
document.
Of particular importance is the fact that a new
generation of websites is now appearing that claim
they are in compliance with that Act, and that you
can actually and legally "sign" contracts and
agreements "electronically".
In the field of human resources, these sites also
claim to be in compliance with the FCRA.
The problem is that the technology and the national
commercial infrastructure do not yet exist for
compliance with the laws.
In any action governed by the FCRA, the
key concept is that "written instructions"
from the consumer must exist before
anything is done. The fundamental
expectation of the FCRA law is that each
consumer will do his or her own "writing"
(their signature), and that everyone's
signature is in fact UNIQUE.
It is possible to create a "digital signature"
using either Public Key Cryptography, or
Signature Dynamics. And, that digital
signature IS UNIQUE to the person to
whom it belongs. However, there is not
yet a national system in commercial practice
that creates, accepts, evaluates, and verifies,
digital signatures that are equivalent to
individually written consumer's signatures.
The new websites that claim that you can
select a keyboard symbol from a pull-down
list and then click a button that is labeled
"I Agree To Sign", are NOT in compliance
with either the ESIGN Act or the FCRA.
There is no UNIQUEness to that action,
and furthermore, the ESIGN Act contains
other provisions which that technical
approach does not satisfy.
So, as a consumer, beware of offers that
are presented to you online which claim that
you can "electronically sign" for the deal.
As a professional responsible for compliance
with the laws, you need to be sure that in
any area -- finance, personnel, retail, etc ---
if you plan to get involved with a system,
it must obviously provide a UNIQUE digital
signature for each consumer --- NOT
merely
an electronic concoction of some kind
that
claims to create a "signature".
|
|