This article is also available in French, German and Spanish.
Recently, a sentence from one court of law of California has had considerable repercussion. California has determined that a document signed through one of the large electronic signature companies was not admissible. This sentence, far from questioning all electronic signature systems, is a clear example of something that Validated ID always insists on: the value of electronic signatures resides in the evidence obtained during the signature process and the ability to defend them in eventual litigation.
Before analyzing the specific case, it is worth remembering that there are different types of electronic signatures beyond the legal definitions of simple, advanced or qualified signatures (or their equivalent names in different world laws). Thus, we find “traditional” digital signature products and services based on the use of digital certificates (centralized or local), handwritten electronic signature systems (biometric signature) or signature services based on the evidence collection (remote signature). In each of these types of signature, the legal weight is focused on different aspects and the real-world application of the evidence is also different in each case. We consider that trying to "straighten" them all in the concepts of simple, advanced or qualified signature is a mistake, since, except for the highly-cited but rarely used qualified signature, in practice, 99% of the signatures will need to be tested when the time comes.
The specific case that we analyze corresponds to the type of signature based on the collection of evidence or, as we like to call it, remote signature, which is based on the creation of a log of evidence that occurs during the signing process, so that if at any time its validity is questioned, the evidence can be extracted and analyzed to determine whether or not that signature could really be attributed to a person. Basically, it is the usual way of proceeding in Law: in a judicial process, the parties will always have to assert their claims based on evidence. If we want to demonstrate that an infringement has been committed or, on the contrary, that the law has been followed, we must provide evidence that reinforces or supports our thesis.
The problem in the case of this judicial sentence is that the evidence collected in the process is few, inconclusive and, according to the sentence, it is not even properly presented in the judicial process. In any litigation, the evidence deemed appropriate may be presented to determine that something has happened (in this case, the client consented to a contract). If these evidences are limited only to the fact that an email has been sent to an email account and that someone has clicked on a button that says to sign, it is very difficult to prove the authorship.
In the case of VIDsigner Remote, the email is just the beginning, it is one more piece of evidence, but not the only one nor the strongest one: in our case the email is collected, the exact moment of time with a qualified time stamping service, the IP of the signer, his geolocation (if the signer expressly accepts), his technological environment (OS, browser), they receive an SMS with a unique code (to their personal mobile phone) and finally they must write their signature, that, even though it is not an evidence as strong as that of the SMS, it does provide certain assumptions (in the signature service that is analyzed in the sentence in a generic way, the signer can decide not to write their signature, but simply to choose a typographic font that will be associated with his name and/or initials). The legal value is therefore not in the email, nor in the rubric, not even in the SMS, but in the entire set of evidence that we capture in a report that Validated ID delivers to the client so that they can defend it when the time comes.
Therefore, the key does not lie in the signature model being analyzed, which we can classify as a signature by evidences, but in its implementation and, above all, in the quantity and quality of evidence that is collected in the process. The sentence considers that the methods chosen during the process are not sufficient to prove the authenticity of the identity of the signer.
In other words, the judge, in the case at hand, specifies that it is up to the defending party to prove its validity and that no other evidence was provided other than the IP address of the signer.
The latter leads us to analyze another fundamental difference of VIDsigner with respect to other apparently similar services and that is that, apart from the fact that the Validated ID system is very scrupulous with the quantity and quality of evidence that is collected in the process, in case of having to prove a completed signature, we always guarantee the legal advice and accompaniment most appropriate to the client.
