Recent headlines concerning inmates who escaped jail using forged documents caused me to look back to my first blog entitled A Judge’s Secret Fear of Electronic Signatures. In it I quoted a senior, highly respected judge expressing his concern about the security of eSignature. He said, in part,
“My concern then and now is with the availability of others using the computer for making documents official. With the personal signature, there would have to be a forgery to make the document appear to be an original signature. The availability of a signature stamp can be regulated or precluded; however, once the computer has the signature capability, anyone with the password can access the e-file and create an authorized signature on the document. The ability to establish that this was an unauthorized signature would appear difficult.
“I also have a concern that the security system appears of doubtful reliability to preclude someone from being able to enter the system from the outside and thus be able to alter or create false documents with apparent valid signatures.
“I can envision cases where there is a great deal at risk where it could become worthwhile to prepare a false document with an apparently valid signature to secure the release of a prisoner or to effect some other act to the considerable detriment of others.”
That discussion occurred three years ago. Now, it seems, the judge’s fears were realized, albeit in a court in a different state. But, the recent escape didn’t happen because of e-signatures or electronic documents. Indeed, it appears that the forgeries purported to be original, wet signatures.
Let’s return to my original blog. Its point was that the judge was absolutely right to be concerned with security and court managers have an absolute responsibility to demonstrate to their judges that they have addressed and are faithfully managing the technology, policies, processes and procedures to assure their ongoing effectiveness. That the judge was unaware of the security setup in his court represented a barrier to acceptance that could, and should, easily be remedied through appropriate communication by court management.
Based in part on the judge’s concerns, in my white paper, Legal Considerations of E-Signature, I point out that security is essential in EITHER a paper-based OR a paper-on-demand environment:
“As an analogy: A treasure chest is in a vault at the top of a castle tower surrounded by a moat with a drawbridge. There are multiple safeguards. However, if the drawbridge is down, the gate is open, the tower stairs are unattended and the door to the vault is ajar, then despite all the safeguards, there is little security.
“Contrast this scenario with one in which the chest is guarded day and night by one sentry with a sword. Arguably while there are fewer safeguards, there is more security, but this scenario is problematic. The guard – however loyal and motivated – can fall asleep, be outnumbered, leave his post, and so on. It’s a risky and expensive system.
In a properly configured paper-on-demand court, every interaction with documents and files is recorded. Anyone reviewing the files with an eye toward effectuating the type of scam that resulted in the recent unauthorized prisoner release would be leaving a trail of evidence.
Ironically, the most catastrophic possibility that the judge feared – forgery of release documentation – turned out to be not even slightly protected through use of wet signatures.
That isn’t to say that e-signature would have, in itself, provided more protection. It really isn’t that hard to forge an electronically imaged signature either. The point is that:
“In the paper/wet signature world and the electronic document/electronic signature world, it is critically important to carefully manage the environment, the technology, policies and procedures, and operational responsibility, and to audit for compliance. However, it is much harder and more expensive to do it in the paper/wet signature environment.”
Looking past the irony, something else starts to come into focus. In the recent release case, apparently all agencies – the court and the corrections division – acted exactly as required by their existing policies and procedures. So, in a world where production of fakes and duplicates that cannot, as a practical matter, be authenticated or de-authenticated on their face, how can down-stream consumers (like prisons or banks) be certain they are acting in accordance with valid judicial orders?
To learn more about the safety and legality of electronic signature, download a free whitepaper by Jeffrey Barlow on The Legal Considerations of eSignature.