nCipher Security Blog

Are wet-ink signatures ‘dead’?

While we may be culturally conditioned to believe that the setting of pen to paper is a “symbolic and weighty act”, a wet ink signature is really only weak evidence that somebody agreed to do something. Several years ago we quoted a press article on this matter, and we want to revisit this topic in light of the establishment of the European Identity and Trust Services regulation, commonly known as “eIDAS”.

A signature is not unique or special, nor does it particularly well prove that a person was genuinely present or consenting. This is because signatures are easily forged - as soon as you’ve seen someone’s signature once you can copy it infinite times and because the shape of the signature is not connected to the thing it is signing these copies can be applied to anything. In other words, because your ink signature doesn’t change depending on what you are signing, it can be copied from a trivial contract and applied to a more serious one.

The relatively low reliability of a written signature means that we have always had to add extra security to the process for very serious or high-value contracts: typically, the presence of witnesses or counter-signature from a legally recognized professional notary. This helps to overcome the weakness of individual signatures because the more signatures you have against a particular document, the more people you can go back to and check in the event of a dispute or suspected forgery.

So the level of trust in personal signatures is, in essence, low. But this has now changed with the introduction of eIDAS.

Although digital signatures have actually been legally binding in some European countries since the early 2000s, the legislation and the digital signatures themselves were not well standardized, making for less-than-ideal interoperability. eIDAS makes digital signatures that were already binding much more useful now, as they can be applied to many more services and businesses.

With eIDAS style signatures, the strategy is typically to simply assign much more strength and trust to a single actor applying the signature. There is most definitely a weighty and symbolic act involved: the entry of a password or even the use of a personal smartcard to approve a transaction definitely constitutes conscious choice and informed consent. The signature is also mathematically bound to the statement being signed, meaning that it can’t be simply copied to authorize some other fraudulent activity.

In short, modern digital technology is providing considerably greater assurance that a piece of information was genuinely approved or agreed. The flexibility of these systems means that many different types of business relationships can be described, enforced and verified without the unnecessary involvement of superfluous middlemen, and with much greater levels of proof.

So while wet-ink signatures are not “dead”, they are certainly ailing as modern technology provides a much more robust alternative.