Saturday, February 14, 2015

HTML-based documents are compact and readable, and allow for a flexible, responsive design

Some have asked why Yozons Open eSignForms doesn't work with uploaded documents like those of most every other competing web-based contracting system.  These people point out that they already have legacy systems that produce PDFs or Word documents and they'd like to drive those through a modern workflow, often mostly for electronic signatures.

Of course, there is a need for such a requirement, and it's pretty common for those who work with older applications created before e-signatures grew in popularity.  Previously, those PDF documents were printed for a wet signature.  Yozons believes that this sort of capability is already well provided by competitors, almost all of which take the approach of accepting PDF, Word or other types of files. Yozons' original Signed & Secured allows for signing of any type of file since 2001, but this approach was deprecated by Yozons in favor of HTML documents starting back in 2004, which eventually lead to the eSignForms in 2005 predecessor to Open eSignForms in 2011.

Open eSignForms is designed to use HTML-based documents.  Sure, with Open eSignForms you can attach PDFs and other types of files with ease, and you can even export signed HTML documents in PDF format to produce legal copies (the legal original remains the digitally signed HTML version), but we don't allow them become the primary document to be filled out and signed.  There is an image overlay scheme that provides something similar for filling out an inflexible document that must maintain its exact layout, but this has all of the same limitations of using uploaded PDFs.

A big benefit of HTML documents over PDFs and Word is that they are typically much smaller in size.  If you do only a few contracts, size may not matter, but if you do hundreds or thousands per day, size matters, and this gets more important if you need to store those documents for many years or decades.  Long term viability of a document format is important for e-signatures, and anybody who has done word processing for a long time can point out how older file formats are no longer useful because of software version changes.  HTML has always been supported by many different browsers, so no one vendor controls HTML to produce vendor lock-in.

PDFs do have advantages, of course, such as being able to create a document that will render and print just as it was laid out, including working with fonts that the reader may not have available. But font availability is changing with the web open font format (WOFF) that allows fonts to be downloaded from the Internet even if the user's browser doesn't support that font directly.  We won't mention the ongoing and myriad security issues related to Adobe Reader and the need to have that troublesome plugin updated regularly to avoid putting your computer at risk.

PDF and Word files require special software to view them in any meaningful way.  If you open either in a text editor, it's pretty hard to read the content or make any sense of it.  However, with HTML, a document is still pretty readable.  The contractual terms can be seen even if no web browser were available, but of course web browsers are not only available, they are appearing in more and more places.

With HTML, Open eSignForms is able to do things that fixed documents in PDF or Word format simply cannot match.  With HTML, whole sections of a document can be replaced at run-time based on which party is working the document, or based on data values, etc.  You just can't make a PDF document hide a paragraph or swap out some language based on data in a transaction.  And of course a PDF cannot natively support data entry over the web.

HTML also supports form input natively, so using HTML documents to allow for data entry is built-in and understood by all Internet users.

Also, as the mobile web has most recently demonstrated, the Internet will continue to change over time and gain more powers that are available via HTML.  The mobile web has introduced the concept of responsive design so that a page renders well on a small phone screen as well as on a large monitor.  HTML is suited for all of these ever-changing needs.

HTML is a very good format for documents.  It is standardized internationally, can be read even without special software (at least when it's HTML and not a Web 2.0 document where most of the rendering is done via Javascript and thus is no longer readable without a browser, making them suffer some of the same issues that PDF and Word documents already have), is compact, and supports screens of all sizes without the need for any special plug-ins.

Lastly, those with disabilities can have HTML documents read to them or shown in braille, etc. HTML is the new international, interoperable document format, whereas PDF and Word are old, proprietary formats that continue to morph as they try to remain relevant for those who are locked in and cannot yet migrate to the HTML standard.

Tuesday, January 20, 2015

Untrustworthy electronic signatures

Eileen Y. Chou, of the Frank Batten School of Leadership and Public Policy at the University of Virginia, published a study on how people perceive electronic signatures over traditional handwritten signatures.  It appears in the December 2, 2014 issue of Social Psychological and Personality Science.

We find the study fascinating because the usage of e-signatures has exploded in the past decade, indicating growing acceptance and preference, while the study suggests such e-signatures are viewed by some as less trustworthy.  No doubt there is both a generational as well as a business-versus-consumer difference in perception.  And of course the breadth of implementations of e-signatures truly does mean that some are indeed more trustworthy than others.  Some suggest checkboxes are valid e-signatures, but we wouldn't bet that the courts will side with you if that's all you can present as evidence of a signed contract.  We know there are even e-signature vendors that provide no credible proof, such as via digital signatures, that electronic documents or their signatures are valid.

Then again, this is true for wet signatures, too.  Most people just don't think about them.  For example, signatures on checks and credit card receipts are effectively never checked for validity.  The cost of comparing handwritten signatures is just too high and few can do it well.  Fewer still have a sample wet signature on file to compare against, and of course handwritten signatures change over the course of time, the type of writing implement used, whether it's cold or hot or damp, etc.  As a leftie, far too many of my signatures ended up smeared.

Wet signatures also come with built-in delays and expenses for printing and delivery, and all returned documents have to be checked to ensure nothing has been altered since it was originally provided.  Paper faxes are often impossible to read, especially when receiving a fax of your fax, and few users have a fax machine handy these days as they require a both a device and a landline.  In the days of cell phones and Internet browsers and email, paper is not as easily processed as it once was.

The study discusses the idea of "presence," indicating that most felt a handwritten signature indicated greater presence of the signer.  Of course, there is no basis for this belief, it's just something most do not take time to consider.  Sure, if you get a notarized signature in which both parties present valid identification and the signing takes place in front of each other, there is substantial presence involved. Naturally, it's precisely this sort of presence -- including its hassle and expense -- that most drives the adoption of e-signatures.  Every time a paper letter arrives in my mailbox for my son who is now at the university, it is clear how much trouble paper is, presence is, and of course the privacy issues it raises.  Did I open the letter?  Toss it?  Did it arrive in my neighbor's box yet again so they had possession before me?  Did they toss it or tell me "they didn't notice" it was misdelivered until after they opened it?  Am I traveling?  Even if I'm home, must I wait several days to receive it?  Will I have to drive to the post office to return it should it require a response?

If a signed paper document arrives by mail or fax, the recipient has no idea about any presence involved in the signing.  In fact, we all know from daily experience that even legitimately signed signed documents are often actually signed by spouses and admins.  Most "handwritten" signatures you see were created by a machine, such as those on business checks or mass mailings.  Even the President uses a machine to sign most documents sent out.

The study abstract does not discuss how the signed documents were presented to subjects for their gut reaction.  Were e-signed documents presented on paper or electronically?  Were paper documents presented on paper or electronically (most businesses end up scanning paper records for long term storage and to provide availability anyway)?  How did the perceived validity change for those with familiarity and general acceptance of technology?

Presumably, there was no education provided to participants about handwritten signatures or electronic signatures before undergoing the experiment, so we are left with gut feelings that rarely are correct.  After all, validating a handwritten signature based on whether it looks right is the very basis for most scams because looks are deceiving.  All phishing attacks work because everything looks correct.  Signature verification is more art than science even for those few who have a previous sample signature on file to compare against?

Do subjects know that paper documents created with high resolution scanners and printers make the creation of fraudulent documents easier than ever before?  Does Ms. Chou know that if she writes a letter of recommendation once, the holder can change the letter or make it so she's written similar letters for anybody else using simple copy/paste operations on a computer? Or simply lift her signature image and put on any other document. Or that a forged paper document could just be created with a forged ink signature because nobody else knows what Ms. Chou's signature looks like.

Was there any discussion about the powers of a digital signature to detect any change to a document after it was signed? Or that e-signatures, when done correctly, come with accurate timestamps, IP address tracking, etc., and that all parties can have an immediate copy for their records?  For example, with Open eSignForms, we digitally sign the document and embedded data at each step of the process, so we can show you how it looked as it was originally sent out, and how it looked as each signature was applied.  And of course many documents with signatures have more data to be provided (good old forms!), and trying to read handwritten data is often tricky and generally requires re-keying to get that data into business applications. Try adding data validation to a paper form!

Are the results of this study any different than those about paper correspondence being more meaningful to some than email?  Some prefer paper books to ebooks too, and some prefer dirty newsprint to online reading.  How about ATMs versus cashing checks?  How about cash over cards and smart phones?  Every new innovation goes through a transition period as people adjust. E-signatures are very new to most people, so the fact that some hold to the idea that the old ways are better is fully expected.

Heck, even autographs are giving way to selfies with the celebrity.