September 7, 1998
Waiting for Lawsuit-Proof Electronic DocumentsQ:When I made my benefits choices on our intranet site, my company sent a paper copy for me to sign and return. Can't they just put my choices directly into their database?
A: Unfortunately, traditional Web forms and transactional databases do not provide a record with enough contextual rigor to stand up to legal disputes.
The issue is not about digital signatures, authentication, or certification--the technologies exist to make all of these as good as or better than paper solutions. The issue is about business context, the conversation that describes the joint understanding of the commitment.
Take, for example, the benefits enrollment process you described. The company presents the employee with the options, and then the employee fills in the blanks and submits her choices. Everything is fine for several months, until the employee discovers that her son is not covered under the dental policy. She complains. The company points to the database, which shows no check in the family coverage field. The employee insists that she selected the option on the form.
In court, the disagreement quickly shifts from the data in the database to the original understanding of the agreement between the parties, how the data got into the database in the first place, and whether the data actually represents the joint understanding at the time of the agreement.
While the company can produce what it claims to be the version of the electronic application the employee filled out, the employee can claim that this was not the way the question was worded on her screen. Suddenly, we have no factual basis on which to base a ruling, because the application, and its user interface, cannot be authenticated or certified as being what was presented to this user in a fair and reasonable way.
Both UWI.Com and PenOp have developed products to address this issue of legality within a paperless context. When a user fills out and signs a Web form developed with these companies' products, the entire instance of that form is signed and saved, not just the choices. In the example above, the judge or jury would have been able to look at the electronic form as it appeared to the user at the time of signing, including wording, font sizes, and explanations. Any changes to the context would invalidate the digital signature, just as changes to the content would.
The two companies differ in how the user signs the form. UWI uses public key signatures tied to digital certificates. PenOp has the user physically sign a digitizer pad. Digitized physical signatures are more familiar, and are used in situations where the signer is not at a computer (often acknowledging the receipt of goods, as during a UPS delivery). But such signatures also require a special peripheral to capture the signature. A public key signature, however, can be used with any digital device.
UWI.Com has developed an XML tag set for legally binding forms, called XFDL, which it has submitted to several organizations as an open standard. Any company can use this tag set to create and present legally binding forms through XML-capable Web browsers. As more companies begin to provide electronic forms that capture both content and context, UWI.Com sees document routing and change-management functionality to be its main competitive advantages.
This approach to legally binding forms has already generated substantial interest. The Internal Revenue Service is undertaking a pilot project for submitting individual tax returns (Form 1040 series) using UWI.Com's InternetForms system, Intuit's TurboTax software, and VeriSign's public key technology.