Hi friends,

What makes valid an electronic signature? I have a website where people fill up a contract and finally they sign it electronically. I have a clear statement that clicking the "sign" button they agree all the content and they are electronically signing the document. I'm collecting their IP address and Timestamp as well.

is this enough to make that document fully legal?

Thanks a lot

It isn't really a question of whether the signature is "valid" but whether the document is enforceable against the purported signer. Except in limited instances (covered by what is known as the "statute of frauds"), even an oral agreement is enforceable.

Generally, electronic signatures are proof that the person affixing the signature agreed to the terms of the contract. Like any other evidence, an electronic signature must stand up to scrutiny. In the case of a digital signature, the electronic signature is encrypted to increase assurance that the person whose signature is in question was actually the person who signed or at least authorized the signature.

Recording the IP address certainly helps to establish that at least the signature came from the right place.
"Often, businesses rely on other means to attempt to ensure an electronic signature is correct, including talking with the signing person directly or over the phone before an electronic signing, having an ongoing business relationship, and receiving payment or other indications of intent to do business that do not rely solely on a signed document. This is good business practice even in the paper world, as forgeries have been common there since time immemorial." "Electronic signature (http://en.wikipedia.org/wiki/Electronic_signatures)," Wikipedia (retrieved 24-Nov-2008).

From a practical standpoint, most Internet businesses do no more than what you are doing. There is some risk, but in most routine business transactions, those downside is minimal. However, if I were selling a large item, such as an jet aircraft, I would not rely on your method.

Thanks a lot David, for taking the time to look into my question.

Let me explain you a little about the kind of business I'm to start.

I will actually host other's companies documents and the final clients will fill them up in my own server. Once they sign it I will email the pdf to the company as well as to the client who just signed it.
My company will have nothing to do with the content of the document but I want to make sure that I'm delivering a completely legally signed one.
I want my company to be completely separate from any possible legal actions that the final clients could take against the company issuing that document...I will be just offering the hosting & filling & signing service.

Any advice?

Maybe rather then the service you have created which means youa re hosting the ability for all the documents, to be filled and signed and then forwarded on. It may be better to develop something that can be sold to the companies that want this service so that they can host it themselves, this should remove you from any potential legal action.

As David pointed out, you need to be able to verify the authenticity of the signature if it ever becomes an issue. If I sent you an e-mail stating that I'd pay you back a $50.00 loan over 10 months in equal payments ($5 each month), the e-mail itself would be an acceptable contract even without my signature. The issue, of course, becomes was it me that sent the e-mail -- I could have been hacked, you could have sent it from my e-mail address, etc. Whatever identifying information you have which would indicate that the signer is indeed the signer is necessary. This is why even a physical signature on a document doesn't alway suffice legally -- what if it's forged?

So what you should do is take whatever steps necessary to ensure the signer is indeed the signer. Depending on the nature of your site, you could set up a verification process to verify the identity of "signers". Once verified, they could view a contract, enter a PIN they established with you, and because you know their identity is verified, and they entered this PIN, that it is still them. Of course, like anything, it could potentially hacked or the PIN fraudulent obtained and used. There is no absolute way to verify anything, but like many sites -- there are very few issues until... well, the issue arises.

Think of the number of times at a big company that, for example, an assistant orders office supplies under her managers name and with his credit card number. Was it him that ordered the supplies? It appears so, but it wasn't. If he isn't disputing the transaction, it doesn't matter. But then you're delving into another area with agency law and agent-principal relationships.

Thanks all of you. I think I have a good idea of how to implement the things now.

Usually when it comes to contracts I just fax things back and forth, but one thought I had would be to set something up online where the client pays a deposit for the work with a credit card. I thought I could create a page with the details of the contract that they could access only via a username and password I sent them and at the end have a statement along the lines of paying the deposit constitutes a signature on the contract.

I realized I'm not giving all the details here, but would something like that work? The verification would be the credit card itself (which I realize could be used by someone other than the person in question) and the username/password that only the client should know.

Two points that may be would hinder this idea.

1. is as you suggest that someone else could use the card who does not have approval to use it, and you don't know because you don't see the card.

2. Without the signature of the card holder, there is potential for charge backs, with a claim that they never approved the transaction, if they see the bill is getting higher or things are not going how they planned.

While i would assume that a large number of people are going to be honest and not try to circumvent the system there is the potential for it to happen, without a physical signature.

Hi Ahl,

In critical situations where a signature will be required to stand up in court it is possible to have your site digitally "audited" by a third party. They actually verify that your signature process is valid and that it is impossible for a site user to bypass the signature page without "approving" or "signing" the legal document/agreement in question. You then have to lock up that particular code so it cannot be tampered with without the approval of the third party or, alternatively, be able to prove beyond doubt that the code has not been altered/modified in any way since the date of the audit. In this way anyone who has "signed" a digital document is bound by that signature and thus such a document has a much better chance of standing up in a court of law.

It has been some time since I had to worry about any such issues but firms such as Price Waterhouse Coopers used to have specialized departments to manage such audits. I'm sure there are far less expensive options offering such services now-a-days but at the time I was looking into these things they were one of the few.

I'm sure David will know more about this issue than I but I wanted to chime in my limited experience.

If you obtained a notarized signature to begin with, you'd be able to at least verify the person who signed the document electronically indeed was the same person. This assumes you have safeguards on the electronic side.

As a notary public, I (and others) are required to obtain identification from those who wish to have the signature notarized. They must also acknowledge that they are signing this willingly and understand what they're doing. This provides some assurance as if a lawsuit was to come up stating that "John Doe" never really authorized this account to begin with, the notary public would be the one to contact. Notaries are suppose to keep track of this information.

Just additional food for thought.