Electronic signatures provide a number of advantages over “wet” paper ones. Digitally signed documents are easier to keep track of, cheaper to store, and much less likely to get misplaced or damaged — plus they can be processed far more quickly; often in a matter of hours rather than weeks. The question is, though, are digital signatures legally binding and do they hold up in court?
It depends on the type of e-signature. Not all digital signatures are equal — and different kinds of electronic signatures benefit from different levels of legal validity. For example, your school may be fine using simple e-signatures (SES) on permission slips; but you’ll probably want to use advanced e-signatures (AdES) or even qualified e-signatures (QES) on legally binding documents like tuition agreements and vendor contracts.
The good news, however, is that most jurisdictions recognize a QES as legally equivalent to a handwritten signature — which means your institution can save significant time and money by adopting electronic signature contracts. Here’s how to make sure you’re collecting valid digital signatures on your school’s electronic documents.
Identity assurance is what makes an electronic signature legally binding.
Back in the pre-digital age, the only way to be certain of a signer’s identity was to have them sign a form in person — typically after showing a legal ID such as a driver’s license. School administrative staff could then compare signatures on future documents against that initial verified signature, to make sure each form was actually signed by the same individual.
But as some students figured out, forging a parent’s signature was often as easy as learning to imitate it — a fact that enabled kids to bring back “signed” absence slips and grade cards that their parents never actually saw. The problem, of course, was that school administrators often “verified” signatures by visually comparing them against parents’ handwriting samples. As a result, these admins of yesteryear left themselves wide open to fakery, but since then, significant progress has been made in preventing forgeries.
Today, on the other hand, most of us recognize the importance of using multi-factor verification to prevent identity theft. When signing into our bank’s website, for example, we have to provide not only a username/password combo, but also a one-time code we receive by text message — a second verification method, or “factor,” that reduces the risk of unauthorized account access.
In the same way, legally binding e-signatures use multiple identity verification factors to ensure that the person signing is really who they claim to be — not just the first time, but every time they sign. Advanced e-signatures, for example, are uniquely linked to a specific signer, typically through a digital certificate. Qualified e-signatures provide an even stronger level of verification through a system of cross-checks with a trust service provider (TSP), who may authenticate the signer’s identity through a mobile app or video call.
However, not all e-signatures provide this level of ID assurance, which means not all digitally signed documents are legally binding. To see why, let’s take a closer look at the levels of digital signature verification.
Different types of e-signatures require different levels of identity verification.
The most basic (and least secure) type of digital signature is a simple e-signature (SES), which requires little or no user authentication. Some SESs can be applied by anyone who opens a document, which means there’s no way to verify who the signer actually is. Other SESs, meanwhile, require the user to be signed into an app or website — but this single-factor authentication still leaves them highly vulnerable to fraud.
As a result, SESs are not considered legally binding. At the same time, they’re generally the simplest and cheapest type of e-signature to implement, which means they’re widely used across many applications of online document signing. In an educational context, SESs may be useful for attendance forms and other low-security docs — but not for legal contracts.
The next level up is an advanced e-signature (AdES). By definition, an AdES must be clearly and uniquely linked to the signer, in a way that’s under the signer’s sole control, and enables that person to be formally identified. This is most commonly achieved through a digital certificate, which is typically linked to a specific device, or to a piece of personal info like a phone number or student ID.
But while many organizations use AdESs on their application forms and contracts, these signatures’ level of ID assurance depends entirely on the verification method. For example, some AdESs use self-signed certificates created by users themselves — which means no third party has verified that the signer is who they say they are. This makes many AdESs relatively worthless on legal documents, unless an additional level of verification is added.
Qualified e-signatures (QESs), by contrast, require the signer’s identity to be verified by multiple third parties. In Adobe Acrobat Sign, for example, we use cloud signatures backed by the Cloud Signature Consortium (CSC) standard, which are validated by trust service provider (TSP) experts who remotely verify each signer’s identity and authorization. Identity assurance methods vary by TSP, but some of the most common include authenticating via a mobile app, a username/password combo, and/or a video call in which the signer must present a driver’s license or other government ID.
This multi-factor verification process creates an audit trail that’s uniquely attached to each qualified signature — in fact, Adobe Acrobat enables you to view the audit trail for any QES simply by clicking on that signature’s properties in a PDF file. A QES’s audit trail makes that signature legally equivalent to a handwritten one, which means it’s legally binding on any contract or form that isn’t specifically excluded by your jurisdiction’s laws.
Choosing the right e-signature workflow means balancing cost against risk.
As with any investment your institution makes, choosing the right e-signature workflow requires a decision framework that balances affordability against risk tolerance. For example, while SESs are the cheapest type of e-signatures to implement, they leave your school open to the risk of fraud, in much the same way that “wet” paper signatures did. QESs, by contrast, can involve more cost and complexity — but they effectively eliminate the risk of fraudulent signing, and keep your institution’s contracts legally secure.
When considering e-signature workflows, the decision framework you implement should help you better manage security on an organization-wide level, while making signing processes as seamless as possible for students, parents and staff. In cases where an e-signature needs to be legally binding, it’s crucial to consider all the following five factors:
1) Authentication — who signed?
2) Intent — did they demonstrate intent to sign?
3) Proof of signing — what did they sign?
4) Consent — did they consent to do business electronically?
5) Exclusions — are there any excluded document types?
It’ll help to put clear policies in place now, so decision makers know how to answer each of these questions when new use cases arise.
To learn how Adobe Acrobat Sign can help your school create legally binding electronic documents, check out our free webinar, Creating Trusted E-Signatures: Demystifying Legality and Identity. And to find out more about how Adobe technology can power your school’s digital transformation journey, visit our Education Resource Hub for simple step-by-step guides and how-to articles. We look forward to seeing you there!