Why Do We Still Have Physical Signatures
In today's world, is there really a need for physical signatures? Is there a real need for you to be present and put ink to paper? Most people won't hesitate to say that yes, we actually do need to sign paper documents. Of course, this presupposes the necessity of physical paper documents. If we could tie together just a few elements of technology already in widespread use, and update our laws to recognize the security of these methods and permit their usage for official documents, the need for physical paper documents could be reduced to just what is required for people who are unable to electronically sign documents or departments that are not capable of running computer systems.
The first step to enabling the use of digital signatures is to change how you think about a signature. Most people, when thinking of a signature in the context of a document, expect to talk about a frequently-illegible set of markings that a person claims is their name in written form. Instead, we have to think about a signature as an electronic way of uniquely identifying an individual person, either with or without a real person present to verify the signature.
The next thing is to find a way to securely generate a (relatively) short code to prove that a document has not been modified. Doing this would immediately put electronic documents ahead of paper documents, as a document modification scandal from last year shows. Of course it's not perfect, but the right nudge along Minister Tony Clement's Open Government initiative could very easily make the requisite modifications much harder to accomplish. Fortunately, this step is already done for us compliments of the SHA-2 cryptographic hash functions, with improvements expected by the end of 2012 when the SHA-3 algorithm is chosen.
Once our thinking about what a signature actually is has changed and we can generate a unique code to tell us when a document has been modified, the next step is to create a way to create a signature that, unlike physical signatures, can serve as both a signature that you cannot later deny and also as a second layer of proving that the document has not been modified. Again, we are fortunate that this has been done for us in the form of the OpenPGP standard, of which GnuPG is a well-known implementation.
Despite having what many people would think of as the hard work already done, the technology behind digital signatures is almost laughably simplistic when compared to the difficulty of changing public opinion and national laws to allow digital signatures to stand on the same level as a physically signed document. So take some time and think, do we honestly really need physical paper documents with physical signatures?
