Future watch: Digital certificates
Although US law considers digital signatures binding, the underlying digital certificate technology is handicapped by a lack of simple tools and trusted "certificate mints". Software developers will tackle the first problem; the banking and legal support industries and private operations will rush to solve the second. Nevertheless, don't expect to see much action for a couple of yearsProving who you are is even more important in the world of e-commerce than it is in regular life. For example, when you order a pizza to go, the cashier takes an impression of the credit card you use to pay for the food and may even ask to see your ID. This prevents you from later repudiating the transaction and illegally obtaining a free pizza.
In today's electronic world, however, there's usually no way of telling who's sitting behind a browser, and the "Card Not Present" syndrome strikes all too often. If you're selling CDs online, that's not a big deal, but when you're thinking of setting up business-to-business exchanges in which transaction values are measured in millions of dollars, a higher standard of proof is necessary.
Digital signatures, which use digital certificates to verify the identity of the parties to a transaction, are designed to fill this gap. If digital signatures are to be as binding as ink signatures, the underlying digital certificate technology will have to overcome significant barriers. The first is a mix of legal and technological issues, the most serious of which is the lack of a widely trusted and understood infrastructure for certificate use. The second barrier is a cultural one, and that may take years to overcome.
The first barrier is slowly eroding. The enactment of E-Sign, the Electronic Signatures in Global and National Commerce Act that was signed by President Clinton in late June, should prove to be an encouragement to increasing the use of certificate technology. But there's a catch. E-Sign's national standard for digital signatures isn't tied to a specific technology, so the lawyers will have to be as involved as the engineers in determining how we'll use certificates in the future.
It's been possible to create digitally signed documents for some time, and encryption and e-mail programs support digital signatures; but the current crop of tools is too awkward for daily use.
Most encryption and digital signing methods use a PKI (public key infrastructure) of one form or another, and operating systems such as Windows NT, Windows 2000, and NetWare have PKI capabilities in the box. Nevertheless, implementations fail because a customer doesn't make the extra effort.
The financial and legal communities will ultimately determine how quickly digital certificate technology becomes a pervasive part of our lives. In July, the American Bankers Association announced, in partnership with Digital Signature Trust, its TrustID certificate program, which we expect will provide the early underpinnings of the certificate revolution. The TrustID model will give banks, which most people assume fit the definition of "trusted entities", an advantage in the certificate business that until now has pretty much been left to VeriSign and a handful of others.
Although pioneering demonstrations of digital signatures and digital certificates are happening all around us, it will take a few years of experimentation before hitting critical mass. The legal issues alone may take years to resolve, so our prediction of widespread use around 2004 might be off by a couple of Supreme Court terms.