The recently enacted Electronic Signatures in Global and National Commerce Act has paved the way for heavier traffic...
on the information superhighway. It has also heightened the importance of Internet security in the U.S. and beyond, especially where electronic signatures are concerned.
The new law states a digital signature in an electronic document now carries the same legal authority as a handwritten signature on paper. However, the law does not provide details on how digital signatures would be securely verified.
Lotus Notes users and others seeking enterprise e-document security solutions are left to ponder several questions: Where should one look for Public Key infrastructure (PKI) technology in an industry growing so rapidly? Is it worth the hefty investment to gain e-mail security in house or is outsourcing the answer? Can thumbprint scanners and a barrage of passwords really save time and money or is it still too soon to consider electronic signatures as a viable business solution?
Lotus Domino product manager Kevin Lynch said security features built into the Notes software have always allowed for digitally signed client-to-client messages.
"And those features have been present in the product all along," Lynch said. "As long as there has been Notes mail, there has been a mechanism for a user to sign a message, and a signature can be validated by a Notes user on another network."
However, Notes users sending messages to users of Microsoft Outlook, Qualcomm Eudora, or Web mail may have reason for concern.
Katherine Spanbauer, a Lotus senior product manager for Domino security, said since Lotus' hierarchical certification structure is designed for Notes-to-Notes messages, a third-party signature certification is necessary to send messages to other e-mail clients.
"No matter what system you're using, you need to have that trust relationship," Spanbauer said. "The key in any trust relationship is that you do trust" the third-party certification.
This concern is benefiting secure messaging companies that are now scrambling to grab their share of this rapidly growing market.
"The e-sign [law] is a boom from our industry," said Bob Janacek, co-founder of CertifiedMail.com, a data security provider located in Springfield, New Jersey.
"You don't have to print out and FedEx that last copy [of a document]. You can go back and forth with it in one hour instead of having to wait two days," he said.
Douglas Kramp, CEO for Dallas-based e-mail security provider ZixMail.com, Inc. said the need for security is also in high demand in certain vertical markets, such as the legal industry.
"We've found that 98% of e-mail users want some percentage of their e-mail sent securely, and 40% of lawyers want all their e-mail sent securely," Kramp said.
Since many companies are rushing to provide solutions, Kramp said the first provider to bring a viable security solution to the market will be the one that gains a definitive edge.
"The competition is going to increase," said Janacek. "There are a lot of patents that have been filed. The [companies] coming in late are going to run into a minefield of patents. It was difficult for us... to produce a product that doesn't infringe on anyone else."
Tom Talleur, a former federal investigator who spent over three decades helping bring cybercriminals to justice, said a single, uniform signature standard needs to be implemented, either by the industry or the government.
"I think that the digital signature act is a great thing, and I think businesses need it," said Talleur, who is now a security analyst for KPMG. "But what man makes, man can break. There is not total security technology, and we always have to consider that digital signatures can be spoofed."
Talleur said it is important to realize that security concerns will always be prevalent. Even though some believe the answer lies in lowering speed limit on the information superhighway, Talleur feels it is a moot point.
"It's almost too late to consider that concern because it's like getting pregnant and saying, 'I shouldn't have had sex.' There will be security risks and growing pains, and we just have to accept the fact that this is part of being in the digital world," Talleur said."
Tomorrow, SearchDomino profiles ZixMail.com and looks at the pros and cons of outsourcing an e-mail security solution.