Electronic Signatures in Procurement

Sep 25, 2013 by Keith Jones

Not the Same as Digital Signatures

Online bidding systems must be able to authenticate the identity of the bidder, document that bidder has verified their submittal, accept the terms and conditions of the bid requirements, and prevent undetected alteration of the submitted bid information.

In the U.S., the validity of electronic signatures was originally established in the federal Uniform Electronic Transactions Act (UETA) and U.S. ESign Act of 2000. Similar standards have been adopted in countries throughout the world. In the U.S., the legislation establishes minimum performance standards for electronic signatures but does not specify the technology that must be used.

As we have reviewed and responded to RFPs for electronic procurement systems, it is clear that there is confusion among many prospective buyers as to what constitutes an acceptable electronic signature. The confusion stems from a misunderstanding of the terms “electronic signature” vs. “digital signature”: these terms have very different meanings. While all digital signature technologies are electronic signatures, not all electronic signatures are digital signatures. A digital signature uses cryptographic methods to encode and decode transmitted data. Public Key Infrastructure (PKI) is the most common type of digital signature.

While PKI was touted years ago as the solution for e-commerce applications, in practice is has been found to be difficult and expensive to administer, particularly for the infrequent user, and has seen less and less use in e-commerce applications.

Far more common, easy to use, and legally defensible is the concept of the “Clickwrap” agreement. You are no doubt familiar with their use in End User License Agreements when you install software and are asked to click “I Agree” or “I Do Not Agree” with the license terms and conditions before you can complete the installation. The Clickwrap Agreement has been tested in the courts for years and held to create a legally defensible contract.

In combination with the username/password system for authenticating the identity of a bidder, and the ‘locking’ of bid data to prevent its alteration after submittal, the Clickwrap Agreement establishes a legally and technically defensible system for establishing an electronic signature for online bidding.

So be careful what you ask for: specifying a “Digital Signature” when you meant “Electronic Signature” is going to result in unnecessary cost and complexity for your procurement system.