Adam Wilbrecht, AIA – Concert CPO
What is value of the architect’s stamp and signature? At the most basic level these serve as a certification and attestation that the signed documents meet state legal requirements for buildings and the built environment. At a deeper level these are a testament of the authorship and professional skills of the architect. Over the course of this century technology has introduced an era of digital-only documents that require the use of electronic signatures as a means of certification. Electronic signatures are commonly assigned to digital documents, contracts, and agreements. In the case of the architect, however, the application of electronic signatures with professional seals has not been straightforward and unevenly applied by both architects and state officials alike. To this end, we will explore electronic signatures, how they are intended to be used, and how the individual US states (including the District of Columbia) are adopting electronic signatures into their processes.
Electronic (and Digital) Signatures
To set the stage, an electronic signature is, like its paper equivalent, a legal concept. The U.S Electronic Signatures in Global and National Commerce Act defines an electronic signature is an “electronic sound, symbol, or process attached to, or associated with, a contract or other record and adopted by a person with the intent to sign a record.” Electronic signatures are designed to be legally admissible and provide reasonable proof that the named signatory is the actual person who signed the digital documents at a given date and time. These signatures are also designed to be very efficient and require very little effort by the signatory. Typically, having a functional email account is the minimum validation needed. Additionally, electronic signatures are also unique in that a signature can be in almost any format including a recorded oral statement, a checkbox click, a mouse gesture, etc. Finally, electronic signature standards are regulated on a jurisdictional basis and vary from state to state.
The Digital Signature Standard (DSS), on the other hand, is federally regulated in the US by the National Institute of Standards and Technology (NIST). While technically an electronic signature, the DSS institutes specific protections to corroborate the identity of the signatory with the digital documents being signed. This permits a digitally signed document (or documents) to be auditable and verifiable.
A compliant digital signature combines a few technologies to function properly. First, the digital document(s) being signed are processed using an approved cryptographic algorithm to establish a digital fingerprint known as a “hash”. Second, a digital certificate from a third-party certificate authority (CA) is required. The CA verifies the identity of the signatory when the digital signature is applied and bound into the record with the document hash(es). The application of this certificate typically requires the signatory to prove their identity using a password known only to them or by using authenticating software strictly under their control. The outcome is digital alchemy that generates a record combining the hash and certificate information that is highly secure and contains these important attributes:
- Proves the authenticity of the document(s)
- Certifies that the document(s) have not been changed or altered from the original state
- Confirms, to a high degree, the identity of signatory
Thus, while being an electronic signature, a DSS compliant digital signature is an advanced form benefitting from strict federal regulation coupled with auditability and verifiability of both the signatory and the related digital document(s). The less restrictive form of the electronic signature is significantly easier to use but also significantly lacks the security and evidentiary value provided by a DSS digital signature.
Electronic Signatures and Seals Across the United States
For the uninitiated, the traditional method of applying a seal and signature requires an architect to imprint their state seal with an inked rubber stamp followed by a “wet” ink signature on top of or adjacent to the seal. This method is allowed in all of the US states with little variation in the requirements. When it comes to options for electronic signatures, however, the US electronic signature standards vary state to state across a spectrum.
By the Numbers
41 states + District of Columbia allow for electronic signatures
2 have adopted and require compliance with the NIST Digital Signature Standard (FIPS 184-6) – New Jersey and Florida demonstrate the most sophisticated application of electronic signatures.
28 states allow electronic signatures but only require DSS-like criteria. These all follow a common format for the application of the electronic signature have the following requirements:
- Unique to the licensee;
- Verifiable by a trusted third party or some other approved process as belonging to the licensee;
- Under the licensee’s direct and exclusive control; and
- Linked to a document in such a manner that the digital signature and seal is invalidated if any data in the document is changed.
The remaining 13 states allow electronic signatures but have no stipulated standards or requirements.
2 states do not permit electronic signatures of any kind – Hawaii and West Virginia, for some reason, expressly forbid them.
The remaining 6 states don’t explicitly mention electronic signatures in their administrative code for seals. These states require a look at their general administrative codes to determine if electronic signatures have been adopted at a global level.
Overall, adoption of electronic signatures is a positive direction for architects to not only efficiently seal and sign their work but also, through the Digital Signature Standard, have a means to express and protect authorship of the work they are delivering.