How new electronic signature laws affect digital drawings.

With document approval software (ApproveIT software shown) users can sign in real time or from a secure password-protected file. Users can also customize the look and size of their actual signature prior to approval.

Authentication capability insures that signature(s) are associated only with the original approved document.

Modern surveying practically demands the creation and use of digital drawings. We collect data in a field computer, transfer it to a survey or computer-aided design (CAD) program to manipulate, and finally produce a map or plat that appears on a computer screen. This work product is then saved, archived and often transferred to our client in digital form. In practically all cases, however, we also produce a "hard copy" in the form of a paper (or other medium) map which we seal and sign. Why do we produce the paper copy?

Generally, in a few words, the paper copy fulfills certain legal or administrative requirements, and provides some protection against unauthorized alteration of the document after it leaves our control. Laws governing the look of a survey drawing vary from state to state, but the application of a surveyor's stamp and a handwritten signature to the "original" final product is almost universal. Some states require that we emboss our survey seal on our drawings; some require original signatures on every print made from a "reproducible" original; some allow for the use of CAD facsimiles of survey seals but still require a handwritten signature, at least on the "reproducible" original (I put the word in quotes because the concept is practically archaic; I don't know of any drawing that can't be reproduced). When we transfer a CAD file to a client we use a contract that specifies that the signed paper copy is the "original" and that the CAD file is provided merely as a convenience to the client. If the electronic version differs from the paper original, the paper version prevails. This supposedly provides some protection from the temptation to make unapproved changes to the computer version of the drawing.

All this is well and good, but is obviously artificial. The client usually wants the electronic drawing; the paper "original" is simply a nuisance. In many instances, the storage and archiving of paper or other hard copy medium maps becomes a major expense, and the seldom-used hard copies are often neglected. Some recording offices are overflowing with mylar survey maps. In several cases, these "originals" are scanned, often with a loss of clarity, and the originals are never used again. Of course, none of this is new-document storage problems led to microfilm and microfiche years ago. Besides storage, there are problems with transfer of documents between users. E-mail has several clear advantages over mailing a bulky drawing in a tube.

It seems obvious enough that a better system would be to secure and legalize the electronic document itself. This is the goal of electronic signature laws, which have been enacted or considered in 40 states. Utah led the way, with California, Washington and others following shortly thereafter. The American Bar Association has published a set of "digital signature guidelines" for states to follow in fashioning their own laws. Many of the statutes are driven, as you can well imagine, by the desire to allow for secure, enforceable commerce over the Internet rather than to meet the needs of surveyors. Some are, however, broader in scope than mere attempts to encourage you to use your credit card on the World Wide Web. A feature in some such laws is that any electronic document, when signed with an electronic signature that meets the legal requirements, will satisfy any rule of law that requires a signed written document, just as if the medium was paper. Thus these laws may allow for electronic deeds, real estate contracts, leases, court filings and affidavits and even wills. The question then arises: Are they appropriate for surveys?

Electronic vs. Digital Signatures

The various state laws can best be explained by separating "electronic" signatures from "digital" signatures. For the purpose of this discussion, an electronic signature is any electronic identification in the form of characters affixed to a document to express an intent by the writer that the characters authenticate the document. Several state laws address electronic signatures, usually allowing their use in limited instances, such as validating electronic signatures for certain transactions but not for general use. Digital signatures involve some form of cryptography to ensure the integrity and authenticity of the document, and the laws addressing them often allow for their use in general transactions.

The state laws fall broadly into three categories. The leading state, Utah, and 13 others have adopted what is called the "prescriptive approach." This approach involves a rigorous scheme of licensing third parties, called certification authorities, which are required to authenticate the identity of the signing party. Long and comprehensive, the prescriptive approach laws offer many safeguards to protect electronic transactions but in so doing tend to restrict the users to certain specified procedures and perhaps even to certain software. Generally, these laws (which follow the American Bar Association guidelines) will only validate digital signatures. California is the leading state to adopt what is called the "criteria approach" which validates digital signatures if they meet certain criteria, but prefers not to rely on licensing schemes in favor of allowing the marketplace to control the particular software and protective schemes the parties adopt. These states may validate either electronic or digital signatures, depending on the regulations they adopt, which might lean either to the more or less restrictive approaches depending on the transaction. Massachusetts is the leading state in adopting the most permissive approach, called the "enabling approach," which validates any electronic mark if the maker intends the mark to be a signature. This approach obviously allows for both digital and electronic signatures, but in most states is limited to certain prescribed transactions.

A signature on a document is intended to convey a sense of gravity and finality; you sign the document at the end to show your full agreement. Signatures have also long been used to validate the authenticity of documents; if you sign the document at the end, then any changes will be invalid unless also signed (or initialed) and your unique handwriting will help protect against forgeries. Protection against alteration and against forgery in electronic commerce is the aim of the more restrictive of these state laws.

Digital signature laws presume that the software will protect against unauthorized alterations. I am a bit beyond computer illiteracy, but I will not pretend in this article to be able to comprehensively discuss, recommend, or review any particular software. I do, however, plan to describe as well as I can two different software approaches to protecting against alterations, solely as illustrations of the approach the various laws can take. There may be other software packages that do the same or similar jobs quite well but I am simply not familiar with them.

Protecting Signatures from Alterations

One approach toward protecting against alterations involves signing the document with a handwritten signature using a stylus (or even a ballpoint pen) on a pressure-sensitive pad. Alternatively, you can use a scanned signature file that is password protected. The software couples the signature with a digest of the document, so that if any changes are made to the document the signature disappears. This is the approach of ApproveIT for CAD, from Silanis Technology (Dorval, Quebec, Canada). The software keeps a database of approved changes, thus allowing for revisions, and accepts multiple signatures. It represents a reasonable solution to the problem, and has the advantage for surveyors of having been developed with digital drawings in mind. If there are disadvantages, from a technical point of view, they would seem to be limited to two things: the need (as a security measure) for each viewer of the drawing to have the software installed if he or she wants to see the signature on the screen-although the signature can be plotted on paper for clients who are not so equipped. Second, the software is specific to certain CAD packages. (A developer's kit is available to modify the program for other Windows applications [Microsoft, Redmond, Wash.], and ApproveIT is marketed for certain other packages such as Microsoft Office and Word Perfect [Corel, Orem, Utah; Ottawa, Ontario, Canada.])

From a legal point of view, the only disadvantage would stem from whether or not the software meets the particular requirements of the individual state's law. For instance, ApproveIT might fulfill a criteria-based state law but might not fulfill a prescriptive law. Any definitive answer to this sort of question, of course, would have to await some court challenge. These laws are all very recent, and the only court dispute I know of came from a Massachusetts motorist who challenged-unsuccessfully-the use of an electronic signature on a police sobriety test report.

The second approach to protecting against alterations involves the use of an asymmetric public-private key software system, such as has become ubiquitous for use with E-mail. These systems have the advantage of being capable of affixing digital signatures to any type of file across multiple platforms. Using such a system to sign a drawing file involves first creating a reusable private key, which you keep on your own computer protected by a pass phrase. You ask the software to scan the particular drawing file, using your pass phrase (and thus your private key). This produces an encrypted digest in the form of a separate file with the same base name as the drawing file and a different extension, often .sig. You would then transfer the drawing file, the signature file and a separate reusable file (called your public key) to the recipient. The recipient can make multiple copies of the drawing file and can view and manipulate them without having the signature software. However, if you do check any of the copies using the signature software and your public key, only those copies which have not been altered will verify against the signature file.

These systems have excellent reputations for security, work fine with drawing files that have been transmitted by E-mail, and are inexpensive and easy to use. Their flexibility makes them attractive to financial institutions, thus raising the possibility of their use for affixing multiple signatures to a document at far-flung locations. (That is, a digitally signed plat could be sent to a landowner in another city, who could go in to his or her bank and purchase a one-time certificate to affix his digital signature to the dedication on the plat, even if he doesn't own a computer.) Its major disadvantage, for surveyors, is that the signatures do not append to the drawing file but are separate. There is no visible way to tell from the displayed drawing that it has been signed (other than information you supply in the CAD file). Typically, users add a CAD version of their surveyor's seal with a notation stating that the drawing has been signed electronically using some designated software and giving the name of the signature file. These systems fulfill the legal requirements of all the digital signature state laws, if they meet some specified standard-generally some version of "X.509 as adopted by the International Telecommunication Union."

Protection against forgery is much more difficult with public-private key software than with software such as ApproveIT, because of the lack of a written signature. Theoretically anyone could transmit a drawing using their own private key and signature file, claiming that it came from another person's computer using the other person's private key. You can't tell who created the public key by looking at it. Consequently, most of the verbiage in the prescriptive state laws, and most of the regulations, concern setting up a secure system of protection against forgeries.

The most common system, used in the prescriptive law states, involves licensing certification authorities. Using a survey drawing as an example, rather than giving a copy of his or her public key directly to the client, the surveyor would deposit it with a licensed third party who would check his or her identity and certify to it. Under most of these schemes, the certification authority is heavily regulated. The authority's employees must undergo background checks and must pass tests; the companies must be bonded; and there must be repositories of certificates with procedures set up for handling revocations and for dealing with compromised keys. There also must be procedures for dealing with disputes. These details can make some of the prescriptive laws fairly long and complex, and tend to lock the users into certain systems. For instance, in Washington, the only digital signatures that are valid are those using a public/private key system through a state licensed certification authority, thus effectively legislating against reliance on systems such as ApproveIT which do not need a certification authority for forgery detection.

Of course, another layer of regulation that affects surveyors in this arena concerns our licensing laws and regulations. As an example, Washington has legalized digital signatures beginning in 1998 (provided the law is followed to the letter by those it affects) for all purposes. It would seem that a Washington surveyor might be legally entitled now to begin dispensing with the signed paper "original" that has long been required, but I would advise against it. The state board of registration has its own set of regulations, which specifically address signatures and stamps on drawings. Rather than bringing separate sets of regulations into conflict, surveyors need to begin exploring the value of using digital signatures for survey drawings- the pitfalls and the costs-in order to recommend changes to the survey licensing regulations if they are warranted.

Single or multiple approval processes requiring the updating of additional information at the time of signing can be performed with document approval software.

Adapting the Laws for Surveyors' Needs

Those states with enabling laws have systems that are probably the most difficult to adapt to surveyor's needs, because such laws, while very lax in their requirements as to what a digital or electronic signature needs to be, will typically restrict their use to limited applications. In states with criteria-based laws the systems will allow for the use of digital signatures, usually for any purpose, as long as the particular system you choose meets certain statutory standards. This market-driven approach could be rapidly adopted to surveyors' needs, however, the state boards of registration might decide to add certain layers of protection in the survey arena because of unique qualities inherent in survey drawings. A user in a criteria-based state needs to realize that he or she would be at peril if the software solution he or she chose was later declared deficient in a court dispute. In states with prescriptive laws, the task of setting up a survey-related set of regulations should be relatively simple, because these states require a regulated infrastructure and a system for protecting the public is built into the law. Unfortunately, the surveyor in a prescriptive state will have little flexibility.

There are certain qualities inherent in the way survey drawings are used that should be addressed with any state scheme. For example, certificates expire-usually after one or two years-to provide a layer of protection against the remote possibility of someone factoring an "invasion" to the certification authority's system. This is fine for most commercial transactions, where the contract rights are determined and finalized in a relatively short period of time. For a certified digital signature to be valid over a long period of time, one typically uses another layer of protection in the form of a digital time stamp. Such a time stamp seems a necessary idea in the case of digitally recorded documents in any case, but it might be viewed as an extra layer of expense and trouble for general survey use. Survey drawings are typically used in paper format at construction sites, and in the case of public-private key signed drawings those prints will not be signed. One layer of protection in those cases might involve a board requirement that only certain employees in a survey office have the authority to run (and thus certify) prints of digitally signed drawings. In the case of prescriptive law states, there is typically a "recommended reliance" limit for certain certificates from a certifying authority. That is, the certificate might say that this signature should only be relied upon for transactions of a certain value, and the certification authority is relieved of any further liability in case of a forgery. What, if any, limit would be appropriate in a survey situation needs to be addressed. Finally, if one is using a public-private key software to affix multiple signatures to a plat, there needs to be a way to handle all the signature files. One way would be to have a separate signature sheet, apart from the drawing file, in the form of a word processing document which is then recorded along with the drawing and cross referenced to it. Those signatures can be directly appended to a text file.

I believe these questions are worth addressing, and land survey associations across the country should take the lead. Most all of us are using digital drawings already, and the demand from our clients will only increase. Working now to create a useable legal framework can only help avoid problems later.