I hate to rain on the parade but this effort is badly misguided. The reason physical signatures work is not that a pen allows you to render subtle curves more easily than a mouse, but the fact that the laws of physics can be used to bind a physical signature to the thing being signed (because a physical signature can't easily be moved from one piece of paper to another).
The reason electronic signatures are broken is not that the signature doesn't look right, but the fact that nothing binds the signature to the thing being signed. Once I have your electronic signature it is trivial for me to transfer that signature to any document I like, so the presence of an electronic signature proves nothing. Hence, electronic signatures are useless. And good-looking electronic signatures are worse then useless precisely because they look so much like physical signatures but without the actual benefit that physical signatures provide. Nice curves don't make an electronic signature useful any more than an image of a shiny padlock makes a web page secure.
The ONLY way to sign documents electronically that has any actual utility in the face of disputes (which, if you think about it, is the only situation in which signatures matter) is with cryptographically secure digital signatures.
You misunderstand the purpose of signatures. Their main purpose is not identity verification, but rather solemnization. It is a formal act in which you acknowledge the document that you are signing. This is why you can sign with an X and it's still perfectly legal, even though an X is trivially forgeable. Conversely, this is why serious transactions require notarized signatures: with the notary, you are then able to establish identity.
This project is not strictly necessary, because an electronic signature can simply be a button, or a text field (I've seen both before). This is just as binding as a physical signature, which is to say that it demonstrates your intent to be bound, but does not actually establish your identity by itself. But it's merely overkill, not "useless".
There are about four elements to a contractual relationship: offer, acceptance, consideration, and the intent to establish a legal relationship. You need to have all four. Many people will, in loose conversation, throw out three of them (+), in such a way as to give their counterparty the impression that a contract exists. This is not always done in a malicious fashion -- in the rough and tumble of business negotiations sometimes one party thinks they're discussing options and another thinks they're discussing plans.
Signing physical contracts -- which is often not actually required in contract law (though it can be for certain transactions in certain jurisdictions) -- gives both parties an unambiguous, socially-ironclad touchstone that says We Are Engaged In Serious Business. If you're willing to sign something, you're willing to be bound, if not, you aren't.
+ "I was wondering if you gave any thought to the consulting proposal, for 2 weeks at $20k a week?" "We want to do it." has offer and consideration but the acceptance and intent to create a contract are ambiguous. It's entirely possible for one side of the negotiation to think "Sweet, it's on" and the other side to think "For God's sake, that was a pleasantry!"
Some people feel that certain online relationships would be improved by physical or physical-like contract signing, for the solemnization aspect. I've wrestled with this myself. For example, medical providers can't use Appointment Reminder without agreeing to a Business Associates Agreement. The BAA is not your bog-standard clickwrap ToS -- in event of a breach or HIPAA violation it could be at the center of a $X00,000 enforcement action. I currently force people to actually print and sign contracts rather than doing the clicky-clicky thing just to convey to them Yes This Is Official.
> There are about four elements to a contractual relationship: offer, acceptance, consideration, and the intent to establish a legal relationship. You need to have all four.
This is close, but the part about intent is not quite the way courts approach such questions under Anglo-American contract law. The issue of intent is subsumed in the issues of offer and acceptance. Importantly, intent is addressed from an objective perspective; the parties' subjective intentions generally don't matter. Generally speaking, if a person takes an action that, viewed objectively, looks like an offer or an acceptance, then the person's subjective intention is not relevant. [1]
An edge case is where one or both parties expressly state that they don't intend to be legally bound (for example, in a letter of intent). [2] That would normally be analyzed as, there was no offer, and/or no acceptance, because a reasonable person would not regard the parties as having assented to being bound.
Which brings us to:
> "We want to do it." has offer and consideration but the acceptance and intent to create a contract are ambiguous. It's entirely possible for one side of the negotiation to think "Sweet, it's on" and the other side to think "For God's sake, that was a pleasantry!"
The issue here would be simply whether, viewed objectively, there was an acceptance. My guess is that most lawyers and judges would say no -- that We want to do it was not an acceptance, but was a non-binding "invitation to treat" [3].
So what benefit does solemnization provide beyond its facilitating authentication of the agreement to the contract? How could you provide authentication in a way that doesn't confirm you are in serious business?
No. The screw case is when someone says: I pressed the button, but the document I was agreeing to was not the document that the plaintiff is presenting, it is this completely different document over here.
Correct, in the digital realm there is absolutely nothing that actually binds the .png of your signature to the document which you were supposedly "signing". That's a huge problem.
It shows you weren't just screwing around, basically. It removes the defense of "I didn't agree to that." (Versus "I didn't agree to that.")
Without that, the other party can do whatever they feel like to prove that the person they dealt with was you, but without something that actually indicates you agreed to be bound by the contract (typically a signature), it doesn't matter if they have your birth certificate and driver's license and DNA sample, you're not bound to anything.
One big contributor to the problem is the ESIGN Act - passed in 2000 it legitimized electronic signatures but failed to define them in any technical sense. Instead the law defines them as any "electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record."
The result has been that pretty much all "electronic signatures" are just fairy dust.
You are correct on the technical aspects- it's certainly trivial to take the digital signature and apply it to something the signer didn't actually see. But we're all already signing on the POS pin pad with a pen on a touchscreen.
It's going to take someone actually transporting a signature to another document and a resulting lawsuit to see the practical impact of accepting physical signatures with a digital medium.
> we're all already signing on the POS pin pad with a pen on a touchscreen
That's a little different because the pin pad might have an audit trail built in to it that would allow the merchant to prove (or at least provide evidence for) the provenance of the signature. I don't know if pin pads actually do this, but it's possible. With a signature that comes in as a stream of bits over the internet from some unknown source this is not possible even in principle.
And that is exactly the problem. People think it's the signature that matters because that is what they see. It isn't. What matters is that the signature provides some evidence about the intent of a particular person at a particular time. A physical signature on a physical document provides such evidence. An electronic signature does not and cannot.
BTW, even physical signatures have pitfalls. They bind only to the single sheet of paper they are actually on. This is the reason that on documents that actually matter they make you initial every page. Because without those initials it's trivial to swap one page of the document for another and it is impossible to tell which version you actually signed.
While your points are valid, they are not relevant in a legal sense (at least in the United States).
An electronic signature is as good as a paper signature under the ESign Act of 2000 if they follow this definition:
`electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.`
Hell, even sending the words "I accept" via Morse code over telegraph was considered a legal signature in the 19th century.
However, if there a dispute over the authenticity of the signature and found to be fraudulant, the courts have ruled that it's not a signature then.
The problem is not disputes over the authenticity of the signature. The problem is disputes over what that signature is connected to, i.e. disputes of the form: "Yes, that is my signature, but that is not the document I signed, this over here is the document that I signed." That is the reason that when you sign a physical document you sign the actual document, and not a blank piece of paper that you then attach to the document with a paper clip.
That's what cryptographic signatures are for ("digital signature" vs "electronic signature"). Hash the document and then sign the hash, to establish probabilistic certainty as to exactly what they signed.
I know so many people who already keep an image or PDF version of their digitized signature just to avoid the print+sign+scan hassle by pasting it into new docs.
I agree with this, but you can't dismiss the dissimilarity of these electronic "signatures" with the actual thing. Not being able to easily move the physical signature still doesn't prevent forgery. In case of disputes the signature is examined and compared with the one you produce. The thing I can write on his pad, with my best effort, looks nothing like my signature. It's possible I'm some kind of an outlier (I have a sample of one, me), but I doubt it.
I'm not sure it's just because of the mouse, though that makes things worse. Where I live we have smartcard IDs with biometric data on the chip. One of the things they record is the signature. It's done with a stylus and some kind of a touch sensitive screen (a really small one, which makes things worse). I took several shots but just couldn't write something that didn't look like a really bad fake of my signature. I pointed this out, but they were OK with it...
EDIT: Just to add, the lines really do look nice though (much better than what I have on my ID card, for example)!
You've missed the point. The problem is not the visual similarity of electronic and physical signatures (though that certainly doesn't help), the problem is that electronic signatures (not digital signatures -- two completely different things) are completely, utterly, irredeemably broken no matter what they look like. The visual aspects only matter insofar as so long as electronic signatures look bad people are less likely to take them seriously. But electronic signatures should never ever be taken seriously.
Oh, no, no, maybe I didn't come through clear -- I completely understand and agree with what you're saying here. My remark was more along the lines of: even IF electronic signatures had the physical feature of not being easy to move, they still shouldn't be taken seriously because they don't look the same (in my experience at least). I also assume here that overt visual likeness plays a significant role in validation, but IANACE (court expert) so I may be completely mistaken.
physical signatures are almost as useless as a digital signature... some people (at least 2) just escaped jail in Florida using faked judge signature ... http://www.nytimes.com/2013/10/23/us/florida-officials-say-2... (everyone should switch from checks to bitcoins)
This is soo impressive. The signature looks exactly like my real life signature.. (which isn't a trivial one).
I've forked. I plan to republish it as a tool that allows you to create arrows and save them to transparent PNG files to overlay as images. I find it really tiresome when I need a specific angled or specific sized arrow and I think this tool just performed perfectly...
Have you thought about setting up a site for sending greeting/thank you cards that uses this? If you could get to the point where it was hard for someone receiving a card to figure out whether the card was actually signed by hand I think you could be on to a winner. There's just something a bit impersonal and lazy about sending a card that's not hand signed.
To make the effect perfect, you could display the electronic signature to a human who then uses a pen to sign the card in the same way. (Otherwise you could easily tell pen from print.)
That would of course be highly questionable.
Or you build a plotter instead of a pixel printer.
"All the credit belongs to the incredible work by Thomas Bradley, who authored the original signature library and Square for the blog post that outlined the approach."
Not so sure from the page why a fork was justified... I have been using this solution for quite a while on a project which needed signatures for fulfillment. More than happy with it...
In the paragraph above your quote, the author lists three problems that he said all existing solutions had. The problem he had with Signature Pad is probably the last one, “Didn't have the signature smoothing component”.
my bad... but not something I would need, as I believe smoothing alters the signature (if only aesthetic). Hope it will be useful to others.
Note: man, the smoothing becomes a horrible ink-blobby mess... especially with the mouse. Using a tablet (Wacom) gives better results, but this is more related to the accuracy of the digitizer... but still the results is a mess; as if something just dipped a fountainpen in a pot of ink
I looked at Thomas Bradley's plugin, tested it in a client app, but ended up going with jSignature as the base64 such could be posted as form data, converted as necessary, and placed in a LaTeX template that was converted to PDF. Note that my client was aware this was not a valid "e-signature", but they wanted a simple solution that appeared valid and large contracts would require paper signatures anyways.
I did look at it. It was my second choice and I would have used that if I didn't used Thomas Bradley's.
I emailed Thomas Bradley when I was exploring options and he responded within an hour. Also, that repository was active (TB was responding to bug reports and there had been commits on the day that I looked) and had more followers and forks. Since I'm a mediocre hacker, I generally optimize for paths where I can get the most support if I think I might need it.
Thomas's is also very well documented with specific code examples and demos for the basic use cases.
I considered a lot of different options, including signature as a service (https://www.signature.io/ -- these guys have a beautiful implementation), integration with other companies (hellosign and signnow are my favorites, docusign/echosign), but TB's was just the best fit for my needs at the time.
Why wouldn't that be a valid e-signature? Previous comments have said that a valid e-signature is (essentially) anything adopted by the person with intent to sign the record.
It's been several months so I may be wrong, or perhaps I am thinking of a different regulation, but I was under the impression electronically signed documents required an audit trail, and that the signature could not be modified post creation of the document.
I'm curious, has the OP considered the HelloSign API? Is it too expensive for their use case, or is there a {technical, legal} reason that they can't use it?
I really wanted to use it and have emailed back and forth with them several times over the last 2 years (from before they even had a product called hellosign -- when it was integrated into hellofax).
it required account creation for both signers through their site, which forces my users to leave the site to sign, and it wasn't a fit for the UX i wanted.
Similar issue for signnow.com
Benefits of using those though: transfering the responsibility of maintaining legally compliant signatures to a third party. Read more: http://www.hellosign.com/info/legal
For my specific use that's less important, so I opted for a solution I could embed without sending my users somewhere else.
However I think the hellosign folks are awesome guys and i use hellofax for a lot of stuff personally.
Got to this late today. You have no idea how impressed I am. I was able to sign my signature with my finger in my phone and it actually looks like my signature. This is incredibly impressive. I'll read through the technical specs when I'm in a less tired state, but I've already forked this. Please, keep working on it and improving where possible.
THIS is really impressive! The most accurate representation of my chicken scratch I've ever seen. Why is it little usability improvements like this take so damn long to incarnate?
It doesn't interpolate between speed very effectively. So when I transition between a fast stroke and a slow stroke, there's this strange bump when the stroke changes width.
I'd suggest...
"Variable width signatures (this is implemented very
crudely, and I didn't discuss it in this post. The first
signature pad in the post uses it though)"
never mind ,I think you and I are on the same page.
the square blog post I referenced implements this better. they save tuples of (timestamp, location) and can therefore determine velocity (more or less).
I used a really ghetto distance metric as a proxy for velocity and since the sampling rate varies on everyone's local machines it can produce really ugly signatures.
close inspection of the implementation will not bode well for anyone's opinion of my programming abilities.
my excuse is that this is a tiny bit of UI candy on top of my core business. if i were to spend much more time on it, I'd change a lot of things about it.
I've always hated signing off packages because it looks nothing like my signature on the hand held devices. Hopefully this will be used in the future to make signatures look more coherent rather than just some squiggly lines on the touch pad.
It's a simple concept with font smoothing. Wonder why they never thought of implementing it on actual commercial devices.
Very nice. One thing that's missing though: It doesn't work with the touch screen on my Pixel, and I suspect it has the same problem if I tried to use it on my tablet.
It's a lot easier to get a good signature with a touchscreen than a trackpad. ;)
Okay, that's odd... it's working fine for me on my tablet, and also working fine for me on my Pixel now that I'm testing again. Must have just been some sort of temporary glitch.
The reason electronic signatures are broken is not that the signature doesn't look right, but the fact that nothing binds the signature to the thing being signed. Once I have your electronic signature it is trivial for me to transfer that signature to any document I like, so the presence of an electronic signature proves nothing. Hence, electronic signatures are useless. And good-looking electronic signatures are worse then useless precisely because they look so much like physical signatures but without the actual benefit that physical signatures provide. Nice curves don't make an electronic signature useful any more than an image of a shiny padlock makes a web page secure.
The ONLY way to sign documents electronically that has any actual utility in the face of disputes (which, if you think about it, is the only situation in which signatures matter) is with cryptographically secure digital signatures.