I remember scribbling my hand signature again and again in my notebook on a boring day at school in Marist Brothers, St Henrys. Then and there I knew it would be important way of verifying that it was me. So it was important for my signature to be distinctive and consistent.
In Finland I thought I would do an experiment, more so to see if shop cashiers would have the guts to question a foreigner (me). I signed my name with a X when paying for groceries. This was at a time before Chip&PIN. Never once was I questioned. This probably says more about the trusting Finnish culture than anything else. I did it so often, I accidentally would put a X when I really did mean to sign!
Already 10 years ago my signature became a very weak way of identifying myself.
Fast forward to 2012 and for a lot of business agreements, I would typically get sent a PDF like the one below:
This one is a badly photocopied one, which I'm supposed to sign. This process is a huge PITA. It normally involves:
- Printing the PDF - hard if you don't have a printer
- Signing it - where is my nice pen?
- Scanning it - tricky if you don't have a scanner (camera would probably suffice)
- Sending the scan back
I love it when people send me a PDF to sign. NOT. :( Now wtf do I get a printer and scanner from @co_up ?— Kai Hendry (@kaihendry) July 10, 2012
Apparently there is a solution by way of a feature in Preview.App in MacOSX or one could just edit the PDF in GIMP and paste in one's signature copy.
Of course a PNG of your signature sounds a bit dangerous. But in practice, this
is what people do!! It's trivial to copy a signature out a signed document and
not that much harder to steal a
It gets even more WEIRD when one can eSign using Enterprise Content Management tools like Echo Sign by just typing your full name in a field. Er... this isn't secure now is it?
So we've gone from hand written signatures, where I guess a "hand writing specialist" could detect a fraud, which was probably very rarely used in practice. To the year 2012 when if you can type my full name you could probably enter me in an agreement if you managed to intercept my unencrypted email!
I can't help but think the legal hawks should think about developing better technology for carrying out their trade, like identifying individuals in agreements. Then again when we have clickwrap agreements on 100+ page T&Cs, one has to wonder... how the fuck did we get here? This is wrong!!