When Mark Bender, CIO of Williams Communications, first examined the tangled web of communications within the Tulsa, Okla.-based company, he hoped to find a technology to ease the confusion. But because much of the company\u2019s correspondence consisted of sensitive documents\u2014from employee time sheets and performance reviews to contracts and agreements with customers and other companies\u2014a technical solution seemed impossible."All these items required physical signatures to ensure their accuracy, integrity and validity," says Bender. "But gathering those signatures meant lots of paper, slow cycles and a real loss of efficiency within the company."Then Bender discovered electronic signatures\u2014a technology that allows digital documents to be "signed," keeping them valid and secure while retaining the efficiency of electronic storage and transmission. Soon after, Bender and his staff implemented two pieces of electronic signature technology\u2014ApproveIt from Silanis Technology and a form of public-key infrastructure technology from Entrust Technologies. The technology not only helped alleviate the company\u2019s paper-generated internal struggles; it also paved the way for faster and easier e-commerce interactions with customers and business partners.Sign on the LineThe phrase "electronic signature technology" can generate some confusion, as the terms digital signature and electronic signature are often used interchangeably. In fact, they are two quite different things. Electronic signatures refer to the broader, overall category of e-signature technologies, which don\u2019t necessarily have to be based on cryptography (encoding). Instead, they may be based on biometrics (reading fingerprints or voices) or the digitization of a regular, handwritten signature. A subset of electronic signatures\u2014digital signatures\u2014uses cryptography to convert data into a secret code for transmission over a public network. These technologies are often considered the most secure and reliable form of electronic signature because they use public-key infrastructure technologies to ensure that the electronic message has not been altered during transmission.Say you wanted to draft and complete a contract with a customer using a digital signature. To do so, you\u2019d first have to acquire a digital certificate\u2014the electronic equivalent of an ID card. Several companies, including VeriSign and Entrust Technologies, are licensed to issue such certificates. Once you sign up, the provider transmits the certificate to your computer. You also receive two digital keys\u2014one private and one public. To sign a document, you enter a password or PIN and affix your electronic signature\u2014the private key\u2014to the document. The person or company receiving your document would then use the public key to unlock your certificate and verify that the signature is valid. Once confirmed, they could sign the document using their own digital tools and return it to you. Throughout the process, the software documents the date and time of each signing, while built-in security measures ensure that the documents haven\u2019t been altered anywhere along the process.A Changing LandscapeIt sounds like a fine solution to a significant problem, but there was an issue: Where a manually signed document carried force of law behind it, digital signatures often weren\u2019t worth the virtual paper they were written on. That all changed this June, when Congress passed the Electronic Signatures in Global and National Commerce Act. The act, which became effective Oct. 1, makes digitally signed electronic agreements as legally valid as hand-signed, printed documents. Proponents say the bill will mean significant increases in the number of companies employing digital-signature technology."It\u2019s a tremendously important piece of legislation in that it mandates that electronic signatures can be accepted with just as much importance as paper and ink signatures," says James Van Dyke, senior analyst with New York City-based Jupiter Communications, an Internet research and advisory company. "It will give businesses more confidence in implementing electronic signature technology."Though some companies have already begun using electronic signatures and 40 states had passed their own electronic signature laws, the lack of federal guidelines had, until now, served to deter the majority of businesses from implementation. But with the new law in place, companies are likely to put aside their reservations. In fact, according to an IDC (sister company to CIO\u2019s publisher, CXO Media) report, the public-key infrastructure market will grow rapidly over the coming years, expanding from $132.2 million in 1999 to $431.2 million by 2003.Increased use of digital signature technology is expected to generate a boom for e-commerce, particularly the B2B kind, where millions of transactions, contracts and agreements take place every day. Ways and MeansThe new federal electronic signature bill specifies the use of electronic signatures, not just digital signatures, so that companies will have a degree of flexibility with the type of technology they use. And they will have choices. Three categories currently serve the electronic signature market. The first category\u2014which includes Entrust Technologies, Litronic and VeriSign\u2014provides digital certificates. The second group\u2014including eOriginal, iLumin and signOnline\u2014sells software and other infrastructure required for electronic signature transactions to take place. The third category\u2014which includes DataKey and OS Crypto\u2014sells hardware such as smart cards, fingerprint scanners and retina-scanning devices designed to add a biometric element of safety to electronic signature transactions. There are several ways a business can implement electronic signature technology. One of the most basic is within the company\u2019s e-mail program. In this manner the massive amounts of information associated with personnel matters, such as benefits, could be posted to an intranet. Employees could then use digital certificates to direct changes to their 401(k) plans, dental or medical coverage, personnel records and so on. Companies can also extend digital signatures outside corporate walls. Using an extranet, a company could set up electronic signatures with its business partners, suppliers or buyers, allowing those parties to order materials, goods and services securely online without the hassle of sending paper documents back and forth via fax or FedEx.Ultimately, the concept will likely extend to business-to-consumer transactions as well, though this area looks likely to proceed more slowly. "On the business-to-consumer side, the issue of case law and precedent will be more important," says Van Dyke. "Because businesses no longer have to send paperwork to their customers under this law, it is perceived as taking a lot of power out of consumers\u2019 hands. Privacy groups and consumer rights groups are going to be very active when it comes to this topic, and businesses will proceed with caution."Potential DownfallsPrivacy issues aren\u2019t the only hurdle. Private keys, for instance, need to be protected in order to work. If stored on a computer\u2019s hard drive, it\u2019s not that difficult for an unauthorized party to gain access to a key. "If I\u2019m a night janitor working at your business and I see your password, I can claim to be you, making me suddenly much more effective at committing fraud," says Van Dyke. "In the long run, this will make obvious the needs for other types of authentication down to a personal level." Such authentication would likely include biometric identifiers like fingerprints or retina scans, which require additional infrastructure to implement. "Things like smart cards that can be used to store your private key and essentially be as secure as your credit card are one of the missing pieces," says John Pescatore, vice president of Internet security at Stamford, Conn.-based Gartner Group. "Portability is another issue. In the world of physical signatures, pens are very portable. A private key that\u2019s stored on a hard drive is not."Another issue of concern involves the interoperability of multiple key technologies and the question of how electronic signatures will integrate with digital signatures. The language of the e-sign bill reflects a concern that government policies could bog down the development of the technology. Therefore the issue of standards was left open. The U.S. Department of Commerce, however, is charged with coming back within 180 days to give recommendations on how the harmonization of electronic signature technology might be achieved on a global basis. Until then, incompatibilities are likely to emerge. "The passing of the bill generated a lot of interest among software vendors, several of whom are coming out with new products," said Van Dyke. "That may mean more proprietary systems out there and more software incompatibilities."But to Williams\u2019 Bender, the advantages so far have already outweighed the risks. "It\u2019s reducing our costs and increasing our efficiencies," he says. "What used to take days due to snail mail and paper shuffling now takes virtually minutes."