Electronic Signatures and Encryption: Internal Controls for E-Commerce
As e-commerce evolves, businesses must maintain internal controls that ensure the integrity of information and the security of assets. The basic rules still apply: The cost of controls should be evaluated against the benefits that accrue to the business. Electronic signatures, which often incorporate encryption technology, provide the basis for many controls viewed as necessary in an electronic environment. Techniques that use some form of public key encryption along with private key (symmetric) encryption appear to provide control of the risks of authentication, nonrepudiation, and security where risks are greatest. Other controls may be more appropriate for environments involving lesser risks. The concepts of internal control are independent of any single technology, but the implementation of controls must embody changing technology. The Internet now allows business-critical information to be transmitted over an electronic medium. Often, documents require a signature that is reliable and verifiable and binding to both parties. Many of the traditional risks of business are changing, and entities are expected to control those risks. Accountants and auditors recognize that the purposes of internal control are to— provide cost-effective safeguards against unauthorized access to or use of assets, ensure that financial records and accounts are sufficiently reliable for reporting, and ascertain compliance with applicable laws and regulations.
The fundamental nature of internal control requires that controls are cost effective—even though benefits can be difficult to quantify. Although matching the best control to the risk of loss is often difficult, cost/benefit imperatives remain important in designing and evaluating the control process.
E-Commerce Factors
Although e-commerce can encompass a wide range of electronic transactions, the expected growth in consumer online sales from $4.5 billion in 1998 to $35 billion in 2002 provides a benchmark—nearly 700%—of expected growth for the entire sector. As a sign of the government’s position, on June 30, 2000, President Clinton signed the Electronic Signatures in Global and National Commerce Act, which provides that electronic records and related electronic signatures are not to be denied legal validity or enforceability merely because they are in electronic form.
Such explosive growth in electronic transactions will place a tremendous burden on control systems to assure the integrity of the transaction process. New risks have emerged, along with a demand for a reconsideration of available controls.
Risks
Conducting business in cyberspace entails the traditional risks of sales and contracting plus new risks unique to the electronic environment. Some risks result from the physical separation of customers from goods and services providers; other risks result from the lack of paper documentation. The following risks require closer consideration:
Authentication. Just as manual, handwritten signatures have traditionally proven authenticity, electronic signatures are used for the same purpose: to assure the approval of an authorized individual. Certain technologies used in electronic signatures can even offer higher levels of confidence than the handwritten signature; however, the further risks of nonrepudiation and security must also be addressed.
Nonrepudiation. It is imperative that neither party to a sale or contract can claim that the “agreement” is not what was agreed to. For example, the traditional contract law in the Statute of Frauds identifies situations in which a contract must be in writing to be enforceable. The common-law parol evidence rule provides that a written agreement dominates any preliminary, informal, or oral understanding. Although disputes can arise, the signed and dated copies of documents held by each party have traditionally provided evidence to judge the validity of conflicting claims. Given the appropriate use, electronic signature technology is capable of addressing this risk as well.
Security. Additionally, electronic storage and communications create security risks that are not independent of e-commerce issues. Risks of loss and interception are present during transmission over open networks. Stored digital messages must also be protected after they are received. Traditionally, written documents have been filed under the physical custody of the parties involved, and risk of disclosure was mitigated by the limited number of physical copies of documents. In today’s environment, copies of documents can be made and disseminated in an instant, and database and server environments often make sensitive information widely available.
Addressing the Risks
Technology offers various techniques to control each area of risk—authentication, nonrepudiation, and security—but no single control procedure is appropriate for all types of transactions, events, or contracts. A cost-benefit analysis should dictate the appropriate control for a given situation, while accepting that absolute control is prohibitively expensive and probably impossible.
The first step in determining the appropriate control for a given environment is to evaluate the specific risks associated with the assurances that can be provided. Although various environments can give rise to different concerns, the following provides a general risk spectrum of electronic communications, from greatest to least:
Transfer of funds
– Commitment to actions or contracts that may give rise to financial or legal liability
– Transactions involving information that may be subject to dispute
– Transactions involving restricted-access information
– Communications where privacy or confidentiality may be required
– Transactions where no funds are transferred, no financial or legal liability is incurred, and no privacy or confidentiality is required
– Communications where privacy or confidentiality is not required.
– More effective controls should be expected when financial considerations are concerned. The need for security in designing controls over the storage and access of information must also be considered. Various technologies provide for different levels of control at different costs. One size does not fit all.
Electronic Signature Technologies
Traditionally, a signature is any mark made with the intention of authenticating the marked document. Changes in technology have required a reconsideration of how to sign electronic documents. Rapid advancement of electronic signature technology implies a continual evaluation of related control methods. Two current categories of electronic signature technologies are the cryptographic and the noncryptographic.
The noncryptographic approaches are primarily designed to mitigate identification and authentication risks. Cryptographic methods, in some cases, provide the controls necessary to meet the risks of nonrepudiation and security.
Virtually all noncryptographic and some cryptographic technologies rely on the “shared secret” method: Only the parties to the transaction or communication know the shared secret. When the sender includes the shared secret, the receiver knows that it can only represent a communication from the sender. Thus, the communication can be considered “signed.”
Although the shared secret method has proved effective in many circumstances, the technique has a number of weaknesses:
– The parties must first have a prior relationship to establish the shared secret. In many cases this is inconvenient or impossible. This is true of typical contracts formed by consumers over the Internet or any open environment, such as a bidding process.
– The shared secret must remain known only to the two parties. Without face-to-face contact, establishing the validity of the provided shared secret is often difficult. Using an impersonated shared secret would be similar to forging a document.
– Certain cryptographic controls can control authentication as well as nonrepudiation and security risks. In general, a highly secure e-commerce implementation will combine both noncryptographic and cryptographic technologies, as described below.
Non-cryptographic Controls
Password or personal ID number (PIN). For years, passwords and PINs have been used to control access to information. The role of a PIN, however, is only that of authentication: The user provides a form of assurance that she is the authorized person.
This is a kind of a shared secret, as both parties must know a PIN prior to its use. Establishing and communicating a PIN can be a problem if the parties are physically separated. For example, most credit card companies will mail a PIN to the customer in a separate communication and require confirmation of receipt. Encrypting a PIN used over an open communication channel is usually essential so that it cannot be intercepted and learned by others.
Smart card. A smart card contains an embedded chip that can generate, store, or process data, facilitating various authentication technologies. For example, a user may be required to insert the smart card into a device and enter a PIN or provide a biometric identifier, after which security software in the device reads information directly from the card’s chip.
The smart card provides more control than simple shared secrets because an impersonator would need access to two items, not just one. The additional physical control component, called a token, is also generally costly. Good security requires that the smart card and the PIN be held separately.
Digitized signature. The digitized signature is a graphical image of a handwritten signature recorded by a digital pen and pad. The recipient uses specially designed software to compare the digitized representation of the entered signature with a stored copy of the signature. The digitized signature provides more reliable authentication than a PIN because the recording device and evaluation software not only compare the shape of the letters, but also biometric factors such as the timing of each pen stroke, its duration, and the pen pressure. Recognition software has proved more effective than the human eye at detecting a forged signature.
At first glance, this form of electronic signature appears well suited for authentication: It not only appears difficult to forge, it also maintains a familiar format. The digitized signature, however, is but another form of shared secret and has many of the same weaknesses. For example, a digital signature file sent electronically over an open network is subject to interception and duplication by third parties.
Biometrics. Individuals possess unique physical characteristics—such as voice patterns, fingerprints, and retina patterns—that can be converted into digital format and interpreted by a computer. The individual physical characteristic is measured (by a microphone, optical reader, or other device), converted into digital code, and then compared with a master copy of that characteristic stored in the computer beforehand. Biometric applications can provide very high levels of authentication, especially when the identifier is obtained in the presence of a third party. As with any shared secret, if the master digital file is compromised, impersonation becomes a serious risk. Therefore, just like PINs, such information should be sent over an open network only if encrypted.
Because biometrics offers strong control in certain environments, this technology will probably see more usage. Additionally, it raises certain privacy concerns related to the measurement and recording of an individual’s physical characteristics, and administrators will probably be called upon to provide privacy assurances.
Cryptographic Controls
Cryptography is the art and science of encoding messages to keep them secure; encryption is the process of disguising a message to hide its true meaning. Encryption software takes a readable message, called plaintext, and processes it with a key through a mathematical algorithm, called a cipher, to scramble the message into unreadable ciphertext. The ciphertext is transmitted to a receiver, who uses a key to decode the ciphertext back into readable plaintext. A key is a stream of bits of a set length created by a computer to encrypt or decrypt a message. In general, encryption uses a cipher or algorithm that is not held privately and a key that is held privately. The receiver of the ciphertext uses the algorithm and key to reverse the process. Private and public key encryption are the two types of encryption used today.
Private key encryption. In private key (symmetric) encryption, the sender signs a document and the receiver verifies the signature using a single key that is not known publicly and a cipher that is public. If Paul wants to send Sally an encrypted message, he uses a key to encode the message and transmits the message to Sally. Sally uses the same key to decode the message, and no other key will work. Because one key fills both functions and only Paul and Sally know the key, the message must have come from Paul.
The possibility that others may gain access to the key can undermine confidence in the authentication of the user’s identity. But if the key is kept private between the sender and recipient, then both security and authentication are preserved because any message can be understood only by someone who possesses the key.
The shared secret is not based on the cipher but on the key that must be used with the cipher to encode and decode the message. The ability to crack the key is related primarily to its length and the time it would take brute computer power to discover the key. Cracking a key of a given length would take approximately the following amount of time using today’s technology:
– 40 bits 3.5 hours
– 64 bits 30 days
– 128 bits 2,000 years
The most popular and widely used private-key cipher is the Data Encryption Standard (DES), the federal encryption standard established in 1977. A more secure variant of DES, called Triple DES (it contains 112- or 128-bit keys), is now in wide use in the private sector. DES, however, is soon to be replaced: In October 2000, after a three-year global competition, the U.S. Department of Commerce announced an encryption algorithm named Rijndael as the proposed new Advanced Encryption Standard (AES). If the AES development process proceeds as planned, the new standard should be completed during the summer of 2001. Rijndael will be unclassified, royalty-free, and publicly available for use and export anywhere in the world.
Public key (asymmetric) encryption. Unlike private key cryptography, public key cryptography uses a cipher with two different keys. The two keys are mathematically linked such that one key encrypts the message but cannot subsequently decrypt it. The second key decrypts the code and reveals the message. Additionally, the first key can decrypt only a message encrypted with the second key; the first key cannot be deduced by knowing the second, and vice versa.
The two-key set can be used to create electronic signatures as follows: The first key can be a signing key that is kept private and the second key can be a validation key available to the public. For example, Paul can encrypt a message to Sally using his private key that Sally can decrypt only with Paul’s public key. As long as the private signing key is kept privy only to Paul, the integrity of the process can be virtually assured and Sally knows that Paul has signed the message.
Every digital signature is unique to the document for which it was created, preventing a forger from digitally signing a document or substituting one document for another. As long as the receiving party can gain access to the public key, the authenticity objective can be met. As with symmetric key encryption, the length of the key dictates the strength of the protection. Given a key of sufficient length, public-key cryptography can provide protection similar to that of private-key techniques but without the drawbacks of the shared-secret method.
The Limitations of Public Key Cryptography
Although highly effective, public key cryptography has several operational shortcomings that must be overcome:
– Assurance that the public key is tied to the expected individual;
– The inefficiency of public key encryption; and
– Security issues.
It should be noted that just because a public key decrypts a message, that does not mean that the public key is that of the person it is claimed to represent. Anyone can make a public key available and claim that it is the key of another party. Current practice is to make the public key part of a digital certificate, a specialized electronic document provided by a certificate authority (CA), a trusted third party. (One example of a private CA is VeriSign Inc., which operates a CA service for web browsers and partnered with the AICPA to provide WebTrust security. VeriSign users are required to provide certain notarized business documents to obtain a VeriSign digital certificate. Other commercial CA services include GTE’s CyberTrust and IBM’s Net.Registry.) The CA investigates the identity of the party and maintains a protected record of its public key. The receiving party obtains the public key from the CA digital certificate. If the message can be decrypted using the certified public key, then the receiver can be confident that it is from the assumed party.
The second issue is the inefficiency of public key encryption. Whereas symmetric keys are typically short (40 or 128 bits), asymmetric key technology requires the keys to be long (over 1,000 bits), which makes sending and receiving long messages impractical.
One method for mitigating this problem is to create a “hash” from the original message and then encrypt the hash as a signature. Hashing is the process of creating a short string of characters, also called a “digest,” by mapping it from the original plaintext message. If the digitally signed message is changed, the hash also changes. The shorter message hash (perhaps 256 bits) is encrypted instead of the entire message (which might be 50,000 bits). The hash algorithm should be a one-way function, meaning that the message cannot be generated from the resulting hash. Once the message is received, the receiver recreates the hash bit string by applying the hashing algorithm to the message. The signed hash sent with the message is decrypted with the signer’s public key, resulting in the original, non-encrypted hash bit string that was sent. If the two should be identical, the message has come from the party bound to the public key.
Public key cryptography also provides for non-repudiation. As long as the receiver maintains the encrypted form of the message (or the message hash), the sender cannot repudiate its contents. Because the public key is publicly available, however, the message can be intercepted and read by anyone. Thus, fundamentally, public key electronic signatures provide for authentication and non-repudiation, but do not provide control for the security risk.
The third issue is extending public key cryptography to meet the security risk. The most popular technology used to secure retail e-commerce is secure socket layer (SSL). SSL is the security protocol that encrypts the order and credit card information sent to an e-commerce website. SSL uses a combination of private and public key encryption. The computers of the two parties use public key encryption techniques not only for authentication purposes but also to generate, encode, and send a secret private (symmetric) key to be used in sending the actual messages. This is the best of all worlds: Authentication can take place, subsequent communication can be done securely and efficiently, and risks of nonrepudiation can be mitigated.
Extensions to this technology are currently being developed. For example, messages will not only be securely sent, but they will be indelibly stamped with the time and date of the message. Automatic notification will be returned when the receiver opens an electronic message. This creates a return-receipt-requested type of assurance against the risk of nonrepudiation.
Legal Status of Electronic Signatures
On June 30, 2000, President Clinton signed into law the Electronic Signatures in Global and National Commerce Act (E-Signature Act). The law took effect on October 1, 2000. The act allows electronic signatures or documents to satisfy most existing legal requirements for written signatures, disclosures, or records. It does not, however, mean that all e-signatures and records are now automatically legally binding. In transactions involving interstate or global commerce, however any laws or regulations that require the use of signatures or written documents cannot be used to deny the validity or legality of the transaction merely because electronic records and signatures were used. The E-Signature Act overlays but does not affect the laws governing contracts or business transactions. If a signature must be notarized or made under oath, then a certifying official using an electronic signature can satisfy the requirement.
The new law makes several key exceptions for certain contracts and other records that must still be completed in writing and accompanied by a handwritten signature. These include wills, codicils, testamentary trusts, cancellation notices involving health and life insurance (other than annuities), family law documents (e.g., divorce decrees), court orders and notices, and default notices and foreclosure documents related to a person’s primary residence. The act also does not affect the writing requirement attached to records and documents governed by the Uniform Commercial Code, such as checks, drafts, certificates of deposit, notes, letters of credit, bulk transfers, warehouse receipts, and security interests in personal property. Nor does the new law affect the rights of holders of most securities against securities issuers.
In general, the law allows electronic signatures or documents to satisfy most existing legal requirements for written signatures but does not entirely eliminate risks related to electronic signatures and documents nor ensure their enforceability. Also, the act does not require any person to use an electronic signature.
The law sets forth certain conditions with regard to enforcement of electronic transactions. Where an existing law, such as the Statute of Frauds, mandates that a contract be in writing, the enforceability of the electronic record of such a contract requires that record to be capable of being retained and “accurately reproduced” for later reference. Another condition of enforcement is that any action taken electronically be attributable to the person to be bound, meaning that electronic systems must employ safeguards to ensure the identification of the parties.
The E-Signature Act anticipates the future use of varied digital, wireless, optical, and electromagnetic means for electronic signatures. The E-Signature Act also contains various consumer protection provisions. First, a consumer must have “affirmatively consented” to the use of electronic communication. In a “clear and conspicuous” statement, the consumer must be informed of the following before providing consent:
– The right to have a paper record of a transaction
– The right to withdraw the consent to have the record provided in electronic form
– The fact that consent applies only to a specific transaction
– The procedures required to obtain a copy of any electronic message and whether a fee will be charged for such a copy
– The procedures required to withdraw any consent provided
– The type of hardware and software needed to access and retain any electronic records.
– The law is written so as not to restrict or impinge upon existing consumer protection laws.
Controls Related to the Risks
The overall goal must be to use controls appropriate to the risks an organization typically faces. Transactions where either funds are transferred or repudiation is possible should be safeguarded using the strongest controls available. E-commerce transactions, for example, might call for a combination of encryption technologies. Transactions and communications where privacy is the primary concern might call for less secure, less expensive forms of control, such as passwords and PINs. Biometric controls, which are becoming more cost-efficient, could also be used to provide an additional layer of authentication. Finally, it should be considered that it might not be cost-effective to apply any form of control to certain nonfinancial, nonrestriced communications.
William Hillison, PhD, CMA, CPA, is the Arthur Andersen Professor of Accounting at Florida State University.
Carl Pacini, JD, PhD, CPA, is an assistant professor of accounting and business law at Florida Gulf Coast University.
David Sinason, PhD, CPA, is an associate professor of accounting at Northern Illinois University.