[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Legal signatures ramifications

To: liblicense-l@lists.yale.edu, jrnk@sybopsys.com
Subject: Re: Legal signatures ramifications
From: Mark McFarland <m.mcfarland@mail.utexas.edu>
Date: Wed, 16 Feb 2000 13:31:44 EST
Reply-To: liblicense-l@lists.yale.edu
Sender: owner-liblicense-l@lists.yale.edu

> -----Original Message-----
>
> I'd adore it if anyone could give me insight on the following dilemma.
>
> Our Legal department wants to put all of their contracts online for easier
> searching and so they don't have to fax them to our salespeople. They are
> scanning in signed contracts, as the salespeople need the signatures to
> show customers.

No doubt others are testing these same waters (various business/legal folks in
UTx System schools have been thinking about these issues for several years
now)....but, from a technology angle their are solutions.  "Information
security" and "digital rights managemment" needs are giving rise to new
product offerings in the marketplace.  All of us will likely need to learn
more about something called  Public Key Infrastructure (PKI).  A company
called Verisign (www.verisign.com) has been in the business of selling the
kinds of solutions you need to securely implement your contracts project.
Verisign's website provides good documentation and background on this.
Setting up a PKI is an important part of the emerging e-commerce craze and
would include methods of protecting the kind of information you refer to.

I'm also sending the url ( http://www.uth.tmc.edu/xorgs/utspki/  ) for a set
of pages created by Dr. Bill Weems (UT Health Science Center at Houston) that
provides an overview and links for background information and specifics on the
topic of implementing a PKI for use among Univ. of Texas System schools..

The basic idea is that various business/official entities have a need to share
sensitive/private/confidential information and wish to do so over the Web.
Since the Web is a very open environment these entities must take steps to
impose security.  This means using deploying special technologies that make
use of  encryption and "digital" signatures to protect information as it moves
through various routers and hosts on the net .  The way it would work is that
you would create a pdf file of your contract.  You would then "sign" that file
digitally (using a function built into Acrobat) and also lock that file.  The
file could then be sent (encrypted) to others.  Recipients would use the
senders public key to decrypt the

>From  my angle (head of Digital Library Services at UT Austin) we would like
to be able to use a PKI to provide access with the databases we license from
publishers.  Since validation by IP address is such a poor way to handle
authorization (for many reasons) we are looking for a method that would not
rely on something so easily stolen as an IP address.  The successful
implementation of a PKI would mean that our campus authorities had assigned
our users a digital identification "card"  that could be presented to vendor
systems and validated (through their PKI)  for access to databases.

Adobe's new product is called Adobe PDF Merchent - and they build PKI
concepts/techniques into their Digital Rights Management (DRM) product.

Anyway, I apologize for this long message -but, this is something that we are
dealing with from several angles.

Mark

Mark McFarland
Digital Library Services
University of Texas at Austin
512-495-4358   m.mcfarland@mail.utexas.edu


> However, they don't want anyone to be able to alter these contracts.
> Apparently, by federal law, any facsimile of a contract with signatures is
> still a legal contract, and we could be held liable for someone who has a
> copy and somehow changes it.
>
> We are scanning the contracts into Acrobat, putting them into a document
> management system, and preventing anyone from saving a copy and changing
> it on their desktop without a password (they have to be able to print to
> take a copy to customers).
>
> Of course, there is still always the opportunity to do a screen shot when
> viewing, or print a copy out, scan it in, and edit it on the desktop
> somehow. These possibilities are frightening our legal department into
> abandoning putting contracts on line. They realize they face the same
> possibilities when faxing contracts to the sales people, but it's on a
> much smaller scale since not all the contracts are easily obtainable that
> way.
>
> Has anyone else faced such a situation? How did you resolve it? Does
> anyone have contracts on line in their systems? Does anyone know of any
> changes to the law that might protect a company in these situations?
>
> Any help is appreciated.
>
> Janet Kaul, Corporate Knowledge Librarian, jmk@synopsys.com
>
> ------------- End Forwarded Message -------------

Prev by Date: Re: Legal signatures ramifications
Next by Date: E-Book Award of Possible Interest
Prev by thread: Re: Legal signatures ramifications
Next by thread: RE: Legal signatures ramifications
Index(es):
- Date
- Thread