The Peculiar Endurance of the Physical

Why Do We Still Have to Print out Forms, Sign Them, and Scan Them Back In?

Zócalo’s editors are highlighting some of our favorite pieces from the archive. This week: Cybersecurity scholar Josephine Wolff explains why the physical, handwritten signature endures even though few transactions actually require it.

Last summer, an exhibit at the Guggenheim—“The End of Signature” by Polish artist Agnieszka Kurant—used a mechanical autopen to produce identical signatures every 30 seconds. The artwork was inspired by the “decline of handwriting and the dominance of keystrokes and digital communication” and, indeed, there’s no doubt that all our lives involve much more typing and much less long-hand writing than they once would have. But as for the end of the signature—well, we still seem to be an awfully long way from that.

I sign my name constantly: when I make credit card purchases, when I write checks, when I agree to contracts or leases, when I file my taxes, when I check in to hotels, when I receive packages. Admittedly, some of these signatures involve trying to use my index finger or an unwieldy plastic stylus to produce a signature on a screen, rather than the traditional pen and paper—but the fundamental process of producing my name by hand, in writing, is essentially the same.

You have probably, at some point in the not too distant past, found yourself scrambling to find a printer and scanner to return some important paperwork—and you have probably found yourself crying out to the computer gods, “Isn’t there a better way?” And yet the tyranny of the physical signature endures, long after we’ve stopped having to go into banks for every transaction or pay our bills by mail. Technology has given us so much and yet, in this seemingly very simple domain, it seems to have made life harder rather than easier, turning the straightforward process of writing down your name into a three-step, multiple-technology ordeal of printing, signing, and scanning (to say nothing of shredding, if you’re dealing with a sensitive form or contract).

“About 20 years ago, people thought digital signatures would replace the physical signature,” Ronald Mann, a law professor at Columbia University, told me. “Technologically, digital signatures are really interesting, but it’s been very difficult to make that transition.” The challenges of moving away from physical signatures arise largely from social conventions, and our inability to understand exactly what digital signatures are, and what it means to affix one to a document or file.

Very few transactions actually require physical, handwritten signatures anymore besides the sale of land and real estate, Mann said. If you don’t sign a credit card slip for a purchase, for instance, it doesn’t mean you haven’t agreed to pay—you’ve already made that agreement just by handing over your card. So you’re usually just wasting your time if you sign your name to buy groceries or houseplants (or any of the few things left in life you don’t buy online, where you never have to provide a signature anyway).

… the physical signature seems to be an increasingly worthless tool for authenticating people’s identities, as we do more and more signing with fingers and screens and end up with a result bearing little resemblance to our pen-and-paper signatures.

Admittedly, it takes just seconds to sign your name (though the process of printing, signing, and scanning forms can take quite a bit longer than that) so the loss of time isn’t a huge concern. Perhaps more worrying than that, though, is that all these signatures leave us with the misguided sense that signing your name is somehow meaningful, that it represents an agreement, an acceptance, an authorization when, in fact, most of the time that final, physical step is entirely unnecessary and, indeed, irrelevant.

“The signature used to be important, but it just doesn’t play much of a role any more. It remains commonplace because of tradition,” Mann said of signatures authorizing purchases. “It’s always been the way that people have formally signaled their willingness to create a binding obligation, and we don’t really have an effective alternative or replacement.”

The clear candidate for replacement would seem to be the digital signature, but the name is slightly misleading in suggesting how easy that transition should be. Digital signatures are not just the strict equivalent of physical signatures for the computing age—not the italicized cursive fonts that your name is rendered in when you sign some online contracts, for instance (a strange artifact of trying to make sense of signatures, especially since my own handwriting has never resembled Lucida Handwriting).

A digital signature involves encrypting data in a way that could have been done only by you or someone holding your private encryption key. If you receive, say, an email message with the sender’s verified digital signature, then you know it must have been sent by that person (or by someone who has stolen their encryption key). That signature is specific to the message it accompanies and cannot be easily copied or attached to another message. This makes it much harder to effectively forge emails from people who digitally sign their emails, not that there are many of them.

The foretold transition to relying on digital signatures was plagued by the challenges of trying to define what, exactly, constituted a signature and when people recognized what they were doing as a form of signing. “It’s easier to tell whether what someone did was intended to be a signature when you’re dealing with physical signatures,” Mann said of digital signatures. “When we say a document is binding on somebody if they sign it, we all recognize what that means. If you say it’s valid if someone signs it digitally, then no one knows what that means.”

This confusion about what digital signatures mean seems like something we should be able to work out. And if we could just get over that hump, the rewards could be considerable; not only do they eliminate all the misery of printing and scanning, but digital signatures are vastly superior to physical ones. The fact that you need to steal someone’s private encryption key to forge a digital signature also gives digital signatures a leg up on their physical counterparts, since just about anyone can sign my name relatively convincingly, especially if they’ve seen my signature before. In fact, the physical signature seems to be an increasingly worthless tool for authenticating people’s identities, as we do more and more signing with fingers and screens and end up with a result bearing little resemblance to our pen-and-paper signatures.

There are some possible replacements on the horizon, at least when it comes to authorizing credit card purchases. Chip-and-PIN technologies that ask people to input a numerical personal identification number instead of a signature to complete a purchase have been slow to reach the United States but are already in use in much of Europe and Australia. (Entering a PIN is not a digital signature as we typically think of them, but using PINs to authenticate has a little bit in common with digital signatures since it is, essentially, another means of using a secret number that only you know to prove your identity.)

Digital signatures have been hugely important for securing the web, and many of the sites you visit (I hope!) are cryptographically “signed” to verify that they actually are the site they claim to be. But when it comes to issuing and using personal digital signatures for individuals, rather than websites, things have moved much more slowly. That’s partly because the process of setting up a digital signature can be somewhat unwieldy and onerous—if you want to apply digital signatures to your emails, for instance, you’ll have to look up the appropriate steps that correspond to your email program, and you may soon find yourself yearning for the days of printing and scanning.

It’s easy to muddle talk of digital signatures with physical signatures and lose sight of the fact that they are, in many ways, profoundly different things and not every physical signature warrants a digital replacement. For a lot of the more vestigial, legally meaningless physical signatures that linger on in modern life, substituting a digital signature is probably unnecessary—we could just resort to typing our names (in one of those handwriting fonts, if you insist) or doing away with them altogether.

Signatures have long since lost much of their symbolic value as a means of proving someone’s identity or a lasting memento of an encounter with a celebrity (or, as Paris Hilton put it during a guest appearance on the television show The O.C., which I definitely don’t remember at all from high school, “Camera phones are the autograph of the 21st century”—the twin mentions of Paris Hilton and “camera phones” making that possibly the most dated reference possible to the technological innovation of the 21st century). We care very little about other people’s signatures these days, and perhaps even less about our own, scribbling it mindlessly day after day even though it confers no real authority to approve purchases or agreements, even though no one cares what it looks like or whether it matches the signature on the back of your credit card or whether it’s really you.

In that regard, the end of the signature actually happened a while ago—and we’re all just in denial.

Josephine Wolff is an assistant professor of public policy and computing security at Rochester Institute of Technology and a faculty associate at the Harvard Berkman Center for Internet and Society.
Primary Editor: Torie Bosch | Secondary Editor: Sara Catania


Send A Letter To the Editors

    Please tell us your thoughts. Include your name and daytime phone number, and a link to the article you’re responding to. We may edit your letter for length and clarity and publish it on our site.

    (Optional) Attach an image to your letter. Jpeg, PNG or GIF accepted, 1MB maximum.