It's a legal acceptance problem - and everyone KNOWS docusign and friends and understands how they're admissible. Anything else would have to compete with that and people would be suspicious of it for a long time.
The best way for something like LE for docusign to start would be via a government office of some sort.
We may be saying the same thing, but just to clarify / put another way: it's a legal compliance problem. DocuSign is admissible (in the US) because it adheres to the state and Federal regulations that have been passed which carefully enumerate the requirements of legally acceptable digitally signed documents, for example: https://en.wikipedia.org/wiki/Electronic_Signatures_in_Globa...
It's lower risk in a corporation with a lot to lose to say, here's this implementation that we know is compliant, than to say, we made our own or used an obscure one and we think it is. Corporate politics will usually encourage decision makers to go with the former.
I believe that Docusign helped to draft parts of that legislation. They are a deeply entrenched player that has made regulatory capture part of their strategy. Disrupting them will be hard to impossible for that reason alone.
I have a lot of experience implementing software for a heavily regulated industry. The first challenge is, because of the legal architecture -- go study and diff the legal code for each of the 50 states to implement a tool like this, also, track all the updates to those laws.
I wouldn't be surprised by DocuSign's involvement as you describe, we have the same corruption in every industry, justified always by the same excuse "They're the experts! Who else would we (congress) ask?" I don't believe the ignorance of the massive conflict of interest in this approach is a coincidence but I digress.
Also remember that the way DocuSign works it is the company paying for it, not the people signing. That makes it even harder to disrupt, because the "great majority of users" are used to the DocuSign workflow and aren't paying and have no incentive to change.
And while I'm sure DocuSign is a very profitable product line, I also suspect that for many companies that use it (like financial firms) its cost is somewhere around their paper clip budget.
Yep. My first few mortgages involved getting all the right people in a room together at the same time and signing hundreds of documents, the last two were some websites and clicking.
The amount of time not lost having people watch me perform magic with the pen must have saved way more than DocuSign cost.
I was seeing a discussion the other week about automation and someone was saying that, as a consumer, not that much has really been automated. We still need a person to clean the house, do the yardwork, cook (yes you can get meal delivery but again in urban areas that's not new), etc. Even if we do have major appliances they're pretty similar to what we've had for decades.
While that's true, it probably leaves out a lot of tasks that involved writing checks, running errands, going to various offices to sign things, etc. that have been, if not entirely eliminated, certainly cut back on.
Yeah a lot of the "monthly" consumer tasks have slowly been eliminated, almost imperceptibly. You used to have to pay bills by check and balance a checkbook monthly; those are all gone.
Presumably there's a irreducible amount of Extended Validation involved in qualifying as such a CA, though, no? Which would be the GP's point — you can't have a fleet of thousands of machines where each one individually, automatically, and anonymously registers to become its own signing CA.
If the target is legal recognition then you need to store your legally-recognized name and need to do what patio11 calls a hybrid system - part-offline, part-online verification. Also, IIRC there's a free government CA in Estonia that can sign documents, but of course you need to trust that Estonia is both not malicious and not incompetent.
So much this. Adobe Sign (available with the free Adobe Reader) for example offers a self sign solution. Organisations can issue their own certificates and use Adobe Reader’s certificate signing feature if you do not want to use a paid service like Docusign.
Essentially all validation/verification is some tradeoff between:
1. convenience
2. certainty that someone is who you think they are and they meant to give their approval
3. a "paper" trail
4. And the consequences if you make the wrong call on 2.
For many, but not all purposes, Docusign (plus SMS in many cases to get a code) replaces a lot of fairly routine paper shuffling. It also depends on what a given, often financial, organization has deemed acceptable risk.
It's a legal acceptance problem - and everyone KNOWS docusign and friends and understands how they're admissible. Anything else would have to compete with that and people would be suspicious of it for a long time.
The best way for something like LE for docusign to start would be via a government office of some sort.