Digital Signatures: Philosophically Speaking

There is nothing magical about digital signatures. They are simply an electronic mark used to signify a promise and to cement faith in the document or transaction to which that promise is attached. Some day digital signatures will be as commonplace among CAD professionals as the human readable “wet stamp” is today. However it must also be said that, just as CAD did not make architects more creative, digital signature technology will not make engineers more trustworthy.

The technology to use digital signatures has been around for well over 20 years, and a wide variety of software tools exist today that make digital signatures easy to use on almost any platform. So why is the use of digital signatures not more widespread? Primarily because the utopian dream of a paperless world has yet to materialize.

So long as hardcopy on paper is regarded as the authentic “record” version of a document, digital signatures are virtually useless. Even if new buildings are designed completely in CAD, an architect’s digital signature simply won’t mean anything if downstream consumers of the building design require a paper blueprint. The true benefits of a paperless world simply can’t be realized until every link in the chain has joined the digital club. So long as even a single node on the distribution tree requires a human readable method of verifying authenticity, the architect is forced to use a handwritten wet signature on paper blueprints from the very start.

Handwritten signatures can be scanned into an electronic format, but then they lose their putative value because a digital facsimile is so easily reproduced. Therefore only original and unique handwritten wet signatures are trustworthy in a human readable form. Digital signatures do not translate to paper because they are not human readable. Therefore digital signatures only have value for a document in electronic form. This maxim is fundamental to a proper understanding of the emerging digital signature technology: digital data can only be securely signed by computers; and human readable documents can only be securely signed by humans.

I see many people in the CAD industry looking for a hybrid solution to this paper vs. digital dilemma by using a “digitized signature” (i.e. handwritten on paper, then scanned into electronic format) so that printed output contains this digitized signature. This cannot even remotely be considered a digital signature! There is simply no such thing as a secure printed digitized signature. Yes, you can digitally sign a document that has an embedded digitized signature, but once it is printed, that digitized signature is not worth the paper it’s printed on. Not only could that signature be stolen from the document and used maliciously, there is no way to tell from the signature alone whether or not it has already been stolen and used maliciously.

The only hybrid approach that is practical and legally sound is to use digital and wet signatures in parallel. Using an architect as an example, this would mean creating and disseminating two sets of signed documents: the CAD model of a building (perhaps converted into a common 2D format like PDF, DWFx, or XPS) with the architect’s digital signature and paper blueprints with the architect’s individually handwritten wet signature.

A number of companies claim to sell some sort of hybrid solution involving the creation of a secure digitized signature. This is simply capitalism — selling something useless just because there is a market for it. A digitized signature is only secure if it is never used. I’ve heard the rationalization that the digitized signature printed on paper meets a psychological need for people accustomed to seeing one, even if it has no legal value. In my opinion, such pandering borders on deception and serves only to further alienate digital signature technology from those who would benefit from it. This sort of abuse is typified by an emailed PDF file consisting of a scanned document with a handwritten signature. In such cases, checking the sender’s email address likely becomes the most reliable way to verify the document’s trustworthiness. Spam filters bear witness to the fact that the sender’s email address is the most important — and often only — criteria we use in determining the level of trust to place in emailed documents. This is an important point to keep in mind.

The act of applying a digital signature requires the use of a secure private encryption key, but the digital signature alone does not provide security in any way. Digitally signing a document does not prevent it from being modified or stolen. In that respect it is no different than a handwritten wet signature. However, unlike a wet signature that cannot be easily duplicated, a digital signature does not prevent a signed document from being copied. This does not make digital signatures inferior. On the contrary, making copies is necessary and commonplace in the digital world, so the fact that exact copies of digitally signed documents are still trustworthy is a huge benefit over handwritten signatures.

There are other notable differences between a digital signature and a handwritten signature. Digital signatures can be time-stamped, thus providing reliable evidence that a document was signed on or before a certain time. A disadvantage of digital signatures is that they are only as reliable as the digital ID used to create them. To combat this problem, a public clearinghouse of compromised digital IDs must be maintained, and auditing systems must be in place to immediately detect and report suspicious activity. Time stamped digital signatures created before a digital ID is compromised can be easily and certainly distinguished from compromised signatures if properly designed and competently managed infrastructure is in place. This is necessary to ensure that previously existing digital signatures survive a compromising event.

In conclusion, adequate technical solutions and time tested safeguards already exist for successfully using digital signatures in a professional environment, but digital consumers still need to learn how to work within the limitations of the technology. Building an acceptable comfort level with a technology that must by its nature completely replace something as significant and culturally ingrained as the handwritten signature will not be easy or quick, but it is inevitable.


I’ve heard the word “brutal” used more than once during conversations with Autodesk employees about the Autodesk sponsored discussion groups. It’s true that raw unfiltered feedback can be brutal, and it can also hurt your ego if you happen to be the target of criticism. The trick is to learn how to interpret the feedback. If you can master that skill, that raw feedback is a fast, unbiased, low noise-to-signal-ratio predictor of the future.

I’ve seen many recognizable Autodesk names come and go since the days of Autodesk’s original online discussion group, the CompuServe ACAD forum. Oftentimes, they came espousing the virtues of such a vibrant community, only to wilt away after they got singed a few times in the inevitable flame wars. Some Autodesk names (Art Cooney comes to mind) have been around forever, and still take it all in stride. Personally, I view the discussion groups as one of Autodesk’s biggest competitive advantages, even while they go largely untapped.

This week saw too issues erupt into what could fairly be termed brutal feedback. The first was caused by the Autodesk University registration site failing under the load of opening day registration. Several threads (“Dear Carl Bass” and “AU2007 Registration is now open!!!”) called Autodesk to the carpet for blowing it again, after a similar fiasco in 2006.

The second event occurred when AutoCAD product manager Eric Stover announced a new “bonus” tool called CommandComplete. I pity the poor guy or gal that wrote this tool (on their own time, I’m sure), all excited to see how it is received, only to become the victim of a flame war. Okay, not really a flame war in this case because Eric employed his finely tuned flame retardant diplomacy skills to prevent it from getting out of hand — so let’s just call it a “venomous reaction”.

There is a moral to this story. Some companies would kill to have access to this kind of critical, unfiltered, instantaneous feedback from the unwashed masses. I hope Autodesk recognizes the goose that lays the golden egg.

Rational Ignorance

Reading the discussion about the reluctance to move to 3D/BIM in the latest issue of upFront.eZine reminded me of the principle of rational ignorance. The principle of rational ignorance applies when the perceived cost of obtaining knowledge is greater than the perceived benefit. It’s a bit of a chicken-and-egg scenario, where individuals rationalize their decision to remain ignorant based on their perception of the (lack of) benefit in the very thing they are ignorant about.

It is interesting to think about the 2D to 3D paradigm shift in terms of shifting the balance in the rational ignorance equation. I think there’s also another principle at work here: Newton’s Third Law. The harder the collective movers and shakers try to push, the harder the end users resist. Maybe if the software companies stopped pushing so hard, the shift would occur naturally with much less resistance.

By the way, I noticed a familiar theme in the upFront eZine discussion: those resistant to the paradigm shift lament the lost art of drafting and fail to believe that the new paradigm no longer needs artisans. Obviously there are other factors at work here — factors over which no amount of logic will prevail.

Egyptian Pyramid Scheme

Deelip Menezes asks what got me started on lamenting the sad state of the CAD industry in my previous post. Good question.

It all started with a Fox News story about a French architect’s claim to have solved the “Pyramid Secret”:,2933,262981,00.html. The article links to Dassault Systemes’ web site: My snake oil alarm went off when I saw the site. I’ll admit I didn’t read it, but it looks like a slick marketing ploy. I was irritated that I fell for it. It reminded me of how insideous and incestuous this industry has become, now reaching out to mainstream media in search of new victims.