Search
Join   |   Contact Us   |   Sign In
Community Search
Latest News/Digital Signature
Share |

Is your digital signature ethical?

 By Peter McConaughy, P.E.

 

Posted March 20, 2019

Digital signatures have become commonplace and are sometimes an expected part of doing business in today’s electronic landscape.  There are many different signature options available, with a variety of security levels.  Some of these options could leave professional engineers exposed to risks of fraud and compromised ethics.

For years engineers have been required to take professional responsibility for the documents we issue by affixing our professional seal and original signature.  In September of 2015, the Maryland Department of Labor, Licensing and Regulation (DLLR) expanded the definition of “original signature” to allow the option of using either a traditional handwritten/wet signature or a digital signature that meets certain requirements.  The regulations do not mandate the use of digital signatures.  However, as more jurisdictions move toward paperless permit applications, engineers will increasingly be required to issue and sign their documents digitally.   


The concept of best practices for digital signatures has been influenced to some extent by the electronic signatures popular in the real estate, legal, and business communities.  In those contexts, an electronic signature does not require identity verification because all the parties to the contract are known to each other.  Such electronic signatures (including self-verified signatures) offer minimal security and are available at comparatively low cost. 


By contrast, an engineer’s signature is relied upon not only by those involved in the project, but also by many who do not personally know the engineer.  For this reason, the DLLR regulation requires an engineer’s signature to provide assurances both that the engineer personally signed the document (“non-repudiation”) and also that the document has not been modified since that signing (“tamper proofing”). 


Non-repudiation requires that the signature remain under the engineer’s exclusive control, and that he was positively identified with sufficient certainty that he cannot later deny the signing. Third-party verification of the signer’s identity (by the authority issuing certificate) is paramount for a design professional’s digital signature. 


Tamper proofing is typically provided using Public Key Infrastructure (PKI) technology to “lock” the document with a specially encrypted hash.  The hash is evaluated every time the document is opened in a standard .PDF viewer, and if any data was changed, the signature will be deemed invalid and the .PDF viewer will display a warning to that effect. Non-PKI signatures are acceptable if they provide adequate non-repudiation and tamper-proofing, but most of the software currently being implemented by permit offices is designed around PKI technology. 


The prospect of rethinking the way we issue documents electronically can give rise to subtle but significant ethical challenges.  For example, consider the following statements:


1. “If someone forges my digital signature, they are committing fraud and should go to jail.”  This might be a true statement, but that fraud may only be exposed after catastrophic loss or great harm to the public whose safety and welfare we are ethically bound to protect. NSPE Code of Ethics I.1 states that engineers shall “hold paramount the safety, health, and welfare of the public.”  II.1.d states: “Engineers shall not permit the use of their name . . .in fraudulent or dishonest enterprise.” And II.1.e states: “Engineers shall not aid or abet the unlawful practice of engineering by a person or firm.” The wrong actions of another do not excuse an engineer from safeguarding his/her digital signature.


2. “My clients accept my current electronic signature, so I am going to keep doing what I’m doing until someone tells me I have to change.”  Acceptance of our document does not make the electronic signature acceptable.  Engineers have an ethical obligation to uphold the law, including the licensure requirements and other regulations set forth in COMAR. NSPE Code of Ethics I.6 states that engineers shall “conduct themselves honorably, responsibly, ethically, and lawfully so as to enhance the honor, reputation and usefulness of the profession.”  To knowingly disregard the regulations of licensure constitutes a significant ethical violation.  


3. “I can save time and money by using the same electronic signature I used when I bought my last house.  If it works for my realtor, it should work for me.” Simply stated, acceptable professional standards for realtors (or other professionals) don’t necessarily match standards for professional engineers. NSPE Code of Ethics III.1.e states that “engineers shall not promote their own interest at the expense of the dignity and integrity of the profession.” While it may seem like a minor transgression, failing to execute a proper digital signature could violate that section of the code. Sloppiness or laziness in our handling of our digital signature is not only professionally irresponsible, it also undermines the dignity of the engineering profession and erodes the public respect for the services we provide.   


As engineers, we need to carefully protect the public confidence in the important services we offer.  This includes managing our professional signature (be it wet ink or digital) in a way that guards it from misuse and satisfies the legal requirements set forth by our licensing authorities.  If we recognize these challenges as primarily ethical issues and respond to them accordingly, we will undergird the respect with which we are viewed by the general public and safeguard the honor of the engineering industry. 

 

 

 

Become a Member

 

Featured Members

Online Surveys
Membership Software Powered by YourMembership  ::  Legal