Digital signatures have been accepted in law for almost 20 years, but the underlying technology has rapidly evolved to the point where we can now do things that historically, real signatures never could. Traditional digital signatures are limited in their ability to confirm a person’s identity or credentials, and while accepted in most business scenario’s run into trouble when customers are required to apply them to more sensitive documents such as wills, powers of attorneys, or compliance documents.
When a paper document requires extra care, we can turn to additional actions such as witnessing, notarization, commissioning, and custodial services to ensure the integrity of a document and a link to its signatories. That’s harder to do with digital documents which can be edited, replicated, falsified, or even hacked without the knowledge of the signatories. Recent developments in both blockchain and digital identity are now giving lawyers the ability the better tether a person to their digital documents all while providing a more discrete option when it comes to data privacy.
Digital signatures can solve some of that by providing audit trails detailing when the document was accessed or edited, in some cases. These signatures work on a cloud-based infrastructure that leads to some limitations in regards to customer privacy, in order to certify these documents a digital company needs to be able to read that document. That should be a non-starter for lawyers signing sensitive documents
That’s where Verifiable Credentials become useful. A verifiable credential is a new development that is making it safer for lawyers, financial institutions, governments, and their respective customers to sign documents digitally. At its core, a verifiable credential is an issuer-produced, but entirely user-controlled piece of data that confirms information about the user. The issuer starts by verifying information submitted by the user, perhaps that’s a scan of a driver’s license, a biometric (or both), or even a professional credential. Once the issuer verifies that the user’s information is accurate, they issue a credential to the user which can then be freely and repeatedly applied anywhere they please with the confidence that information can always be checked.
To illustrate an example of this let’s use some characters:
The fundamental difference between a digital signature and a VC is that credentials are built on a blockchain as opposed to traditional cloud-based infrastructure. This gives VC’s an upper hand in three big ways
Documents signed with a verifiable credential do not need to be read by the issuer of the credential. When a document is signed via a digital signature the cryptography involved requires that document to be accessed by the digital signature software. A verifiable credential only needs to certify the event, not the document in order to prove the document’s validity, allowing for greater control over the signatory's privacy. This means that the only people who know what’s in your document are you, it’s signatories, and anyone you choose to share it with
When a document is signed using a verifiable credential the references to that signature are stored on a blockchain instead of a cloud-based environment. A blockchain works by storing the hash (the references to the signature) on multiple computers, anonymously. All of the computers must be in consensus in order to validate a signature, which makes a document tamper-proof since there are, in essence, tens, hundreds, or even thousands of computers that “witnessed” the event. Any tampering would break the chain, and invalidate the “new copy” of the document, ensuring the integrity of the original.
Perhaps the most important aspect of a verifiable credential is that it can be verified anytime, by anyone you or your client chooses to share it with. Making them indisputable for compliance purposes. Let’s take for example a statutory declaration of assets, used in due diligence on a mortgage. The document can be signed in the lawyer's office (or video conference) between the lawyer and the signatory and can then be presented to a bank, auditor, or any other third party who has the ability to confirm that the document was signed legitimately by checking the references on the blockchain. This allows financial institutions to be satisfied for compliance reasons, border agents to check notarized documents, or other parties to ascertain the authenticity of the signatories.
Verifiable Credentials have more applications than just signatures, they are currently being used to determine the authenticity of notary and commissioners’ seals, COVID vaccination information, university degrees, and government credentials such as driver's licenses, health cards, and other identification. They allow users to easily share verifiable information about themselves without having to disclose additional information that may not be necessary. Imagine being pulled over for a driving infraction. Traditionally one would have to produce their driver’s license, however that license that information that isn’t pertinent to the officer. They don’t need your height, or eye color, simply the certification that you are eligible to drive. With a Verifiable Credential, the user can provide just the important information, without having to disclose more.
Verifiable credentials possess tremendous capabilities when it comes to compliance, by verifying identities, integrity, through the use of a blockchain and privacy through the use of biometrics. It’s no wonder that the digital signature companies are hailing it as the future of document management. They also say it’s too expensive, but that’s only true for them, not you. Leading Verifiable Credential companies such as Vaultie currently offer this safer solution at the same cost as traditional e-signature platforms.