Digital signature services for users, Improving user experience to support trust among work partners
11th Symposium on Usable Privacy and Security (SOUPS), Ottawa, July 22-24, 2015
Fifteen years ago, most countries adopted digital signature as a legal equivalent to its physical counterpart. But contrary to its great potential on streamlining work processes and business, digital signature is still underused. Whereas laws are usually low detailed, many technical and management standards specify how to implement digital signature services that should be admissible in a court of law. Sadly enough, user tasks on software complying with these standards are known to be “the most difficult computer task[s] that [a research center] had ever asked [their CS engineers] to do”. Hence it leads designers to a quandary developing such apps: standards require a certain amount of steps, whereas users are still looking for the easiest way to achieve their goal of signing a document. One could even legitimately think that it is better to ban a technology with a legal value that is not understood by their users (e.g. in ID cards). Digital signature is often interwoven with “digital trust”, but if trust is related to “the risk you are willing to take”, what would be “digital trust” if you do not understand the risk taken in signing a document and checking (or not checking) someone else’s signature. Trust considerations arise: Will the service and proofs be available whenever I need it? a hacker view and alter proofs? Will the technology chosen by the service provider be accepted by a court? Trust is not enacted. How can we give rise to this trust and maintain it throughout the use of digital trust services? We make hypotheses on approaches in digital signature services that could have a positive impact on trust. Then, in section 3, we present changes on visualization, interactions and processes that we experimented in a software dedicated to intellectual property.