Privacy-first eSigning
Seamless Identity Check
Digital Twin
Lifecycle Updates
Simple API Integration
Real estate
Financial Services
Healthcare
Education
All industries
Sales
HR
Procurement
Legal
Legal Validity
Blog
News
It sounds great, and is often used in marketing to make the end-user feel better about their privacy: The popular “rule of least privilege”. And while the concept in itself is not inherently bad, the rule addresses a problem that should not be an issue in the first place.
The ominous “rule of least privilege” hinges on the definition of “least” and is like an open backdoor to your data. Therefore, only a “rule of no privilege” succeeds in actually preserving the privacy of the user by simply eliminating access altogether.
And while it’s not an established rule yet, the “rule of no privilege” should be the one rule you have to insist on when choosing a provider to manage and host your eSignature documents.
What the “Rule of No Privilege” Means for eSignatures
eSignature documents get created by a party and then sent to another party for (counter)signature. And while, for the non-technical users, it may seem that only the signing parties are involved, a whole host of entities – from the neighbor sharing your wifi to your ISP, and especially your eSignature provider – potentially have access to the documents you’re sending.
The popular “rule of least privilege” grants access to anyone deemed required to have access in order to fulfill their duties. Whether that’s the sysadmin of your ISP, the CTO of your eSignature provider, or the cybersecurity department of a friendly government – your data can be accessed if necessary.
The only way to truly secure your data is by opting for a “rule of no privilege”. For eSignature documents, that means strict implementation of asymmetric end-to-end encryption, which by definition makes it impossible for anyone to access your data who does not have the private key to decrypt it. No matter what privilege they assume – unless the recipient of your documents shares their decryption key, there simply is no way to access your documents.
How the “Rule of No Privilege” Protects the Data Privacy of All Your Contracts
The “rule of no privilege” is 100% clear and unambiguous, which translates to significant benefits for the end-user.
| Benefits of the “Rule of No Privilege” | Why is that important |
| It simply means “there is no access”. | You can’t afford grey areas in your privacy. |
| It can’t be misinterpreted. | You need certainty and not interpretation. |
| It’s not prone to human error. | Nobody is perfect – and mistakes in privacy quickly become expensive. |
| It does not depend on the role or position. | Whether Sysadmin or CTO – no role should require access to your data. |
| It does not lead to scenarios where lack of privilege can lead to hiccups in execution. | Your provider should not be tempted to over-assign privileges to improve their workflows. |
| It’s cheap and simple. | You should pay for a premium product, not for people to make decisions about accessing your data. |
Let’s take a closer look at how these common issues with defining and assigning privileges are resolved by opting for “no privilege”.
“No privilege” by definition means that there is no way to access your data
Access is a binary thing – it’s either “yes” or “no”. In the case of your data, “no” is the only acceptable answer. Your data belongs to you, and the only people allowed to access it should be the ones you explicitly share it with.
When it comes to the privacy of your documents, grey areas are the last thing you want. You cannot afford to be left guessing about the shade of grey in the definition of accessing your data. Your data is yours, and nobody else’s, whether they deem access required or not.
“No privilege” is not privy to interpretation
The popular “rule of least privilege” sounds comforting but actually leaves the door wide open for interpretation. After all, “least” is far from a precisely defined term: Who’s to say that one provider’s “least” is not equal to another provider’s “most”? And who could blame any provider for interpreting “least” in the most favorable way to their way of doing business, which might just be the exact opposite of what you need to preserve your privacy?
The level of privacy your documents enjoy should not depend on individual interpretation. Given the fact that said interpretation is a one-way decision by the provider and is rarely communicated upfront in a tangible (read “non-fineprint”) way, you’re essentially left hoping for an outcome that preserves at least a slither of privacy for whatever you’re storing with them.
“No privilege” excludes the possibility of human error
The popular “rule of least privilege” is both role- and time-sensitive, and requires human supervision to ensure it’s granted but also revoked correctly. If a support staff member moves into development, they might not require access privileges anymore. Once a systems admin is finished with an audit, their access privileges will have to be removed timely. There are endless scenarios where keeping track of correct privileges is prone to human error, making the entire setup very unreliable.
We all make mistakes – but this one could cost you your privacy. If you are subject to any level of privilege, in other words, if your eSignature provider has any way to access your data, an honest mistake as simple as a checkmark checked on the wrong line could expose your most sensitive documents to an entire department at your provider.
“No privilege” is the same for any role
Just like your provider is at liberty to define what they deem “least” in said popular rule, they are also free to define which roles require such privilege. You may think that only the CTO should be able to access your data under said rule, but who’s to say your provider does not deem high access privilege necessary for anyone on admin level or above? What about support staff?
You can hope for privilege to be limited to a few key positions – but you should not have to. You have no say in how your provider structures responsibilities in the business and never even know the outcome. By opting for a strict “no privilege” setup, you’re not left hoping for as few eyes as possible to gain access to your data.
“No privilege” does not lead companies into temptation
It’s safer to hand out too many privileges than not enough to keep a business running smoothly. As software gets more and more complex, outlier scenarios where IT staff need to jump between different roles are not uncommon anymore. For the employer – in this case, your eSignature provider – it’s tempting to simply equip everyone with the highest privileges to keep costly interruptions at a minimum, should cross-role work be required.
As a user, you want your eSignature provider to work efficiently in order to provide you with the lowest possible price for their service. This quickly leads to a difficult question: How much potential invasion of privacy is a really low monthly price worth to you?
“No privilege” is cheap and simple to implement
Especially in large eSignature providers with hundreds or even thousands of employees, properly defining and managing privileges quickly becomes a huge, complex task. By opting for “no privilege” across the board when it comes to accessing your data, there are huge sums to be saved by simply eliminating complex decisions and possibly entire departments that used to deal with things like the “least privilege”.
You don’t want your monthly fee to be spent in large part to simply define who can access your data. It’s a waste of resources, which directly results in the price you’re paying for your eSignature service. By opting for a provider that adheres to “no privilege”, you can be sure your hard-earned money flows into making a better product, rather than deciding who gets to breach your privacy in what scenario.
Here’s Why You Should Only Trust Providers With the “Rule of No Privilege”
Assigning and even defining levels of privilege gets messy and clouded very quickly. With ever-growing technological complexity and increasingly complex business structures, it’s impossible to know what any eSignature provider deems a required privilege for any given role.
The only way to go, therefore, is to remove that choice altogether. And that is where full end-to-end encryption comes in.
There is no scenario where your eSignature provider “needs” access to your documents – the “rule of no privilege” should be the only thing they adhere to in the first place. Whether they are sensitive or not, your documents are for your eyes (and the eyes of the recipient) only. By encrypting the documents on your local device and only decrypting them once they’ve reached your recipient, you remove any temptation for the provider to even glance at them. Oh – and you prevent a whole host of other potential privacy issues as well.
One important thing to keep in mind is that not all encryption is created equal: There are varying levels of encryption, some of which are mere marketing terms to make users feel safe. If you’re serious about protecting your privacy, asymmetric end-to-end encryption is the only way to go.
The Bottom Line
As great as it sounds, the popular “rule of least privilege” in reality offers no protection at all for your documents. It’s not clearly defined and often inconsistently implemented with too many areas prone to human error.
Think of the ramifications when (and it’s only a matter of time) some of your documents are compromised, whether through a hack or a request from a foreign government – what would the consequences be for you and your business?
Don’t risk your privacy: Insist on the “rule of no privilege”. Opt for full end-to-end encryption and rest assured that, no matter the scenario, your sensitive data will not be exposed to anyone. In a world of ever-increasing digital risk, it’s the only valid choice not only for your business but also for your peace of mind.
