Privacy-first eSigning
Seamless Identity Check
Digital Twin
Lifecycle Updates
Simple API Integration
Real estate
Financial Services
Healthcare
Education
All industries
Sales
HR
Procurement
Legal
Legal Validity
Blog
News
With more and more competing offers, eSignature providers are turning to increasingly advanced, mostly AI-driven tools to capture a slice of the pie and increase their market share. And while many of these features do provide value for certain use cases, they all share one important fundamental requirement that should raise a red flag for privacy-focused users: They need access to your data.
The best artificial intelligence tool in the world can’t optimize data it does not have access to. Therefore, any feature offered by an eSignature provider that touches the content of your documents is incompatible with even the fundamentals of digital privacy and should be avoided at any cost.
And while, in a perfect world, AI could manage even sensitive documents without actually needing access to their content, it’s simply not what current technology allows – or maybe ever will.
Why eSigning Document Management Tools Can Always Access Your Data
With the ever-increasing amount of digital data, it’s easy to become overwhelmed. The large number of documents floating around in various states of completion – from draft to revision to “ready for signature” to finally “signed” – have prompted many of the established eSignature providers to develop their proprietary tools to help lighten the load. Driven by artificial intelligence, these tools become “smarter” by the day – and with every single contract they read and digest.
DocuSign’s “Life-Cycle Management and Analytics” are a great example of impressively intelligent features with the power to save a lot of time. But upon closer inspection, the price to be paid for that time is rather steep:
Drive workflows intelligently: Enable analytics, risk score and contract content to conditionally drive workflows and accelerate contract cycle time.
DocuSign blog
Analytics. Risk Score. Contract Content. All hugely valuable information – and equally dangerous for anyone outside the sender and recipient to have access to. “Risk score” in particular is risky (pun intended): If the AI can define which contracts have a high “risk score”, what’s stopping a hacker from simply extracting all documents with the highest scores on the list?
At PandaDoc, similar features make an appearance:
Proposal management software is designed to help sales teams and companies increase sales efficiency and automate their proposal and contract creation process.
PandaDoc
That’s great – but how do you automate creation without knowing the content, and, even worse, being able to predict the content based on past examples of your sensitive data?
PandaDoc asks an interesting question – with only one right answer:
What’s a streamlined workflow worth to you?
PandaDoc
Forget any amount of hours or money as the answer. Ask yourself instead: Is it worth your privacy?
And while certainly not the only ones, DocuSign and PandaDoc are poster children of the eSignature world, making it more than likely that others will follow their suit in creating more and more tools that rely on complete, unrestricted access to your data.
Tools that require data access are a no-go. But what about other early signs that an eSignature provider may opt for the same path of dismissing your privacy?
Here’s What to Look Out for in an eSigning Provider That Is Compatible With Data Privacy
Your provider may not offer fancy AI tools – yet. But there are plenty of signs that should raise red flags when analyzing your level of privacy. Take a close look at the following list and ask yourself if your eSignature provider checks every single one of these boxes.
| What your provider should be doing | What that is important for your privacy |
| Encrypt your documents locally | You never send anything unencrypted |
| Never ask for your decryption keys | The keys are yours and yours alone |
| Not need any kind of “privilege” at all | Provider “privilege” spells “no privacy” for you |
| Comply with the law, but not compromise your data | You never know what legal scenario could force handing over all your documents |
| Not risk your privacy in the case of a hack | A hack is a matter of when, not if |
| Only offer features that don’t require access to your data | If AI can read your documents, so can other parties |
It may sound like a lot of limitations or boundaries for an eSignature provider to fulfill each and every one of these. But then, looking at them a bit closer, they’re not actually that hard to fulfill, and all hinge on the same basic concept: They should have no access to your data. Ever.
Let’s dig into what each of those items means in detail.
They allow you to encrypt documents locally
If you are uploading unencrypted documents to your eSignature provider, you’re at risk of a privacy breach. It does not matter how and when your provider promises to encrypt your data, if at all: If there’s even a gap of a few seconds between the moment your (plainly readable) documents are stored on their server and their form of encryption kicks in, that’s a potential window of opportunity for an attacker to access or even copy your data.
You have no influence over what happens to your data once it has left your device. Sure, your provider may actually do what they promise and encrypt your documents sooner rather than later. But there will always be a gap during which you are storing unencrypted documents. You have no way of even knowing how long that gap is, and given that it holds the potential for a complete breach of your privacy, that’s not a good position to be in.
They don’t send your encryption keys along with your encrypted documents
Just like you would not lock your front door and then leave the key on the doorstep in plain sight, you should not be asked to send your decryption key along with your encrypted documents. It seems a no-brainer, but unfortunately, that’s still how many eSignature providers that promise “encryption” handle the workflow. It makes sense from an efficiency standpoint – you’re only sending one package – but the contents of that package completely annihilate the point of encryption in the first place.
Nobody except you and the recipient needs to know how to decrypt your documents. And following the old rule of “Do not lead me into temptation”, nobody should even be able to in the first place. Because, while trust is generally good and surely often placed correctly, all it takes is one sloppy employee who has access to both your documents and the key to decrypt them to potentially expose your data to anyone out there.
They don’t require any “privilege”
The famous “rule of least privilege” sounds positive, but in essence, it implies there is access to your data. It’s often used as a selling point, outlining that only a minimal amount of essential employees have the “privilege” to access your data, often supposedly in order to do their job correctly and efficiently. But it does beg the question: Why is there any workflow or process that requires access to your (potentially sensitive) documents at all? Why is there even the possibility of a scenario where an employee – no matter what role or position – would need to actually access your data in the first place?
No matter the level of privilege, if there is access to your data, someone will use it. You as the user will never have any say over how “least privilege” is defined, and therefore can never know who has access to your data. The only way to remove this Pandora’s box is to eliminate access altogether by opting for asymmetric, full end-to-end encryption.
They could not hand over your data even if they wanted to
With increasingly complex international laws, the chances of your data ending up in some government agency’s hands are real. Not only are there many countries that by law allow the government (via your ISP) to “listen in” on your internet traffic, there are also official agreements like the ominous CLOUD Act that could legally force your eSignature provider to hand over your data. That places you, the user, in a tricky situation: On one hand, you want to work with a law-abiding provider who follows the rules for your own safety. On the other hand, if they follow the rules (which they have to, depending on the country they’re headquartered in), it blatantly threatens your privacy.
If your provider has access to your unencrypted documents, somebody else can legally gain access too. The number of countries participating in the CLOUD Act and other similar laws steadily increases, and you might never know when it hits the place your eSignature provider is headquartered in. The only feasible option, therefore, is to assume your provider will comply with the law – but at the same time not expose your data, because they don’t have access in the first place.
There is no risk if (or when) they are hacked
Statistically speaking, your provider will get hacked at some point in time. When that happens – and you might not even know about it until months later – you want to be sure that your most sensitive documents are not at risk of being sold on the dark web or, even worse, in danger of being used to blackmail you directly.
If there is a way to access your unencrypted documents, hackers will find and abuse it. Especially highly sensitive documents are a treasure trove for any hacker group, with the potential to blackmail the owners for a lot of money. Ask yourself: How much would you pay in order for the most confident, sensitive document you’ve ever signed not to be published on the web for anyone to see? Whatever the price, it’s too high: The only solution is to completely prevent access in the first place, no matter how sophisticated the hack.
They don’t offer any tools that require access to your data
Fancy features like “document life-cycle management” or “proposal and workflow management” sound impressive are marketing terms for “we can read your documents”. There is no doubt that many of these AI-driven tools can provide certain benefits, especially when it comes to increasing the efficiency of specific workflows. The problem is that no process can be auto-optimized without knowing the content of the document – which by definition means any tool of that sort has access to anything you store on the providers’ server.
No increase in efficiency is worth giving up your privacy for. Convenient or not, the fact that all content-related tools by definition need to know what they’re optimizing in the first place should be a big red flag for any user who values their privacy.
The Bottom Line
If there is any way to access your documents, chances are they will be accessed at some stage.
There are obvious scenarios that should worry any privacy-focused user, like the growing number of hacks that end up blackmailing business owners with their own data. But there are also some less obvious issues that should still be front and center for anyone not wanting to risk their privacy when sending documents: Governments of many countries can legally request data from eSignature providers, given there is a plausible cause. Employees can often access data under the “rule of least privilege”, and even without malice, they may compromise your privacy by simply making mistakes.
The trickiest one is smart, AI-driven tools that supposedly help your document management, or improve any of the many workflows you’re likely a part of already: While certainly powerful, they by definition require access to the content of your documents to do what they’re designed to do – which means they have a legitimate way to access your sensitive data.
Each and every one of the points outlined above hinges on the same critical issue: More often than not, there is a way to access your documents once they’re on the infrastructure of your eSignature provider. That’s why not one, but every single one of the items above has to be fulfilled in order for you to rest assured your eSignature provider is trustworthy with your most sensitive data.
The only way to completely circumvent this issue and resolve the risk to your privacy once and for all is to opt for a provider that offers asymmetric, full end-to-end encryption. In this scenario, all documents get encrypted on your local machine, before they even hit the eSignature providers’ servers at all. Your key is yours alone, and you send it to the recipient directly – it never passes through the hands of your provider. Your data is encrypted and private at all stages of the process.
Because the only way to make sure your documents won’t be read by anyone is if they can’t – no matter what.
