Wednesday, December 07, 2016

Why does the signature persist as part of our personal ID?

I don't do a lot of handwriting anymore.  Mostly I use it for a bit of algebra to verify the equations in Excel are right and then sometimes to write down a name and a phone number that's on our answering machine.  I was never one to make lists - such as for going grocery shopping - and nowadays I'd email myself that sort of thing rather than use a piece of paper, if I thought it were necessary to do that. 

Ten plus years ago I was fairly big into Tablet PCs, around the time when they first came out, and thought this might really be something.  I assumed people who do math in their teaching like I did when teaching intermediate microeconomics would view this technology as a great boon.  So I made some real documents with math derivations, such as this one, and some videos of screen captures with voice over, like this one

But I have since moved on and don't try to use digital ink in teaching any more.  Now if I will do math on the screen I will used Excel for a geometry demonstration, such as here, where I have figured out how to present the graphical information slowly and sequentially, just like writing it out, but where it is more accurately displayed than anything I can draw by hand.  Similarly, for an algebraic derivation, I've learned how to render that in a slow and sequential way while using the equation editor for generating the symbols, so it is quite view-able and easy to follow visually, in the sense that the viewer of the presentation knows which line of the derivation the voice over is making reference to.  Here is an example, this one seemingly only getting views from students in my own class, as the topic is quite specialized.  Some of the other videos I've made of this sort get wider viewing.

So, I've come to believe that handwriting is not necessary for teaching math stuff, and indeed that doing it the other way, with Excel for geometry and PowerPoint for algebra, is actually better, though admittedly these objects need to be prepared ahead of time.  (Countering that, the objects are re-usable.)

While the above represents my personal evolution of views on the matter, I suspect that others have reached a similar conclusion.  Indeed nowadays to the extent that students actually take notes in a class, they seem to do that by typing into their laptops.  I can't recall the last time I saw a student actually handwriting out something in the classroom other than filling in a scantron for a test or completing the ICES form.

Yet the signature remains a key component of the authorization process.  I wonder if that is still true on campus.  When I worked in CITES (2002-06) it seemed just about every day that Mary would have a few forms for me to sign, where she had dutifully put the sign-here sticky onto the form so I wouldn't screw up doing that.  From my point of view this entire process was worthless, as I had given a prior verbal approval of the expenditure to both Mary and my direct report.   Indeed in most cases the direct report wasn't asking for discretionary funds from me but was actually spending out of their own budgeted funds, which I nonetheless had to approve again even after having given them the okay when they did their budget proposal.  Supposedly the university needed the form with my signature for record keeping purposes.  Verbal authorizations didn't cut it for that purpose, then or now.

Nowadays on campus, where I no longer have budget authority and the scope of my activity is limited to teaching the one class in the fall, there are only two times where my signature is requested.  One is when doing a request for ICES forms.  This is a pretty low stakes request and indeed why this process still exists (rather than the department obtaining the  ICES forms on behalf of the instructor) kind of baffles me.  The other time is when the department extends an offer letter to me to teach that class.  They email me the letter.  I'm supposed to sign it and return the signed letter to them so they have a record that I accepted the offer.

In fact, I don't actually sign the letter.  Back in the Table PC days, I did sign some letters with digital ink in Word.  I've since made a screen shot of the signature, brought that into Acrobat, and use that image for the signature in electronic documents.  I believe this to be a fairly common practice.  But it should be clear, this makes the signature remarkably easy to fake.  The department, for example, could take a screen shot of the signature in my acceptance letter from last year and then paste that into this year's letter.  Purely from a technology viewpoint, this would be remarkably easy to do.   Given that, why the signature is still important in such campus transactions is beyond me, though the very first time it is offered it clearly does matter.

The other place where the signature is used, relentlessly so, is in making a purchase with plastic, perhaps where the amount is over some threshold, though not went buying gas, though given current prices is probably below the threshold anyway.  Most places seem to have pads for signature in digital ink, though a few places still rely on paper (and then they do what with that)?  I really don't like those pads, since they are quite clunky as an input medium, and I find that over time my signature is getting more and more horizontal.  Nevertheless, the process seems to give comfort to the vendors and the credit card companies.  Here I want to ask why that is the case.

Before getting to my thoughts on that question, people who have read up to this point should be aware of Paul David's famous paper Clio and the Economics of QWERTY.   The paper illustrates the power of lock-in (sometimes called the economics of increasing returns).  It also illustrates an analogy between the economics of lock-in and evolutionary biology.  (Why do we still have an appendix, since the only thing is seems to produce is appendicits?)   Some things we're stuck with hereafter whether we like it or not.  So the question is whether signatures are in this category or if we are in some transitory period where something else will replace them sometime in the future.

What that something else might be I really am not sure, but the obvious candidates are: (a) some biometric information such as a thumbprint or a retinal scan, (b) some key that is texted to the purchaser at the time of purchase to be entered into a keypad or given to the vendor wirelessly, or (c) the threshold on transactions gets bumped up and more or them become like purchasing gas, where zip code may be requested but that is it as identifier.   People who are more knowledgeable in the security area may have still other possibilities, but this is enough for me as I want to argue that we're likely locked into signatures.

Here's why.  First and most obviously, financial institutions have the signature on file and have had that for quite a long time.  So there is no issue about the individual allowing the credit card company to have this information.  That horse has already left the barn.  But for any biometric information that might be used instead it would have to be given to the financial institutions and people might be reluctant to do so.  Why should the financial institutions be trusted to safeguard such information when hacking of databases seems such a common experience nowadays?  People feel vulnerable when their credit card information has been hacked.  But the credit card number can be readily changed.  You can't do that with a thumbprint.  For just that reason, they may be much more reluctant to have others store that sort of information, which is truly unique to them.

Second, while the two-part authentication method works reasonably well for purchases from a home computer or laptop, it is rather clunky for face to face transactions.  When I go to the grocery story during normal work hours and see all the senior citizens who are shopping, I'm reminded that whatever approach is utilized needs to work for everyone.  Signatures do.  It is not clear that other methods satisfy this requirement.

Third, there is a cost issue in implementing a solution.  Those pads that are used to input the digital signature, coupled with the same device that takes the credit card input (swipe or chip), have to be reasonably inexpensive to implement.  I often wonder whether they actually do verify signature by comparison with what is in some digital file or if that part is actually faked, at least some of the time.  Random verification may suffice and would surely be cheaper.  I also wonder, assuming there is some software that does the comparison, how reliable that actually is.   In other words, if the person's file has been hacked and the hacker has access to the signature, how hard would it be to fake the signature in a way the software finds acceptable?  If the latter is possible but actually is difficult for the hacker to do, then the solution may be "good enough" for the credit card companies.

The last factor is much simpler, habit.  Signature authorization is a habit.  Habits are hard to break.  They have a strong tendency to persist.

If we didn't currently have signature authorization would we invent it now?  Probably not.  But that is not the right question to ask.  Are we stuck with signatures as the authorization method indefinitely into the future?  My guess as to the answer is yes, we are.  

No comments: