Feature Suggestion: Robustly Fulfilling "Paper Trail" Requirements
Hello,
Thank you for comments re encryption etc.
As for Security Assist, then regarding the offering of online contracts, my researches indicate that there are three requirements that Security Assist is well capable or proiding, and that I am going to try and capture.
The whole is based on the demonstration of positive intent on the part of both the contract offerer hosting the pages, and the contract acceptor, visiting them.
Each party must be able to demonstrate that neither altered the contract after the fact.
Each party must demonstrate some way of demonstrating positive affirmation. In particular, contract signer must not be able to claim that when they downloaded or clicked a box, they thought they were just "reviewing" it, and were not in fact signing it. Thus some action must demonstrate knowledge of what is going on, such as clicking an "I agree" button which makes it clear that this is not a review. Writing a name in a message box also counts.
It is also necessary to provide some way for the individual to (a) opt out altogether at every stage; and (b) have the chance to indicate that from this point onwards, they would rather use paper. A downloadable pdf file they download with an address to send it to will suffice.
Where SecurityAssist comes in, as far as I can see, is the provision of a paper trail.
A log in timestamp regarding the username and password accessing the contract offer pages can easily be shoved into a database, along with the ISP that can be captured. All these go in with a timestamp of when a particular page was entered, or else a button was pressed upon that page and the like.
The contract offer pages can be split into different pages by the user, with an action to go to a different page by clicking a box, with this again being placed by SecurityAssist into a database.
Then when the contract is officially signed by the method specified by the contract offerer, SecurityAssist can then mail that set of timestamps of page entries and departures both the contract issuer and contract signer, which they can then retain.
I would imagine that when you created eCart you had to make it pretty robust so you could defend yourself against people wanting to sue you for whatever reason, by blaming your shopping cart.
But as far as I can see, you don't (an probably shouldn't?) claim that SecurityAssist and/or DataAssist are good enough to help people not use lawyers. It will still be people's responsibility to independently vet the actual pages.
But if they want a suitable "paper trail", then surely ... ... ... you can use SecurityAssit to log page entires and departures and put them into a database for people, and no matter what use they want to make of it.
It is surely a lot easier then people having to go and mess around with logfiles, which is the only other alternative.
SInce I am about to do that paper-trailing, if things work out for me, then I just thought you would be interested to know, so you could look into making it an available feature of SecurityAssist and.or DataAssist.
Thank you,
KAB