Dear Rich: I'm working on developing a electronic lab notebook (ELN) for researchers. I need to understand what is really required from the digital signatures in order for the ELN entries to stand up in court. The first thing that needs to be demonstrated is that the entry has not changed since it was digitally signed by the author or authors. This is done by creating a "unique" hash value of the ELN entry. The characteristics of these hash values are that if the ELN entry is changed then the hash generation procedure will not create the same hash value, thus demonstrating that the ELN record has been changed. Date on the ELN entry is important, so its hash value is sent to a third party for storage. The third party uses widely witnessed hash values; they publish them once a week in a national/international publication, to demonstrate that a hash value of a document was received at a particular time. Could you confirm that this is both best practices and required for protection of the ELN record? Now we need to identify the author on the ELN. In order for a digital signature process to represent an individual on a document it must be uniquely linked to them, it must be capable of identifying them, and it must be created in a manner that the individual maintain under his sole control. A username password is a good example of a digital process that meets these criteria, a company badge is another. When an author "digital" signs an ELN entry, the application verifies the identity of the author using their username/password and/or badge. How should this verification be incorporated into the ELN entry? The best approach I have found is to use a X.509 key pair. The author would have sole control of the private key. It could be stored on their badge or a USB device, something under the author's control. In the signing process the author would encrypt plain text information on the event, a phrase like "I'm signed as an author of the experiment record ....", when, where, and the hash value of the ELN entry. People have suggested to me that a company key set could be used in a similar manor, e.g. use the companies private key to sign the document. This is simpler, but in my opinion it does not meet the requirements of a digital signature on a notebook entry. Finally, the digital signature and the public key would be bundled together with the ELN entry to create a digitally signed ELN entry. The signature of other authors and/or witnesses could be done in a similar manner. This bring us to witnessing of notebook entries. Are they still required when using a digital signature? What about the case where you have more than one author, do they effectively witness each other? A side Question: Due to the collaborative nature of research, I have made my ELN allow multiple authors. Would all of the authors need to digitally sign the document upon completion? We were going to edit your question down to something more tolerable for our ADD readers ... but we have a friend who gets turned on when people "talk tech" so we left it as is.
Imagine this. Actually, we left your question intact because we want you to imagine that you're an inventor in court and you're explaining all this to a jury. You detail all the specs and explain how your system is unbreakable, impenetrable, etc. The jury listens intently, at least for a while, and then begins to nod off. Opposing counsel steps up and introduces a tech expert who explains the ways that your system could potentially be hacked (including ways which may have been developed in the years since the system was created). Doubts are raised and all of a sudden you have a problem proving that your ELN is reliable. (Not to mention that electronic records are often more difficult to get admitted into court versus paper documentation.) So, despite the fact that
digital wtiness signatures are valid in the U.S. (and despite the care with which the program was created),
the proof, as they say, is in the pudding. What do patent attorneys think? Our view was reinforced by patent attorney and
author David Pressman. He wrote to us, "I recommend against them as they have not been tested in court (insofar as I know) and all the complicated technical stuff will be too much for a judge [or jury] to comprehend and too difficult for the inventor to do when compared with filling out a sheet, signing it, and having it witnessed. I believe that an overwhelming percent of patent litigators feel this way too." Pressman also noted that the courts like "live" witnesses. To that extent, an ELN may be valuable if it is witnessed. That's because the witnesses can be called into court and cross-examined. In that manner -- having live witnesses who can back up the notebook entry -- ELNs and paper notebooks are probably equal.
Others may differ. Companies that promote ELNs obviously
have a different perspective. And because as Pressman notes, there is no caselaw on the subject, it may prove that all ELNs (witnessed or not) are as reliable as paper. Certainly, aside from issues regarding proving patent invention authenticity, ELNs are proving to be an
invaluable aide for inventors and innovators.You should also be aware that legal disputes over the authenticity of lab notebooks are not that common. Here's
one from 2002.
In summary. Do you remember the computer/software you had ten years ago? That was so ... uh 2000-ish. The big difference between digital authenticity and physical authenticity of invention is that in ten years (when a patent dispute could eventually develop), your virtual system of proof is likely to seem outdated (assuming the company that created it is still in business) while that piece of paper will be timeless.
