|
This is the second in a four-part series on this blog addressing sealing and signing of instruments of service by design professionals, comprised of: (a) Part 1 – Definition and Purpose of Seals; (b) Part 2 – Electronic Seals and Signatures; (c) Part 3 – Statutory Requirements Concerning Sealing and Signing of Documents; and (d) Part 4 – Practical Considerations Concerning Sealing and Signing.
Electronic sealing and signing is likely the predominant means for design professionals to indicate they were in responsible charge of the preparation of a document comprising their instruments of service. The prevalence of digitally producing, distributing, and using electronic construction documents and reports, together with multiple personnel serving in responsible charge, and distribution of project teams across multiple offices, has fostered use of electronic seals and signatures. However, improved convenience provided by technology may come with associated risks.
|
Terms such as, “[architect] [engineer] of record” and “[architect] [engineer] -in-responsible-control” are typically construed as having the same meaning as, “’[architect] [engineer] -in-responsible-charge”. In many organizations, the terms are used interchangeably for a given design discipline. For convenience and uniformity, the term “responsible charge” is used in this article. Also, in this article, laws, rules, and regulations are referenced as either “laws and regulations” or “statutory requirements”. Furthermore, the term “instruments of service” means the collection of documents, drawings, specifications, calculations, and other tangible materials produced by design professionals during the various stages of a project. (Source: Understanding Instruments of Service (aiacontracts.com))
For many decades, licensed design professionals sealed and signed their instruments of service using the traditional approach of either inked rubber stamps or raised, embossed metal seals, followed by applying an original, “wet” signature. Since approximately the early- to mid-2000s, electronic sealing and signing has become perhaps the dominant means to indicate the person serving in responsible charge. Practices concerning electronic sealing and signing vary considerably by jurisdiction, design firm, and individual, as well as information technology resources available. How electronic sealing and signing is accomplished in 2024 is a hodge-podge of practices and technological applications, with the most basic, and perhaps most common, approaches being among the least secure.
Statutory Requirements for Electronic Seals and Signatures
The first step in determining appropriate practices for electronic sealing and signing is understanding and complying with applicable laws and regulations governing the practice of the associated design profession in each jurisdiction where a design firm and its licensees practice. As with other matters related to statutory requirements governing the design professions, requirements for electronic sealing and signing vary by jurisdiction.
The National Council of Architectural Registration Boards (NCARB) publishes model statutory language governing the practice of architecture in the United States. Both Section 401 and Section R401, of NCARB Model Laws and Regulations expressly allow the use of electronic seals by architects. However, NCARB’s Model Laws and Regulations include no suggested language concerning use of electronic seals. Section 401 of NCARB’s Model Law states in part, “It is the responsibility of the Architect to provide adequate security over the use of the Architect’s seal”, but provides no further clarification concerning security obligations for electronic seals and signatures.
The National Council of Examiners for Engineering and Surveying (NCEES) publishes suggested language for state and territorial laws and regulations governing the practice of professional engineering and land surveying in the United States. Section 240.20 of NCEES’s Model Rules (revised August 2022) presents comprehensive, suggested requirements for using electronic or digital seals and signatures by professional engineers and land surveyors. These requirements appear to be complete and appropriate relative to securing the integrity of the licensee’s digital or electronic seal and signature, and might serve as a model for all licensed design professionals desiring to properly secure their electronic seals and signatures. Section 240.20.H reads as follows:
“H. When a licensee is required to seal and sign engineering/surveying documents, one of the following methods must be used:
“1. Physical placement of a seal and a handwritten signature in permanent ink containing the name of the licensee
“2. Digital placement of a seal and a handwritten signature in permanent ink containing the name of the licensee
“3. Digital placement of a seal and a digital signature containing the name of the licensee
“Drawings, reports, and documents that are signed using a digital signature must have an electronic authentication process attached to or logically associated with the electronic document. The digital signature must be
“1. Unique to the individual using it
“2. Capable of verification
“3. Under the sole control of the individual using it
“4. Linked to a document in such a manner that the digital signature is invalidated if any data in the document is changed.
“A digital signature that uses a process approved by the board will be presumed to meet the criteria set forth in Section H above. Any hard copy printed from the transmitted electronic file shall bear the facsimile of the signature and seal and be a confirmation that the electronic file was not altered after the initial digital signing of the file. Any alterations to the file shall cause the facsimile of the signature to be voided.”
Not all jurisdictions follow the excellent example suggested by Section 240.20.H of NCEES’s Model Rules. As just two examples, New York State’s and California’s laws and regulations governing the practice of architecture, engineering, geology, and other design professions do not appear to address requirements for digital or electronic seals and signatures.
In contrast, Pennsylvania statutes establish complete and appropriate requirements for electronic sealing and signing. In Pennsylvania, both Section 37.60 of Title 49, Chapter 37, concerning the State Registration Board For Professional Engineers, Land Surveyors and Geologists, and Section 9.141a of Title 49, Chapter 9, pertinent to the State Architects Licensure Board, are virtually identical to Section 240.20.H of the NCEES Model Rules, copied above.
Types of Electronic Seals
Numerous online sellers of design professional seals and stamps offer electronic seals for modest prices, approximately $10 to $15, in return for an electronic file of the licensee’s seal. Such files may be available in a variety of formats, including, “.jpg”, “.png”, “.tiff”, “.pdf”, “.dwg”, and perhaps others.
However, such files are often merely unencrypted facsimiles of the associated stamp or seal, essentially similar to what the licensee could produce themselves using an inked stamp, a sheet of white paper, and a scanner. The principal advantage of purchasing such an electronic “seal” is that the image will be clear, and probably of better quality, than if the individual licensee scanned a copy of their own seal. The drawback of such files, whether purchased from a third-party seller or created by the individual licensee, is security and verifiability. The extent to which such files are properly secured depends on how widely the individual licensee allows access to such a file, and the electronic seal is applied to a native (executable) file of the associated document, such as a “.docx”, “.dwg”, or “.xlsx” file of reports, specifications, drawings, or calculations.
Security Concerns
Similar concerns apply to electronic signatures that are merely a scanned facsimile of the licensee’s signature. Without proper security, such files may potentially be copied and used without proper authorization or, perhaps, without appropriate regard concerning responsible charge. As just one example, when an instrument of service has an electronic seal and signature applied in native (executable) file format, others, whether or not acting under the supervision and control of the licensee, could potentially edit the associated document while retaining the electronic seal and signature. Such action would be a violation of applicable statutory requirements governing the associated design profession.
Practices vary considerably from one licensee to the next concerning the security of electronic seals and signatures. A practice often witnessed by this writer for projects in New York State, where laws and regulations governing the design professions do not address electronic sealing and signing, is for the licensee to apply their inked stamp to a piece of white paper, sign on or directly adjacent to the seal, indicating the date of signature, followed by scanning the image and sharing it with a trusted CAD/BIM operator for application to the drawings for which the licensee served in responsible charge. The level of trust between the licensee and the CAD/BIM operator may dictate how the electronic image of the seal and signature is subsequently handled. Some licensees may not express further concern of the security of their seal and signature after it is entrusted to the CAD/BIM operator. Others may have issued clear instructions that the electronic seal and signature was not to be applied to the native (executable) file and saved, but, rather, was to be used only for generating an electronically sealed and signed “.pdf” copy of the drawing, followed by the CAD/BIM operator deleting the scanned seal and signature from their computer and network.
Relative to electronically sealing and signing reports, specifications, and calculations, it is often more common for the individual licensee to directly apply the electronic facsimile of their seal and dated signature. Prudent licensees concerned about the security of their electronic seal and signature will typically save sealed and signed documents as a “.pdf” file, followed by removing the electronic seal and signature from the native (executable) document file. When specifications will be sealed and signed by separate individuals who served in responsible charge of various design disciplines, either on the project manual cover or on a “seals and signatures” document bound behind the cover or title page, complete security of the electronic seal and dated signature may be more challenging, because of the need to collect multiple licensees’ seals and signatures on the same document.
The potential for misuse of improperly secured electronic seals and signatures can manifest in various forms. Perhaps the most common may be for an unsecured electronic seal and signature applied to a native (executable) file to be subsequently revised without the responsible charge, or the knowledge of, the licensee. More nefarious outcomes may be possible when improperly secured seals and signatures are subsequently used without the knowledge or consent of the licensee. The latter, has potential for serious consequences for both those who misused the electronic seal and signature as well as, potentially, the licensee.
Digitally Certified Seals and Signatures
The only way to truly secure one’s electronic seal and signature, with the capability of appropriate verification, is using a third-party digital certification service. Such entities exist in the online marketplace, often furnishing their services on a subscription basis. One digital certification firm offers a line of credentialing services intended specifically for the architect- engineer- contractor (AEC) market, with a one-year subscription for one person costing approximately $370 per year in August 2024. Each person who will apply a digital seal and signature would need to be included under such a subscription. Other options include multi-year subscriptions with a correspondingly lower price per year, and bulk subscription rates intended for design firms.
Such services may be oriented toward applying an electronic seal and signature via a commonly-used, third-party software application, such as Bluebeam Revu or Adobe Acrobat. Some design firms may have such subscriptions available to their employees, without cost to the employee, via applications such as Bluebeam or Adobe. Proper digital certification of seals and signatures also protects the document from subsequent, unauthorized revisions or tampering. In the event of such revisions, the digital seal and signature will automatically be removed. Electronic seals and signatures should include Long-term Validation (LTV), meaning they will not expire after the subscription to the digital certification service expires.
RFC 3161 compliant timestamps can be automatically included with electronic seals and signatures verified through a third-party digital certification service. The “RFC 3161” standard is issued by the Internet Engineering Task Force, which is responsible for developing and promoting voluntary internet standards. RFC 3161, titled “Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)”, defines a protocol for requesting and verifying time-stamp tokens from a “time stamping authority” (TSA), such as a digital certification service. RFC 3161-compliant verification provides proof that a specific piece of data existed at a particular point in time, which is crucial for proper security of credentials.
An example of a digitally certified design professional seal and signature is presented below:
Recommendations for Securing Electronic Seals and Signatures
Electronic files in native format should never be released outside the design professional’s organization with electronic seals or signatures in unsecured graphic format. Such documents should be issued only as locked PDF files or in other secure format.
Within a design firm or other organization, licensees should properly secure their seal and signature, whether in electronic form or otherwise. Regardless of whether applicable laws and regulations expressly address electronic sealing and signing, the model language of Section 240.20.H of NCEES’s Model Rules present what may perhaps be regarded as best practice for electronically sealing and signing instruments of service.
Conclusions
Since approximately the early 2000s, electronic sealing and signing has progressed from rare and unique to commonplace and predominant, compared with applying “wet” seals and signatures. While electronic sealing and signing provides greater convenience and versatility, especially for multi-disciplinary design teams spread out over multiple locations, it also presents new risks and opportunities for misuse. Although laws and regulations governing the design professions in the United States vary considerably in the extent to which electronic sealing and signing are addressed, the model regulations of the National Council of Examiners for Engineering and Surveying present what may, perhaps, be an ideal for securing and verifying the use of electronic seals and signatures, that should be carefully considered by licensed design professionals.
Forthcoming articles in this series will include: Part 3 – Statutory Requirements Concerning Sealing and Signing of Documents; and Part 4 – Practical Considerations Concerning Sealing and Signing.
Original text Copyright 2024 by Kevin O’Beirne
The content of this blog post is by the author alone and should not be attributed to any other individual or entity.
The author of this blog post is not an attorney and nothing in this blog post constitutes legal advice. Readers in need of legal advice should consult with a qualified, experienced attorney.
Kevin O’Beirne, PE, FCSI, CCS, CCCA is a professional engineer licensed in NY and PA with over 35 years of experience designing and constructing water and wastewater infrastructure for public and private clients. He is the engineering specifications manager for a global engineering and architecture design firm. Kevin has been a member of various CSI national committees and is the certification chair of CSI’s Buffalo-Western New York Chapter. He is an ACEC voting delegate in the Engineers Joint Contract Documents Committee (EJCDC) and lives and works in the Buffalo, NY, area. Kevin O’Beirne’s LinkedIn page.