KeepSolid CEO Vasiliy Ivanov: We Believe GDPR Is a Good Intention

In the digital age, many commercial companies and even governments think of going paperless, and some even weigh on shifting towards cashless economy. The reasons for that urge are fairly obvious: it’s friendly to the environment, it’s convenient, and, of course, it’s cost-effective. However, there’s still a long way to go until even our signatures get completely digitized, and the need for doing all things old-fashioned way finally vanishes.

In order to get to know more about things happening on the way to the world without papers, lawless.tech talked with Vasiliy Ivanov, CEO of KeepSolid, one of the companies that provide a relatively new service of handling digital and e-signatures to individuals and businesses, among other things. Are there any legal obstacles for electronic signatures? Is it really secure? Let’s find out.

lawless.tech: How did you come up with the idea for KeepSolid Sign?

It was an interesting development of my career as a software engineer and a totally new field of knowledge. Technical principles stop functioning when you work not with machines, but people. I didn’t give up coding and took up an administrative role of a co-founder of the company back in 2013.

Prior to KeepSolid Sign launch, we’d launched a couple of successful products, one of which was KeepSolid VPN Unlimited. When other products started their freewheeling, I started looking for something new we could do for the team and the company. Where we would be able to change deeply-rooted practices and improve technologies. One of such ideas was an electronic signature. On the one hand, this supported a well-established tendency for reducing paper use and saving forests. On the other hand, governments of many countries had just started discussing the legitimacy of the electronic digital signature. The horizons looked interesting and the competition was much lower than for KeepSolid VPN Unlimited, so we started the project.

A few years, a number of critical management mistakes, and $400,000+ spent on development later, we created this product for iOS, Android, macOS, Windows, and web platforms.

lawless.tech: Recently KeepSolid reached 10 million users. How did you achieve this? How many of them have used KeepSolid Sign?

The credit for this number goes to our other products: KeepSolid VPN Unlimited and Private Browser. They have been on the market for almost 5 years, and are gradually gaining momentum. KeepSolid Sign is a young software just yet. We are still experimenting with its positioning. Its users differ a lot too. They are business clients and require a totally different approach, acquisition methods, and, of course, different pricing.

E-Signatures Today and Tomorrow

Being a relatively new invention, e-signatures have made their way not only to the business of private companies but even to some nationwide endeavors, as seen, for example, in Estonia, where anyone can sign any document or agreement digitally, even if they’re located halfway across the globe. Still, e-signatures are relatively young as a market phenomenon. So, what does the market for them actually look like?

lawless.tech: What are the main trends at the e-signature market? What should companies do to keep their competitive edge?

The e-signature market is shifting towards being a part of bigger processes and business workflows. E-signatures have been integrated into various solutions, like contract management software, ERPs or even websites (for collecting signatures from website visitors). Companies are willing to go paperless, digitizing their business processes. Signing the document is only a part of this process. More and more medium businesses and enterprise clients we communicate with express the need for one and only solution, or at least a perfectly integrated one, to automate the whole document workflow. Starting from initiating a contract or an internal document, and up to controlling its implementation.

For instance, logistics companies don’t want to work old-fashioned way anymore–to have a paper proof of delivery, which usually gets lost. They want software to help them from the very beginning: from smart filters to in-person e-papers signing at the clients’ doors.

Every company has their own workflows, which often involves third parties in the process. You can imagine how flexible and powerful the software should be in order to comply with requirements and internal standards. As well as be easy to use with minimum efforts on integration and training for staff from the client’s side.

lawless.tech: How do you think, could e-signatures eventually be replaced by other, more secure methods of signing? What the alternative tech could be like? Is there one in existence right now?

I’m sure this field won’t do without startups working on blockchain technology. But, to be quite honest, I haven’t found a single solution based on this technology, which I really needed. This looks more like a hype similar to Bitcoin. And this hype has no remarkable advantages for users. People involved in signing contracts concentrate on business development. They sign documents and proceed to their jobs. Contracts they sign are usually less secret than a country’s plans for invasion of another country. That is why there is no urge for inventing complex technologies to protect them.  

Competing With Paper Document Flow

KeepSolid isn’t by any means the only company to offer e-signature services. Still, the service in general isn’t immensely popular yet, and many businesses and other entities stick to the old-fashioned way of signing documents. Any company working in this area should have a competitive edge not only over its direct market rivals, but also over the entire paradigm of paper-based document flow that has been around for centuries. But what could that edge actually be?

lawless.tech: What are the main distinctive features of KeepSolid Sign? What do you offer that other companies cannot?

KeepSolid Sign is a multiplatform app, available for Mac, Windows, iOS, Android, and browsers. Thus it allows users to work with documents on any device, both in the office and on the go, and even without the internet connection. KeepSolid Sign offline mode lets users get documents prepared for signing: add annotations, assign recipients. Moreover, they can even press a send button when offline. The document will be sent out the very moment the internet connection is available.

Our approach to pricing differs too. We offer a few subscription plans and the price depends on the quantity of senders, not features. There is no limit to the number of documents a user can create and send for signing. Moreover, it is always free for signers. Participants, who receive documents for signing or are being added as observers to the document never need to pay anything.

lawless.tech: How do you protect your customer’s signature from being counterfeited? How can users protect their signatures and identities?

KeepSolid Sign protects all documents with random keys and the AES+RSA encryption combination. Data encryption, like AES-256, is highly effective here. This is the same type of encryption that is used by the US government to protect their classified information. AES-256 secures any and all of your data within the app.

We identify users through the email and password combination and provide a peer-to-peer encryption, so all document are encrypted with classical public-private keys. This pair of keys accomplishes two functions. The first one is authentication, where the public key verifies that the holder of the paired private key does actually send the document. Then goes encryption, which allows only paired private key holders to decrypt the document encrypted with that public key. If it falls into wrong hands, documents won’t be deciphered.

We are considering additional security features, like applying digital certificates to the signed documents, as well as 2-factor authentication, too.

We also advise our users to be precautious and keep links to their documents confidential as well as securely store passwords to their email boxes and KeepSolid Sign accounts.

lawless.tech: Which companies use KeepSolid Sign the most? Are they from the IT, e-commerce, or some other industry?

Currently, the KeepSolid Sign main focus is on solopreneurs and small to medium size businesses. It’s for people who need to sign documents frequently, like daily or weekly, and sometimes they need it to be done offline. For instance, construction professionals, who might need the solution in the field, or people, who travel on business a lot. Having a dedicated product handy and paying for it on a monthly or even annual basis makes sense for them.

A fully-functional cross-platform app shapes the type of users for the product too. For example, a lot of our customers download the app on the Mac App Store. They are mostly freelancers, self-employed entrepreneurs, and small teams. When we talk about Windows users, they are teams inside bigger companies and organizations.

Our clients also are consulting companies, marketing agencies, sales teams, HR specialists, realtors or real estate agents, etc.

lawless.tech: Your website claims that KeepSolid Sign could also be used for educational purposes. It looks like students are able to sign all the required papers and, thus, have a chance to stay at home instead of going to the deanery. Still, it’s hard to believe in this. Could you tell us how exactly students can enjoy it?

When we conducted our beta testing we managed to interview a couple of college professors and their assistants. They were looking for a solution to get signatures faster and automate their paper workflow: from online applications and student loans to class enrollments and course assignments. These professors and their departments are quite autonomous in terms of overall school procedures, so they are willing to test new solutions inside their teams and introduce them to their respective administrations later.

Students are quite comfortable with adopting digital signing, especially on mobile. They like they don’t need to come and sign most of the documents, or send them via email, or from a post office with their wet signatures. At the same time, the college/school staff doesn’t need to print, scan, re-enter data, fax, store and archive documents.

We recently faced a new use case: a professor wanted to initiate a process for all students to sign one document, a petition style one, using KeepSolid Sign. This isn’t a typical scenario and our app does not allow bulk signing yet. However, we see the space for improvement here so we added this to our product roadmap.

Higher education is a niche we are interested in to help more educational institutions modernize and digitalize their paper-based workflows.

Electronic Signatures vs GDPR

Being a private matter and an item of your personal data, signatures are actually subject to privacy-protecting laws like the GDPR, so the question of compliance is among the hottest issues for all companies that deal with such sensitive information. Yet, any company should sort out those legal issues in order to stay in business. How does KeepSolid keep up with those recent legislative developments?

lawless.tech: There are various laws closely related to electronic signatures, such as the well-known GDPR and less known eIDAS (electronic IDentification, Authentication and trust Services). How do you comply with them? Are their requirements hard to meet?   

We believe the GDPR is a good intention. However, there are lots of vague descriptions, which lets people speculate and variously interpret its requirements. The GDPR’s story is only starting and we have a chance to witness how companies implement all the aspects of this law.

Our lawyers are still working on some points to comply with the GDPR and at the same time to fit in with the legally binding signatures requirements, so that our users could protect their rights and prove the fact of signing their documents at court if needed. For instance, as the GDPR requires, we allow our users to completely delete their accounts, but we cannot delete all the documents they receive in various roles (both as signers and as observers) from our servers forever for now. The reason is that there is a limited time allowed for claims, and each of the participants might need the document at court. We completely delete the document if all participants delete their accounts with our service. However, we are planning on implementing a more flexible solution for this. Users will be able to decide whether the document should be completely deleted and for how long it should be stored on our servers.

We know all the requirements to be fully compliant with the ESIGN, the UETA and the European eIDAS. This is what we are going to be adding incrementally to KeepSolid Sign through the end of 2018.

Conclusion

All in all, it looks like electronic signatures will increasingly expand their share not only on the market of digital services, but also in the mindsets of our contemporaries. Going all-digital still has its own risks, mostly related to infrastructure: for instance, a country that abandoned cash altogether faces the risk of its entire economy getting paralyzed if power suddenly goes down, or some schoolkid with a laptop hacks into the system.

Still, digitalization of routine tasks seems inevitable in the 21st century. After all, there aren’t only risks inherent in going digital: there is much convenience, security, and the feeling of having everything under control. So, it’s quite likely that electronic signatures will become much more widespread a phenomenon in the years to come.

Follow us on Twitter to stay tuned on the recent developments in regulation of new technologies, and be the first to read expert opinions.