Auditable NDA Solution

Question

Just started at a place and, currently, they ask folks to fax in NDA. They want to (possibly) move toward doing something electronically on their web site. It seems they aren't too keen on the checkbox ("I agree") approach and would like to keep an audit trail. Ahem, they even brought up digital signatures which I have no experience implementing. I'm trying to steer them away as we don't want the NDA process to be prohibitive ("I don't have a Certificate Authorized signature and this seems like a lot of trouble", etc.) and it's probably going to be tough for me to implement in a timely manner.

Is there a simple solution using something like OpenId, OpenAuth (although I realize this is more for user auth) or some other API? I have no idea how to tackle this one on the cheap. Is there a Ruby gem (or Python?). If none of the above, than is there a reliable but cost effective off the shelf solution?

Answer 1

I suspect that you need a signature, either digital or handwritten. And potential signatories will be unwilling to pay for a personal certificate from a reputable certificate authority, and neither will your company. Stick with handwritten signatures on paper NDAs. As low-tech as it sounds, it is currently the best solution.

Answer 2

While I agree with GregS on the technology-front, I'd also strongly push you to make sure that actual lawyers are involved in this discussion. There are three reasons I know to have an NDA:

1. To make it clear what the parties consider "proprietary" so no one has any questions. The key issue here is to document what each side considers proprietary, and generally assumes that both sides want to preserve the proprietary nature of the other's information, and this is just a tool to handle that. I've dealt with these when large companies get together on joint development. It's not really about litigation; it's just about process.
2. To make someone comply with what you want because they feel they really "should" now that they've signed something (whether due to conscience or fear). For that, almost anything can work, and nothing is certain to work.
3. To provide actual tools for later litigation.

Only the last one has any legal significance. And since it includes the word "litigate," the person who is going to be using those tools is a lawyer. So the actual customer of this tool (the NDA, not the website) is the eventual litigating attorney. That's the only person who can tell you what will help or hurt the case. I am constantly amazed when working with lawyers at what does and doesn't actually matter in the courtroom.

My experience is that NDAs are incredibly hard to actually litigate anyway (that said, I'm not a lawyer, I just wind up working with them from time to time), so #2 is what almost everyone actually uses them for. Here's a useful discussion on the topic: You Can't Say That.

There is an adage: "A digital signature is worth the paper it's written on." Take it for what it's worth.