docusealco
Providing half-signed documents to all signers before all signers have signed
When you have a document that is to be signed by multiple signers, at docuseal the document as available for all signers to see the document with the signatures of the previous signers even before all have signed.
This is a huge security issue. The other singer is empowered to obtain a half signed document that leaves the first signer to be at the mercy of the later signer, since he can chose if and when he will sign, while the first signer is already bond by his signature.
For example if the contract is to by a car, and e.g. the seller signs the contract, the buyer can download this half signed contract and still try to buy another car, while he has the first car secured, since the seller has bond himself already with his signature and thus will get in trouble if he sells the car to someone else. The buyer can then either go buy some other car and leave the contract with the first seller unsigned forever, or if he sees that he can't get the other better car, return to the contract of the first seller and then sign it at some point later to still close the deal. Even if the first seller has deleted the contract at docuseal in the mean time, the malicious buyer can still print the half signed contract that he had downloaded and sign it by hand and still get a valid contract this way. If the seller has sold the car until then, he must pay damages to the buyer who has a signed contract but is not able to get the car since it has been sold elsewhere in the mean time.
At other platforms, e.g. PandaDoc the signatures of the previous signers are only displayed on the document as soon as ALL signers have signed, which is the proper way to do it. This way no signer is able to obtain a half-signed document, only an unsigned document or a document fully signed by all parties. This is the only proper way to do it.
The way it is now at docuseal is completely insecure and risky to use since the later singer can abuse it. The only way currently to prevent this would be if the seller is aware of this technical shortcoming of docuseal and thus he has included a provision in the contract that gives the contract a deadline to be signed by both parties, as you do with offers that expire, which is a very awkward, uncommon and impractical workaround and it also adds other problems, e.g. putting stress on the signers even if it would not be necessary if the platform would just withhold the partial signed contract until everyone signed.
I'm having the same issue. In a strict 3-person signing workflow, after the 2nd person signs the document, all parties received the incomplete signed document with the 3rd person missing signature.
Docuseal v1.9.1
@rubyonrailsstarter i think the issue you described is different from the issue raised in the original post. Could you please provide screenshots/screenshare regarding the issue or step on how to reproduce it? (possibly open a new issue since it's different)
@Tom-H-L partially signed PDF doesn't contain a digital signature attached to it and can't be used as a finalized agreement. Only after all signing parties sign the document the PDF is sealed with digital signature.
Other esignature software providers also show signatures added by previous signing parties to the last signing party during the signing process. Just like with in-person 'paper' signing a signature of the first signer is visible on the paper document to the last signer.
@Tom-H-L partially signed PDF doesn't contain a digital signature attached to it and can't be used as a finalized agreement. Only after all signing parties sign the document the PDF is sealed with digital signature.
Of course it can be used. You download it, print it, and have a document that bonds the other party while you are having the power to seal the deal or not whenever you want. This enables massive abuse. See the example that I outlined in the original post. This completely ignores if some online eSignature tool forsees some digital signature document attachment in the next steps or not. The partially signed and printed document is fully legally bonding in many jurisdictions.
Other esignature software providers also show signatures added by previous signing parties to the last signing party during the signing process.
One of the big players, DocuPanda, does NOT disclose the partially signed documents. Only after all parties have signed, the document with the signatures gets disclosed, which is the proper way of doing it.
Just like with in-person 'paper' signing a signature of the first signer is visible on the paper document to the last signer.
Yeah, but just like with in-person paper signatures, you either sit on a table to have everyone involved sign at the same time and only after everyone has signed, they will be handed a copy with all signatures on it.
If this is not possible, e.g. when an employment contract is being sent to the applicant via email for signature, then, if the company is smart, they will send an unsigned document and only sign it themselves as soon as the applicant has returned the partially signed by him document, so that the company is not at risk being held hostage by the applicant when he keeps the partially by the employer signed contract and he takes his time to sign while negotiating other offers, too. That is why people should not send documents via Email for signature since it will always include this power asymmetry. They should use online signature platforms so that it resembles the "everyone signs at the same time on the same desk" situation by collecting all signatures first and only after everyone has signed, handing out the signed copies to the parties. But Docuseal fails in this regard, as it is currently.
I wonder that you do not recognize this problem to be real conceptual security issue of Docuseal. Especially, since there is not one advantage of how it is right now that the signer gets a partially signed copy, other than to serve for fraudulent intentions as described in my examples. The partially signed document has zero additional value for him compared to the blank document without any signatures.
I think Tom-H-L is right! I just evaluated the new eSignatures solution in SharePoint and they implemented the behaviour he describes: It is possible to view previous signatures in the web viewer, but when trying to download the partially signed document, an information is displayed 'Signature is not completed yet. Signatures are only visible once all recipients have signed this document. Download anyway?'
The downloaded document contains no signatures and a new version of the document will not be saved in Sharepoint until all signatures are complete.
It is possible to view previous signatures in the web viewer, but when trying to download the partially signed document, an information is displayed 'Signature is not completed yet. Signatures are only visible once all recipients have signed this document. Download anyway?'
Frankly, I think that even that web viewer feature is a security issue. Someone could screenshot, etc. And as stated above: There is zero added value to see the other signatures other than to open the field for fraudsters. At Pandadoc you can see and download only blank documents or, if signed by you, documents signed by you, until all signatures have been placed on the document.
Guys, please implement this request. The way that it is right now, Docuseal is not seriously usable for professional use. It really is a conceptual critical bug, actually a security breach, to hand out partially signed documents.
Of course it can be used. You download it, print it, and have a document that bonds the other party while you are having the power to seal the deal or not whenever you want.
@Tom-H-L in the scenario you described the first party signer will be able to claim a document signed this way as invalid since they never agreed to sign offline - the agreement has been made to sign digitally and the second party signer breached it by printing the document and signing a paper copy.
For example YouSign works the same way as Docuseal where the first signer signature is displayed on the page to the second signer and it's possible to download the first party signed document without signing as the second party.
Also DocuSign works the same way as YouSign/DocuSeal/SignNow - first party signature is visible to the second party and a partially signed PDF can be downloaded.
Of course it can be used. You download it, print it, and have a document that bonds the other party while you are having the power to seal the deal or not whenever you want.
@Tom-H-L in the scenario you described the first party signer will be able to claim a document signed this way as invalid since they never agreed to sign offline - the agreement has been made to sign digitally and the second party signer breached it by printing the document and signing a paper copy.
I do not understand on what basis your argument stands. What agreement has been made concerning how the document will be signed and also what agreement has been made not to hold the other party hostage by delaying the signature while the other is bond already? I create a contract and I send it to someone, a sales contract for a product, for a house lease, for an employment, whatever. Then only one party signs it and the other party gets access to the partly signed contract. He can hold the other hostage by delaying the signature (while the other is bond already by his signature), he can sign it online later, he can print it out and sign it later, he can add his digital signature to the PDF later, all perfectly legal, EXCEPT if someone would include provisions in the contract a whole bunch of regulations to protect himself against all that, by excluding all these cases one by one, putting a deadline into the contract for how long the offer stands valid, regulating that only signatures performed over the eSignature platform are valid and no handwritten signatures, and so on. Besides that, there is no other agreement before that, concerning the way to sign, that I am aware off, so someone would need to regulate all that in the contract itself on his own, so to make up for the shortcoming of the eSignature platform.
And for what reason is it possible? Because: What is the advantage of having a partially signed document exposed to the other party? There is none that I can think of. It has only disadvantages and not a single advantage. I remain on my point of view: Exposing a partially signed document to the other party is a bug, not a feature.
There is a reason why for example for really important contracts, all parties meet in a room to sign together at the same time and only after all signatures have been added, the notary hands out the contracts to all parties. There is a reason why (smart) employers send unsigned working contracts to the candidate employee, for him to sign it and then send it back so that the employer can sign it himself and then send the final version back to the employee, instead of sending him a version signed by the employer in first place. No smart employer wants to hold himself hostage by the candidate for the position. He might delay his signature for a few days and in the mean time negotiate with another employer while having a secured employment option in his hand and holding the first employer hostage, because they can't also send a contract to the next candidate, not to end up with 2 employees.
For example YouSign works the same way as Docuseal where the first signer signature is displayed on the page to the second signer and it's possible to download the first party signed document without signing as the second party.
Just because others make the same mistake, it does not make the mistake any better. And Yousign is a very small player in the field of eSignature platforms, not even among the top 10. One of the top 4 platforms, PandaDoc, does NOT expose the partially signed document, for exactly the reasons I claim. You can download the unsigned document any time if you chose to activate that option in the settings but even if others have signed already, the document will be the original one without any signatures or other filled out data by the other party. Only as soon as all parties have completed their signature process, you can download that legally sealed contract. Which makes perfectly sense.
So the main question remains: What do you believe is the advantage of exposing partially signed documents to the other parties?
P.S.: The only advantage of exposing the partially signed document to the other parties that I could think of is that they can see that the others have signed already, as a motivation to sign themselves, instead of having the impression that they are the first to make a move to sign the document.
Should that be the intention, then this feature could be maintained by having the fields be marked as "processed by party" or something like that, instead of exposing the actual data they entered, including their signature, so that the data is not exposed and they cannot be held hostage with a partially signed contract that bonds them.
And it is not only about the signatures and about being held as a hostage. It is also about exposing data to the other party. For example, if the fields to fill out include personal sensitive data, such as passport numbers, or even uploaded passport photos. Now take the case, that it is still unclear if the other side will actually ever sign the contract. By signing it already as the proposing side, the other side will have a partially signed contract to hold them hostage, including access to all the sensitive data and passport photos, etc. and they might even walk away and never sign the contract and exposing themselves their data to the other party, while having had access to the data of the other party. All that could be prevented, if all parties get to see the final signed contract including all other fields of data, passport photos, etc. only after all parties have signed and entered their data, so that the power distribution is equal.
Really, there is not one advantage to have DocuSeal expose the signature, data, etc. of an partially signed contract to the other party. I remain on my standpoint: It is a (conceptual) bug, not a feature. And a HUGE bug, rendering DocuSeal not usable for certain cases where these things matter (actually, most cases that I can think off, since I want never to be held hostage).