Why are hand-written signatures still so commonly used?

It pays to investigate what we really trust in hand-written signatures.

A signature is the physical manifestation of the will of the signer to acknowledge the contents of what is signed. Most legal systems define that a signature is yours and is binding if and only if "you really did it". This looks like a tautology, but it actually is quite profound: the hardness of forging, or even the involvement of a physical hand and pen, are not part of what defines a signature.

So what's the trick ? At the core of the trust system is the set of laws which severely punish forgery: forging an hand-written signature is an offense which can land you in jail for much more time than whatever you signed. The idea is that a hand-written signature happens "in the physical world" where it leaves many traces, in particular witnesses. The risk of being caught forging a signature makes it "not worth it". The signature medium is not really important; typing your name at the end of an email is as much binding as an ink-based handcrafted smudge at the bottom of a piece of paper (at least in England; there are variations depending on the country). In Japan they use personalized stamps.

The system works as long as forging signatures remains risky. When translating into the digital world, signatures become too easy to forge without any trace, which is why cryptography must be invoked. Cryptographic signatures also open the possibility of automation: being able to sign and verify at lightning speed (the verifying part is a novelty: with hand-written signatures, verification that the signature is legit is not a power given to just anybody).

The hard part of designing a signature scheme remains the set of laws which make the link between the action of signing, and the legal consequences thereof (namely, the "binding" part). Technicalities such as length of a RSA key are the easy part, which can be done by mere scientists -- but laws take decades and an awful lot of negotiation. Such laws exist for hand-written signatures; actually, they have existed for thousands of years. Digital signatures will begin to compete with hand-written signatures only when legal systems will be up to it. Europe is currently trying to do that, but it takes time.