One big contributor to the problem is the ESIGN Act - passed in 2000 it legitimized electronic signatures but failed to define them in any technical sense. Instead the law defines them as any "electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record."

The result has been that pretty much all "electronic signatures" are just fairy dust.

Here's a little discussion of the issue and how it played out in one case: http://christiansenlaw.net/2011/10/caselaw-when-bad-security...