Security and Privacy of Internet Transactions
Unsecured transmission on the Internet is often cited as the main
deterrent for a rapid growth of electronic commerce. Although much progress
is being made in terms of security, the net is still considered to pose
a risk for commercial transactions. Although the Internet's lack of
security stems from the fundamental design of the basic protocol suite,
security measures can be implemented at various levels of Internet communications.
Network level security secures the conduit, while encryption secures the content traveling through the conduit. Security takes on added importance when we look at the special case of financial payment mechanisms.
While payment security usually means protecting sensitive information from eavesdropping and theft, a secure transaction has a broader set of requirements, including non repudiation, authentication, integrity, and confidentiality. Non repudiation means that the parties in a transaction cannot deny it after the fact. Authentication refers to the ability to verify the identity of persons involved in transactions, while integrity means that the data transferred should not be modified in transit or in storage. Finally, confidentiality refers to privacy, in other words, that the transaction is only between participants. A strong form of privacy is anonymity, where the identities of one or more of the participants are not known to the other parties of the transaction. Non repudiation and authentication are aspects that have not been explored fully and require further developments in certification technologies and services. As in notary services, a market mechanism for non repudiation and authentication involves a trusted third party. The U.S. Postal Service has recently identified its electronic commerce opportunities to be a service provider as a trusted certification authority. Although discussion on this topic usually entails the legal implications of certifying actions and liabilities, it is another area where intermediaries play an important role in electronic commerce. Data integrity and confidentiality issues have been dramatically addressed by advanced encryption and digital signature technologies. There is a large body of literature on the use of these technologies that typically invokes constitutional rights to privacy and the protection of free speech. Our focus, instead, is on the economic implications of integrity and confidentiality.
Integrity, for example, relates to the derivative right guaranteed by copyright
law. Also, maintaining the integrity of a digital document will be tantamount if that document in question is a digital currency or a digital financial document. The concern for confidentiality turns into an economic issue when transactional data are used or sold by sellers for other purposes.