Security and Privacy of Internet Transactions
Unsecured transmission on the Internet is often cited as the main
deterrent for a rapid growth of electronic commerce. Although much progress
is being made in terms of security, the net is still considered to pose
a risk for commercial transactions. Although the Internet's lack of
security stems from the fundamental design of the basic protocol suite,
security measures can be implemented at various levels of Internet communications.
Network level security secures the conduit, while encryption secures
the content traveling through the conduit. Security takes on added importance
when we look at the special case of financial payment mechanisms.
While payment security usually means protecting sensitive information
from eavesdropping and theft, a secure transaction has a broader set
of requirements, including non repudiation, authentication, integrity,
and confidentiality. Non repudiation means that the parties in a transaction
cannot deny it after the fact. Authentication refers to the ability
to verify the identity of persons involved in transactions, while integrity
means that the data transferred should not be modified in transit or
in storage. Finally, confidentiality refers to privacy, in other words,
that the transaction is only between participants. A strong form of
privacy is anonymity, where the identities of one or more of the participants
are not known to the other parties of the transaction. Non repudiation
and authentication are aspects that have not been explored fully and
require further developments in certification technologies and services.
As in notary services, a market mechanism for non repudiation and authentication
involves a trusted third party. The U.S. Postal Service has recently
identified its electronic commerce opportunities to be a service provider
as a trusted certification authority. Although discussion on this topic
usually entails the legal implications of certifying actions and liabilities,
it is another area where intermediaries play an important role in electronic
commerce. Data integrity and confidentiality issues have been dramatically
addressed by advanced encryption and digital signature technologies.
There is a large body of literature on the use of these technologies
that typically invokes constitutional rights to privacy and the protection
of free speech. Our focus, instead, is on the economic implications
of integrity and confidentiality.
Integrity, for example, relates to the derivative right guaranteed by
copyright
law. Also, maintaining the integrity of a digital document will be tantamount
if that document in question is a digital currency or a digital financial
document. The concern for confidentiality turns into an economic issue
when transactional data are used or sold by sellers for other purposes.