Promises and Threats in Electronic Commerce

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 13 August 1997

© Xamax Consultancy Pty Ltd, 1997

Notes for an interview by ABC Quantum, 15 August 1997

The interview finally went to air as part of a program entitled 'Privacy on Line' on 11 June 1998

This paper is at


We've been doing business electronically for some time now. It started with the telephone, and then there was instant telephone-ordering of goods and services advertised on television, and then came EFT/POS.

More, and more sophisticated, forms of electronic commerce are arriving. Chip-based stored-value cards have already been successfully trialled. Cable-TV isn't very popular, but cable-based marketing, shopping and banking just might be. And of course the big mover is electronic business on the Internet.

There's a lot of trust involved in buying things. You don't just trust that the quality of the goods or services will be satisfactory; you may also have to trust that you'll even receive them.

The question of trust may be even more important in the virtual world than it is in the real world. This is because the two parties aren't in the same place, and hence we can't depend on things like physical proximity, hand-shakes and body-signals. In addition, the other party may be another country, or even in cyberspace (i.e. it may not be practicable to work out where in physical space the other party actually is); hence a transaction might not be subject to the laws of any country or State at all.

Trust in Cyberspace

There are many different ways in which we can structure electronic commerce so as to achieve sufficient trust between buyer and seller.

One approach is to only deal with organisations that you're confident in. You're likely to have confidence if you've been dealing with the same organisation over a period of time; and you can develop confidence in a new one by commencing the relationship with a few low-risk purchases.

Your confidence can be greatly enhanced if consumer protection laws are in place and effective, as they are in Australia in relation to conventional commerce (for example, goods are required to be of 'merchantable' quality, and debts incurred by card-based payment cannot be enforced unless the merchant can either provide the payer's signature, or evidence that the person's PIN was keyed into an EFT/POS terminal). Some credit-card providers also offer consumer protection features.

Another idea is to have both the seller and the buyer deposit their consideration (i.e. the money on one side of the bargain, and the goods on the other) with a third party. This third party (usually called an escrow agent) would undertake not to release the consideration to the other party, until both have been received and checked.

These approaches can be cumbersome, and businesses are searching for convenient ways of building trust into the purchasing process.


A lot of effort is being invested in developing trust through 'authentication'. There are several different ways that authentication can help.

One approach is 'value authentication'. This is much the same thing as biting a coin to see if it feels like it's really 'coin of the realm', and holding up a banknote to the light to see if it looks like the real thing. On the Internet, forgery of digital money is feasible, but not if the people minting it use the electronic equivalents of complex visual designs, watermarks and hidden metallic strips.

Another approach is called 'eligibility authentication'. This means checking that the person you're dealing with actually has a particular capability they are claiming. For example, does the person have a licence to sell those kinds of goods; are they a member of the relevant industry or professional association; do they have their company's authority to sign a contract of this nature; and do they qualify for a special tariff or price-list (e.g. because they're a tradesman who buys at wholesale price) or a discount (e.g. because they're an old-age or invalid pensioner). There is a need for electronic equivalents of membership-cards, concessions-cards, letterheads, and call-backs to the company's premises, in order to establish confidence.

A further approach is 'person authentication'. This involves ensuring that the other person is who they claim themselves to be. There are some kinds of transactions that only the person in question should be permitted to perform (such as access to personal data). Other interactions necessarily involve an ongoing relationship between the parties (such as health care, and the advancing of credit).

These various authentication techniques are based on particular mathematical techniques commonly referred to as 'cryptography'. The details are complex, and require mathematical capabilities that are well beyond most of the population. People involved in electronic commerce generally depend on 'a web of trust', that is to say that they talk to such mathematicians as they know, and to other people involved in electronic commerce, and they commission audits from specialists and from well-known consultancy firms, and if they don't find any reason to disbelieve the claims that electronic commerce is secure, then they become believers.

The particular application of cryptography that most assists in authentication is the technology called 'digital signatures'. These are long numbers that are able to demonstrate conclusively that a particular message must have come from a particular person or organisation, and, moreover, that the message has arrived without being modified along the way. This achieves a standard of evidence for a court of law that is much higher than has ever been possible with conventional signed documents.

The way that digital signatures work is that the sender of a message 'signs' it using a 'private key' that only they should have (much as a medieval prince or pope applied a specially-designed 'seal' to a written message). The key that unlocks the signature is different from the private key, and is widely available (and hence called the sender's 'public key'). Anyone who receives a message can check that it decodes using the public key, and feel confident that only the person who possesses that private key could possibly have sent the message.


These ideas for engendering trust in electronic commerce are well-motivated. Unfortunately, there is a serious risk that they will have some highly undesirable side-effects.

Very few people in electronic commerce are discussing 'eligibility authentication'; because almost everyone is assuming that people should identify themselves if they want to buy and sell on the net.

So why shouldn't people be forced to identify themselves? Isn't anonymity something that is used by cheats and criminals? Well, yes; cheats and criminals generally act in ways that make it difficult to find them, and to find evidence of their crimes, and that includes taking advantage of anonymity.

On the other hand, consider the following:

  1. most real-world transactions are undertaken using cash, and most of those are anonymous. Even if the buyer and seller recognise one another, the identity is not recorded and stored for all time. Hence any move towards identification as a requirement for electronic transactions would reverse a long history of anonymity, and would generate new trails of personal data that have never existed before. Moreover, these trails would be likely to be very intensive, i.e. to show a great deal about what each person is doing, and where they are, at every hour of the day;
  2. the new trails would be very attractive to organisations of several different kinds, in particular:

Even if most electronic commerce transactions remain anonymous, some will need to be identified. Unfortunately, the kinds of identification mechanisms that many information technology providers are enthusiastically developing, and that many organisations are looking to apply, are highly intrusive.

For digital signatures to assist in establishing trust in electronic commerce, a public key will have to be reliably associated with a person. That person will need to present evidence of their identity to a 'certification authority' (CA). The CA will then post in a public place (an electronic public place, of course) certification that that particular public key is associated with an identified person. People who have difficulties or discomfort producing documents that satisfy the 100-point rules applied to passports, driving licences, and more recently bank-accounts, are likely to find themselves discomfited more often.

The next round of initiatives is much more forbidding. These are 'biometrics', which means measures of some aspect of the individual's body. Fingerprints, once reserved for criminal investigations, are currently being applied to visitors to N.S.W. gaols. Scans of the retina, and the shape of the hand, finger and thumb, are all being applied. There are continuing attempts (although at this stage still ineffectual) to use genetics as a basis for human id, which would be likely to require the provision of body fluids or tissue.

There have already been serious proposals for the use of imposed features, in particular micro-chips, as a means of identifying not just animals (where it is a proven technology, cost-effective for expensive pets and breeding stock), but also humans. To date, these proposals have been limited to expensive, institutionalised people, primarily prisoners and senile dementia patients.

For many people, such requirements are demeaning enough; but it gets worse. The operators of id schemes in companies and government agencies will doubtless assume that these biometric measures should be stored in their databases. This is not technically necessary, but it seems like the obvious thing to do. Government agencies have been working towards a population register for many years, and a reliable identification mechanism is an important element of such a register.

There are four prerequisites for a controlled 'information society':

During the last two decades, progress in information technology has delivered the first two prerequisites. A widespread requirement for people to provide digital signatures on transactions, and the general application of biometric identifiers, could readily deliver the third. Once those three are in place, it would become a condition of living in an ordered society that people be compliant with the dictates of government agencies; so the fourth condition appears to be satisfied pretty much automatically.


Electronic commerce is potentially a great boon to people generally.

The endeavours to ensure that people have sufficient trust in electronic commerce can easily lead our emergent 'information society' down a path towards the tightly controlled State that George Orwell and others foresaw. The bad news is that this is the line of least resistance, and that simple-minded application of the technologies is all that is required to get us there.

The good news is that the technologies available to us are capable of being used in ways that can sustain freedoms at the same time as delivering sufficient trust. The question is whether we have sufficient understanding of our needs, and sufficient commitment to freedoms, to invest the necessary effort, and arrest the dangerous slide towards increased identification of transactions, and increasingly transparent and externally controllable lives.


My general pages on electronic commerce, and privacy and data surveillance provide access to a number of relevant documents, including:


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 13 August 1997

Last Modified: 9 September 1998

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 6916 Fax: +61 6 288 1472