PowerPoint slides
Upcoming SlideShare
Loading in...5

PowerPoint slides






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

PowerPoint slides PowerPoint slides Presentation Transcript

  • E-Consent A Critical Element of Trust in e-Business Roger Clarke , Xamax Consultancy Pty Ltd http://www.anu.edu.au/people/Roger.Clarke/ ... .../EC/eConsent.html, eConsent02.ppt 15th Bled Electronic Commerce Conference, Bled, Slovenia, 17-19 June 2002
  • E-Consent A Critical Element of Trust in e-Business Agenda
    • Trust in e-Business
    • Consent
      • Definition
      • Contexts
      • Characteristics
    • e-Consent
      • Process
      • Object
      • Implementations
      • Implementability
  • Fundamental Risks in All Markets That Are Perceived to Be Greater in Marketspaces
    • Seller Default
    • Buyer Default
    • Market Operator Default
    • Intermediary Default
    • Service-Provider Default
    • Tradable Item Quality
    • Fulfilment Quality
  • Trust as an e-Business Enabler
    • Cyberspace adds to Uncertainties, Risk
      • Lack of Information
      • Jurisdictional Issues
    • What are you doing with my money?
    • Will you really deliver the goods?
    • What are you going to do with my data?
  • Trust confident reliance by one party about the behaviour of the other parties
    • Origins in kinship groups
    • Extensible to cultural affinity (i.e. friends)
    • Not directly extensible to business relationships
    • In business, it’s merely what a party has to depend on when no other form of risk amelioration strategy is available
  • Sources of Trust
    • Direct Relationship
    • kinship, mateship, principal-agent, contract, multiple prior transactions
    • Direct Experience
    • prior exposure, a prior transaction or trial
    • Referred Trust
    • 'word-of-mouth', reputation, accreditation
    • Symbols of Trust or Images of Trust
    • brands, meta-brands
  • Latest in a Long Line of Marketer Manoeuvres Dynamic Consumer Profiling
    • Self-Identifying Data, consensually provided
    • ‘ the click-trail’
    • Self-Identifying Data, acquired by trickery
    • e.g. pseudo-surveys, cookies, web-bugs, ...
    • Server-Driven Client-Side Processing
    • JavaScript, Java Applets, CaptiveX, spy-ware, ...
    • Self-Identifying Personal Profile Data
    • aka 'Identity Management'
    • esp. MS Passport / wallets, but also Liberty Alliance
  • Trust Through Buyer Protection
    • Service Longevity and Reliability
    • Transparency of Data About the Seller
    • Fairness of Marketspace Processes
    • Security of Tradable Items and Funds
    • Risk Allocation / Clarity of Risk Exposure
    • Safeguards such as Warranties, Recourse, Insurance, a Credible Insurer of Last Resort
    • Protections for the Buyer’s Data
  • Consent
    • concurrence
    • by a party
    • with an action
    • to be taken by another party
  • Consent Context: The Human Body
    • medical procedures
      • drug prescription, innoculation, surgery
    • acquisition and use of body fluids/tissue/organs
      • donations of blood, semen, bone marrow, kidneys
      • organ donations from the dead
    • acquisition and testing of body tissue/fluids
      • health care diagnostics
      • substance abuse testing
      • suspect identification and suspect ‘elimination’
  • Consent Contexts: e-Business
    • Promotion and Marketing
    • Price, and Terms of Contract
      • (Invitation to Treat)
      • Offer
      • Acceptance
    • Payments
    • Handling of Purchaser Data
      • Commercial Confidence
      • Privacy
  • Consent and Consumer Marketing Practices
    • on the street
    • via mass media
    • at an exhibition site
    • the telephone
    • physical mail-box
    • email-box
  • Contracting and Payments
    • Declaration of Offer
    • Signification of Acceptance
    • Consumer Choice
    • Evidence of Offer and Acceptance
    • Consent to Use Credit-Card Details:
      • Once and Destroy?
      • Once and Retain?
      • Once and Retain, and Re-Use?
  • Consent and Personal Data
    • Consumer Expectations
      • privacy is a 'fundamental human right'
      • excited (and/or numbed) by abuses
      • excited by advocates and the media
    • Particularly Serious Concerns
      • anti-discrimination categories
      • taxation and financial data
      • health data
      • household data
      • location data for persons-at-risk
  • Consent , Personal Data and the Law
    • General Privacy Laws :
      • OECD Guidelines as a framework, 1980
      • EU Directive on Data Protection, 1995/98
      • US – a scatter of laws, but intransigence re a general law, hence 'safe harbor'/FCC
    • Specific Laws , e.g.
      • Spam
      • EU Directive on Cookies?
    • Standards , e.g. Cookies RFCs 2964, 2965
  • Consent, Personal Data and Australian Law
    • Under the Privacy Act 1988 as amended by the Privacy Amendment (Private Sector) Act 2000, wef 21 Dec 01:
      • collection, use and disclosure of personal data are all subject to controls based on consent
      • direct marketing is subject to some specific provisions (much less than the EU demands)
      • what it all means in particular contexts is far from clear; but a level of expectation has been created
  • Characteristics of Consent – 1 of 2
    • {express in writing OR
      • express unrecorded OR
        • implied OR
          • inferred}
    • {declared by 'opt-in' OR
      • presumed with 'opt-out', but
        • subject to the absence of express denial}
  • Characteristics of Consent - 2 of 2
    • legal capacity
    • physical and intellectual capacity
    • informed
      • what scope of actions
      • who may take such action
      • for what purpose may it be taken
      • over what time-period does it apply
    • freely-given
    • revocable and variable
    • delegable
  • e-Consent signification by recorded electronic means of concurrence or otherwise with an action to be taken by another party
    • To achieve trust in the e-business context, recording is essential, in order to enable authentication
    • Recording by electronic means is highly desirable, so as to use the same facilities as the e-business transaction, and to enable automated processing of the consent
  • The e-Consent Process
  • (1) Initiation
    • two parties enter into some form of information interchange, resulting in an intention by one party to provide consent to an action by another
    • possibilities include:
      • email-interchange
      • an exchange between browser and web-server
      • telephone conversation
      • personal contact
  • (2) Declaration of the Consent
    • could be performed on the consent-giver’s own computing facility, or through interactions between the facilities of the two parties
    • possibly an email-interchange, or an exchange between a browser plug-in and web-server script
    • possibly on the site of the marketer or an agent (accountant, solicitor, financial adviser, health care professional), with a signature on an office-copy of the printed document, or a keystroke on a computer
  • (3) Expression of an e-Consent Object (e.g. for the Specific Purpose of Data Access)
    • Access to < data >
    • by <one or more entities or identities , or categories thereof>
    • for <one or more purposes >
    • in <a context >
    • is [consented to | denied]
    • by <an identity >
  • (4) Transmission of the e-Consent Object
    • Transmission Security:
      • virtual private networks (VPNs)
      • channel-encryption measures e.g. SSL/TLS
      • message-encryption tools such as PGP
  • (5) Authentication of the e-Consent
    • Authentication of Individual Identity
      • possibly digital signature, perhaps using a secure token and even biometrics
      • more easily password / PIN / passphrase
    • Alternatives:
      • Anonymity
      • Pseudonymity
      • Authentication of Attributes / Credentials
      • Authentication of Value
  • Conventional X.509-Based PKI
    • the maths makes lots of unjustifed assumptions
    • private key generation is insecure
    • private key storage is insecure (and unsecureable)
    • X.509 certificates are privacy-hostile
    • acquiring a certificate is utterly privacy-hostile
    • fine print in CAs' contracts denies all liability
    • key revocation is largely unsupported
    • the industry is built on mythology
    • no effective open, public schemes exist
    • if they ever did, they'd be highly privacy-invasive
  • What Conventional PKI Does
    • It provides
    • to the recipient of a message
    • zero assurance about the identity of the sender
    • It provides assurance only that
    • the device that signed the message
    • had access to a particular private key
  • (6) Application of the e-Consent
    • Display-Only ; but with logging, log-analysis, exception-reporting, powers, action against abuses
    • Authorisation / Access Control :
      • permission to access a resource (data, a process) based on consent (or legal authority, or power)
      • absence of permission results in
        • denial of access ('gatekeeper'); or
        • qualified access (with controls as above)
  • Subtleties in an e-Consent Object
    • specific, operational definitions of domains on which data-items are defined, e.g. which data, which other party or which category of parties, which purpose
    • supplementary data (e.g. re power of attorney)
    • general consent with specific denial (all except ...)
    • general denial with specific consent (none except ...)
    • a hierarchy of such qualifications
    • reliable date-time stamps, to support authentication
  • Existing Implementations?
    • 'I accept' buttons (which deny consumer choice)
    • Info-mediaries as agents (are there any?)
    • MS Open Profiling Standard (OPS) (RIP?)
    • So-called ‘Identity Management’ schemes:
      • MS XP, .NET, Passport, wallet, web-services
      • AOL Screen Name, and Quick Checkout
      • Liberty Alliance - http://www.projectliberty.org/
    • W3C Platform for Privacy Preferences (P3P) - or just Platform for Publishing Privacy Policies (P4P)
  • Implementability
    • Marketer uses P3P-like syntax to declare terms, in XML format, in a document on the web-site
    • Consumer uses a browser to access it, and a plug-in to analyse the content and display it
    • Consumer uses a browser plug-in and templates to express a consent in XML format
    • Consumer transmits the consent using SSL
    • Marketer uses a CGI script to analyse it, and either accept, reject, or enter into negotiations
  • e-Consent CONCLUSIONS
    • a critical element of trust in e-business
    • requires maturation beyond old-fashioned 'consumer as prey' marketing philosophies
    • requires inversion of current thinking about 'identity management' and marketer-controlled storage of personal data
    • implementable using existing technologies
    • a research opportunity
    • a business opportunity