• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
PowerPoint slides

PowerPoint slides






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    PowerPoint slides PowerPoint slides Presentation Transcript

    • E-Consent A Critical Element of Trust in e-Business Roger Clarke , Xamax Consultancy Pty Ltd http://www.anu.edu.au/people/Roger.Clarke/ ... .../EC/eConsent.html, eConsent02.ppt 15th Bled Electronic Commerce Conference, Bled, Slovenia, 17-19 June 2002
    • E-Consent A Critical Element of Trust in e-Business Agenda
      • Trust in e-Business
      • Consent
        • Definition
        • Contexts
        • Characteristics
      • e-Consent
        • Process
        • Object
        • Implementations
        • Implementability
    • Fundamental Risks in All Markets That Are Perceived to Be Greater in Marketspaces
      • Seller Default
      • Buyer Default
      • Market Operator Default
      • Intermediary Default
      • Service-Provider Default
      • Tradable Item Quality
      • Fulfilment Quality
    • Trust as an e-Business Enabler
      • Cyberspace adds to Uncertainties, Risk
        • Lack of Information
        • Jurisdictional Issues
      • What are you doing with my money?
      • Will you really deliver the goods?
      • What are you going to do with my data?
    • Trust confident reliance by one party about the behaviour of the other parties
      • Origins in kinship groups
      • Extensible to cultural affinity (i.e. friends)
      • Not directly extensible to business relationships
      • In business, it’s merely what a party has to depend on when no other form of risk amelioration strategy is available
    • Sources of Trust
      • Direct Relationship
      • kinship, mateship, principal-agent, contract, multiple prior transactions
      • Direct Experience
      • prior exposure, a prior transaction or trial
      • Referred Trust
      • 'word-of-mouth', reputation, accreditation
      • Symbols of Trust or Images of Trust
      • brands, meta-brands
    • Latest in a Long Line of Marketer Manoeuvres Dynamic Consumer Profiling
      • Self-Identifying Data, consensually provided
      • ‘ the click-trail’
      • Self-Identifying Data, acquired by trickery
      • e.g. pseudo-surveys, cookies, web-bugs, ...
      • Server-Driven Client-Side Processing
      • JavaScript, Java Applets, CaptiveX, spy-ware, ...
      • Self-Identifying Personal Profile Data
      • aka 'Identity Management'
      • esp. MS Passport / wallets, but also Liberty Alliance
    • Trust Through Buyer Protection
      • Service Longevity and Reliability
      • Transparency of Data About the Seller
      • Fairness of Marketspace Processes
      • Security of Tradable Items and Funds
      • Risk Allocation / Clarity of Risk Exposure
      • Safeguards such as Warranties, Recourse, Insurance, a Credible Insurer of Last Resort
      • Protections for the Buyer’s Data
    • Consent
      • concurrence
      • by a party
      • with an action
      • to be taken by another party
    • Consent Context: The Human Body
      • medical procedures
        • drug prescription, innoculation, surgery
      • acquisition and use of body fluids/tissue/organs
        • donations of blood, semen, bone marrow, kidneys
        • organ donations from the dead
      • acquisition and testing of body tissue/fluids
        • health care diagnostics
        • substance abuse testing
        • suspect identification and suspect ‘elimination’
    • Consent Contexts: e-Business
      • Promotion and Marketing
      • Price, and Terms of Contract
        • (Invitation to Treat)
        • Offer
        • Acceptance
      • Payments
      • Handling of Purchaser Data
        • Commercial Confidence
        • Privacy
    • Consent and Consumer Marketing Practices
      • on the street
      • via mass media
      • at an exhibition site
      • the telephone
      • physical mail-box
      • email-box
    • Contracting and Payments
      • Declaration of Offer
      • Signification of Acceptance
      • Consumer Choice
      • Evidence of Offer and Acceptance
      • Consent to Use Credit-Card Details:
        • Once and Destroy?
        • Once and Retain?
        • Once and Retain, and Re-Use?
    • Consent and Personal Data
      • Consumer Expectations
        • privacy is a 'fundamental human right'
        • excited (and/or numbed) by abuses
        • excited by advocates and the media
      • Particularly Serious Concerns
        • anti-discrimination categories
        • taxation and financial data
        • health data
        • household data
        • location data for persons-at-risk
    • Consent , Personal Data and the Law
      • General Privacy Laws :
        • OECD Guidelines as a framework, 1980
        • EU Directive on Data Protection, 1995/98
        • US – a scatter of laws, but intransigence re a general law, hence 'safe harbor'/FCC
      • Specific Laws , e.g.
        • Spam
        • EU Directive on Cookies?
      • Standards , e.g. Cookies RFCs 2964, 2965
    • Consent, Personal Data and Australian Law
      • Under the Privacy Act 1988 as amended by the Privacy Amendment (Private Sector) Act 2000, wef 21 Dec 01:
        • collection, use and disclosure of personal data are all subject to controls based on consent
        • direct marketing is subject to some specific provisions (much less than the EU demands)
        • what it all means in particular contexts is far from clear; but a level of expectation has been created
    • Characteristics of Consent – 1 of 2
      • {express in writing OR
        • express unrecorded OR
          • implied OR
            • inferred}
      • {declared by 'opt-in' OR
        • presumed with 'opt-out', but
          • subject to the absence of express denial}
    • Characteristics of Consent - 2 of 2
      • legal capacity
      • physical and intellectual capacity
      • informed
        • what scope of actions
        • who may take such action
        • for what purpose may it be taken
        • over what time-period does it apply
      • freely-given
      • revocable and variable
      • delegable
    • e-Consent signification by recorded electronic means of concurrence or otherwise with an action to be taken by another party
      • To achieve trust in the e-business context, recording is essential, in order to enable authentication
      • Recording by electronic means is highly desirable, so as to use the same facilities as the e-business transaction, and to enable automated processing of the consent
    • The e-Consent Process
    • (1) Initiation
      • two parties enter into some form of information interchange, resulting in an intention by one party to provide consent to an action by another
      • possibilities include:
        • email-interchange
        • an exchange between browser and web-server
        • telephone conversation
        • personal contact
    • (2) Declaration of the Consent
      • could be performed on the consent-giver’s own computing facility, or through interactions between the facilities of the two parties
      • possibly an email-interchange, or an exchange between a browser plug-in and web-server script
      • possibly on the site of the marketer or an agent (accountant, solicitor, financial adviser, health care professional), with a signature on an office-copy of the printed document, or a keystroke on a computer
    • (3) Expression of an e-Consent Object (e.g. for the Specific Purpose of Data Access)
      • Access to < data >
      • by <one or more entities or identities , or categories thereof>
      • for <one or more purposes >
      • in <a context >
      • is [consented to | denied]
      • by <an identity >
    • (4) Transmission of the e-Consent Object
      • Transmission Security:
        • virtual private networks (VPNs)
        • channel-encryption measures e.g. SSL/TLS
        • message-encryption tools such as PGP
    • (5) Authentication of the e-Consent
      • Authentication of Individual Identity
        • possibly digital signature, perhaps using a secure token and even biometrics
        • more easily password / PIN / passphrase
      • Alternatives:
        • Anonymity
        • Pseudonymity
        • Authentication of Attributes / Credentials
        • Authentication of Value
    • Conventional X.509-Based PKI
      • the maths makes lots of unjustifed assumptions
      • private key generation is insecure
      • private key storage is insecure (and unsecureable)
      • X.509 certificates are privacy-hostile
      • acquiring a certificate is utterly privacy-hostile
      • fine print in CAs' contracts denies all liability
      • key revocation is largely unsupported
      • the industry is built on mythology
      • no effective open, public schemes exist
      • if they ever did, they'd be highly privacy-invasive
    • What Conventional PKI Does
      • It provides
      • to the recipient of a message
      • zero assurance about the identity of the sender
      • It provides assurance only that
      • the device that signed the message
      • had access to a particular private key
    • (6) Application of the e-Consent
      • Display-Only ; but with logging, log-analysis, exception-reporting, powers, action against abuses
      • Authorisation / Access Control :
        • permission to access a resource (data, a process) based on consent (or legal authority, or power)
        • absence of permission results in
          • denial of access ('gatekeeper'); or
          • qualified access (with controls as above)
    • Subtleties in an e-Consent Object
      • specific, operational definitions of domains on which data-items are defined, e.g. which data, which other party or which category of parties, which purpose
      • supplementary data (e.g. re power of attorney)
      • general consent with specific denial (all except ...)
      • general denial with specific consent (none except ...)
      • a hierarchy of such qualifications
      • reliable date-time stamps, to support authentication
    • Existing Implementations?
      • 'I accept' buttons (which deny consumer choice)
      • Info-mediaries as agents (are there any?)
      • MS Open Profiling Standard (OPS) (RIP?)
      • So-called ‘Identity Management’ schemes:
        • MS XP, .NET, Passport, wallet, web-services
        • AOL Screen Name, and Quick Checkout
        • Liberty Alliance - http://www.projectliberty.org/
      • W3C Platform for Privacy Preferences (P3P) - or just Platform for Publishing Privacy Policies (P4P)
    • Implementability
      • Marketer uses P3P-like syntax to declare terms, in XML format, in a document on the web-site
      • Consumer uses a browser to access it, and a plug-in to analyse the content and display it
      • Consumer uses a browser plug-in and templates to express a consent in XML format
      • Consumer transmits the consent using SSL
      • Marketer uses a CGI script to analyse it, and either accept, reject, or enter into negotiations
    • e-Consent CONCLUSIONS
      • a critical element of trust in e-business
      • requires maturation beyond old-fashioned 'consumer as prey' marketing philosophies
      • requires inversion of current thinking about 'identity management' and marketer-controlled storage of personal data
      • implementable using existing technologies
      • a research opportunity
      • a business opportunity