PowerPoint slides

652 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
652
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PowerPoint slides

  1. 1. E-Consent A Critical Element of Trust in e-Business Roger Clarke , Xamax Consultancy Pty Ltd http://www.anu.edu.au/people/Roger.Clarke/ ... .../EC/eConsent.html, eConsent02.ppt 15th Bled Electronic Commerce Conference, Bled, Slovenia, 17-19 June 2002
  2. 2. E-Consent A Critical Element of Trust in e-Business Agenda <ul><li>Trust in e-Business </li></ul><ul><li>Consent </li></ul><ul><ul><li>Definition </li></ul></ul><ul><ul><li>Contexts </li></ul></ul><ul><ul><li>Characteristics </li></ul></ul><ul><li>e-Consent </li></ul><ul><ul><li>Process </li></ul></ul><ul><ul><li>Object </li></ul></ul><ul><ul><li>Implementations </li></ul></ul><ul><ul><li>Implementability </li></ul></ul>
  3. 3. Fundamental Risks in All Markets That Are Perceived to Be Greater in Marketspaces <ul><li>Seller Default </li></ul><ul><li>Buyer Default </li></ul><ul><li>Market Operator Default </li></ul><ul><li>Intermediary Default </li></ul><ul><li>Service-Provider Default </li></ul><ul><li>Tradable Item Quality </li></ul><ul><li>Fulfilment Quality </li></ul>
  4. 4. Trust as an e-Business Enabler <ul><li>Cyberspace adds to Uncertainties, Risk </li></ul><ul><ul><li>Lack of Information </li></ul></ul><ul><ul><li>Jurisdictional Issues </li></ul></ul><ul><li>What are you doing with my money? </li></ul><ul><li>Will you really deliver the goods? </li></ul><ul><li>What are you going to do with my data? </li></ul>
  5. 5. Trust confident reliance by one party about the behaviour of the other parties <ul><li>Origins in kinship groups </li></ul><ul><li>Extensible to cultural affinity (i.e. friends) </li></ul><ul><li>Not directly extensible to business relationships </li></ul><ul><li>In business, it’s merely what a party has to depend on when no other form of risk amelioration strategy is available </li></ul>
  6. 6. Sources of Trust <ul><li>Direct Relationship </li></ul><ul><li>kinship, mateship, principal-agent, contract, multiple prior transactions </li></ul><ul><li>Direct Experience </li></ul><ul><li>prior exposure, a prior transaction or trial </li></ul><ul><li>Referred Trust </li></ul><ul><li>'word-of-mouth', reputation, accreditation </li></ul><ul><li>Symbols of Trust or Images of Trust </li></ul><ul><li>brands, meta-brands </li></ul>
  7. 7. Latest in a Long Line of Marketer Manoeuvres Dynamic Consumer Profiling <ul><li>Self-Identifying Data, consensually provided </li></ul><ul><li>‘ the click-trail’ </li></ul><ul><li>Self-Identifying Data, acquired by trickery </li></ul><ul><li>e.g. pseudo-surveys, cookies, web-bugs, ... </li></ul><ul><li>Server-Driven Client-Side Processing </li></ul><ul><li>JavaScript, Java Applets, CaptiveX, spy-ware, ... </li></ul><ul><li>Self-Identifying Personal Profile Data </li></ul><ul><li>aka 'Identity Management' </li></ul><ul><li>esp. MS Passport / wallets, but also Liberty Alliance </li></ul>
  8. 8. Trust Through Buyer Protection <ul><li>Service Longevity and Reliability </li></ul><ul><li>Transparency of Data About the Seller </li></ul><ul><li>Fairness of Marketspace Processes </li></ul><ul><li>Security of Tradable Items and Funds </li></ul><ul><li>Risk Allocation / Clarity of Risk Exposure </li></ul><ul><li>Safeguards such as Warranties, Recourse, Insurance, a Credible Insurer of Last Resort </li></ul><ul><li>Protections for the Buyer’s Data </li></ul>
  9. 9. Consent <ul><li>concurrence </li></ul><ul><li>by a party </li></ul><ul><li>with an action </li></ul><ul><li>to be taken by another party </li></ul>
  10. 10. Consent Context: The Human Body <ul><li>medical procedures </li></ul><ul><ul><li>drug prescription, innoculation, surgery </li></ul></ul><ul><li>acquisition and use of body fluids/tissue/organs </li></ul><ul><ul><li>donations of blood, semen, bone marrow, kidneys </li></ul></ul><ul><ul><li>organ donations from the dead </li></ul></ul><ul><li>acquisition and testing of body tissue/fluids </li></ul><ul><ul><li>health care diagnostics </li></ul></ul><ul><ul><li>substance abuse testing </li></ul></ul><ul><ul><li>suspect identification and suspect ‘elimination’ </li></ul></ul>
  11. 11. Consent Contexts: e-Business <ul><li>Promotion and Marketing </li></ul><ul><li>Price, and Terms of Contract </li></ul><ul><ul><li>(Invitation to Treat) </li></ul></ul><ul><ul><li>Offer </li></ul></ul><ul><ul><li>Acceptance </li></ul></ul><ul><li>Payments </li></ul><ul><li>Handling of Purchaser Data </li></ul><ul><ul><li>Commercial Confidence </li></ul></ul><ul><ul><li>Privacy </li></ul></ul>
  12. 12. Consent and Consumer Marketing Practices <ul><li>on the street </li></ul><ul><li>via mass media </li></ul><ul><li>at an exhibition site </li></ul><ul><li>the telephone </li></ul><ul><li>physical mail-box </li></ul><ul><li>email-box </li></ul>
  13. 13. Contracting and Payments <ul><li>Declaration of Offer </li></ul><ul><li>Signification of Acceptance </li></ul><ul><li>Consumer Choice </li></ul><ul><li>Evidence of Offer and Acceptance </li></ul><ul><li>Consent to Use Credit-Card Details: </li></ul><ul><ul><li>Once and Destroy? </li></ul></ul><ul><ul><li>Once and Retain? </li></ul></ul><ul><ul><li>Once and Retain, and Re-Use? </li></ul></ul>
  14. 14. Consent and Personal Data <ul><li>Consumer Expectations </li></ul><ul><ul><li>privacy is a 'fundamental human right' </li></ul></ul><ul><ul><li>excited (and/or numbed) by abuses </li></ul></ul><ul><ul><li>excited by advocates and the media </li></ul></ul><ul><li>Particularly Serious Concerns </li></ul><ul><ul><li>anti-discrimination categories </li></ul></ul><ul><ul><li>taxation and financial data </li></ul></ul><ul><ul><li>health data </li></ul></ul><ul><ul><li>household data </li></ul></ul><ul><ul><li>location data for persons-at-risk </li></ul></ul>
  15. 15. Consent , Personal Data and the Law <ul><li>General Privacy Laws : </li></ul><ul><ul><li>OECD Guidelines as a framework, 1980 </li></ul></ul><ul><ul><li>EU Directive on Data Protection, 1995/98 </li></ul></ul><ul><ul><li>US – a scatter of laws, but intransigence re a general law, hence 'safe harbor'/FCC </li></ul></ul><ul><li>Specific Laws , e.g. </li></ul><ul><ul><li>Spam </li></ul></ul><ul><ul><li>EU Directive on Cookies? </li></ul></ul><ul><li>Standards , e.g. Cookies RFCs 2964, 2965 </li></ul>
  16. 16. Consent, Personal Data and Australian Law <ul><li>Under the Privacy Act 1988 as amended by the Privacy Amendment (Private Sector) Act 2000, wef 21 Dec 01: </li></ul><ul><ul><li>collection, use and disclosure of personal data are all subject to controls based on consent </li></ul></ul><ul><ul><li>direct marketing is subject to some specific provisions (much less than the EU demands) </li></ul></ul><ul><ul><li>what it all means in particular contexts is far from clear; but a level of expectation has been created </li></ul></ul>
  17. 17. Characteristics of Consent – 1 of 2 <ul><li>{express in writing OR </li></ul><ul><ul><li>express unrecorded OR </li></ul></ul><ul><ul><ul><li>implied OR </li></ul></ul></ul><ul><ul><ul><ul><li>inferred} </li></ul></ul></ul></ul><ul><li>{declared by 'opt-in' OR </li></ul><ul><ul><li>presumed with 'opt-out', but </li></ul></ul><ul><ul><ul><li>subject to the absence of express denial} </li></ul></ul></ul>
  18. 18. Characteristics of Consent - 2 of 2 <ul><li>legal capacity </li></ul><ul><li>physical and intellectual capacity </li></ul><ul><li>informed </li></ul><ul><ul><li>what scope of actions </li></ul></ul><ul><ul><li>who may take such action </li></ul></ul><ul><ul><li>for what purpose may it be taken </li></ul></ul><ul><ul><li>over what time-period does it apply </li></ul></ul><ul><li>freely-given </li></ul><ul><li>revocable and variable </li></ul><ul><li>delegable </li></ul>
  19. 19. e-Consent signification by recorded electronic means of concurrence or otherwise with an action to be taken by another party <ul><li>To achieve trust in the e-business context, recording is essential, in order to enable authentication </li></ul><ul><li>Recording by electronic means is highly desirable, so as to use the same facilities as the e-business transaction, and to enable automated processing of the consent </li></ul>
  20. 20. The e-Consent Process
  21. 21. (1) Initiation <ul><li>two parties enter into some form of information interchange, resulting in an intention by one party to provide consent to an action by another </li></ul><ul><li>possibilities include: </li></ul><ul><ul><li>email-interchange </li></ul></ul><ul><ul><li>an exchange between browser and web-server </li></ul></ul><ul><ul><li>telephone conversation </li></ul></ul><ul><ul><li>personal contact </li></ul></ul>
  22. 22. (2) Declaration of the Consent <ul><li>could be performed on the consent-giver’s own computing facility, or through interactions between the facilities of the two parties </li></ul><ul><li>possibly an email-interchange, or an exchange between a browser plug-in and web-server script </li></ul><ul><li>possibly on the site of the marketer or an agent (accountant, solicitor, financial adviser, health care professional), with a signature on an office-copy of the printed document, or a keystroke on a computer </li></ul>
  23. 23. (3) Expression of an e-Consent Object (e.g. for the Specific Purpose of Data Access) <ul><li>Access to < data > </li></ul><ul><li>by <one or more entities or identities , or categories thereof> </li></ul><ul><li>for <one or more purposes > </li></ul><ul><li>in <a context > </li></ul><ul><li>is [consented to | denied] </li></ul><ul><li>by <an identity > </li></ul>
  24. 24. (4) Transmission of the e-Consent Object <ul><li>Transmission Security: </li></ul><ul><ul><li>virtual private networks (VPNs) </li></ul></ul><ul><ul><li>channel-encryption measures e.g. SSL/TLS </li></ul></ul><ul><ul><li>message-encryption tools such as PGP </li></ul></ul>
  25. 25. (5) Authentication of the e-Consent <ul><li>Authentication of Individual Identity </li></ul><ul><ul><li>possibly digital signature, perhaps using a secure token and even biometrics </li></ul></ul><ul><ul><li>more easily password / PIN / passphrase </li></ul></ul><ul><li>Alternatives: </li></ul><ul><ul><li>Anonymity </li></ul></ul><ul><ul><li>Pseudonymity </li></ul></ul><ul><ul><li>Authentication of Attributes / Credentials </li></ul></ul><ul><ul><li>Authentication of Value </li></ul></ul>
  26. 26. Conventional X.509-Based PKI <ul><li>the maths makes lots of unjustifed assumptions </li></ul><ul><li>private key generation is insecure </li></ul><ul><li>private key storage is insecure (and unsecureable) </li></ul><ul><li>X.509 certificates are privacy-hostile </li></ul><ul><li>acquiring a certificate is utterly privacy-hostile </li></ul><ul><li>fine print in CAs' contracts denies all liability </li></ul><ul><li>key revocation is largely unsupported </li></ul><ul><li>the industry is built on mythology </li></ul><ul><li>no effective open, public schemes exist </li></ul><ul><li>if they ever did, they'd be highly privacy-invasive </li></ul>
  27. 27. What Conventional PKI Does <ul><li>It provides </li></ul><ul><li>to the recipient of a message </li></ul><ul><li>zero assurance about the identity of the sender </li></ul><ul><li>It provides assurance only that </li></ul><ul><li>the device that signed the message </li></ul><ul><li>had access to a particular private key </li></ul>
  28. 28. (6) Application of the e-Consent <ul><li>Display-Only ; but with logging, log-analysis, exception-reporting, powers, action against abuses </li></ul><ul><li>Authorisation / Access Control : </li></ul><ul><ul><li>permission to access a resource (data, a process) based on consent (or legal authority, or power) </li></ul></ul><ul><ul><li>absence of permission results in </li></ul></ul><ul><ul><ul><li>denial of access ('gatekeeper'); or </li></ul></ul></ul><ul><ul><ul><li>qualified access (with controls as above) </li></ul></ul></ul>
  29. 29. Subtleties in an e-Consent Object <ul><li>specific, operational definitions of domains on which data-items are defined, e.g. which data, which other party or which category of parties, which purpose </li></ul><ul><li>supplementary data (e.g. re power of attorney) </li></ul><ul><li>general consent with specific denial (all except ...) </li></ul><ul><li>general denial with specific consent (none except ...) </li></ul><ul><li>a hierarchy of such qualifications </li></ul><ul><li>reliable date-time stamps, to support authentication </li></ul>
  30. 30. Existing Implementations? <ul><li>'I accept' buttons (which deny consumer choice) </li></ul><ul><li>Info-mediaries as agents (are there any?) </li></ul><ul><li>MS Open Profiling Standard (OPS) (RIP?) </li></ul><ul><li>So-called ‘Identity Management’ schemes: </li></ul><ul><ul><li>MS XP, .NET, Passport, wallet, web-services </li></ul></ul><ul><ul><li>AOL Screen Name, and Quick Checkout </li></ul></ul><ul><ul><li>Liberty Alliance - http://www.projectliberty.org/ </li></ul></ul><ul><li>W3C Platform for Privacy Preferences (P3P) - or just Platform for Publishing Privacy Policies (P4P) </li></ul>
  31. 31. Implementability <ul><li>Marketer uses P3P-like syntax to declare terms, in XML format, in a document on the web-site </li></ul><ul><li>Consumer uses a browser to access it, and a plug-in to analyse the content and display it </li></ul><ul><li>Consumer uses a browser plug-in and templates to express a consent in XML format </li></ul><ul><li>Consumer transmits the consent using SSL </li></ul><ul><li>Marketer uses a CGI script to analyse it, and either accept, reject, or enter into negotiations </li></ul>
  32. 32. e-Consent CONCLUSIONS <ul><li>a critical element of trust in e-business </li></ul><ul><li>requires maturation beyond old-fashioned 'consumer as prey' marketing philosophies </li></ul><ul><li>requires inversion of current thinking about 'identity management' and marketer-controlled storage of personal data </li></ul><ul><li>implementable using existing technologies </li></ul><ul><li>a research opportunity </li></ul><ul><li>a business opportunity </li></ul>

×