The Internet, the Information Superhighway, the Info-bahn--these
phrases have become touchstones for the imaginations of
entrepreneurs worldwide and for users anxious to be informed in
this new Information Age. The Information Age, like the Age of
Aquarius, has mystical connotations as well as real meaning. We are
apparently living out the middle of some 20-year-old science fiction
novel where people interact socially and commercially over some
mysterious technology that allows instant access universally. The
interesting thing about this fantasy scenario is that it's true--nearly.
We can enjoy near instantaneous access to people, information, and
other resources worldwide. We can collaborate in working groups on
projects happening next door, or in the next country. We may not
even be cognizant of the location of our human collaborator or
information server. This capability isn't currently mature enough for
novice users to experience, but Mosaic, NetScape, and other similar
user interfaces are approaching this level of user-friendliness.
While academicians frolic in this mystical technological
interaction, corporations have other pursuits in mind to be able to
carry out business transactions electronically. The feeling is that if
the Internet were commercialized, the profit motive could help flesh
out the products available into a real set of goods and services, not
just the hands-off, unsupported freeware available today. The
burning question is: Will the Internet become a money-making cash
cow for service providers, a shopping cornucopia for Internet
consumers; or will it merely turn into a novelty shop, a Gypsy
Bazaar? In order to decide, we should take a moment to look at the
past and present of digital transactions over electronic media and
touch on the legal framework that provides the underpinning of all
business transactions.
Digital Transactions Aren't New
It has been only recently that facsimile-transmitted, signed
contracts and documents have been accepted as legal, although
telegrams have been considered legal contracts for more than 50
years. The process of facsimile transmission basically consists of
converting a picture to a series of bits and pushing these over a
telephone wire to another end station where they are reassembled.
The document is difficult to change during the transmission because
the bits themselves don't represent real information. They represent
a picture of information, like a snapshot. Essentially, the facsimile
process becomes a layer of encryption for the document. Also, the
fact that human interaction, usually in real-time, occurs at both ends
moderating the mechanization of the process helps provide a warm,
fuzzy feeling about the technology.
Credit cards themselves are a relatively new technology that
many people mistrust, sometimes rightly so. It's hard to remember
when the United States didn't have them. But any visitor from the
former Soviet Republics will attest to the fact that credit and credit
cards are extremely rare in some parts of the world. One visiting
Russian, when observing a credit card in use for the first time, asked
for the card as a souvenir. He had no concept that the card itself had
intrinsic value.
In many ways, placing a telephone credit card order over the
phone is similar to facsimile transmission of legal documents. The
number and expiration date act as collateral for a purchase. Credit
card technology affords the extra benefit of almost instant validation
of the debited account, for sufficient funds as well as theft detection.
Each party invests some amount of trust in the other, with the
human voice contact reinforcing that trust.
Foiling Electronic Snoopers
The United States Federal Reserve banking system has been
using electronic funds transfer for many years now. It has proven
equally as reliable as humans transporting large sums of money in
armored trucks. None of us thinks about this unless we look at the
backs of our checks when they come from the bank at the end of the
month to see where they've traveled. It's been nearly impossible to
float a check for more than a day or so for several years. Whereas in
the past, one could write a check in one part of town, deposit the
money in the bank, and not have the check clear for at least a week,
it now makes it to the home bank in a matter of hours after deposit,
even across country.
Every new technology has its dark side where vulnerabilities
are breached for the gain of the unscrupulous few. Cellular telephone
service has become one of the largest deployed public shared
resources worldwide, despite the eavesdropping and blackmail
attempts noted in the news occasionally. Cellular radio conversations
can be monitored fairly easily using off-the-shelf components. This
makes ordering merchandise over cellular and other wireless phones
using credit card numbers a risky operation, as noted by most credit
card security centers. The similarities between cellular services and
the Internet illustrate some of the concerns that arise over using the
Internet for bartering goods and services.
Telephone and credit card fraud are today multi-billion dollar
industries. How do we explain this continued use in the face of risk?
In the case of credit cards, it is the convenience to the buyer that
makes them valuable and the additional market opportunity that
makes them worth the cost and risk to the seller.
Growing a Cash Cow
Our current economic prosperity is based on continuing growth,
which presents an unfortunate dilemma. If we stop growing, we
collapse into recession which takes us back to the bottom, but if we
do continue to grow, we have to grow more than linearly to stay
afloat. Thus we are forced to continually discover new goods and
services, and new markets for these goods and services. The further
we grow past the basics, the harder it is to find new growth
industries. Recent years have witnessed the expansion of soft
services rather than hard industries. Whereas hard goods require
warehouses, soft goods can be replicated and sold many times
without multiple locally stored copies. The Internet provides a major
platform for today's soft information services: it motivates creation
of new information and is a shared marketing tool. And, if
remuneration can be handled over the Internet as well, it may prove
to be the largest market in the world.
Many different types of transactions are possible over
electronic media today. But several stumbling blocks could impede
full-scale deployment of these transactions over the Internet. When
digital signatures become available for Internet transactions, legal
business will be considered more foolproof and therefore more legal.
When encryption is available, personal privacy (and credit card
numbers) will be more protected. When electronic escrow agents are
available, monetary transactions can probably be deemed viable.
Any new venture requires time to be shaken out and
debugged, and time for the users to become comfortable with the
reliability and robustness of the process. There will always be bugs
and criminals, but that doesn't seem to stop our doing business on a
regular basis. Instead, we must determine the benefits of the
electronic marketplace and what the impact is if it fails, or even how
we know if/when it fails. These are very important issues that must
be answered before any widespread deployment of Internet services
will succeed.
Encryption is Key
There's been a dramatic growth in advertised services on the
Internet in the past year: more than a hundred offerings were
apparent by the end of last summer, grossing more than a million
dollars last year. Some of these services offer to take orders for
goods over the Internet. A few require a pre-sales communication
via telephone to set up a credit card line of credit. Others will accept
credit card numbers over the network. Some are still experimenting
in the only promotional stage of business.
Recent news articles report that CommerceNet, an electronic
marketplace for selling information technology products and
services, is developing a version of Mosaic that will include
encryption for privacy and security and incorporate digital
signatures. But there are several side issues that must be solved
before this will be a sufficient solution for the market, including: key
management and distribution, and certification centers for brokering
key operations. While certain versions of electronic mail have
incorporated electronic signatures for some time, the public keys
must currently be swapped informally by communicants known to
each other. This is impractical for commerce among the anonymous
masses and service providers but must somehow be resolved, as
most attacks on public-key systems are usually aimed at the key
management systems, rather than at the cryptographic algorithm
itself.
Some companies are taking another tack on Internet sales. First
Virtual Holdings, Inc. offers to establish a line of credit for users and
act as the go-between on sales transactions with vendors. A user can
send a vendor an order over the Internet using an account number.
The vendor will then file the order with the holding agent who
notifies and gets approval from the user.
Subtly different from holding services, escrow services will
allow customers to escrow limited funds for use in doing Internet
business. This is the idea behind a company called CyberCash.
CyberCash will offer secure electronic payment of Internet debts. The
funds will be set aside in a digital purse and transferred when an
item is purchased. Of course, a small fee will be levied for each
transaction.
Whereas encryption is complex enough, the idea of digital
signatures is even more so. A signature is a statement of authorship
and authenticity. An X on a document with two witnesses is legal and
simple, but the participating parties must place complete trust in the
witnesses, even if the witnessing is done remotely from the
receivers. To transfer this concept to an electronic framework is
daunting in concept much less in implementation. Most digital
signatures today rely on the same public/private key encryption that
is used for access control. A private key, the key of the signer, is
used to encrypt a checksum of the document signed and the resulting
text string is added at the bottom of the document as a signature.
The document may or may not be encrypted.
When the document is received, it is run through the reverse
process using the public key of the issuer. A match guarantees that if
the private key is still intact, the document is from the advertised
signer. One advantage of this process is that any changes in the
entire document, every page, will be immediately evident when the
key is checked. Most legal experts agree that digital signatures are
much more secure than hand-written signatures and that documents
signed with electronic digital signatures will eventually be trusted in
court. It will only be in the opinions issued by courts, the precedents
set by these opinions, that this will be proven. The general feeling,
though, is that this will happen eventually and successfully, and
digital signatures, just like telegrams and faxes, will be used for
performing legal operations.
Problems with the technology of digital signatures still remain,
however. The algorithm that was approved by the Commerce
Department last May has a possible flaw that could allow forging of
the signatures needed for electronic funds transfers. A fix for this is
in the works but as long as these issues keep making headlines,
public confidence will be slow to develop.
One final interesting issue in electronic and digital purchasing
is the possibility of doing Internet business with anonymous digital
cash. This concept offers the benefit of protecting the privacy of a
purchaser's buying trail. But the anonymity factor may work against
building the necessary trust in this system. With digital purchasing, a
sequence of bits can be used much like coins, where they have
intrinsic value and cannot be duplicated. The act of receiving the bit
pattern could alter the cash to show that it has been spent and thus
the process cannot be repeated. The bits must be secure and
unforgeable, which could require a tremendous amount of computing
power. This idea will probably materialize 10 years down the road,
but could contribute greatly toward furthering electronic barter.
While companies continue to view the Internet as an
opportunity to reap untold electronically generated riches, the
promise of the Information Superhighway will remain stalled until
the issue of secure and private commerce is solved to everyone's
satisfaction, and legal authorities recognize the validity of electronic
transactions. When that happens, the Internet could truly become
the cash cow that has so bedazzled corporate America.
Ron Hutchins is director of Network Services at Georgia Institute of
Technology. [email protected]