Copyright, E-Consent A Critical Element of Trust in e-Business Roger Clarke, Xamax Consultancy Pty Ltd eConsent02.ppt 15th Bled Electronic Commerce Conference, Bled, Slovenia, June 2002

Copyright, E-Consent A Critical Element of Trust in e-Business Agenda Trust in e-Business Consent Definition Contexts Characteristics e-Consent Process Object Implementations Implementability

Copyright, Fundamental Risks in All Markets That Are Perceived to Be Greater in Marketspaces Seller Default Buyer Default Market Operator Default Intermediary Default Service-Provider Default Tradable Item Quality Fulfilment Quality

Copyright, Trust as an e-Business Enabler Cyberspace adds to Uncertainties, Risk Lack of Information Jurisdictional Issues What are you doing with my money? Will you really deliver the goods? What are you going to do with my data?

Copyright, Trust confident reliance by one party about the behaviour of the other parties Origins in kinship groups Extensible to cultural affinity (i.e. friends) Not directly extensible to business relationships In business, its merely what a party has to depend on when no other form of risk amelioration strategy is available

Copyright, Sources of Trust Direct Relationship kinship, mateship, principal-agent, contract, multiple prior transactions Direct Experience prior exposure, a prior transaction or trial Referred Trust 'word-of-mouth', reputation, accreditation Symbols of Trust or Images of Trust brands, meta-brands

Copyright, Latest in a Long Line of Marketer Manoeuvres Dynamic Consumer Profiling Self-Identifying Data, consensually provided the click-trail Self-Identifying Data, acquired by trickery e.g. pseudo-surveys, cookies, web-bugs,... Server-Driven Client-Side Processing JavaScript, Java Applets, CaptiveX, spy-ware,... Self-Identifying Personal Profile Data aka 'Identity Management' esp. MS Passport / wallets, but also Liberty Alliance

Copyright, Trust Through Buyer Protection Service Longevity and Reliability Transparency of Data About the Seller Fairness of Marketspace Processes Security of Tradable Items and Funds Risk Allocation / Clarity of Risk Exposure Safeguards such as Warranties, Recourse, Insurance, a Credible Insurer of Last Resort Protections for the Buyers Data

Copyright, Consent concurrence by a party with an action to be taken by another party

Copyright, Consent Context: The Human Body medical procedures drug prescription, innoculation, surgery acquisition and use of body fluids/tissue/organs donations of blood, semen, bone marrow, kidneys organ donations from the dead acquisition and testing of body tissue/fluids health care diagnostics substance abuse testing suspect identification and suspect elimination

Copyright, Consent Contexts: e-Business Promotion and Marketing Price, and Terms of Contract (Invitation to Treat) Offer Acceptance Payments Handling of Purchaser Data Commercial Confidence Privacy

Copyright, Consent and Consumer Marketing Practices on the street via mass media at an exhibition site the telephone physical mail-box -box

Copyright, Contracting and Payments Declaration of Offer Signification of Acceptance Consumer Choice Evidence of Offer and Acceptance Consent to Use Credit-Card Details: Once and Destroy? Once and Retain? Once and Retain, and Re-Use?

Copyright, Consent and Personal Data Consumer Expectations privacy is a 'fundamental human right' excited (and/or numbed) by abuses excited by advocates and the media Particularly Serious Concerns anti-discrimination categories taxation and financial data health data household data location data for persons-at-risk

Copyright, Consent, Personal Data and the Law General Privacy Laws: OECD Guidelines as a framework, 1980 EU Directive on Data Protection, 1995/98 US – a scatter of laws, but intransigence re a general law, hence 'safe harbor'/FCC Specific Laws, e.g. Spam EU Directive on Cookies? Standards, e.g. Cookies RFCs 2964, 2965

Copyright, Consent, Personal Data and Australian Law Under the Privacy Act 1988 as amended by the Privacy Amendment (Private Sector) Act 2000, wef 21 Dec 01: collection, use and disclosure of personal data are all subject to controls based on consent direct marketing is subject to some specific provisions (much less than the EU demands) what it all means in particular contexts is far from clear; but a level of expectation has been created

Copyright, Characteristics of Consent – 1 of 2 {express in writing OR express unrecorded OR implied OR inferred} {declared by 'opt-in' OR presumed with 'opt-out', but subject to the absence of express denial}

Copyright, Characteristics of Consent - 2 of 2 legal capacity physical and intellectual capacity informed what scope of actions who may take such action for what purpose may it be taken over what time-period does it apply freely-given revocable and variable delegable

Copyright, e-Consent signification by recorded electronic means of concurrence or otherwise with an action to be taken by another party To achieve trust in the e-business context, recording is essential, in order to enable authentication Recording by electronic means is highly desirable, so as to use the same facilities as the e-business transaction, and to enable automated processing of the consent

Copyright, The e-Consent Process

Copyright, (1)Initiation two parties enter into some form of information interchange, resulting in an intention by one party to provide consent to an action by another possibilities include: -interchange an exchange between browser and web-server telephone conversation personal contact

Copyright, (2)Declaration of the Consent could be performed on the consent-givers own computing facility, or through interactions between the facilities of the two parties possibly an -interchange, or an exchange between a browser plug-in and web-server script possibly on the site of the marketer or an agent (accountant, solicitor, financial adviser, health care professional), with a signature on an office-copy of the printed document, or a keystroke on a computer

Copyright, (3)Expression of an e-Consent Object (e.g. for the Specific Purpose of Data Access) Access to by for in is [consented to | denied] by

Copyright, (4)Transmission of the e-Consent Object Transmission Security: virtual private networks (VPNs) channel-encryption measures e.g. SSL/TLS message-encryption tools such as PGP

Copyright, (5)Authentication of the e-Consent Authentication of Individual Identity possibly digital signature, perhaps using a secure token and even biometrics more easily password / PIN / passphrase Alternatives: Anonymity Pseudonymity Authentication of Attributes / Credentials Authentication of Value

Copyright, Conventional X.509-Based PKI the maths makes lots of unjustifed assumptions private key generation is insecure private key storage is insecure (and unsecureable) X.509 certificates are privacy-hostile acquiring a certificate is utterly privacy-hostile fine print in CAs' contracts denies all liability key revocation is largely unsupported the industry is built on mythology no effective open, public schemes exist if they ever did, they'd be highly privacy-invasive

Copyright, What Conventional PKI Does It provides to the recipient of a message zero assurance about the identity of the sender It provides assurance only that the device that signed the message had access to a particular private key

Copyright, (6)Application of the e-Consent Display-Only; but with logging, log-analysis, exception-reporting, powers, action against abuses Authorisation / Access Control: permission to access a resource (data, a process) based on consent (or legal authority, or power) absence of permission results in denial of access ('gatekeeper'); or qualified access (with controls as above)

Copyright, Subtleties in an e-Consent Object specific, operational definitions of domains on which data-items are defined, e.g. which data, which other party or which category of parties, which purpose supplementary data (e.g. re power of attorney) general consent with specific denial (all except...) general denial with specific consent (none except...) a hierarchy of such qualifications reliable date-time stamps, to support authentication

Copyright, Existing Implementations? 'I accept' buttons (which deny consumer choice) Info-mediaries as agents (are there any?) MS Open Profiling Standard (OPS) (RIP?) So-called Identity Management schemes: MS XP,.NET, Passport, wallet, web-services AOL Screen Name, and Quick Checkout Liberty Alliance - W3C Platform for Privacy Preferences (P3P) - or just Platform for Publishing Privacy Policies (P4P)

Copyright, Implementability Marketer uses P3P-like syntax to declare terms, in XML format, in a document on the web-site Consumer uses a browser to access it, and a plug-in to analyse the content and display it Consumer uses a browser plug-in and templates to express a consent in XML format Consumer transmits the consent using SSL Marketer uses a CGI script to analyse it, and either accept, reject, or enter into negotiations

Copyright, e-Consent CONCLUSIONS a critical element of trust in e-business requires maturation beyond old-fashioned 'consumer as prey' marketing philosophies requires inversion of current thinking about 'identity management' and marketer- controlled storage of personal data implementable using existing technologies a research opportunity a business opportunity