Alexander Ntoko is the Project Manager for Electronic Commerce at the International Telecommunication Union (ITU). His activities in e-commerce began in 1991. Last year, he negotiated the terms of the Partnership Agreement with the World Trade Center, Geneva, and WISeKey, leading to the scheduled expansion of the ITU EC-DC project in 100 countries and the participation of leading ICT companies. He is currently managing projects in five continents, has written papers on e-business and participates in international panels. He represents the ITU at e-business events and advises ITU senior management and decision-makers on e-business strategy and policy issues. Before joining the ITU in March 1990, he worked in the US as a software engineer and later in Cameroon as the Systems Manager for the US Department of State. He was born in Cameroon and holds a Bachelors and Masters degree in Computer and Information Sciences from the State University of New York (SUNY).
e-Business: A Technology Strategy for Developing Countries a report by Alexander Ntoko
Project Manager, Electronic Commerce for Developing Countries (EC-DC), Telecommunication Development Bureau, International Telecommunication Union.
The global nature of e-business provides developing countries with a unique opportunity to compete in market places that were beyond their reach. It has the potential to reduce physical trade obstacles, increase market access and trade efficiency and could provide a competitive stimulus for local producers and entrepreneurs in developing countries.
The poor ICT infrastructure, low income, lack of awareness on e-business issues, inadequate legal and regulatory framework, absence of trust, network payment and secure transaction services present enormous challenges to developing countries. While developing countries are just getting aware of e-business, the industrialised countries have started defining appropriate strategies, adopting policies, establishing the legal and regulatory framework and building their infrastructure. With the current handicaps and challenges
faced by developing countries, how can businesses and entrepreneurs take advantage of the benefits of e-business? What strategies must be adopted to leverage on the potential for e-business? In addition to other requirements, and based on the features considered by many experts to be part of e-business, there is a need for trust, secure transaction and network payment services. On the basis of these considerations, one can argue that the lack of adequate banking infrastructure is one of the main technological barriers for building e-business infrastructures in developing countries.
This paper attempts to address the challenges faced by developing countries in the use of e-business by proposing a strategy aimed at reducing the setup and operational costs for businesses, increasing the potential for sustainability and creating an environment that will encourage the development of the ICT infrastructure. These objectives could be achieved
using the following strategy:
Target the businesses in the supply industry with trading partners in industrialized countries where there is an adequate ICT infrastructure and payment services. These businesses have the highest potential for reaping the benefits of e-business.
Reduce the requirements for participating in e-business by separating the trust, secure transaction from the network payment services. The result is an asymmetrical model where the trust and secure transaction services are setup in both developing and industrialised countries (in the initial phase) and while the network payment services will only be available in the industrialised countries.
Based on the business objectives and the technical specifications, build a scalable e-business commerce infrastructure that would be shared by multiple independent businesses and integrate this infrastructure into existing ICT infrastructure in developing countries.
Provide a mechanism to enable the transfer of e-business technologies and increase public awareness so that local human resources are used to setup, run and maintain the e-business services and decision-makers are made aware of the necessary policies and regulatory framework for e-business.
Address ICT policy and regulatory issues to provide the infrastructure framework for the deployment e-business solutions and facilitate the transition into the digital economy. The strategy outlined in this paper is currently being carried out in the ITU Electronic Commerce
for Developing Countries (EC-DC) project. EC-DC is an activity of the ITU Telecommunication Development Bureau (BDT) and funded by surplus revenues
generated by ITU World and Regional TELECOM events.
Introduction: The e-Revolution
During the last few years, the world has experienced a revolution that is affecting several industries. It is changing the way relationships between business partners are made.
The last 20 years have seen rise of computing power per dollar by a factor of more than 10,000. The Internet is growing at a phenomenal pace. The importance of Metcalfes
Law is becoming more evident. Emerging digital mobile terrestrial services and technologies are bringing data services to hundreds of millions of users worldwide. Some industrialised
countries are already providing 2.5G mobile terrestrial services and are in the process of building their infrastructure for 3G mobile. As early as 2001, handheld digital mobile
devices on 3G mobile networks and the communication and application environment for handheld devices provided by Wireless Application Protocol (WAP) will provide high-speed Internet access. Internet appliances and pervasive computing are reducing the technical requirements for network services and are creating direct relationships between businesses and consumers. While mobile network operators are providing e-payment services to their consumers, and threatening traditional financial institutions (such as credit card companies), digital TV is emerging as a new channel for distributing products and services to end-consumers. New economic leaders are emerging from companies that did not exist a few years ago. The main question being asked today is not "what business you are in?" but "what is your business model?" The digital revolution is bringing down geographical and time barriers. It is bringing together companies from the financial, computer networking, broadcasting and telecoms sectors to forge alliances and create new types of services. A global electronic economy is being created where changes in one part of the globe affect many other parts.
e-Business commerce is one of the main factors driving the digital revolution. It is creating new business models in industrialised countries and at the same time, presenting
very new challenges to developing countries that still lack some of the basic technologies, policies and legislative framework to be part of this revolution. But what really is e-business?
e-Business is the use of advanced information and communication technologies to create new business relationships, enhance existing ones and increase the efficiency of business flow processes without the constraints of time or geographical barriers.
The digital revolution (unlike the industrial revolution) knows no boundaries, but equally it presents enormous opportunities to developing countries because it levels the playing field and has the potential to empower developing and least developed countries as global players in the in the e-revolution.
The paper attempts to propose strategies that could enable developing countries be active participants in the digital economy. The discussions focus on the technological and policy issues that could drive e-business in developing and least developed countries.
Technology Requirements and Components for e-Business
The infrastructure needed to provide e-business services includes trust, secure transaction and e-payment components (amongst others that are beyond the scope of the discussion). The faceless nature of e-business requires that transactions between two parties be secured. Some of the technology requirements will be further elaborated by separating them into e-security and e-payment components. The poor banking services, inadequate Information and Communication Technology (ICT) infrastructures and absence of legislative and regulatory framework for e-business in developing countries require a slightly different approach for implementing e-business. The section below explains some of the main e-security features followed by a discussion on the technology requirements and the role e-security plays in the e-business strategy for developing and least developed countries.
This involves making sure that the identities of the parties to a transaction can be established and verified. Authentication requires the use of digital certificates, passwords and electronic tokens that can be implemented using both hardware and software.
Confidentiality provided through the use of encryption technology enables only the intended parties to be able to view the contents of the transaction. It scrambles the contents of the transaction using a combination of symmetric (private key) and public key cryptography.
It is fundamental that the contents of a transaction remain unchanged. Data integrity uses a
combination of hash functions and public key cryptography to provide mechanisms to verify the integrity of the data. Any changes are detected and such data is rejected by the
Like in traditional business transactions, a mechanism needs to be put in place to ensure that transactions can not be denied after their execution. Non-repudiation is achieved using a combination of both digital signatures and hash functions.
Public Key Infrastructure (PKI) provides all of these features and is the foundation for providing trust and security for e-business (and other services). A PKI consists of more
than just technology. It includes a security policy, certification authority, registration authority, certificate distribution system and PKI-enabled applications. Detailed description
PKI and the policy issues related to its implementation are not covered in this paper. PKI is used in this discussion as a solution for e-business in developing countries. Some of the components of PKI include:
Digital Certificate: This is an electronic document issued by a trusted party that binds the physical identity of an entity (user, organisation or computer) to
their public key. In security systems (especially in a public key cryptographic system), a digital certificate is used to authenticate the parties involved in a transaction, to
electronically sign documents used to ensure the integrity of contents and the non-deniability of transactions conducted electronically. ITU-T X.509 Recommendation defines the format for a certificate. Figure 1 shows a simple diagram of an X.509 certificate.
Attribute Certificates: Attribute certificates are short-lived certificates that can be issued locally where the user is known but can have a global scope. They contain information about the roles and the privileges of the user. Several attribute certificates issued by different organisations can be linked to a single digital certificate. A financial institution can issue an attribute certificate to a business enabling that business to perform transactions up to a certain amount. Industry attributes can also be issued to link the business credibility and credentials to the businesss identity.
Security Policy: The security policy defines the direction that an organisation has decided to take in implementing its information security. This includes the
use of encryption technology and how security matters are handled. If the organisation also operates as a certification authority, the security procedures and how security policies
are enforced will be part of what is called a Certificate Practice Statement (CPS). A CPS includes (but is not limited to) procedures on how certificates are issued and revoked and how the keys for encryption (public key) are stored.
Certificate Authority (CA): Typically, a CA is a network organisation that issues certificates by using a digital signature to bind the physical identity of the entity (user, application or host) to the public key.
Registration Authority (RA): An RA authenticates the identities of entities and requests the CA to issue a certificate for that entity. An RA operates hierarchically
under a CA and acts as the user interface of the CA.
Validation Authority (VA): A VA could be part of the services offered by a CA or by a third party. It validates digital certificates, provides digital receipts and Trusted Third Party notarisation services as proof that an e-transaction took place.
Attribute Authority (AA): A digital certificate could be linked to attributes that define the privileges of the certificate holder. An AA normally stores and manages attribute certificate independently from the CA.
Certificate Distribution System (CDS): Digital certificates issued by CAs need to be made available to other network users. A CDS is normally implemented as an ITU-T X.500 directory database or a Lightweight Directory Access Protocol (LDAP). It is a public database system that stores certificates and maintains a list of revoked certificates. Depending on the PKI implementation, a CDS could also store certificate attributes. The CDS enables network entities (users, organisations or hosts) to verify that the public key of a network entity really belongs to them before accepting the transaction.
PKI-enabled Applications: Applications that use the PKI technology are referred to as PKI-enabled applications. These include Web, email, electronic data interchange (EDI), Virtual Private Networks (VPN) and e-payment systems. PKI applications provide the necessary security to run on a public network such as the Internet.
PKI Tokens: A hardware device in the form of a smart card or a key usually with limited memory capacity used to store the entitys certificate and private key. Some tokens also store the cryptographic algorithm used for encryption and other relevant data. When the user inserts the token into the reader, they are requested to enter a Personal Identification Number (PIN) or a password. Tokens could be read by the smartcard reader on the keyboard or through the Universal Serial Bus (USB) port of the computer.
Target Business Sector
Having explained briefly some of the technology components and desired features for secure e-business, the following section explains how PKI technology can be used to implement a strategy for developing and least developed countries. The objective of the strategy described in this paper is how PKI technology can be used to meet the challenges faced by developing countries through the use of an asymmetrical model for implementing e-business infrastructure and providing value-added services.
Typically, for an e-business transaction to take place, both parties need to have access to similar technology. However, in reality, businesses and entrepreneurs in developing
countries do not have access to the same technology as their counterparts in industrialised countries. It is also not currently possible for these businesses to establish business
relationships via the Internet with the majority of the local population or other businesses in the region who could be or are already clients. Detailed discussion on the infrastructure
issues will not be covered in this paper.
Financial institutions in most developing countries do not yet provide the required payment services for e-business. Inadequate payment services has been identified as one of
the technical barriers to building e-business infrastructure (with secure online payments) in developing countries. Another problem is the very low Internet penetration. This means
proportionately, few businesses (and even fewer consumers) in developing countries can today use ICT for business.
For the developing and least developed countries to be part of this e-revolution today, it is important to work on a strategy that is based on technology and services that could be made available today.
The first thing to do is to target the businesses in the supply industry with trading partners in industrialised countries where there is an adequate ICT infrastructure and payment services. These businesses have a higher potential for reaping the benefits of e-business. Through feasibility studies aimed at understanding the business requirements, the business models and the business objectives, one can proceed with a pilot group of businesses that meet the desired criteria. This might sound like a controversial strategy that does not encourage national and regional exchanges. It could also be seen as a strategy that excludes local clients and businesses that do not have partners in industrialised countries. It cannot be overemphasised that the arguments presented in this paper do not claim to address the issue of wide-scale economic development (which is beyond the scope of this paper) but focuses on a model for e-business that could be implemented despite the current challenges
faced by developing countries. As with the introduction of any new technology or service, one needs to initially target a pilot group that can be used as a testbed for the use of this technology. The middle and long-term objective is for e-business to act as a stimulus for the development of the infrastructure and the overall economic development. As more entrepreneurs participate in e-business, this will stimulate the development of the ICT infrastructure and
increase the level of awareness. When a critical mass has been reached, this will enable the use of e-business between partners in the region and will permit intra-national and intra-regional transactions.
By targeting businesses with partners in countries where there is adequate infrastructure, one can arguably say that the focus is on setting up the infrastructure in the developing
country. Considering the absence of payment services by local banks in most developing countries, the objective is to see how the technology components and features (briefly
explained above) could be used to provide a solution for e-business infrastructures and services to be used by the target business sector in developing countries.
Since the businesses participating in this initial (pilot) phase are exporting to industrialised countries, the payments will be down-stream (from industrialised to developing country). This means we can focus initially on the trust and security requirements. This reduces the importance of e-payment services as a feature of the infrastructure. It also implies that supply chain management will be an important component in enhancing the business model and streamlining the process. The use of ICT reduces the cost of an international presence and, when combined with good business practices, could create a competitive advantage for entrepreneurs in developing countries.
PKI as a Solution for e-Business
The figure below shows the results of a recent PKI online poll done by Network Computing. As Figure 2 depicts, PKI technology is considered by several companies to be a very viable solution for implementing e-business. Based on the business objectives, one needs to identify the components necessary to implement an asymmetrical model where payments are made by business partners in industrialised countries (payer) to businesses in developed countries (payee) but trust and security (authentication, data integrity, confidentiality and non-repudiation) services are available to both parties. These components can be implemented using PKI technology. The following sections will describe how the some of the components of PKI fulfill the requirements for the pre-transactional, transactional and post-transactional phases of e-business. PKI for e-business will provide the following solutions
for developing countries:
multi-platform and scaleable services;
vverifiable chain of trust;
generic and multi-purpose e-payment solutions; and
asymmetrical and component-based services.
Using Certification to Build Trust
The first thing to do is to establish the identities of both parties to the transaction. Certification services could be provided by commercial CAs mostly located in industrialised
countries. These services are available today to both developing and industrialised countries. In a developing country, the CA interface to the business could be provided by a local RA. The RA could be a Chamber of Commerce or any trusted organisation with an established level of credibility within the community. Industry attributes are required for both partners in a business relationship since both of them need to be sure that they are dealing with a credible business partner. It should be pointed out that the RA and the CA
must be part of the same PKI. The RA will operate hierarchically under the CA and both will use the same CPS. The connection between the RA and the CA is secured using PKI-enabled applications. The RA could perform two main functions: first, it would verify the identity of the local business and request the CA to issue the certificate; and, second, it would establish the business credibility of the user. The business credibility is established using attribute certificates (with industry attribute). In this scenario, the RA also acts as an AA
even though this does not have to be the case. Depending on the technology used for providing attribute certificates, they can be stored centrally in the CAs database or in a database maintained by the AA. The use of a common CPS by the RA and the CA and the fact that both are part of the same PKI creates a chain of trust that can be verified by either party. It also implies that both parties will have access to the similar services and the same level of security is maintained. For any entrepreneur, trust is an important criterion for establishing or enhancing business relationships. The digital certificate enables both business partners to be confident of the identity of their counterparts. The industry attribute issued by the AA provides proof of credibility to both parties.
Establishing Proof of Identity
Both business partners will have their digital certificates stored on a PKI token. This can be either a smart card or a USB key. The digital certificate that is stored on the token is protected by a PIN or password, which must be entered by the authorised user before the transaction. The use of a PIN-protected token strengthens the authentication because it provides software and hardware protection linked to a manual procedure that is performed by both parties to complete the authentication process. In a typical implementation, the local RA gives the PKI token to the end-user. When the certificate is signed and delivered by the CA to the RA (via the secure VPN connection), the RA puts the digital certificate in the PKI token and issues it to the user. The use of a PKI token to store the certificate enables
both parties to authenticate themselves on any device that has the appropriate token reader. Much of the strength and reliability of the authentication lies in the conformance of the RA to the security policies and procedures of the CA. Access to the site of the RA needs to be controlled (preferably using a smart card) and the security requirements must be implemented as defined in the CPS of the CA. The connection between the RA and the CA must be highly secure. In a typical implementation a PKI-based virtual private network is used to secure the communication between the CA and the RA.
Even though the identities of the parties have been verified, they need to be validated. An example of the need for validation:
An expired passport enables one to establish the identity of the holder. But is it not a valid document for entering a country. For both parties, it is essential that a mechanism
be put in place to issue digital receipts. Digital receipts are needed as proof that a transaction took place. They provide a legally binding mechanism for trusted third party
notarisation that is necessary for dispute resolutions after a transaction.
Validating e-transactions is a requirement for both business partners. It is a service that is normally provided by a VA either as part of the overall CA services or by a third-party company. Businesses in developing and industrialised countries both have access to services provided by VAs. As a PKI component, VAs fit within the overall technology components and solutions provided by PKI for e-business. Through the processes of authentication and validation, both parties are assured of the identities of their counterparts and that the transactions cannot be repudiated.
To initiate a business transaction, both parties need to use PKI-enabled applications. The business located in a developing country would typically have an authenticated website and the business in an industrialised country would use an authenticated Web client. It is important to remember that both parties are using applications that are part of the same PKI implementation. The website is authenticated using a digital certificate that is issued by an established CA. The business in an industrialised country also uses PKI-enabled applications (such as a Web client or secure email). Verification of the identities of both parties is
done using the same PKI infrastructure through the PKI-enabled applications.
Using Financial Attributes for Payment Services
So far, we have discussed the mechanism for a business in a developing country to establish a relationship with a business in a developed country. However, if goods or
services are to be exchanged, there must be solutions to enable the business in a developing country to receive payments. Payment services require that both parties have bank accounts.
For the developing country entrepreneur, this is one of the criteria. Since we are focusing on businesses in developing countries that export (to industrialised countries), the payment will be downstream. It is therefore more important for the developing country business to be sure that their partner can pay for the goods or services. Therefore, the mechanism for online payment validation and processing needs to be available in the developed country (where the payment originates). The banks in the industrialised country need to provide network payment services to their clients. The absence of e-payment services to businesses in developing countries has already been identified as one of the technical barriers to e-business. The model described in this paper does not apply to credit card payment systems where the infrastructure needs to be located in the developing country (the partner who receives payment). What the author is attempting to describe here is how PKI can be used to reverse the requirements by bypassing one of the main technical obstacles (e-payment services) to building an e-business infrastructure in a developing country. Through PKI-enabled e-payment applications, the payer can obtain an attribute certificate with a financial attribute. A financial attribute is like a letter of credit issued by a financial institution to the payer. The combination of attribute certificates and validation services provide strong evidence that a transaction took place. The attribute certificate establishes the financial worthiness of the payer and enables the payee to receive the funds for the
goods or services via electronic fund transfer. The payment scheme being described here can be applied to high, low and micro-transactions. The possibility of providing payments for micro-transactions opens the door to a wide range of potential services that could be provided by businesses in developing countries. The validity of the attribute certificate
is short-lived and several attribute certificates can be linked to the same digital certificate. For the payer, one of the main concerns is that their counterpart in a developing country is credible and can offer the products or services. This concern is addressed using attribute certificates with industry attributes.
The combination of digital certificates and CA/RA services within the framework of the PKI creates an asymmetrical model that fulfils the technology requirements for businesses that meet defined business criteria to be used this model. With the appropriate industry attributes (provided by an AA to both parties) and financial attributes (provided by
financial institutions in industrialised countries), one can put in place an asymmetrical structure where the components and services are located where the infrastructure permits.
The solution described in this paper could be easily implemented on other platforms (such as mobile data and digital TV). In addition to its scalability, components can be added to the basis infrastructure to meet new service demands.
However, the RA and AA (in developing countries) need to establish a relationship with a CA and accept the CAs criteria for verifying the identity of users. The same applies
to AAs and RAs in industrialised countries. The RA also needs to implement the security requirements for using the CAs PKI. For non-repudiation, a digital notarisation
service needs to be provided by a VA that is part of the PKI.
It is worth noting that several other issues that are not part of a PKI implementation are required for this strategy to work. They are considered outside the scope of this paper and have not been discussed. Some of them include insurance, auditing, due-diligence, risk management, legal requirements and policy and regulatory issues. Also left out of this
paper are details on the implementation of adequate security measures, procedures and policies for the services just described.
Figure 3: Components of PKI Showing Asymmetrical Model
PKI in EC-DC
The cost of putting this strategy in place, building a PKI, running a CA and establishing the necessary relationships for the desired services (VAs, AAs) is prohibitive especially
for developing countries. The technical knowledge needed to operate such services and the physical security measures for protecting the CA sites present some major challenges to developing countries. Some transition economies, such as Singapore and Malaysia, already have certification services running and have established the legislative framework for these services, but the vast majority of developing countries have yet to start addressing these issues.
To assist developing and least developed countries to face these challenges, the International Telecomm-unication Union (ITU) Development Bureau (BDT) is working with industry partners to provide solutions that can be used today by businesses and entrepreneurs in developing countries. Within the framework, objectives and strategy of the Electronic
Commerce for Developing Countries (EC-DC) partnership agreements have been established with the private sector to provide cost-effective solutions for implementing e-business infrastructures in developing countries. As one of the activities carried out within the objectives of EC-DC, and with the participation of several industry partners (such as World Trade Center Geneva, WISeKey, Baltimore Technologies, MCI WORLDCOM, L-SOFT and Oracle Corporation) RAs are being deployed in 100 developing and least developed countries. Most of the issues that have been described in this paper are in the process of being implemented in developing countries. Figure 4 shows some of the structural and organisational relationships that have been established to put in place some of the services described here. Details of the roles and responsibilities of the various industry partners and of the implementation will not be covered in this discussion. For further information, please contact the author.
An e-business infrastructure is quite expensive and labour-intensive to put in place. It requires extensive knowledge of the core technologies and how to integrate them to existing
infrastructure and services.
Businesses need to focus on their main activity, which is doing business. To reduce the overall cost in developing countries, the use of the infrastructure needs to be shared by several businesses. This requires that each business using these shared services be treated in as an independent entity. What is meant here by an independent business is related to how financial transactions, billing, invoicing, inventory and other services related to the business model of the enterprise provided by the system. A shared infrastructure should permit funds for transactions to be deposited directly from the payers bank to the payees bank (located in a developing country) and not through an intermediary (or commerce facilitator). It also should enable customised invoicing and billing services for each business using the service. The e-business services would be provided by a Commerce Service Provider (CSP) operating in the country or region where the businesses are located. Connection between the authenticated website of the business to the shared CSP infrastructure must be secured using the appropriate security protocols, policies and procedures.
The rapid changes in technology, the labour cost for application development, integration, customisation, installation and daily operations for en e-business infrastructure require
developing countries to understand how these technologies work. A mechanism is needed to train engineers, programmers and other ICT professionals so that they participate actively
in implementing these technologies. Decision-makers need to be aware of the importance of information and communication technologies in the economic, social, education and health
The use of technology for certification encryption requires policies to facilitate the development and the use of these technologies. Governments need to provide guidance, support
and other forms of assistance. They need to work with private sector organisations towards facilitating the use of ICT through promotional events to raise the level of awareness
and putting a high priority in the development of the ICT. It is also important for decision-makers from the public and private sectors to have some basic understanding of the role that
e-business could play in the development of the ICT and its potential impact in economic and social development. The changes taking place in several sectors are already having an impact in developing countries. e-Business concerns many sectors of industry. Working groups or task forces must be created, with representatives from all the sectors.
Developing countries need to address issues related to the operation and procedures for CAs and RAs.
For the using PKI as a solution based on services and infrastructure provided by partners in industrialised countries, developing countries need to:
Establish relationships with CAs to enable local organisations to act as RAs using a CPS, the PKI and other CA services. The long-term objective is to establish CAs in developing countries.
Identify local (trusted) organisations to act as RAs to verify the identities of businesses and request the CA to issue certificates.
Identity local organisation (International Chambers of Commerce or other trade organis-ations) to provide industry attributes that will be linked to the identity certificates
issued by the CA.
Implement the CPS and the Certificate Policy of the CA for the operations undertaken by the local RA.
Establish guidelines (to be enforced by RAs and AAs) for e-business code of conduct and for the operations of RA and AA.
Create an atmosphere of trust by establishing legislative framework for electronic contracts, digital signatures and RAs.
Remove restrictions on the use of encryption technologies for electronic transactions.
Provide guidelines for the protection of electronic data.
e-Business is considered to be one of the most important changes since the industrial revolution. Developing countries are facing some serious challenges but the author believes
e-revolution presents more opportunities to developing countries than previous revolutions. This paper has attempted to discuss the possibilities of using a particular technology to address some the problems faced by developing countries.
EC-DC is a special ITU development initiative aimed at assisting developing countries in building the infrastructure for e-business, building capacity and addressing e-business policy issues
David A Horne, "Business to Business Internet Trading Opportunities for New Service Providers", Anderson Consulting, International Journal of e-Business Strategy
Management, September 1999.
Carol Ann Charles, "Building the Global Information Economy", A GIIC Report, September 1998.
Alexander Ntoko, "Electronic Commerce for Developing Countries" Business Briefing: Electronic Commerce, World Market Series, August 1999.
Baltimore Technologies, "An Introduction to Public Key Infrastructure", Executive Briefing, February 2000.
Council of the European Union, Directive on Electronic Commerce, Legislative Acts and Other Instruments, Feb 2000
Michael S. Katz and Jeffrey Rothfeder, Offline Rules for Online Transactions, E-Business Lessons from Planet Earth, Strategy and Business.
Mark Bones, David Burman, Susan Clarke, Gary Cooper, Carey Gray, Michael Mager, Mike Thompson - E-business Technology Issues, E-Business, The Butler Goup, Volume 2, 1999 Report