World Telecommunication Day 1999 |
Every e-commerce transaction implies the passage of information - about the seller's products and pricing and the buyer's financial details (credit card or bank data) and shopping preferences. For businesses, this data has both positive and negative aspects, says Chris Christiansen, program director of Internet security service at International Data Corporation (IDC). E-commerce, he observes, can be heaven because it can ''boost revenues and lower costs, hell because it opens up networks and servers to external and, more significantly, internal attacks.''
The same dilemma faces consumers. For them, the advantages of e-commerce are the range and ease of shopping plus improved customer care, as companies learn their tastes and buying patterns and propose individually tailored commercial offers. The other side of the coin is when companies misuse this information or sell it to other vendors without the customers' knowledge.
In a report published last month, the International Telecommunication Union noted that telephone carriers already collect a ''potentially vast amount of information about their users.'' The report continues: ''So where a great deal of attention has been paid to the potential use or abuse of consumer proprietary information by operators of Web sites, it is worth keeping in mind that the keepers of the largest and most accessible user databases are the telephone companies themselves.''
Available at a price
Businesses can minimize security risks by buying protection. IDC found the worldwide Internet security software market grew more than 50 percent between 1997 (with sales of $2 billion) and 1998 (with sales of more than $3 billion). It estimates that this market will reach $4.2 billion this year and $7.4 billion by 2002, with spending directed to several submarkets, including firewalls, encryption software, antiviral software, and authorization, authentication and administration software.
Consumers cannot spend their way out of their predicament so easily. Although new technologies are emerging that enable even casual Internet users to be anonymous on-line, consumers on (and off) line tend to rely on government regulations to protect them. This is more true in Europe than in the United States.
In 1997, the European Commission drew up its Directive on the Protection of Personal Data. This document has led to a still-unresolved dispute with the United States - although in recent weeks the EU and U.S. positions have moved closer to convergence. In general, Europe advocates specific government intervention, while the United States is more inclined to self-regulation by market forces.
Says Arthur Levin, legal officer for the ITU: ''In balancing privacy concerns and data, the United States tends to weigh commercial and business interests more heavily, while Europe leans more toward protecting the interests of the individual.''
Consumer privacy also has to be balanced against protection from criminal activity. Most countries agree that individuals should have the right to keep personal information confidential. But if they use encryption techniques (i.e., mathematical methods used to keep recorded information secret) to do so, so can criminals and political terrorists who may represent a threat to society.
Where, if ever, do the rights of law-enforcement officers or national security officials take precedence over those of the individual? No international consensus has been reached on this question, and there is considerable disagreement within some countries, including the United States.
The Organization for Economic Cooperation and Development takes the position that safeguards should exist to ensure that information generated by e-commerce transactions cannot be used in ways unintended by the consumer. The OECD also wants safeguards to prevent misuse of such information by transporting databases from one legal jurisdiction to another.
The Transatlantic Business Dialogue, a North American-European industry group working to develop proposals on e-commerce, takes the view that the implementation of any overly regulatory approach to privacy could become a trade barrier. The group is encouraging the adoption of contractual solutions and self-regulation to protect consumers.
Claudia Flisi