Professional Documents
Culture Documents
INTRODUCTION TO E COMMERCE
Electronic Markets:
The principle function of an electronic market is to facilitate the
search for the required product or service. Airline booking systems
are an example of an electronic market.
Internet Commerce
The Internet (and similar network facilities) can be used for
advertising goods and services and transacting one-off deals.Internet
commerce has application for both business-to-business and business
to consumer transactions.
Fig 1.1 : The three categories of E Commerce
Internet Commerce
Information and communications technologies can also be used to
advertise and make once-off sales of a wide range of goods and
services. This type of e-Commerce is typified by the commercial use
of the Internet. The Internet can, for example, be used for the
purchase of books that are then delivered by post or the booking of
tickets that can be picked up by the clients when they arrive at the
event. It is to be noted that the Internet is not the
only technology used for this type of service and this is not the only
use of the Internet in e-Commerce.
Summary:
Electronic Commerce (e-Commerce) is a general concept
covering any form of business transaction or information
exchange executed using information and communication
technologies (ICTs).
E-Commerce takes place between companies, between
companies and their customers, or between companies and
public administrations.
Electronic Commerce includes electronic trading of goods,
services and electronic material.
An electronic market is the use of information and
communications technology to present a range of offerings
available in a market segment so that the purchaser can
compare the prices (and other attributes) of the offerings
and make a purchase decision.
EDI provides a standardized system for coding trade
transactions so that they can be communicated directly from
one computer system to another without the need for
printed orders and invoices and the delays and errors implicit
in paper handling.
Information and communications technologies can also be
used to advertise and make once-off sales of a wide range of
goods and services. This type of e-Commerce is typified by
the commercial use of the Internet.
Introduction
Categories of E commerce
Benefits and limitations of E Commerce
Comparison between Traditional Commerce and
Ecommerce
Summary
Objectives
Benefits to Organizations
The benefits to organizations are as follows:
Electronic commerce expands the marketplace to national
and international markets. With minimal capital outlay, a
company can easily and quickly locate more customers, the
best suppliers, and the most suitable business partners
worldwide. For example, in 1997, Boeing Corporation
reported a savings of 20 percent after a request for a proposal
to manufacture a subsystem was posted on the Internet. A
small vendor in Hungary answered the request and won the
electronic bid. Not only was the subsystem cheaper, but it
was delivered quickly.
Electronic commerce decreases the cost of creating, processing,
distributing, storing, and retrieving paper-based information. For
example, by introducing an electronic procurement system,
companies can cut the purchasing administrative costs by as much as
85 percent. Another example is benefit payments. For the U.S. federal
government, the cost of issuing a paper check is 430. The
cost of electronic payment is 20.
Ability for creating highly specialized businesses. For example, dog
toys which can be purchased only in pet shops or department and
discounte stores in the physical world, are sold now in a specialized
www.dogtoys.com (also see www.cattoys.com).
Electronic commerce allows reduced inventories and
overhead by facilitating “pull”-type supply chain
management. In a pull-type system the process starts from
customer orders and uses just-in-time manufacturing.
The pull-type processing enables expensive customization
of products and services, which provides competitive
advantage to its implementers. A classic example is Dell
Computer Corp., whose case will be described later.
Electronic commerce reduces the time between the outlay of
capital and the receipt of products and services.
Electronic commerce initiates business processes
reengineering projects. By changing processes, productivity
of salespeople, knowledge workers, and administrators can
increase by 100 percent or more.
Electronic commerce lowers telecommunications cost-the
Internet is much cheaper than VANs.
Other benefits include improved image, improved customer
service, newfound business partners, simplified processes,
compressed cycle and delivery time, increased productivity,
eliminating paper, expediting access to information, reduced
transportation costs, and increased flexibility.
Benefits to Consumers
The benefits of EC to consumers are as follows:
Electronic commerce enables customers to shop or do other
transactions 24 hours a day, all year round, from almost any
location.
Electronic commerce provides customers with more choices;
they can select Electronic commerce frequently provides
customers with less expensive products and services by
allowing them to shop in many places and conduct quick
comparisons.
In some cases, especially with digitized products, EC allows
quick delivery.
Customers can receive relevant and detailed information in
seconds, rather than days or weeks.
Electronic commerce makes it possible to participate in
virtual auctions.
Electronic commerce allows customers to interact with other
customers in electronic communities and exchange ideas as
well as compare experiences.
Electronic commerce facilitates competition, which results in
substantial discounts.
Benefits to Society
The benefits of EC to society are as follows:
Electronic commerce enables more individuals to work at
home and to do less traveling for shopping, resulting in less
traffic on the roads and lower air pollution.
Electronic commerce allows some merchandise to be sold at
lower prices, so less affluent people can buy more and
increase their standard of living.
Electronic commerce enables people in Third World
countries and rural areas to enjoy products and services that
otherwise are not available to them.
This includes opportunities to learn professions and earn
college degrees.
Electronic commerce facilitates delivery of public services,
such as health care, education, and distribution of
government social services at a reduced cost and/or
improved quality. Health-care services, for example, can reach
patients in rural areas.
UNIT – II
COMPUTER NETWORK
LAN links computers, i.e., software and hardware, in the same area for the
purpose of sharing information. Usually LAN links computers within a limited
geographical area because they must be connected by a cable, which is quite
expensive. People working in LAN get more capabilities in data processing,
work processing and other information exchange compared to stand-alone
computers. Because of this information exchange most of the business and
government organisations are using LAN.
Advantages
Disadvantages
If the communication line fails, the entire network system breaks down.
Use of LAN
Characteristics of WAN
Examples of WAN
1. Ethernet: Ethernet developed by Xerox Corporation is a famous example of
WAN. This network uses coaxial cables for data transmission. Special
integrated circuit chips called controllers are used to connect equipment to
the cable.
2. Aparnet: The Aparnet is another example of WAN. It was developed at
Advanced Research Projects Agency of U. S. Department. This Network
connects more than 40 universities and institutions throughout USA and
Europe.
Origin of Internet
E-mail stands for electronic mail. This is one of the most widely used features
of Internet. Mails are regularly used today where with the help of postage stamp
we can transfer mails anywhere in the world. With electronic mail the service is
similar. But here data are transmitted through Internet and therefore within
minutes the message reaches the destination may it be anywhere in the world.
Therefore the mailing system is excessively fast and is being used widely for
mail transfer.
UNIT -III
Topic:
Introduction
Types of Electronic Payment Systems
Types of digital tokens
Discuss E-Cash
Summary
Objectives
Understand what is an Electronic Payment System
Describe e-cash as one of the Electronic Payment Systems
All of you might have heard the term “ Electronic Payment”. As
the name is suggesting it means making payments electronically
i.e. through computer and telecommunication components.
Let’s Discuss this in more Detail
Types of Electronic Payment Systems
Electronic payment systems are proliferating in banking, retail,
health care, on-line markets, and even government-in fact, anywhere
money needs to change hands. Organizations are motivated by
the need to deliver products and services more cost effectively and
to provide a higher quality of service to customers. This section
will briefly describe the pertinent developments in various
industries to provide an overall picture of electronic payment
systems of the past and present.
Research into electronic payment systems for consumers can be
traced back to the 1940s, and the first applications-credit
cardsappeared
soon after. In the early 1970s, the emerging electronic
payment technology was labeled electronic funds transfer (EFT).
EFT is defined as “any transfer of funds initiated through an
electronic terminal, telephonic instrument, or computer or magnetic
tape so as to order, instruct, or authorize a financial institution to
debit or credit an account.” EFT utilizes computer and
telecommunication components both to supply and to transfer
money or financial assets.
Transfer is information-based and intangible. Thus EFT stands
in marked contrast to conventional money and payment modes
that rely on physical delivery of cash or checks (or other paper
orders to pay) by truck, train, or airplane. Work on EFT can be
segmented into three broad categories:
Banking and Financial Payments
Large-scale or wholesale payments (e.g., bank-to-bank
transfer)
Small-scale or retail payments (e.g., automated teller machines
and cash dispensers)
Home banking (e.g., bill payment)
Retailing Payments
Credit cards (e.g., VISA or MasterCard)
Private label credit/debit cards (e.g., J.C. Penney Card)
Charge cards (e.g., American Express)
On-line electronic commerce payments
Token-based payment systems
Electronic cash (e.g., DigiCash)
Electronic checks (e.g., NetCheque)
Smart cards or debit cards (e.g., Mondex Electronic Currency Card)
Topic:
Introduction
Digital currency
Limitations of E-cash
Summary
Objectives
Understand how to use e-cash
Describe the various issues that may arise in the organization
due to the use of e-cash
Let’s purchase something on the Internet using Digital Currency.
Using the Digital Currency
Once the tokens are purchased, the e-cash software on the customer’s
PC stores digital money undersigned by a bank. The user tan
spend the digital-money of any shop accepting e-cash, without
having to open an account there first or-having to transmit credit
card numbers. As soon as the customer wants to make a payment,
the software collects the necessary amount from the stored tokens.
Two Types of Transactions are Possible: Bilateral and Trilateral.
Typically, transactions involving cash are bilateral or two-party
(buyer and seller) transactions, whereby the merchant checks the
veracity of the note’s digital signature by using the bank’s public
key. If satisfied with the payment, the merchant stores the digital
currency on his machine and deposits it later in the bank to redeem
the face value of the note. Transactions involving financial
instruments other than cash are usually trilateral or three-party
(buyer, seller, and bank) transactions, whereby the “notes” are
sent to the merchant, who immediately sends them directly to the
digital bank. The bank verifies the validity of these “notes” and that
they have not been spent before.
The account of the merchant is credited. In this case, every “note”
can be used only once. In many business situations, the bilateral
transaction is not feasible because of the potential for double
spending, which is equivalent to bouncing a check. Double
spending becomes possible because it is very easy to make copies
of the e-cash, forcing banks and merchants to take extra
precautions. To uncover double spending, banks must compare
the note passed to it by the merchant against a database of spent
notes .Just as paper currency is identified with a unique serial
number, digital cash can also be protected. The ability to detect
double spending has to involve some form of registration so
that all “notes” issued globally can be uniquely identified. However,
this method of matching notes with a central registry has problems
in the on-line world. For most systems, which handle high volumes
of micro payments, this method would simply be too expensive.
In addition, the problem of double spending means that banks
have to carry added overhead because of the constant checking
and auditing logs. Double spending would not be a major problem if
the need for anonymity were relaxed. In such situations, when the
consumer is issued a bank note, it is issued to that person’s unique
license. When he or she gives it to somebody else, it is transferred
specifically to that other person’s license.
Each time the money changes hands, the old owner adds a tiny bit
of information to the bank note based on the bank note’s serial
number and his or her license. If somebody attempts to spend
money twice, the bank will now be able to use the two bank notes
to determine who the cheater is. Even if the bank notes pass
through many different people’s hands, whoever cheated will get
caught, and none of the other people will ever have to know. The
downside is that the bank can tell precisely what your buying
habits are since it can check the numbers on the e-cash and the
various merchant accounts that are being credited. Many people
would feel uncomfortable letting others know this personal
information.
Drawback of E-cash
One drawback of e-cash is its inability to be easily divided into
smaller amounts. It is often necessary to get small denomination
change in business transactions. A number of variations have
been developed for dealing with the “change” problem. For the
bank to issue users with enough separate electronic “coins” of
various denominations would be cumbersome in communication
and storage. So would a method that required payees to return
extra change. To sidestep such costs, customers are issued a single
number called an “open check” that contains multiple
denomination values sufficient for transactions up to a prescribed
limit. At payment time, the e-cash software on the client’s computer
would create a note of the transaction value from the “open check.”
Let’s see how the business organizations gain from e-cash and
how sometimes it can create problems.
Business Issues and Electronic Cash
Electronic cash fulfills two main functions: as a medium of
exchange and as a store of value. Digital money is a perfect medium
of exchange. By moving monetary claims quickly and by effecting
instant settlement of transactions, e-cash may help simplify the
complex interlocking credit and liabilities that characterize today’s
commerce. For instance, small businesses that spend months
waiting for big customers to pay their bills would benefit hugely
from a digital system in which instant settlement is the norm.
Instant settlement of micro payments is also a tantalizing
proposition.
The controversial aspects of e-cash are those that relate to the
other role, as a store of value. Human needs tend to require that
money take a tangible form and be widely accepted, or “legal tender”.
In most countries, a creditor by law cannot refuse cash as settlement
for a debt. With the acceptability of cash guaranteed by law, most
people are willing to bank their money and settle many of their
bills by checks and debits, confident that, barring a catastrophe,
they can obtain legal tender (cash) on demand. If e-cash had to be
convertible into legal tender on demand, then for every unit there
would have to be a
unit of cash reserved in the real economy: or, to look at it the
other way round, there would be cash in the real world for which
digital proxies were created and made available. This creates
problems, because in an efficient system, if each e-cash unit
represents a unit of real cash, then positive balances of e-cash will
earn no interest; for the interest they might earn would be offset
by the interest foregone on the real cash that is backing them.
The enormous currency fluctuations in international finance
pose another problem. On the Internet, the buyer could be in
Mexico and the seller in the United States. How do you check-that
the party in Mexico is giving a valid electronic currency that has
suitable backing? Even if it were valid today, what would happen
if a sudden devaluation occurs such as the one in December 1994
where the peso was devalued 30 percent overnight. Who holds
the liability, the buyer or the seller? These are not technological
issues but business issues that must be addressed for large-scale
bilateral transactions to occur. Unless, we have one central bank
offering one type of electronic currency, it is very difficult to see
ecash
being very prominent except in narrow application domains.
From a banker’s point of view, e-cash would be a mixed blessing.
Because they could not create new money via lending in the digital
world, banks would see electronic money as unproductive. They
might charge for converting it, or take a transaction fee for issuing
it, but on-line competition would surely make this a low-profit
affair. In the short term, banks would probably make less from
this new business than they would lose from the drift of customers
away from traditional services. It seems unlikely that e-cash would
be allowed to realize its potential for bypassing the transaction
costs of the foreign exchange market. If you pay yen for e-cash in
Osaka and buy something from a merchant based in New York
who cashes them for francs, a currency conversion has taken place.
That, however, is an activity toward which most governments feel
highly defensive; and if e-cash started to bypass regulated foreign
exchange markets by developing its own gray market for settlement,
then governments might be provoked into trying to clamp down
on it. Because of these obstacles, e-cash in its early forms may be
denominated in single currencies and exchanged at conventional
market rates.
Next we will see the risks involved while doing the transactions
involving the use of e-cash.
Operational Risk and Electronic Cash
Operational risk associated with e-cash can be mitigated by
imposing constraints, such as limits on
(1) the time over which a given electronic money is valid,
(2) how much can be stored on and transferred by electronic
money
(3) the number of exchanges that can take place before a money
needs to be redeposit with a bank or financial institution,
and
(4) the number of such transactions that can be made during a
given period of time.
These constraints introduce a whole new set of
implementation issues For example, time limits could be set
beyond which the electronic money, would expire and become
worthless. The customer would have to redeem or exchange the
money prior to the expiration deadline. For this feature to work;
electronic money would have to be time-stamped, and time would
have to be synchronized across the network to some degree of
precision. The objective of imposing constraints is to limit the
issuer’s liability. A maximum upper limit could be imposed on
the value that could be assigned to any single transaction or that
could be transferred to the same vendor within a given period of
time. Since the user’s computer could be programmed to execute
small transactions continuously at a high rate over the network, a
strategy of reporting transactions over a certain amount would be
ineffective for law enforcement. However, a well-designed system
could enforce a policy involving both transaction size and value
with time. For example, an “anonymous coin-purse” feature might
be capable of receiving or spending no more than $500 in any
twenty-four hour period. Alternatively, the “rate ceiling” for the
next twenty-four hours could be made dependent on the rate of
use or on the number of exchanges that could be permitted before
any electronic money would have to be redeposit in a bank or
financial institution and reissued.
Finally, exchanges could also be restricted to a class of services or
goods (e.g., electronic benefits could be used only for food,
clothing, shelter, or educational purposes). The exchange process
should allow payment to be withheld from the seller upon the
buyer’s instructions until the goods, or services are delivered within
a specified time in the future.
Conversely, it should allow delivery to be withheld upon the seller’s
instructions until payment is received. The next section deals with
the legal aspects of e-cash and the impact of e-cash on taxation.
Legal Issues and Electronic Cash
Electronic cash will force bankers and regulators to make tough
choices that will shape the form of lawful commercial activity
related to electronic commerce. As a result of the very features that
make it so attractive to many, cash occupied an unstable and
uncomfortable place within the existing taxation and law
enforcement systems. Anonymous and virtually untraceable, cash
transactions today occupy a place in a kind of underground
economy. This underground economy is generally confined to
relatively small scale transactions because paper money in large
quantities is cumbersome to use and manipulate-organized crime
being the obvious exception. As long as the transactions fare
small in monetary value, they are tolerated by the government as
an unfortunate but largely insignificant by-product of the modern
commercial .state. As transactions get larger the government
becomes more suspicious and enlists the aid of the banks, through
the various currency reporting laws, in reporting large
disbursements of cash so that additional oversight can be ordered.
Topic:
Introduction
Discuss Electronic cheque, smart card, Credit Cards
Advantages of Electronics cheques
Electronic Purses and Debit Cards
Summary
Objectives
Understand what is an “Electronic Check”
Describe the use of Smart cards and Credit cards
Another type of Electronic Payment scheme that we are going to
discuss today is “Electronic Checks”. This scheme is basically for
those people who don’t prefer to pay by cash.
Electronic Checks
Electronic checks are another form of electronic tokens. They are
designed to accommodate the many individuals and entities that
might prefer to pay on credit or through some mechanism other
than cash. In the model shown in Fig. 14.1, buyers must
register with a third-party account server before they are able to
write electronic checks. The account server also acts as a billing
service. The registration procedure can vary depending on the
particular account server and may require a credit card or a bank
account to back the checks. Once registered, a buyer can then contact
sellers of goods and services. To complete a transaction, the buyer
sends a check to the seller for a certain amount of money. These
checks may be sent using e-mail or other transport methods. When
deposited, the
check authorizes the transfer of account balances from the account
against which the check was drawn to the account to which the
check was deposited. The e-check method was deliberately created
to work in much the same way as a conventional paper check. An
account holder will issue an electronic document that contains the
name of the payer, the name of the financial institution, the
payer’s account number, the name of the payee and amount of
the check. Most of the information is in uncoded form. Like a
paper check, an e-check will bear the digital equivalent of a signature:
a computed number that authenticates the check as coming from
the owner of the account. And, again like a paper check, an e-check
will need to be endorsed by the payee, using another electronic
signature, before the check can be paid. Properly signed and
endorsed checks can be electronically exchanged between financial
institutions through electronic clearinghouses, with the
institutions using these endorsed checks as tender to settle accounts.
The specifics of the technology work in the following manner:
On receiving the check, the seller presents it to the accounting
server for verification and payment. The accounting server verifies
the digital signature on the check using any authentication scheme.
A user’s digital “signature” is used to create one ticket-a checkwhich
the seller’s digital “endorsement” transforms into another-an order to
a bank computer for fund transfer. Subsequent endorsers add
successive layers of information onto the tickets, precisely as a large
number of banks may wind up stamping the back of a check along its
journey through the system.
Figure 14.1 Payment transaction sequence in an electronic check
system
Let’s see the advantages of Electronic checks.
Electronic checks have the following advantages:
They work in the same way as traditional checks, thus
simplifying customer education.
Electronic checks are well suited for clearing micro payments;
their use of conventional cryptography makes it much faster
than systems based on public-key cryptography e-cash).
Electronic checks create float and the availability of float is an
important requirement for commerce. The third-party
accounting server can make money by charging the buyer or
seller a transaction fee or a flat rate fee, or if can act as a bank
and provide deposit accounts and make money on the
deposit account pool.
Financial risk is assumed by the accounting server and may
result in easier acceptance. Reliability and scalability are
provided by using multiple accounting servers. There can be
an inter account server protocol to allow buyer and seller to
“belong” to different domains, regions, or countries. You
all must agree that the major issue of concern while doing
paying is security. In the next section we will discuss one of
the Electronic Payment Systems that is more secure as
compared to the above discussed schemes.
Topic:
Introduction
Credit Card-Based Electronic Payment Systems
Encryption in Credit Cards
Summary
Objectives
Understand why payment by Credit card is more secure than
other Electronic Payment Systems
To avoid the complexity associated with digital cash and electronic
checks, consumers and vendors are also looking at credit card
payments on the Internet as one possible time-tested alternative.
Let’s discuss how the payment is made online using credit cards.
Credit Card-Based Electronic Payment Systems
There is nothing new in the basic process. If consumers want to
purchase a product or service, they simply send their credit card
details to the service provider involved and the credit card
organization will handle this payment like any other.
We can break credit card payment on on-line networks into
three basic categories:
1. Payments using plain credit card details. The easiest
method of payment is the exchange of unencrypted credit
cards over a public network such as telephone lines or the
Internet. The low level of security inherent in the design of
the Internet makes this method problematic (any snooper
can read a credit card number, and programs can be created to
scan the Internet traffic for credit card numbers and send the
numbers to its master). Authentication is also a significant
problem, and the vendor is usually responsible to ensure
that the person using the credit card is its owner. Without
encryption there is no way to do this.
2. Payments using encrypted credit card details. It would
make sense to encrypt your credit card details before sending
them out, but even then there are certain factors to consider.
One would be the cost of a credit card transaction itself. Such
cost would prohibit low-value payments (micro payments)
by adding costs to the transactions.
UNIT IV
Topic:
Introduction
Technical elements of an EDI
EDI Standards
Summary
Objectives
Understand details of the technical elements of an EDI
system:
EDI Standards
EDI as discussed before stands for Electronic Data Interchange.
This is one of the applications of E Commerce which makes
Business to Business transactions possible over a network.
Electronic data interchange (EDI) is a technology poised for
explosive growth in use as the Internet provides an affordable
way for businesses to connect and exchange documents with
customers and suppliers of any size. EDI is the electronic exchange
of business documents, data, and other information in a
publicstandard
format. It cuts the cost of managing business-to-business transactions
by eliminating the need for labor-intensive manual generation and
processing of documents.
In this lecture we will discuss the EDI standards, the EDI networks
and the EDI software that interfaces these two elements and the
business applications. These elements together with the EDI
Agreement are covered in detail in this lecture.
Let’s start with EDI Standards.
EDI Standards
At the heart of any EDI application is the EDI standard. The
essence of EDI is the coding and structuring of the data into a
common and generally accepted format -anything less is
nothing more than a system of file-transfers. Coding and
structuring the documents for business transactions is no easy
matter. There have been a number of EDI standards developed
in various industry sectors or within a specific country and there
are complex committee structures and procedures to support them.
Following on from the various sectorial and national EDI
standards is the United Nations (UN) EDI Standard:
EDIFACT. This is the standard that should be adopted for any
new EDI application.
Now the question arises why we require EDI standards? EDI
provides an electronic linkage between two trading partners.
Business transactions are output from the sending
computer system, transmitted or transported in electronic format
and input into the second, receiving computer system. The
computer systems that exchange data need a common format;
without a common format the data is meaningless. Two
organizations that exchange data can, with relative ease, agree a
format that meets their mutual needs. As the network of exchanges
develops then the number of organizations needing to be party
to the agreement grows.
To illustrate this, assume a network of three customers (say
supermarkets) ordering goods from four suppliers (food
manufacturers), see Figure 8.1.
Objectives
Understand details of the technical elements of an EDI
system:
EDI Networks
After discussing about EDI standards and coding let’s see how
the transmission of electronic data takes place and what are the
requirements for this electronic transmission.
EDI Communications
The EDI standard specifies the syntax for the coding of the
electronic document, it does not specify the method of
transmission. The transmission of the electronic document can
be:
A magnetic tape or diskette that is posted or dispatched
using a courier service.
A direct data communications link.
A value added data service (VADS), also known as a value
added network (VAN).
The physical transfer of magnetic tape or diskette is one way of
transmitting EDI messages. However, one of the advantages of
EDI is speed of transmission and this is hardly facilitated by the
physical transportation of the diskette or tape. For this, and other
reasons, this way of transmitting EDI is declining in popularity.
The use of direct data communications links is the second
possibility. It can be appropriate for trading relationships where
there are large data volumes or where there are only one or two
trading partners involved. It does, however, have a number of
complications. It presumes that the trading partners agree
transmission times, protocols and line speeds – requirements
that become complex when there are several trading partners, some
of them involved in a number of trading relationships. The final
possibility is the use of a VADS. These can provide a number of
facilities but the essential is the use of postboxes and mailboxes
to provide ‘time independence’ and ‘protocol independence’. The
facilities of a VADS are further discussed in the following sections.
Postboxes and Mailboxes
The basic facility of a VADS is a post and forward network. This
network is centered on a computer system with communications
facilities. For each user of the system there are two files:
The postbox - where outgoing messages are placed.
The mailbox - where incoming messages can be picked up.
Taking the trading network shown at Figure 12.1, the postbox
and mailbox arrangement of the VADS would be as shown at
Figure 9.1.
Topic:
Introduction
EDI Implementation
Summary
Objectives
Understand details of the technical elements of an EDI system:
EDI Implementation
Now we will discuss the physical implementation of VADS. EDI
in the Internet.
Recently a number of organisations have started using the Internet
as an EDI VADS. Using the Internet provides the basic store and
forward facilities but not necessarily the other features of a VADS
service that are listed above. Security and reliability are two of the
major concerns, unlike the traditional VADS, the Internet does
not guarantee the safe delivery of any data you send into it. The
plus side of using the Internet is that it is cheaper than any of the
commercial networks that provide specific EDI VADS services.
EDI Implementation
The final technical element of the EDI system is the EDI software.
If a company is to send an order from its production control
system to Packaging Solutions it needs to code that order into the
agreed EDI standard and ‘squirt’ it into the chosen VADS. To
pick up the order at the other end, Packaging Solutions has a
similar need to extract the data from the network and to decode
the data from the EDI message into its order processing system.
The coding / decoding of the EDI message and the interfacing
with the VADS is normally achieved using EDI Software. The
overall picture is summarized in Figure 10.1.
Objectives
After this lecture the students will be able to:
Understand details of the technical elements of an EDI
system:
EDI Agreements
EDI Security
After discussing how the EDI is being implemented it is clear that
a large organization that processes many electronic transactions is
going to need its own EDI set-up. There are, however, many
small companies that are dragged into EDI trade by a large trading
partner but for who the set-up and running costs of an EDI
facility would outweigh the benefits. For these organizations there
are a number of alternatives as discussed below:
EDI Alternatives
The low cost, PC based, free-standing EDI facility.
Making use of an EDI clearing house. To do this the
company contract for their EDI messages to be sent to a
clearing house who decode them, print them out and then
post or fax them on. The British Post Office is an example
of an organisation that provides this service.
Internet access via a clearing house. This is an update on the
EDI-Post service outlined above where a clearing house is
used but the inward and outward transactions are
transmitted between the end user and the clearing house and
accessed by the client using a standard web browser.
As you know setting up an EDI system requires a lot of discussion
with trading partners. Manual systems rely a lot on the
understanding of the people involved; when these interchanges
are automated there is no understanding between the machines -
they just do what they are told (well they do on a good day!).
The introduction of EDI may also be part of a wider process of
business processing re-engineering that makes the effective
operation of the supply chain much more crucial to successful
business operation. Traditional logistics had buffer stocks in the
factory’s parts warehouse or the retailer’s regional depot and stock
room. In just-in-time manufacture and quick response supply
these buffer stocks are eliminated - this reduces the capital
employed and avoids the need to double handle goods. Without
these buffer stocks the EDI systems become crucial -the orders
need to be delivered on time or cars will be made
with missing wheels and there will be no cornflakes on the shelves
in the supermarket. Hence to achieve a successful, electronically
controlled supply chain, businesses have to talk. They need to
agree the nature of the business that is to be done electronically,
the technical details of how it is to be undertaken and the procedures
for resolving any disputes that arise.
EDI Interchange Agreements
The appropriate way to document the details of a trading
arrangement between electronic trading partners is an EDI
Interchange Agreement. The agreement makes clear the trading
intentions of both parties, the technical framework for the
transactions and the procedures to be followed in the event of a
dispute. The EDI Agreement is a document, normally on paper,
and signed by both trading partners before electronic trading
begins. The first requirement of the agreement is to establish the
legal framework. This has a special significance as most business
law relates to paper based trading and how that law should apply
to the less tangible form of an electronic message is not always
clear (although a number of countries are updating their legal
provisions to take account of electronic trade). This point is made
in the commentary that is included in the European
Model Electronic Data Interchange (EDI) Agreement (EUIA):
‘For EDI to be a successful alternative to paper trading, it is essential
that messages are accorded a comparable legal value as their paper
equivalent when the functions effected in an electronic environment
are similar to those effected in a paper environment, and where all
appropriate measures have been taken to secure and store the
data.’
Summary:
There are number of alternatives instead of setting own
EDI setup like the low cost, PC based, free-standing EDI
facility, making use of an EDI clearing house, Internet access
via a clearing house.
The appropriate way to document the details of a trading
arrangement between electronic trading partners is an EDI
Interchange Agreement
The security aspects in EDI are Controls in the EDI
Standards, Controls in the Transmission Protocol,
Protection against Tampering, Privacy of Message,
Nonrepudiation
Topic:
Introduction
Various preventive measures for computer
Cryptography
Data Encryption Standard (DES)
Summary
Objectives:
Describe some security measures to prevent the Computer
Systems from various threats in a network .
The incredible growth of the Internet has excited businesses and
consumers alike with its promise of changing the way we live and
work. But a major concern has been just how secure the Internet
is, especially when you’re sending sensitive information through
it.
Let’s face it, there’s a whole lot of information that we don’t want
other people to see, such as:
Credit-card information
Social Security numbers
Private correspondence
Personal details
Sensitive company information
Bank-account information
Information security is provided on computers and over the
Internet by a variety of methods. A simple but straightforward
security method is to only keep sensitive information on removable
storage media like floppy disks. But the most popular forms of
security all rely on encryption , the process of encoding
information in such a way that only the person (or computer)
with the key can decode it.
In the Key of...
Computer encryption is based on the science of cryptography,
which has been used throughout history. Before the digital age,
the biggest users of cryptography were governments, particularly
for military purposes. The existence of coded messages has been
verified as far back as the Roman Empire. But most forms of
cryptography in use these days rely on computers, simply because
a human-based code is too easy for a computer to crack.
Most computer encryption systems belong in one of two
categories. Broadly speaking, there are two types of encryption
methods:
Secret-key cryptography
Public-key cryptography
Secret-Key Cryptography
Secret-key cryptography the use of a shared key for both encryption
by the transmitter and decryption by the receiver. Shared-key
techniques suffer from the problem of key distribution, since
shared keys must be securely’ distributed to each pair of
communicating parties. Secure-key distribution becomes
cumbersome in large networks.
To illustrate secret key cryptography, A encrypts a message with a
secret key and e-mails the encryption message to B. On receiving
the message, B checks the header to identify the sender, then
unlocks his electronic key storage area and takes out the duplicate
of the secret key. B then uses the secret key to decrypt the message.
The Achilles heel of secret-key cryptography is getting the sender
and receiver to agree on the secret key without a third party finding
out. This is difficult because if A and B are in separate sites, they
must trust not being overheard during face-to-face meetings or
over a public messaging system (a phone system, a postal service)
when the secret key is being exchanged. Anyone who overhears or
intercepts the key in transit can later read all encrypted messages
using that key. The generation, transmission, and storage of keys
is called key management; all cryptosystems must deal with key
management issues. Although the secret-key method is quite
feasible and protocol for one-on-one document interchange, it
does not scale. In a business environment where a company deals
with thousands of on-line customers, it is impractical to assume
that key management will be flawless. Hence, we can safely assume
that secret-key cryptography will not be a dominant player in
ECommerce
given its difficulty providing secure key management.
Data Encryption Standard (DES)
A widely-adopted implementation of secret-key cryptography is
Data Encryption Standard (DES). The actual software to perform
DES is readily available at no cost to anyone who has access to the
Internet. DES was introduced in 1975 by IBM, the National Security
Agency (NSA), and the National Bureau of Standards (NBS) (which
is now called NIST). DES has been extensively researched and
studied over the last twenty years
and is definitely the most well-known and widely used
cryptosystem in the world. DES is secret-key, symmetric
cryptosystem: When used for communication, both sender and
receiver must know the same secret key, which is used both to
encrypt and decrypt the message. DES can also be used for single
user encryption, for example, to store files on a hard disk in
encrypted form. In a multiuser environment, however, secure-key
distribution becomes difficult; public-key cryptography, discussed
in the next subsection, was developed to solve this problem.
DES operates on 64-bit blocks with a 56-bit secret key. Designed
for hardware implementation, it operation is relatively fast and
works well for large bulk documents or encryption. Instead of
defining just one encryption algorithm, DES defines a whole
family of them. With a few exceptions, a different algorithm is
generated for each secret key. This means that everybody can be
told about the algorithm and your message will still be secure.
You just need to tell others your secret key a number less than 256.
The number 256 is also large enough to make it difficult to break
the code using a brute force attack (trying to break the cipher by
using all possible keys).
DES has withstood the test of time. Despite the fact that its
algorithm is well known, it is impossible to break the cipher without
using tremendous amounts of computing power. A new
technique for improving the security of DES is triple encryption
(Triple DES), that is, encrypting each message block using three
different keys in succession. Triple DES, thought to be equivalent
to doubling the key size of DES, to 112 bits, should prevent
decryption by a third party capable of single-key exhaustive search.
Of course, using triple-encryption takes three times as long as
single-encryption DES. If you use DES three times on the same
message with different secret keys, it is virtually impossible to
break it using existing algorithms.. Over the past few years several
new, faster symmetric algorithms have been developed, but DES
remains the most frequently used.
Public Key Cryptography
A more powerful form of cryptography involves the use of public
keys. Public-key techniques involve a pair of keys; a private key and
a public key associated with each user. Information encrypted by
the private key can be decrypted only using the corresponding
public key. The private key, used to encrypt transmitted information
by the user, is kept secret. The public key is used to decrypt
information at the receiver and is not kept secret. Since only the
bona fide author of an encrypted message has knowledge of the
private key, a successful decryption using the corresponding public
key verifies the identity of the author and ensures message integrity.
Public keys can be maintained in some central repository and
retrieved to decode or encode information. Public key techniques
alleviate the problem of distribution of keys
Let’s examine How this Process Works:
Each party to a public-key pairing receives a pair of keys, the public
key and the private key. When A wishes to send a message to B, A
looks up B’s public key in a directory, A then uses the public key to
encrypt the message and mail it to B. B uses the secret private key
to decrypt the message and read it. Anyone can send an encrypted
message to B but only B can read it. Unless, a third party, say C, has
access to B’s private key, it is impossible to decrypt the message
sent by A. This ensure confidentiality.
Clearly, one advantage of public key cryptography is that no one
can figure out the private key from the corresponding public key.
Hence, the key management problem is mostly confined to the
management of private keys. The need for sender and receiver to
share secret information over’ public channels is completely
eliminated: All transactions involve only public keys, and no private
key is ever transmitted or shared; The secret key never leaves the
user’s Pc. Thus a sender can send, a confidential message merely by
using public information and that message can be decrypted only
with a private key in the sole possession of the intended recipient.
Furthermore, public-key cryptography can be used for sender
authentication, known as digital signatures. Here’s how
authentication is achieved using public-key cryptography: A, to
digitally sign a document, puts his private key and the document
together and performs a computation on the composite (key +
document) to generate a unique number called the digital signature.
For instance, when an electronic document, such as an order form
with a credit card number, is run through the method, the output
is a unique “fingerprint” of the document. This “fingerprint” is
attached to the original message and further encrypted with the
signer A’s private key. The result of the second encryption is then
sent to B, who then first decrypts the document using Ks public
key. B checks whether the message has been tampered with or is
coming from a third party C, posing as A.
To verify the signature, B does some further computation
involving the original document, the purported signature, and
Ks public key. If the results of the computation generate a
matching “finger-print” of the document, the digital signature is
verified as genuine; otherwise, the signature may be fraudulent or
the message altered, and they are discarded. This method is the
basis for secure e-Commerce, variations of which are being
explored by several companies.
Several implementations of these popular encryption techniques
are currently employed. In public-key encryption, the RSA
implementation dominates and is considered very secure, but
using it for overseas traffic conflicts With the US government’s
position on export of munitions technology of military
importance. Clearly, the government has not reckoned with the
Internet data flow.
Summary:
The most popular forms of security all rely on encryption,
the process of encoding information in such a way that only
the person (or computer) with the key can decode it.
There are two types of encryption methods:
Secret-key cryptography and Public-key cryptography
Secret-key cryptography the use of a shared key for both
encryption by the transmitter and decryption by the receiver
A widely-adopted implementation of secret-key
cryptography is Data Encryption Standard (DES)
A more powerful form of cryptography involves the use of
public keys. Public-key techniques involve a pair of keys; a
private key and a public key associated with each user.
Information encrypted by the private key can be decrypted
only using the corresponding public key
Clipper Chip
Clipper is an encryption chip developed as part of the Capstone
project. Announced by the White House in April 1993, Clipper
was designed to balance the competing concerns of federal law
enforcement agencies with those of private citizens and industry.
Law enforcement agencies wish to have access-for example, by
wire-tapping-to the communications of suspected criminals, and
these needs are threatened by secure cryptography. Clipper
technology attempts to balance these needs by using escrowed
keys. The idea is that communications would be encrypted with a
secure algorithm, but the keys would be kept by one or more third
parties (the “escrow agencies”) and made available to law
enforcement agencies when authorized by a court-issued warrant.
Thus, for example, personal communications would be
impervious to recreational eavesdroppers and commercial
communications would be impervious to industrial espionage,
and yet the FBI could listen in on suspected terrorists or gangsters.
Skipjack, designed by the NSA, is the encryption algorithm
contained in, the clipper chip. It uses One 80-bit key to encrypt and
decrypt 64-bit blocks of data. Skipjack can be used in the same way
as DES and may be more secure than , DES, since it uses 80-bit
keys and scrambles the data for 32 steps, or “rounds”; by contrast,
DES uses 56-bit keys and scrambles the data for only 16 rounds.
The details of Skipjack are classified .The decision not to make the
details of the algorithm publicly available has been widely criticized,
and many are suspicious that Skipjack is not secure, either due to
design oversight or to deliberate introduction of a secret trapdoor.
By contrast, the many failed attempts to find weaknesses in DES
over the years have made people confident in the security of DES.
Since Skipjack is not public, the same scrutiny cannot be applied,
and thus a corresponding level of confidence may not arise.
Aware of such criticism, the government invited a small group of
independent cryptographers to examine the Skiplack algorithm.
Their report stated that, although their study was too limited to
reach a definitive conclusion, they nevertheless believe that Skipjack
is secure. Another consequence of Skipjack’s classified status is
that it cannot be implemented in software, but only in hardware
by government-authorized chip manufacturers.
Summary:
RSA is a public-key cryptosystem for both encryption and
authentication developed in 1977 by Ron Rivest, Adi Shamir,
and Leonard Adleman.
A public-key certificate is a data structure, digitally signed by a
certification authority (also known as the certificate issuer),
that binds a public-key value to the identity of the entity
holding the corresponding private key
The idea behind the clipper is that communications would
be encrypted with a secure algorithm, but the keys would be
kept by one or more third parties (the “escrow agencies”) and
made available to law enforcement agencies when authorized
by a court-issued warrant
UNIT - V
Topic:
Introduction
Firewall
Various Anti Viruses
Summary
Objectives:
Describe some security measures to prevent the Computer
Systems from various threats in a network
In the previous lecture we discussed Cryptography technique to
provide security of data in a network. Today we will take a look on
other techniques which can further enhance the security.
Firewall
If you have been using the Internet for any length of time, and
especially if you work at a larger company and browse the Web
while you are at work, you have probably heard the term firewall
used. For example, you often hear people in companies say things
like, “I can’t use that site because they won’t let it through the
firewall.”
If you have a fast Internet connection into your home (either a
DSL connection or a cable modem), you may have found yourself
hearing about firewalls for your home network as well. It turns
out that a small home network has many of the same security
issues that a large corporate network does. You can use a firewall
to protect your home network and family from offensive Web
sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from
your property. In fact, that’s why its called a firewall. Its job is
similar to a physical firewall that keeps a fire from spreading from
one area to the next. As you read through this article, you will learn
more about firewalls, how they work and what kinds of threats
they can protect you from.
What It Does
A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your
private network or computer system. If an incoming packet of
information is flagged by the filters, it is not allowed through.
Let’s say that you work at a company with 500 employees. The
company will therefore have hundreds of computers that all have
network cards connecting them together.
In addition, the company will have one or more connections to
the Internet through something like T1 or T3 lines. Without a
firewall in place, all of those hundreds of computers are directly
accessible to anyone on the Internet. A person who knows what
he or she is doing can probe those computers, try to make FTP
connections to them, try to make telnet connections to them and
so on. If one employee makes a mistake and leaves a security hole,
hackers can get to the machine and exploit the hole.
With a firewall in place, the landscape is much different. A company
will place a firewall at every connection to the Internet (for example,
at every T1 line coming into the company). The firewall can
implement security rules. For example, one of the security rules
inside the company might be:
Out of the 500 computers inside this company, only one of them
is permitted to receive public FTP traffic. Allow FTP connections
only to that one computer and prevent them on all others. A
company can set up rules like this for FTP servers, Web servers,
Telnet servers and so on. In addition, the company can control
how employees connect to Web sites, whether files are allowed to
leave the company over the network and so on. A firewall gives a
company tremendous control over how people use the network.
Firewalls use one or more of three methods to control traffic
flowing in and out of the network:
Packet filtering - Packets (small chunks of data) are
analyzed against a set of filters. Packets that make it through
the filters are sent to the requesting system and all others are
discarded.
Proxy service - Information from the Internet is retrieved
by the firewall and then sent to the requesting system and
vice versa.
Stateful inspection - A newer method that doesn’t examine
the contents of each packet but instead compares certain key
parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is
monitored for specific defining characteristics, then incoming
information is compared to these characteristics. If the comparison
yields a reasonable match, the information is allowed through.
Otherwise it is discarded
What It Protects You From
There are many creative ways that unscrupulous people use to
access or abuse unprotected computers:
Remote login - When someone is able to connect to your
computer and control it in some form. This can range from
being able to view or access your files to actually running
programs on your computer.
Application backdoors - Some programs have special
features that allow for remote access. Others contain bugs
that provide a backdoor, or hidden access, that provides
some level of control of the program.
SMTP session hijacking - SMTP is the most common
method of sending e-mail over the Internet. By gaining
access to a list of e-mail addresses, a person can send
unsolicited junk e-mail (spam) to thousands of users. This
is done quite often by redirecting the e-mail through the
SMTP server of an unsuspecting host, making the actual
sender of the spam difficult to trace.
Operating system bugs - Like applications, some operating
systems have backdoors. Others provide remote access with
insufficient security controls or have bugs that an experienced
hacker can take advantage of.
Denial of service - You have probably heard this phrase
used in news reports on the attacks on major Web sites. This
type of attack is nearly impossible to counter. What happens
is that the hacker sends a request to the server to connect to
it. When the server responds with an acknowledgement and
tries to establish a session, it cannot find the system that
made the request. By inundating a server with these
unanswerable session requests, a hacker causes the server to
slow to a crawl or eventually crash.
E-mail bombs - An e-mail bomb is usually a personal
attack. Someone sends you the same e-mail hundreds or
thousands of times until your e-mail system cannot accept
any more messages.
Macros - To simplify complicated procedures, many
applications allow you to create a script of commands that
the application can run. This script is known as a macro.
Hackers have taken advantage of this to create their own
macros that, depending on the application, can destroy your
data or crash your computer.
Viruses - Probably the most well-known threat is computer
viruses. A virus is a small program that can copy itself to
other computers. This way it can spread quickly from one
system to the next. Viruses range from harmless messages to
erasing all of your data.
Spam-Typically harmless but always annoying, spam is the
electronic equivalent of junk mail. Spam can be dangerous
though. Quite often it contains links to Web sites. Be careful
of clicking on these because you may accidentally accept a
cookie that provides a backdoor to your computer.
Redirect bombs - Hackers can use ICMP to change (redirect)
the path information takes by sending it to a different router.
This is one of the ways that a denial of service attack is set
up.
Source routing - In most cases, the path a packet travels
over the Internet (or any other network) is determined by the
routers along that path. But the source providing the packet
can arbitrarily specify the route that the packet should travel.
Hackers sometimes take advantage of this to make
information appear to come from a trusted source or even
from inside the network! Most firewall products disable
source routing by default.
Some of the items in the list above are hard, if not impossible, to
filter using a firewall. While some firewalls offer virus protection,
it is worth the investment to install anti-virus software on each
computer. And, even though it is annoying, some spam is going
to get through your firewall as long as you accept e-mail.
The level of security you establish will determine how many of
these threats can be stopped by your firewall. The highest level of
security would be to simply block everything. Obviously that defeats
the purpose of having an Internet connection. But a common
rule of thumb is to block everything, then begin to select what
types of traffic you will allow. You can also restrict traffic that
travels through the firewall so that only certain types of
information, such as e-mail, can get through. This is a good rule
for businesses that have an experienced network administrator
that understands what the needs are and knows exactly what traffic
to allow through. For most of us, it is probably better to work
with the defaults provided by the firewall developer unless there is
a specific reason to change it. One of the best things about a
firewall from a security standpoint is that it stops anyone on the
outside from logging onto a computer in your private network.
While this is a big deal for businesses, most home networks will
probably not be threatened in this manner. Still, putting a firewall
in place provides some peace of mind.
Proxy Application Gateways
A proxy application gateway is a special server that typically runs
on a firewall machine. Their primary use is access to applications
such as the World. Wide Web from within a secure perimeter (Fig
22.1) Instead of talking directly to external WWW servers, each
request from the client would be routed Wed to a proxy on the
firewall that is defined by the user. The proxy knows how to get
through the firewall. An application level proxy makes a firewall
safely permeable for users in an organization, without creating a
potential security hole through which hackers can get into corporate
networks. The proxy waits for a request from inside the firewall,
forwards the request to the remote server
outside the firewall, reads the response, and then returns it to the
client. In the usual case, all clients within a given subnet use the
same proxy. This makes it possible for the proxy to execute efficient
caching of documents that are requested by a number of clients.
Proxy gateways have several advantages. They allow browser
programmers to ignore the complex networking code necessary
to support every firewall protocol and concentrate on important
client issues. For instance, by using HTTP between the client and
proxy, no protocol functionality is lost, since FTP, Gopher, and
other Web Protocols map well into HTTP methods. This feature
is invaluable, for users needn’t have separate, specially modified
FTP, Gopher, and WAIS clients to get through a firewall-– a single
Web client with a proxy server handles all of these cases.
Proxies can manage network functions. Proxying allows for creating
audit trails of client transactions/including client IP address, date
and time, byte count, and success code. Any regular fields and
meta-information fields in a transaction are candidates for logging.
The proxy also can control access to services for individual
methods, host and domain, and the like. Given this firewall design
in which the proxy acts as an intermediary, it is natural to design
security-relevant mediation within the proxy. Proxy mediation
helps mitigate security concerns by
(1) limiting dangerous subsets of the HTTP protocol (a site’s
security policy may prohibit the use of some of HTTP’s
methods);
(2) enforcing client and/or server access to designated hosts (an
organization should have the capability to specify acceptable
web sites);
(3) implementing access control for network services that is lost
when the proxy is installed (to restore the security policy
enforced by the firewall); and
(4) checking various protocols for well-formed commands. A
bug existed in a previous version of the Mosaic browser that
permitted servers to download a “Trojan horse” URL to the
client that would cause the client to run an arbitrary program.
The proxy must be in a position to filter dangerous URLs and
malformed commands.
Topic:
Introduction
Ethical, Social, and Political issues in ECommerce
Summary
Objectives:
Understand Ethical, Social, and Political issues in ECommerce
Defining the rights of people to express their ideas and the
property rights of copyright owners are just two of many ethical,
social, and political issues raised by the rapid evolution of
ecommerce.
These questions are not just ethical questions that we as individuals
have to answer; they also involve social Institutions such as family,
schools, and business firms. And these questions have obvious
political dimensions because they involve collective choices about
how we should live and what laws we would like to live under.
In this lecture we discuss the ethical, social, and political issues
raised in e-commerce, provide a framework for organizing the
issues, and make recommendations for managers who are given
the responsibility of operating e-commerce companies within
commonly accepted standards of appropriateness.
Understanding Ethical, Social, And Political Issues In E-Commerce
Internet and its use in e-commerce have raised pervasive ethical,
social and political issues on a scale unprecedented for computer
technology. Entire sections of daily newspapers and weekly
magazines are devoted to the social impact of the Internet. Why is
this so? Why is the Internet at the root of so many contemporary
controversies? Part of the answer lies in the underlying features of
Internet technology and the ways in which it has been exploited
by business firms. Internet technology and its use in e-commerce
disrupts existing social and business relationships and understandings.
Instead of considering the business consequences of each unique
feature, here we examine the actual or potential ethical, social,
and/or political consequences of the technology (see Table 23.1).
We live in an “information society,” where power and wealth
increasingly depend on information and knowledge as central
assets. Controversies over information are often in fact
disagreements over power, wealth, influence, and other things
thought to be valuable. Like other technologies such as steam,
electricity, telephones, and television, the Internet and e-commerce
can be used to achieve social progress, and for the most part, this
has occurred. However, the same technologies can be used to
commit crimes, despoil the environment, and threaten cherished
social values. Before automobiles, there was very little interstate
crime and very little federal jurisdiction over crime. Likewise with
the Internet: Before the Internet, there was very little “cyber crime.”
Many business firms and individuals are benefiting from the
commercial development of the Internet, but this development
also exacts a price from individuals, organizations, and
societies.These costs and benefits must be carefully considered by
those seeking to make ethical and socially responsible decisions in
this new environment. The question is: how can you as a manager
make reasoned judgments above what your firm should do in a
number of e-commerce areas- from securing the privacy of your
customer’s click stream to ensuring the integrity of your company
domain name?
The major ethical, social, and political issues that have developed
around e-commerce over the past seven to eight years can be loosely
categorized into four major dimensions: information rights,
property rights, governance, and public safety and welfare as shown
in Fig 23.1Some of the ethical, social, and political issues raised in
each of these areas include the following:
Information rights: What rights to their own personal
information do individuals have in a public marketplace, or
in their private homes, when Internet technology make
information collection so pervasive and efficient? What
rights do individuals have to access information about
business firms and other organizations?
Property rights: How can traditional intellectual property
rights be enforced in an internet world where perfect copies
of protected works can be made and easily distributed
worldwide in seconds?
Governance: Should the Internet and e-commerce be
subject to public laws? And if so, what law-making bodies
have jurisdiction - state, federal, and/or international?
Public safety and welfare: What efforts should be
undertaken to ensure equitable access to the Internet and
ecommerce channels? Should governments be responsible
for ensuring that schools and colleges have access to the
Internet? Is certain online content and activities - such as
pornography and gambling - a threat to public safety and
welfare? Should mobile commerce be allowed from moving
vehicles?
To illustrate, imagine that at any given moment society and
individuals are more or less in an ethical equilibrium brought
about by a delicate balancing of individuals, social organizations,
and political institutions. Individuals know what is expected of
them, social organizations such as business firms know their
limits, capabilities, and roles and political institutions provide a
supportive framework of market regulation, banking and
commercial law that provides sanctions against violators.Now,
imagine we drop into the middle of this calm setting a powerful
new technology such as the Internet and e-commerce.
Suddenly individuals, business firms, and political institutions
are confronted by new possibilities of behavior. For instance,
individuals discover that they can download perfect digital copies
of music tracks, something which, under the old technology of
CDs, would have been impossible. This can be done, despite the
fact that these music tracks still “belong” as a legal matter to the
owners of the copyright - musicians and record label companies.
The introduction of the Internet and e-commerce impacts
individuals, societies, and political institutions. These impacts can
be classified into four moral dimensions: property rights,
information rights, governance, and public safety and welfare Then
business firms discover that they can make a business out of
aggregating these musical tracks - or creating a mechanism for
sharing musical tracks- even though they do not “own” them in
the traditional sense. The record companies, courts, and Congress
were not prepared at first to cope with the onslaught of online
digital copying. Courts and legislative bodies will have to make
new laws and reach new judgments about who owns digital
copies of copyrighted works and under what conditions such
works can be “shared.” It may take years to develop new
understandings, laws, and acceptable behavior in just this one area
of social impact. In the meantime, as an individual and a manager,
you will have to decide what you and your firm should do in legal
“grey”- areas, where there is conflict between ethical principles, but
no c1ear-cutural guidelines. How can you make good decisions in
this type of situation?
Before reviewing the four moral dimensions of e-commerce in
greater depth, we will briefly review some basic concepts of ethical
reasoning that you can use as a guide to ethical decision making,
and provide general reasoning principles about social political
issues of the Internet that you will face in the future.
Fig 23.1 The Moral Dimensions of an Internet Society
Let’s take a look on what are Ethics, What is an Ethical dilemma
and what are the Ethical principles which we can follow in order to
come out of the ethical dilemma.
Basic Ethical Concepts: Responsibility Accountability, and
Liability
Ethics is at the heart of social and political debates about the
Internet. Ethics is the study of principles that individuals and
organizations can use to determine right and wrong courses of
action. It is assumed in ethics that individuals are free moral agents
who are in a position to make choices. When faced with alternative
courses of action, what is the correct moral choice?
Extending ethics from individuals to business firms and even
entire societies can be difficult, but it is not impossible. As long as
there is a decision-making body or individual (such as a Board of
Directors or CEO in a business firm or a governmental body in a
society), their decisions can be judged against a variety of ethical
principles. If you understand some basic ethical principles, your
ability to reason about larger social and political debates will be
improved. In western culture, there are ability and liability principles
that all ethical schools of thought share: responsibility,
accountliability.
Respons1nility means that as free moral agents, individuals,
organizations and societies are responsible for the actions they
take. Accountability means that individuals, organizations, and
societies should be held accountable to others for the consequences
of their actions. The third principle -liability - extends the concepts
of responsibility and accountability to the area of law. Liability is a
feature of political systems in which a body of law is in place that
permits individuals to recover the damages done to them by other
actors, systems, or organizations. Due process is a feature of law
governed societies and refers to a process in which laws are known
and understood and there is an ability to appeal to higher authorities
to ensure that the laws have been applied correctly.
Analyzing Ethical Dilemmas
Ethical, social, and political controversies usually present themselves
as dilemmas. A dilemma is a situation in which there are at least
two diametrically opposed actions, each of which supports a
desirable outcome. When confronted with a situation that seems
to present ethical dilemmas, how can you analyze and reason
about the situation? The following is a fivestep process that should
help.
1. Identify and describe clearly the facts. Find out who did
what to whom, and where, when, and how. In many
instances, you will be surprised at the errors in the initially
reported facts, and often you will find that simply getting the
facts straight helps define the solution. It also helps to get
the opposing parties involved in an ethical dilemma to agree
on the facts.
2. Define the conflict or dilemma and identify the higher
order value involved. Ethical, social, and political issues
always reference higher values. Otherwise, there would be no
debate. The parties to a dispute all claim to be pursuing
higher values (e.g., freedom, privacy, protection of property,
and the -enterprise system). For example, DoubleClick and
its supporters argue that their tracking of consumer
movements on the Web increases market efficiency and the
wealth of the entire society. Opponents argue this claimed
efficiency comes at the expense of individual privacy, and
DoubleClick should cease its or offer Web users the option
of not participating in such tracking.
3. Identify the stakeholders. Every ethical, social, and political
issue has stakeholders: players in the game who have an
interest in the outcome, who have its vested in the situation,
and usually who have vocal opinions. Find out the identity
of these groups and what they want. This will be useful later
when designing a solution.
4. Identity the options that you can reasonably take. You
may find that none of the options satisfies all the interests
involved, but that some options do a better job than others.
Sometimes, arriving at a “good” or ethical solution may not,
always be a balancing of consequences to stakeholders.
5. Identify the potential consequences of your
options.Some options may be ethically correct, but
disastrous from other points of view. Other options may
work in this one instance, but not in other similar instances.
Always ask yourself, “what if I choose this option
consistently over time?” Once your analysis is complete, you
can refer to the following well established ethical principle to
help decide the matter.
Candidate Ethical Principles
Although you are the only one who can decide which among
many ethical principles you will follow and how you will prioritize
them, it is helpful to consider some ethical principles with deep
roots in many cultures that have survived throughout recorded
history.
The Golden Rule: Do unto others as you would have them
do unto you. Putting yourself into the place of others and
thinking of yourself as the object of the decision can help
you think about fairness in decision making.
Universalism: If an action is not right for all situations,
then it is not right for any specific situation (Immanuel
Kant’s categorical imperative). Ask yourself, “If we adopted
this rule in every case, could the organization, or society,
survive?”
Slippery Slope: If an action cannot be taken repeatedly, then
it is not right to take at all (Descartes’ rule of change). An
action may appear to work in one instance to solve a
problem, but if repeated, would result in a negative
outcome. In plain English, this rule might be stated as “once
started down a slippery path, you may not be able to stop.”
Collective Utilitarian Principle: Take the action that
achieves the greater value for all of society. This rule assumes
you can prioritize values in a rank order and understand the
consequences of various courses of action.
Risk Aversion: Take the action that produces the least harm,
or the least potential cost. Some actions have extremely high
failure costs of very low probability e.g., building a nuclear
generating facility in an urban area) or extremely high failure
costs of moderate probability (speeding and automobile
accidents). Avoid the high-failure cost actions and choose
those actions whose consequences would not be
catastrophic, even if there were a failure.
No Free Lunch: Assume that virtually all tangible and
intangible objects are owned by someone else unless there is
a specific declaration otherwise. (This is the ethical “no free
lunch” rule.) If something someone else has created is useful
to you, it has value and you should assume the creator wants
compensation for this work.
The New York Times Test (Perfect Information Rule):
Assume that the result of your decision on a matter will be
the subject of the lead article in the New York Times the next
day. Will the reaction of readers be positive or negative?
Would your parents, friends, and children be proud of your
decision? Most criminals and unethical actors assume
imperfect information, and therefore they assume the
decisions and actions will never be revealed. When making
decisions involving ethical dilemmas, it is wise to assume
perfect information markets.
The Social Contract Rule: Would you like to live in a
society where the principle you are supporting would become
an organizing principle of the entire society? For instance,
you might think it is wonderful to download illegal copies
of music tracks, but you might not want to live in a society
that did not respect proper:’ rights, such as your property
rights to the car in your driveway, or your rights to a term
paper or original art. None of these rules is an absolute
guide, and there are exceptions and logical difficulties with all
these rules. Nevertheless, actions that do not easily pass these
guide-lines deserve some very close attention and a great deal
of caution because the appearance of unethical behavior may
do as much harm to you and your company as the actual
behavior.
Now that you have an understanding of some basic ethical
reasoning concept, let’s take a closer look at each of the major
types of ethical, social, and political debates that have arisen in
ecommerce.
Privacy and Information Rights
The Internet and the Web provide an ideal environment for
invading the personal pri-vacy of millions of users on a scale
unprecedented in history. Perhaps no other recent -issue has raised
as much widespread social and political concern as protecting the
privacy of over 160 million Web users in the United States alone.
The major ethical issues related to ecommerce and privacy includes
the following: Under what conditions should we invade the privacy
of others? What legitimates intruding into others lives through
unobtrusive surveillance, market research, or other means? The
major social issues related to e-commerce and privacy concern the
development of “exception of privacy” or privacy norms, as well
as public attitudes. In what areas of should we as a society encourage
people to think they are in “private territory” as opposed to public
view? The major political issues related to ecommerce and privacy
concern the development of statutes that govern the relations
between record keepers and individuals.
How should organizations - public and private –who are reluctant
to remit the advantages that come from the unfettered flow of
information on individuals - be restrained, if at all? In the following
section, we will look first at the various practices of e-commerce
companies that pose a threat to privacy.