A Transaction
Figure 11.6 shows a Millicent transaction using a broker, or issuer of script as presented in the Millicent documentation.
A Transaction Using Millicent Tokens
In step 1 the customer requests merchant-specific script from the broker. In general it would be reasonable to assume that the merchant has such script. However periodically the broker must obtain additional script from the merchant. Step 2 shows the merchant requesting additional merchant script from the merchant to fulfill the customer's request. In step 3 the merchant provides script to the broker, In step 4 part of the merchant script is forwarded from the broker to the customer.
At this point the customer has the appropriate script and can transact with the merchant. In step 5 the customer requests items from the merchant. In step 6 the merchant records the script as having been spent (to prevent double-spending). In step 7 the merchant delivers the items requested by the customer in step 5 to the customer.
In Millicent the customer must trust both the broker and the bank. An explicit decision is made and documented that the most trustworthy party in the party is the broker, and the least is the customer. This is borne out by an examination of the transaction - the transaction lacks atomicity.
Millicent is not interoperable. As with First Virtual the lack of interoperability is a strength. When using Millicent on-line, customers, merchants and brokers can all determine the level of risk they will take. Each user determines his or her own risk exposure rather than it being set at a cut-off by some third party (e.g. a bank or credit card association).
Consider now the transactional characteristics of Millicent.
If the message in step 1 fails there is no transaction -- the transaction fails completely. If the message in step 2 amount fails the broker may have already debited an amount from the customer's account to cover the tokens she has requested from the broker. In this case the customer may lose funds by beginning again with a new request.
If the message in step 3 fails the merchant has debited the broker's account for a token that never makes it the customer and therefore cannot be spent. Thus the vendor has been paid. The broker has been paid by the customer and has paid the vendor. The customer loses money; the merchant gains money. Alternatively there may be an arrangement by which the merchant does not get credited until the broker receives the funds. In this case the broker, rather than the merchant, comes out ahead.
If message in step 4 fails again it's the customer who loses funds.
If the message in step 5 fails the customer must return the script to the broker in order to avoid a race condition with a potential thief. Thus the only loss is the cost of token re-issue. If the merchant errs in recording the token (step 6) so that the sixth steps fails, then either the customer loses funds or the customer is able to spend the token again.
If the message in step 7 fails than then the customer has no goods.
Clearly the Millicent system lacks atomicity in all its forms. If the customer believes the message in step five fails and it has not, this result is a race condition -- which will be recorded first the purchase or the script reissue? Thus the system lacks isolation. Since when step 7 fails the customer can lose funds and the merchant can nevertheless believe the transaction is complete the protocol lacks consistency. However, once committed (step 6) funds are durable.
Millicent could be made atomic with the addition of an atomicity-generating layer, that consists of additional messages to ensure transactional reliability. (An atomicity generating layer adds a signed contract, merchant receipt of payment, and customer receipt in the case of digital goods.)
Security
Brokers which create their own Millicent currency must keep a secret that , if compromised will lead to loss to the merchant. That is, if an attacker obtains the merchant's secret the attacker can generate merchant-specific funds. The merchant keeps records of what script has been spent, not necessarily what script is outstanding.
Customers are at the greatest risk and have the least control over the security parameters of the system. Merchants are at least risk and have the most control over those system parameters which ensure security. This design encourages-under investment in security.
Privacy
Table 11.8 depicts the information available to various parties in a transaction using Millicent script. Millicent offers little or no privacy. What Millicent refers to as a private system is in fact merely a system in which all information is not known to observers. Compare this with Digicash where the customer is anonymous to both the merchant, and the bank.
Information <p>Party | Merchant | Customer | Date | Amount | Item |
Merchant | Full | Full | Full | Full | Full |
Customer | Full | Full | Full | Full | Full |
Law Enf w/warrant | Full | Full | Full | Full | Full |
Bank/ Broker | Full | Full | Full | Full | Partial |
Electronic <p>Observer | Full | Full | Full | Partial | Partial |
Information Available In a Millicent Transaction.
Observers of a Millicent transaction can obtain identity information from the domain name of the customer, as explained in the section on browsing information in chapter 7. Transactions amounts can be determined from observing the site and noting that Millicent is a low value transaction system, providing an observer probabilistic information about the range of a particular transaction. Similarly a bank can observe transaction amounts and merchants involved and obtain partial information about a purchase. Law enforcement access depends on merchant record keeping.
Governance
Since Millicent is a low privacy system in initially it would appear that information for law enforcement needs would be met. However, Millicent, like cash sent through the mail, provide opportunities for fraud, and fraud prevention is also a law enforcement need. Millicent is not adequate on this count.
Millicent's design for low value purchase means that the record keeping requirements for large transactions would not be applicable.
Summary
Money takes two basic forms: token and notational. These forms are fundamentally different from one another and imply different trust requirements. Not all forms of money fulfill all the possible functions of money. Differences in scope, duration, and interoperability can increase or decrease risk, depending on the implementation. For example, a long term notational exchange such as a credit card includes the ability for the customer to dispute merchandise quality after purchase. A cash transaction, on the other hand, ends at the exchange of goods for money.
Internet Notational Currencies
First Virtual offers a low security system for Internet commerce. First Virtual assumes the Internet will remain without security, and addresses that lack of security through risk management and loss allocation. Unfortunately, this loss allocation (merchant losses) limits the goods suitable for sale using First Virtual. First Virtual is also a low privacy system that requires merchants to keep extensive records on customers. This reinforces the argument that the controls created on consumer financial data under the Fair Credit Reporting Act should be expanded to cover compilations of non-bank institutions like First Virtual and its associated merchants that gather detailed consumer records.
The Secure Sockets Layer is a first generation Internet commerce protocol that has taken an approach opposite to that of First Virtual. First Virtual assumes that the Internet is without security and merchant losses are negligible; the Secure Sockets Layer assumes that the Internet can be made secure and limits merchant losses by off-line financial management. It does not attempt to provide atomicity, and thus does not do so. The Secure Sockets Layer is a medium privacy system. Its level of security of is limited by the constraints on exporting strong cryptography. This provides an argument for the removal of restraints on the export of such cryptography.
The Secure Sockets Layer may create risk as a side-effect in that many merchants keep records of customer's credit card information on machines connected to the Internet and subject to remote attack. There are at least three possible solutions to this problem: security, including cryptography, could be embedded in popular operating systems (and those operating systems could be redesigned to be secure); computer operators with inadequate security practices could be held liable for all losses caused by their negligence; or data could be deleted as soon as possible. Clearly the third solution would be the easiest to implement, and the only option for a single merchant.
Secure Electronic Transactions is a payment protocol that considers all steps in an electronic transaction excluding account acquisition. Secure Electronic Transactions offers low privacy system, since purchase information is transmitted in the clear. It provides high level of security by design, as it removes the opportunities for replay attacks and shared merchant terminals that are problematic in the current credit card systems.
The Secure Electronic Transactions standards uses the Secure Sockets Layer for information to be transmitted out of band. Thus the regulatory requirement that limits software for export to using weak cryptography has affected the design of electronic commerce systems. This illustrates the ubiquitous effects of constraints on cryptographic exports on electronic commerce and offers an additional argument for removing these constraints.
The analysis of this set of protocols for Internet commerce illustrates that with notational currency, reliability can be simplified by creating a single ledger where all accounts are finally settled. Creation of a single ledger means concentrated information -- thus implying a threat to privacy. One way to address this threat is to accept increased complexity as the cost of protecting privacy. However, the relationship between distribution of information and provision of privacy does not always hold true in that increased centralization does not always imply decreased privacy.
Internet Token Currencies
Digicash is graceful in its simplicity and offers complete anonymity to the customer. Yet Digicash offers this complete privacy at the cost of low reliability. Further it offers neither money nor goods atomicity.
In the later version of Digicash (not detailed in this book), Chaum attempted to prevent double spending, thereby increasing system reliability, through encoding identity into each token to be spent. Encoding identity allows double-senders to be identified, thereby resolving the conflict between anonymity and accountability in the case of double spending. This addition of integrity provides sufficient information for dispute resolution in issues of payment, but not enough information to resolve disputes over goods delivery.
MicroMint has the potential to create anonymous currency economically for a large number of users. By creating digital currency using a process with decreasing marginal cost, MicroMint can provide anonymous token currency to a large number of consumers. MicroMint would be economical for micro-transactions, which are too small for billing or collection using current techniques.
MicroMint in its most simple form offers no money atomicity. To provide money atomicity MicroMint can be extended so that customer identity is included in every coin. Thus the extension of MicroMint to preclude double spending depends on the requirement that every consumer identify herself to the merchant to verify the right to spend any coin she sends to a merchant. Millicent creates a lightweight digital token network meant for low volume transactions.
MicroMint, along with the two versions of Digicash, illustrates the trade-off between atomicity and anonymity.
All three token systems meet their design criteria: to create mechanisms for digital token commerce. However, all fail with remote commerce as physical cash does in the networked world. Thus although all three systems as they are currently described are suitable for secure hardware or smart card systems, they do not meet the criteria to excel as Internet commerce systems.
The problems with token currency are inherent problems in all token currency. There are three ways to address this problem: use secure hardware, add identity information and add atomicity-ensuring steps
Secure hardware would provide parties to the transaction (at least customers) with records of every transaction which cannot be falsified. Thus customers would not longer have their only word to back their claims: cryptographically verifiable records would support legitimate claims of fraud. This would require physically secure hardware using cryptographic protocols. Although there is no doubt much research to be done in secure hardware, IBM currently offers a secure co-processor card that is safe from even the most James Bond-type exotic attacks. (The processor cannot be attacked with lasers, eaten with acid, or probed in any way to obtain cryptographic key information. Of course it can be destroyed.) Thus secure hardware is a viable option in theory; however, it will only be viable in practice when the infrastructure (including card readers) is widely available. The Internet is the opportunity that it is because it grew organically, from consensus. Adoption of secure hardware may not follow so naturally.
A second option for improving token currency systems is to add identity information to the token. If customer and merchant identity information is embedded in the token this would at least prevent other customers from spending it. Of course, tokens would then no longer be anonymous
Alternatively, vendors of token currency systems could add a layer to provide transactional atomicity and a document trail to better detect the source of fraud (e.g. Camp, Harkavy, Tygar, and Yee, 1996.). This is simply a set of steps that provides certain types of documentation. Money atomicity would require that there be a step that guarantees a receipt for funds provided to the customer. Goods atomicity would require that there be steps that provides to the merchant documentation of receipt of good from the customer. Certified delivery would require a receipt which includes a description of the goods promised and of the goods received. All this documentation would need to be secured with strong cryptography, meaning its validity could not be denied assuming no cryptographic keys were lost. This is both possible and processor-intensive.
A final approach would be changing the placement of fraud risks so that brokers and merchants would have no incentive to produce bogus funds. Widespread fraud will drive adoption of additional measures to prevent transactional fraud -- even if the widespread fraud is from the loss of a system secret.
12: The Coming Collapse of Internet Commerce
Every currency must come to an end. Some currencies end more spectacularly than others. It is a reasonable assumption that there will be some failures of currencies used for Internet Commerce.
Internet commerce will see failures and falls, but electronic commerce on a packetized stupid network53 will happen. That paper money has had many collapses has not killed it. (This may be small solace, of course, to someone holding the wrong pieces of paper.) Every type of paper commerce was subject to its own unique form of collapse. Consider all the monetary mechanisms enabled by paper and printing: standardized bookkeeping, derivatives, checks, paper money, stocks, and bonds. There were multiple collapses in paper currencies. Entire nations have been thrown into disarray. Hyperinflation was not possible before paper money. Paper money has proven to be too powerful, too important, and too critical to abandon. Similarly digital moneys are too powerful to reject.
What some may view as failures or collapses I would argue are not: they are simply neglected offerings, undesired products. As an analogy, consider the Susan B. Anthony dollar. Because of design flaws this dollar looked and felt much like a quarter. It is still legal tender, but it was never adopted. Consumer hostility or uncertainty can be identified as a key ingredient in the failure of the Susan B. Anthony dollar. This does not constitute a collapse. The "vendor" still stands behind the value of these dollars, but few want to use the coins. Although these dollar coins have never been embraced by the populace, they still have value, and that value can be transferred. This is analogous to an offering from an established vendor and not a collapse.
That something is a failure and not a collapse does not make it unworthy of mention. The trick in avoiding electronic currencies that will not be adopted is determining which elements will prove to be unacceptable to the consumer. Given the discussion in the foregoing pages, in which I argue that trust and risk are the critical variables, it will come as no surprise that those mechanisms, that may seem to be ideal to the merchant, may not suit the customer. It is the merchant's goal to put the risk inherent in a transaction on the consumer and the consumer's desire to place that risk on the merchant. Markets have proven quite effective in striking the balance between these opposing, although consumer protection is required beyond what the market itself may offer. The point in all this is that a commerce system need not be subject to collapse to be one to avoid.
Predicting the when, why, and where of commerce failures is beyond bold, and therefore beyond me. However, the examination of systems in this book has made clear that failures have various possible sources. At least two of those failure modes are new to Internet commerce. The possible modes of failure for Internet commerce systems include:
¥ corporate or vendor failure54,
¥ failure of the integrity of a cryptographic secret,
¥ widespread fraud resulting in a loss of trust, and
¥ network failure resulting in a loss of trust.
Consider each of these four modes of failure. Corporate or vendor failure in Internet commerce will be not unlike previous failures of money vendors. With those electronic systems using credit cards one trusts that the managers of risks in banks can avoid the cost of a sudden collapse due to insolvency. The organization offering the cash, the vendor, should be the organization at risk should the commerce mechanism suffer technical failures. Vendors offering Internet commerce would of course prefer failures to be paid for by the banks, who view these vendors as specialized merchants.
The second and third modes of failures -- failure of the integrity of a cryptographic secret and widespread fraud resulting in a loss of trust -- may be indistinguishable, if the loss of a cryptographic secret allows widespread but not ubiquitous fraud. Consider the systems examined here in which loss of cryptographic integrity would not result in collapse, but rather widespread failure. A collapse occurs when valid currency cannot be distinguished from bogus currency or when assets backing a currency system fail. The failure modes of the systems analyzed here should provide a guide for analyzing those of the other commerce systems being offered. There are more than one hundred commerce mechanisms currently developed to the point of being accepted to peer reviewed publication, being implemented, or being presented as a corporate standard.
In determining how a commerce system may fail one should evaluate whether there is a distributed failure mode as well as a catastrophic failure mode. To consider an engineering example, elevators fail by ceasing to move not by crashing into the ground by virtue of safety designs which depend only on the laws of physics. Ideally a commerce system would fail by grinding to a halt in the face of bogus currencies and their transactions, rather than by accepting bogus transactions as valid. Some systems are built so there exists some category of failure other than catastrophic. Systems with distributed failure modes that have been discussed in this document include Millicent, MicroMint and the Secure Socket Layer. Digicash may also have a distributed failure mode -- if there are multiple root keys. SET has both catastrophic and distributed failure modes. First Virtual has only a catastrophic failure mode, but the implications of such a failure would be limited.
How might these systems fail? The loss of a "secret" --- whether this is a root key, a password file, or a seed value for a hash function --- can cause failure. A failure would enable multiple copies to be made of false instruments, indistinguishable from valid currency. This type of failures would cascade through the different systems in different ways. In some systems (such as centralized token-based systems) failure would come either from fiscal collapse of the currency supplier, or, if possible, from hyperinflation when the generation of fraudulent new instruments causes the value of the extant instruments to collapse. In other systems the fraud may be widely distributed but immediately detectable (at high levels) thereby leading to a distribution of risk across the system. If there was a rash of fraud and merchants s well as banks had to write off large number of losses.
One researcher found a quick way to break the key generating mechanism in an early version of the Secure Sockets Layer55. The encryption had not been generated entirely from random numbers but used more predictable values (and could be affordably and easily broken). Suppose a criminal rather than a researcher had found this failure and used it to obtain customer credit card information. In this case, the failure would be detected by credit card issuers and merchants who would pay for an increase in fraud.
Now consider SET. For SET to be successful the acquirers must spend significant funds to build a public key infrastructure. Webmasters offering electronic commerce must support more processor-intensive transactions. SET-ready Web sites will cost more to merchants than those that do not support the comprehensive payment mechanism. As a result of these expenditures the acquirer will have responsibility for fraud. What could drive the expenditure necessary to adopt any heavy electronic mechanism but widespread fraud?
Thus, I do boldly predict that if there is a failure of SSL there will be a transition period of very high fraud followed by widespread adoption of acquirer safeguards, such as adoption of SET or other heavy duty transaction mechanisms. An alternative may be the development of secure hardware, so that additional encryption in the application would be less necessary. Alternatively, secure hardware might complement encryption at the application level. (For more on this possibility see the arguments for "end to end" encryption.) In general when a system begins to have high fraud levels there will be a move to secure hardware, or to more carefully engineered software, or to a more processor-intensive version of the system.
However, should SET fail consumers would be responsible for payment. SET could fail if the root keys are compromised, i.e. if someone obtained them (other than those authorized to have them). (The root keys are extremely well guarded and well distributed, so this is unlikely.) A criminal who obtained the root keys could assume the identity of a bank and collect funds until discovered. This could result in extremely large institutional losses and be the equivalent of a major bank failure. Conversely acquiring banks could continue the process of signing up merchants with questionable records. In this case customers would bear the cost. This could lead to a decline in the trust necessary for Internet commerce to thrive.
Should an attacker obtain less trusted SET keys he could assume the identity of a false merchant could be assumed. Customers and merchants could suffer losses so it is uncertain how long this would remain undetected. Possibly long enough to be profitable for the criminal. However, this corrupt criminal could lend his key to others as easily as he lends his credit card privileges in real life. The problem of merchant fraud is not uncommon, and can therefore be assumed to be manageable by the charge clearance system. Since replay attacks would not be useful under SET, this would limit the efficiency of merchant-based fraud.
Consider a failure in First Virtual. The effects of a failure in First Virtual would be limited by its lack of interoperability. First Virtual would not be required to pay merchants when consumers refused payment. Merchants would suffer the losses and move to a different commerce system.
With some systems a failure would result in detectable fraud, and there would be an option to adopt other mechanisms to correct the problems with trust. Thus, despite the novelty of the source of the failure, these cryptographic and trust failures would be of an evolutionary sort not of a catastrophic sort
Now consider the possibility that collapse would lead to catastrophic loss of a commerce system. Recall the previous examples. In systems without atomicity and adequate receipts fraud would not be traceable, and therefore the levels of fraud could quickly rise to the intractable. This is not a function of whether a system is notational or token, although token systems are more prone to fail with respect to atomicity than notational systems, as a result of token systems' concentration of trust in a single or a few frequently used cryptographic keys.
The existence and circulation of bogus moneys would cause merchants to lose funds or banks would be called upon to honor funds that they did not posses. Three obvious possibilities suggest themselves for a merchant in the case of currency failure. The first is to pass the cost of fraud on to customers, the second possibility is the merchant accepts the fraud costs, and finally cost may be placed on a third party provider.
If the cost is passed on to the customer, merchants will lose customers. Customers will not return to the same commerce system after detecting fraudulent charges and having to pay for them nonetheless. Unlike the case of rude service at the corner store, customers will not return to a virtual merchant who mistreats them because it has no geographic advantages. Hopefully the prospect of such fraud will inspire customers to appreciate the value of investment in secure hardware.
If the second option is chosen and the cost is passed on to the merchant, the merchant may be subject to fraudulent charges and as well as forced to drop the currency mechanism. This will result in lost funds and loss of some customers.
Should the cost of the bogus funds be passed onto the bank or acquirer (i.e. choosing the third option)? There are yet again two possibilities (this repeated branching of failure possibilities is indeed not unlike a decision tree). The acquirer either itself fails or the system is abandoned. In either case, customer and merchant will know the source of failure. The wise choices are to limit exposure in one system, i.e. consumers should use only one credit card on the Internet and not use debit cards. For merchants, this implies embracing many systems to ensure customer service after a failure, and to prevent a one to one correspondence between all profit and single mechanism. For customers, it means embracing fewer to limit exposure.
The final mode of system failure is a large scale collapse. This would require the collapse of the infrastructure or a failure of the infrastructure resulting in a collapse of trust, rather than the loss of a single instrument. In such a case, information on the end points of the network as well as in the network would be corrupted and denial of service may be the order of the day.
Incidents that foreshadow such an event of this magnitude are the Morris Worm incident56 and the recent explosion of Macro viruses. The Morris worm incident was instigated by a computer science student. On the more theoretical end of the scale information warfare scenarios are frequently played out as an exercise in paranoia or preparedness, or perhaps both. Information warfare scenarios offer a few useful suggestions.
The major suggestion gleaned from information warfare survival scenarios is that electronic safe havens or subnetworks should be created. This translates into protecting data, internal connectivity, and at the most extreme temporary disconnection from the external net. This might work for large organizations but for individuals and small businesses who will not know of widespread attacks until their machine is cut off this is not useful. However, there is an important concept: save the core business information in the case of collapse. Make back-ups, make back-ups and BACK UP ANY CRITICAL DATA.
The ability to segregate systems is important for the small computer as well as the large. Making inventory systems so that purchases be can read without updating the inventory is one way to segregate, i.e. be clear in separation of authority to read and write data. Another is to provide inventory information on a daily basis, while leaving the core machines separate. For small businesses this may mean purchasing two machines -- consider it a one time insurance payment. One, the web server, can be seen in the near term as a single cash register. A cash register would not be used for accounting, inventory, etc. The second machine will be connected only occasionally.
A difference between a paper collapse and an electronic collapse would be the speed at which each happens. The Morris worm incident took perhaps five days. Yet the worm incident identified a critical need for centralized support for systems under siege -- what has become an international network of incident response teams. These incident response teams are the best source of information on the status of any network with respect to security. At the Computer Emergency Response Team site current information about the latest attacks and defenses are available at no charge. Note that any attacks can be reported to an incident response team and confidentiality will be respected.
Having listed all the myriad ways a radical collapse could occur, it is important to note that reactionary paranoia to the threat is not only a waste of time, but also bad security policy. Should there be a crippling attack on the infrastructure it will be critical to act fast to take countermeasures. It will also be important not to act unless necessary or there will be a ridiculous amount of unnecessary thrashing. Overreaction can create a denial of service attack as effectively as genuine hostilities. Hoaxes must be identified and ignored while attempts at attack must be recognized.
Electronic commerce will be as critical to business in the next century as paper has been in this century (and the previous three). At this point the risks in transacting over the Internet may seem high, but adoption of some sort of Internet commerce by society is inevitable. This book has only focused only on the risks in these first years of Internet commerce.
Internet commerce is happening, and will continue to happen, until it is so varied and interwoven with life that the phrase "Internet commerce" will seem as academic as the phrase "paper commerce."
What part will you play?
Bibliography
5 USC ¤552 Privacy Act
12 USC ¤1829 Money Laundering Act
12 USC ¤2903 Community Reinvestment Act
12 USC ¤3403 Financial Privacy Act
15 USC ¤1601 Truth In Lending Act
15 USC ¤1691 Equal Credit Opportunity Act
15 USC ¤1692 Fair Debt Collection Practices Act
15 USC ¤1694 Electronic Funds Transfer Act
18 USC ¤1029 Computer Fraud and Abuse Act
22 CFR ¤121 International Traffic in Arms Regulation
22 USC ¤2571 Arms Control Act
26 USC ¤6103, 31 USC ¤3711 Debt Collection Act
31 CFR ¤103 Know Your Customer Requirements
35 USC ¤3401 Right to Financial Privacy Act
42 USCS ¤3608, 15 USC ¤1681, 12 USCS ¤1708 Fair Credit Reporting Act
49 USC ¤1666 Fair Credit Billing Act
50 USC 2401 Export Administration Act
Alderman, E. and Kennedy, C. 1995. The right to privacy. New York: Alfred A Knopf.
Anderson, R. E., Johnson, D. G., Gotterbarn, D. and Perrolle, J. 1993. Using the ACM code of ethics in decision making. Communications of the ACM. 36: 98-107.
Anderson, R. H., and Hearn, A. C. 1996. An exploration of cyberspace security R & D investment strategies for DARPA: The Day After . . . in Cyberspace II, MR-797-DARPA. [Online: web]: URL: http://www.rand.org/publications/MR/MR797/summary.html
Baird, Z. 1996. How have other nations balanced legal and national security threats and responded to a changed world? American Bar Association Standing Committee on Law and National Security Law Enforcement and Intelligence Conference. 19 September.
Baker, A. 1994. A concise introduction to the theory of numbers. New York: Cambridge University Press.
Bernam, J. 1991. Establishing a legal framework for freedom and privacy on the electronic frontier. Conference on Computers, Freedom and Privacy. Washington D.C.
Bickford, D. 1996. The changed threat to U.S. national security -- new problems and priorities. American Bar Association Standing Committee on Law and National Security Law Enforcement and Intelligence Conference. 19 September.
Bloustein, E. 1968. Privacy as an aspect of human dignity: An answer to Dean Prosser. New York University Law Review. 39: 962-970.
Brands, S. 1993. Untraceable off-line cash in wallet with observers. In Advances in cryptology--CRYPTO '93. 302-318. Berlin: Springer-Verlag.
Brennan, J. 1989. Florida v. Riley. 488 U.S. 445, 466 (J. Brennan, dissenting).
Brickell, E., Gemmell, P., and Kravitz D. 1995. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms. San Francisco. 22-24 January. 457-466.
Britt, P. 1994. Moving forward with smart cards. Savings and Community Banker. 3.11: 6-7.
Business Week. 1993. ATM shouldn't stand for 'artfully taken money.' Business Week (Industrial/Technology Edition), 31 May, 1994: 110.
Camp, L. J., Harkavy, M., Tygar, J. D. and Yee, B. 1996. Anonymous atomic transactions. 2nd Annual Usenix Workshop on Electronic Commerce. Oakland, CA. November, 1996.
Camp, L. J., Sirbu M. and Tygar, J. D. 1995. Token and notational money in electronic commerce. Usenix Workshop on Electronic Commerce. New York, NY. July, 1995.
Camp, L. J. and Tygar, J. D. 1994. Providing auditing while protecting privacy. The Information Society. 10: 59-71.
Cerf, V. 1993. How the Internet came to be. In B. Aboba, ed. The on-line user's encyclopedia. New York: Addison-Wesley.
Cerf, V. and Kahn, R. E. 1974. A protocol for packet network interconnection. IEEE Transactions on Communications. 5: 637-648.
Clark, G. and Acey, M. 1995. Mondex blows users anonymity. Network Week (U.K.). 1.8: Col. 1.
Chaum, D. 1985. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM. 28: 1030-1044.
Chaum, D. 1989. On-line cash checks. In Advances in cryptology - EUROCRYPT '89. 288-293. Berlin: Springer-Verlag.
Chaum, D. 1992. Achieving electronic privacy. Scientific American. 267: 76-81.
Chaum, D. 1994. Prepaid smart card techniques: A brief introduction and comparison. Holland: Digicash.
Chaves, C. 1992. The death of personal privacy. Computerworld. January, 1992: 25-27.
Cohen, J. 1996. The right to read anonymously. Connecticut Law Review. 28.4: 981-1039.
Coleman, J. S. 1990. Foundations of social theory. Cambridge, MA: Harvard University Press.
CommerceNet. 1995. The CommerceNet/Nielsen Internet demographics survey: Executive summary. [Online: web]. Cited 30 October,1995. URL: http://www.commerce.net/information/surveys/toc.html
Compaine, B. J. 1988. Issues in new information technology. Norwood, NJ: Ablex Publishing.
Computer Science and Telecommunications Board. 1994. Rights and responsibilities of participants in networked communities. Washington: National Academy Press.
Cox, B. 1994. Maintaining privacy in electronic transactions. Pittsburgh: Information Networking Institute, Carnegie Mellon University.
Cox, B., Tygar, J. D. and Sirbu, M. 1995. NetBill security and transaction protocol. Usenix Workshop on Electronic Commerce. New York, NY. July, 1995.
Crosby, A. W. 1997, The measure of reality: Quantification and Western society. In ____. 1250-1600. New York: Cambridge University Press.
Cross Industry Working Group. 1995. Electronic cash, tokens and payments in the national information infrastructure. [Online: web]. Cited September,1995. URL: http://www.cnri.reston.va.us:3000/XIWT/documents/dig_cash_doc/ToC.html
Davies, D. 1981. The security of data in networks. Los Angeles: IEEE Computer Society Press.
Davis, P. 1995. Senate Republicans say the Earned Income Tax Credit is becoming too expensive. Broadcast on National Public Radio Morning Edition, National Public Radio. number quoted by Margaret Richardson, Commission of the Internal Revenue Service, 17 August. Also [Online: web]. URL: http://www.realaudio.com/contentp/npr/nb0817.html
Denning, D. 1982. Cryptography and data security. Reading, MA: Addison-Wesley Publishing.
Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Transactions on Information Theory. 7: 644-654.
Diffie, W. and Hellman, M. E. 1979. Privacy and authentication: An introduction to cryptography. Proceedings of the IEEE. 67: 18-48.
Douglas, J. 1974. California Bankers Association v. Schultz. 416 U.S. 21,85, 94 S. Circuit, 1494, 1529, 39 L. Ed. 2d 812, dissent.
Draper, S. 1989. Security aspects of smart cards. In Caelli, ed. Computer security in the age of information. Amsterdam: Elsevier Science Publishers B.V.
Duncan G. and Lambert D. 1986. Disclosure-limited data dissemination. Journal of the American Statistics Association. 81: 10-27.
Duncan G. and Lambert D. 1989. The risk of disclosure for microdata. Journal of Business and Economic Statistics. 7: 207-217.
Echikson, W. 1994. French risk it all on a smart card. Boston Globe. 28 February, 1994: 17:2.
The Economist. 1996. Who's who on the Internet. The Economist. 340.7976.
Edwards, P. N. 1997. The closed world: Computers and the politics of discourse in cold war America. Cambridge MA: MIT Press.
Eisenstein, E. L. 1979. The printing press as an agent of change: Communications and cultural transformations in early-modern Europe. Vols. 1 and 2. New York: Cambridge University Press.
FAIR. 1996. FAIR media bias detector. [Online: web]. Cited 15 April, 1996. URL: http://www.igc.apc.org/fair/media-bias-detector.html
Federal Bureau of Standards. 1977. Federal information processing standards publication 46: Announcing the data encryption standard. Washington: U.S. Government Printing Office.
Federal Communications Commission. 1995. Telephone subscribership in the United States. Washington: U.S. Government Printing Office.
Federal Reserve Bank of New York. 1996. Regulation E - electronic funds transfer - revisions to regulation and official staff commentary. Federal Register 61.86.
Feige, U., Fiat, A. and Shamir, A. 1987. Zero knowledge proofs of identity. In Proceedings of the 19th ACM Symposium on Theory of Computing. 210-217.
Fenner, E. 1993. How mortgage lenders can peek into your files. Money. April, 1993: 44-48.
Financial Service Technology Consortium. 1995. Electronic payments infrastructure: Design considerations. [Online: web]. Cited November, 1995. URL: http://www.llnl.gov/fstc/projects/commerce/public/epaydes.htm
First Virtual. 1995a. Information about First Virtual [Online: web]. Cited 8 October, 1995. URL: http://www.fv.com/info
First Virtual, 1995b, The fine print. [Online: web]. Cited 24 June, 1995. URL: http://www.fv.com/info/terms.html
Fischer, M. J. 1988 Focus on industry. Journal of Accountancy. 130-134.
Freier, A., Karlton, P. and Kocher, P. C. 1996. The SSL protocol. Version 3. Mountain View CA: Netscape Communications Corporation. Also [Online: web] URL: ftp://ietf.cnri.reston.va.us/internet-drafts/draft-freier-ssl-version3-01.txt
Froomkin, A. M. 1995. Anonymity and its enmities. Journal On-line Law. 1.1.
Froomkin, A. M. 1996. Addressing law enforcement concerns in a constitutional framework. SAFE: Security And Freedom through Encryption Forum; Palo Alto, CA. 1 July, 1996.
Fukuyama, F. 1995. Trust: The social virtues and creation of prosperity. New York: Simon and Schuster.
Garfinkle, S. and Spafford, G. 1986. Practical UNIX security. 2nd ed. Sebastopol, CA: O'Reily and Associates.
Goradia, V., Kang, P., Lowe, D., Magruder, P., McNeil, D., Mowry, B., Panjwani, M., Somogyi, A., Wagner, T. and Yang, C. 1994. NetBill: 1994 prototype. Pittsburgh: Carnegie Mellon University. Also INI technical report INI TR 1994-11.
Gray, J. and Reuter, A. 1993. Transaction processing: Concepts and techniques, San Francisco: Morgan Kaufmann Publishers.
Griswold V. Connecticut, Supreme Court Of The United States, 380 U.S. 947; 85 S. Ct 1081; 1965 U.S.
Hagel, J. and Armstrong, A. G. net.gain. Boston: Harvard Business School Press.
Halpern, S. W. 1991. Rethinking the right of privacy: Dignity, decency and the law's limitations. Rutgers Law Review. 43.3: 539-563.
Hansell S. 1995. Mastercard joins banks to plan card that works like cash. The New York Times. 17 August, 1995: D2.
Hanushevsky, A. 1995. Electronic commerce page. [Online: web]. Cited November, 1995. URL: http://abh.cit.cornell.edu/ecom.html
Harrison, C. 1994. Shoppers urged to guard against credit card fraud. Atlanta Constitution. 27 December, 1994: C4.
Hart, A. S. 1996. Personal communication via email. 16 May, 1996.
Harvard Law Review. 1991. Addressing the new hazards of the high technology workplace. Harvard Law Review. 104: 1898-1916.
Heggestad, A. 1981. Regulation of consumer financial services, Cambridge, MA: Abt Books.
Henry v. Forbes. 1976. 433 F. Supp. 5.
Herlihy, M.P. & Tygar, J.D., 1987, "How to Make Replicated Data Secure", Advances in Cryptography-CRYPTO '87, ed. Pomerance, Springer-Verlag, Berlin.
Herlihy, M.P. & Tygar, J.D., 1991, "Implementing Distributed Capacities Without a Trusted Kernel", Dependable Computing for Critical Applications, ed. A. Avizienis & J.C. Caprie, Springer-Verlag, Berlin.
Hodges, A. 1983. Alan Turing: The enigma. New York: Simon and Schuster.
Hoffman, L. and Clark P. 1991. Imminent policy considerations in the design and management of national and international computer networks. IEEE Communications Magazine. February, 1991: 68-74.
Hoffman, L., Kalsbeek, W. D. and Novak, T. P. 1996. Internet use in the United States: 1995 baseline estimates and preliminary market segments. Project 2000 Working Paper. Also [Online: web]. URL: http://www2000.ogsm.vanderbilt.edu/baseline/1995.Internet.estimates.html
Ingramham, D. G. 1991. Coming of age in cyberspace. Conference on Computers, Freedom and Privacy. Washington, DC.
Internet Domain Survey. 1998. Connected to the Internet. [Online: web]. Cited March, 1998. URL: http://www.nw.com/zone/WWW//top.html
Jennifer, G., Steiner, B., Neuman, C. and Schiller, J. I. 1988. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter Conference. 191-202.
Johnson, B. S. 1989. A more co-operative clerk: The confidentiality of library records. Law Library Journal. 81: 769-804.
Johnson, D. 1989. Documents disclose FBI investigations of some librarians. New York Times. 7 November, 1989: A1.
Johnson, K. 1993. One less thing to believe in: Fraud at fake cash machine. New York Times. 13 May, 1993: A1.
Kailer, 1995. Reasoning about accountability in protocols for electronic commerce. In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA. May, 1995.
Kalven, 1966. Privacy in tort law: Were Warren and Brandeis wrong? Law and Contemporary Problems. 31: 326-332.
Kaplan, E. H. 1991. Needles that kill: Modeling human immunodeficiency virus transmission via shared drug injection equipment in shooting galleries. Reviews of Infectious Diseases. 11: 289-298.
Karasik E. 1990. A normative analysis of disclosure, privacy and computers: The state cases. Computer Law Journal. 10: 603-634.
Katz v. United States. 1967. 389 U.S. 351, 369 F2d 130 (9th Cir).
Kaylin, J. 1992. When the needles do the talking. Yale. April, 1992: 34-37.
Kohnfelder, L. M. 1978. Towards a practical public-key cryptosystem. Bachelor's thesis. MIT.
Lamont v. Postmaster General. 1965. 381 U.S. 301, 301.
LaPlante, A. 1994. Citibank's smart move. Information Week. 492.12: 42.
Lewis, T. 1996. Personal communication.
Low, S., Maxemchuk, N. F. and Paul, S. 1993. Anonymous credit cards. First ACM Conference on Computer and Communications Security. Fairfax, VA. 3-5 November, 1993.
Madsen, W. 1992. Handbook of personal data protection. New York: Stockton Press.
Markoff, J. 1995. Security flaw is discovered in software used in shopping. The New York Times. 19 September 1995: A1, D21.
Marx, G., 1986, "Chapter 9: The Iron Fist and The Velvet Glove", The Social Fabric: Dimensions and Issues, ed J. E. Short, Sage Publications, Bevely Hills CA, pp 135-162
Mastercard. 1995. Secure electronic payment protocol specification draft. Version 1.1. Pt. 2. [Online: web]. Cited November, 1995. URL: http://www.mastercard.com/Sepp/sepptoc.htm
Mastercard. 1996. Secure electronic transaction technology, draft. [Online: web]. URL: http://www.mastercard.com/SETT
Mayland, P. F. 1993. EFT network risk begs CEO attention. Bank Management. 69.10: 42-46.
McClellan, D.1995. Desktop counterfeiting. Technology Review. [Online: web]. Cited February/March, 1995. URL: http://web.mit.edu/afs/athena/org/techreview/www/articles/feb95/mcclellan.html
McGraw, D. 1992. Facing the specter of AIDS. Boston Globe. 13 March 1992: 3-5.
McKnight, L. W. and Bailey, J. P., eds. 1997. Internet economics. Cambridge, MA: MIT Press.
Medvinski, G. and Neuman, B. C. 1993. NetCash: A design for practical electronic currency on the Internet. First ACM Conference on Computer and Communications Security. Fairfax, VA. 3-5 November, 1993.
Miller, B. C., Neuman, C., Schiller, J. I. and Saltzer, J. H. 1987. Section E.2.1: Kerberos authentication and authorization system. Project Athena. Cambridge, MA: MIT.
Miller M.W. 1992. Data tap: Patients' records are treasure trove for budding industry. Wall Street Journal. 27 February, 1992: A1.
Morgan, G. 1992. Balancing national interest. The Institute. 16.
Mosteller, F. 1965. Fifty challenging problems in probability with solutions. Toronto: General Publishing Company, Ltd.
Mundt K. H. 1992. New dimensions in data security. In Proceedings of the 15th National Computer Security Conference. Baltimore, MA. 438-447.
NAACP v. Alabama. 1958. 357 U.S. 449.
National Bureau of Standards. 1977. Federal information processing publication 46: Specifications for the digital encryption standard. Gaithersburg, MD: U.S. Government Printing Office.
National Center for Supercomputing Applications. 1995. NCSA mosaic web index. [Online: web]. Cited November, 1995. URL: http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/web-index.html
National Computer Security Center. 1985. Trusted systems evaluation criteria DOD-5200.28-STD. Gaithersburg, MD: U.S. Government Printing Office.
National Computer Security Center. 1990. Trusted network interpretation environments guideline NCSC-TG-011. Gaithersburg, MD: U.S. Government Printing Office.
National Institute of Standards and Technology. 1991. Proposed federal information processing standard for digital signatures. Federal Register. 56: 42980-42982.
National Institute of Standards and Technology. 1994. Federal information processing standards publications 185: Escrowed encryption standard. Gaithersburg, MD: U.S. Government Printing Office.
National Research Council. 1996. Cryptography's role in securing the information society. Washington: National Academy Press.
Netscape. 1996. Netscape commerce server. [Online: web]. Cited May, 1996. URL: http://home.netscape.com/comprod/netscape_commerce.html
Newberg, P. 1989. New directions in telecommunications policy. Durham, NC: Duke University Press.
New York Times. 1995a. Woman missing bank card finds she is overdrawn $346,770. New York Times. 12 February, 1995: 1, 36.
New York Times. 1995b. Credit union's error is thieves' delight. New York Times. 9 February, 1995: B9.
Nimmer, R. T. 1992. The law of computer technology. Boston: Warren, Gorham and Lamont.
Office of Technology Assessment. 1985. Electronic surveillance and civil liberties. OTA-CIT-293. Gaithersburg, MD: U.S. Government Printing Office.
Office of Technology Assessment. 1986. Management, security and congressional oversight. OTA-CIT-297. Gaithersburg, MD: U.S. Government Printing Office.
Office of Technology Assessment. 1995. Information technologies for control of money laundering. OTA-ITC-630. Gaithersburg, MD: U.S. Government Printing Office.
Okamoto, T. and Ohta, K. 1991. Universal electronic cash. In Advances in Cryptology- CRYPTO '91. 324-336. Berlin: Springer-Verlag.
O'Keefe, M. 1994 Portable POS debit terminals mean greater convenience. Bank Systems and Technology. 31.11: 35-37.
Olmstead v. United States. 1928. 277 U.S. 438, 48 SCt 564, 72 LEd2d 944.
Pfleeger, C. P. 1989. Security in computing. Carmel, IN: Prentice-Hall.
Pool, I. 1983. Technologies of freedom. Cambridge, MA: Harvard University Press.
Privacy Protection Commission Study. 1977. Personal privacy in an information society. Washington: U.S. Government Printing Office.
Prosser W.L. 1941. Handbook of the law of torts. St. Paul, MN: West Publishing Co.
Rabin, M. O. 1978. Digital signatures, foundations of secure communication. New York: Academic Press. 155-168.
Randell, B., 1983," Recursively Structured Distributed Computing Systems", Proceedings, Third Symposium on Reliability in Distributed Software and Database Systems
Randell, B. & Dobson, J., 1986, "Reliability and Security Issues in Distributed Computing Systems", Proceedings, Fifth Symposium on Reliability in Distributed Software and Database Systems
Reid, M. A. and Madam, M. S. 1989. IC card design: Technology issues. Information Age. 11.4: 211-216.
Rivest, R. L. and Shamir, A. 1996. PayWord and MicroMint: Two simple micropayment schemes. submitted to Eurocrypt '96.
Rivest, R. L., Shamir, A. and Adleman, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM. 21: 158-164.
Rodman, P. 1996. Loss of national sovereignty and control by nation states. American Bar Association Standing Committee on Law and National Security Law Enforcement and Intelligence Conference. 19 September.
Rubin, L. and Cooter, R. 1994. The payment system: Cases materials and issues. St. Paul, MN: West Publishing Co.
Sandberg, J. 1995. Netscape software for cruising Internet is found to have another security flaw. The Wall Street Journal. 25 September, 1995: B12.
Schambelan, B., 1992, Roe v Wade: The complete Text of the Official U.S. Supreme Court Decision, Annotated, Running Press, Philadelphia, PA.
Schlossberg, H. 1993. Victims tired of researchers getting away with murder. Marketing News. 16 August 1993: A16.
Schneier, B. 1995. Applied cryptography. 2nd ed. New York: John Wiley and Sons, Inc.
Schnorr, C. P. 1990. Efficient signature generation of smart cards. In Advances in Cryptology-CRYPTO '89. 239-252. Berlin: Springer-Verlag.
Schuba, C. L., Krsul, I. V., Kuhn, M. G., Spafford, E. H., Sundaram, A. and Zamboni, D. 1997. Analysis of a denial of service attack on TCP. 1997 IEEE Symposium on Security and Privacy. Oakland, CA. 4-7 May, 1997.
Shamir, A. 1979. How to share a secret. Communications of the ACM. 22: 612-613.
Simpson. 1996. The effects of electronic credentials lifetime on the risks and costs of electronic commerce. Qualifier report, Carnegie Mellon University.
Sirbu, M. and Tygar, J. D. 1995. NetBill: an Internet commerce system optimized for network delivered services. IEEE ComCon. San Francisco, CA. 6 March, 1995.
Smith, S. 1992. A theory of distributed time. Ph.D. text, Carnegie Mellon University. Also CMU technical report CMU-CS-92-231.
Spafford, E. H. 1989. The Internet worm: Crisis and aftermath. Communications of the ACM. 32.6: 678-687.
Speiser, S. M., Krause, C. F. and Gans, A. W. 1991. The American law of torts. New York: Clark Boardman Callaghan.
Sproull L. & Kiesler S., 1991, Connections, The MIT Press, Cambridge, MA, 1991
St Laurent, S., 1998, Cookies, McGraw-Hill, NY, NY
Trubow, G., ed. 1991. Privacy law and practice. New York: Times Mirror Books.
Trubow, G. 1992. When is monitoring e-mail really snooping? IEEE Software. 9.2: 97-98.
Tunstall, J. 1989 Electronic currency. In Chaum, D. and Schaumuller-Bichl, I., eds. Smart card 2000: The future of IC Cards: Proceedings of the IFIP. Amsterdam: Elsevier Science Publishers B.V.
Turn, R. and Ware, W. 1976. Privacy and security in information systems. IEEE Transactions on computers. C-25: 1353-1361.
Tygar, J. D. 1996 Atomicity and electronic commerce. In Proceedings of 1996 Symposium of Principles of Distributed Computing. Philadelphia: ACM Press.
Tygar, J. D. and Yee, B. 1991. Strongbox: A system for self securing programs. In Rashid, R., ed. CMU computer science: A 25th anniversary commemorative. 163-198. New York: Addison-Wesley and ACM Press.
United Nations. 1995. The United Nations and human rights 1945-1995. The United Nations Blue Book Series. 7. New York: United Nations.
United States v. Miller. 1976. 425 U.S. 435.
United States v. Payner. 1980. 447 U.S. 727, 100 S. Ct. 2439, 65 L. Ed. 2d 468.
U.S. Bureau of Census. 1995. Statistical abstracts of the United States 1995. 115th ed. Washington: Department of Commerce.
U.S. Council for International Business. 1993. Statement of the United States Council for International Business on the key escrow chip. New York: U.S. Council for International Business.
U.S. Department of Defense. 1985. Department of Defense trusted computer system evaluation criteria. Fort Meade, MD: National Computer Security Center.
U.S. District Court. 1992. United States v. Julio Fernandez, John Lee, Mark Abene, Elias Ladopoulos, and Paul Stira. Indictment 92 CR S63.
Van Natta, D. 1995. Five phone marketers arrested in credit card sting. New York Times. 15 August, 1995: A14.
Verisign. 1995. Verisign expands digital ID offerings to leading web servers. [Online: web]. Cited November, 1995. URL: http://www.verisign.com/pr/pr_servers.html
Verisign. 1996. Frequently asked questions about digital ID's. [Online: web]. Cited 26 May, 1996. URL: http://digitalid.verisign.com/id_faqs.htm
Visa. 1995. Secure transaction technology specifications. Version 1.1. [Online: web]. Cited November, 1995. URL: http://www.visa.com/visa-stt/index.html
Wacker, J. 1995 Drafting agreements for secure electronic commerce. In Proceedings of the World Wide Electronic Commerce: Law, Policy, Security and Controls Conference. 6.
Walden, I. 1995. Are privacy requirements inhibiting electronic commerce. In Proceedings of the World Wide Electronic Commerce: Law, Policy, Security and Controls Conference. 10.
Warren, S. and Brandeis, L. 1890. The right to privacy. Harvard Law Review. 4: 193-220.
Waters v. Fleetwood. 1956. 91 SE2d 344.
Wood, J. C. and Smith, D. S. 1991. Electronic transfer of government benefits. Federal Reserve Bulletin. 77.4: 203-217.
Woodyard, C. 1991. Lungren joins suit accusing TRW of illegal practices. Los Angeles Times. 9 July, 1991: 1.
Yee, B. 1994. Using secure co-processors. Ph.D. text, Carnegie Mellon University. Also CMU technical report CMU-CS-94-149.
Ziegler, R. F., Brodsky, D. E. and Sanchez, C. M. 1993. U.S. securities crime. International Corporate Law. Criminal Investigations Supplement: 69-74.
Zimmerman, P. 1995. The official PGP user's guide. Cambridge, MA: MIT Press.
Zuckerman, G. 1994. Insider trading is back. Investment Dealers Digest. 60.2: 12-15.
Add ref: (Herlihy, 1991; Herlihy, 1987; Randell, 1986; Randell, 1983; Marx, 1986
