By Andre Griffith
In June 2000, the then US President Clinton signed the “Electronic Signatures in Global and National Commerce Act” giving force of law to digital technology for signatures in commerce. Somewhat dramatically, he “signed” that act by use of a digital signature but perhaps out of an abundance of caution he spoiled the show for the purists by also signing in the traditional manner, a paper copy with a pen just to make sure. Close to a decade later, electronic commerce in the 20th century accounts for billions of dollars per year and significantly reduces transaction costs between businesses especially where widely dispersed geographically.
The OECD defines electronic commerce through the following: “An electronic transaction is the sale or purchase of goods or services, whether between businesses, households, individuals, governments, and other public or private organisations, conducted over computer mediated networks. The goods and services are ordered over those networks, but the payment and the ultimate delivery of the good or service may be conducted on or off-line.” There is a similar, narrower definition for “Internet transactions” where “the Internet” replaces “computer mediated networks”. The defining characteristic of an electronic commerce transaction is therefore that the agreement entered into by the two parties is executed electronically, as distinct from payment or delivery. This distinction is critical, since electronic payments (via bank transfer or credit cards for example) have been a part of commerce for decades but are not considered to be e-commerce transactions proper. In this series we shall examine largely the technical aspects of e-commerce starting today with a look at traditional ways of entering into transactions between buyers and sellers and the issues that they consider in doing so. Following this introduction we will examine how those issues or considerations relevant to entering into agreements for business transactions are handled in the digital realm.
The dominant mode of business transaction with which the average Guyanese man and woman in the street would be familiar is the face to face mode, where cash is the medium of exchange. In this dispensation even given the possibility of counterfeit, the risk is minimal and there is no particular need for elaborate mechanisms to identify buyer and seller since goods and cash are exchanged on the spot. Additionally, the nature of our commerce is such that goods are largely sold on a non-returnable basis, thus the buyers subject goods to some visual or other inspection at the point of trade. The buyer gets her goods instantly and the seller gets cash also instantly. Dependent on the nature and value of the purchase, a receipt may be demanded by the buyer and issued by the seller. So far so good. Things become slightly more complicated if the buyer does not want to deal directly in cash, but wishes for example to pay by cheque. In this scenario, the seller will want to see a trusted form of identification such as a passport or a national ID card. They will compare the likeness of the buyer to the photograph on the identification and the likeness of the signatures on the ID and the cheque. In this way, the seller gives his or herself what he or she believes to be reasonable assurance that the person in front of them is who they really claim to be. We will see that this is one of the central issues that will concern us in electronic transactions.
Moving farther along the spectrum of difficulty, we consider the case where a buyer is located say in Georgetown with a seller in another country. In this situation, the parties will by some means establish contact, whether over the phone, or in person.
They will do some due diligence on each other dependent on the level of risk to which each is exposed. If the terms of the transaction include payment in advance then the buyer will probably do some extensive checking of the seller’s bona fides and vice versa if the terms include for example payment 30 days after delivery. We can see that the issue of establishing the identities of the parties becomes more complex. Additional to the problem of establishing the bona fides of the entity, the buyer and seller will wish to hold some tangible evidence that an agreement was entered into. Such proof usually takes the form of a purchase order or a more specialised contract.
If the business transaction is particularly sensitive, then one or both parties may require confidentiality. Most people would associate a requirement for confidentiality in face-to-face transactions with some nature of illegal business such as the payment of a bribe, purchase of stolen goods or some such other nefarious activity. This is actually more secrecy than confidentiality. Banking transactions containing sensitive details of client’s accounts, or the communication of statements that contain balances are a mainstream example of legitimate transactions where there is a need for confidentiality. Equally so would be legitimate covert operations of security agencies that need to obtain goods or services from private sector entities.
The above examples explicitly and implicitly deal with a number of issues that usually concern two or more parties desirous of entering into enter into a business transaction. The four essential considerations in this regard are usually referred to as those of establishing authenticity, confidentiality, integrity and non-repudiation. These are briefly explained in turn.
Authenticity speaks to whether the person or entity with whom you are corresponding is really who they claim to be. Confidentiality addresses a requirement that the contents of the correspondence or transaction are only intelligible to its intended recipients. Integrity deals with whether the contents of the correspondence communicating the transaction reach their intended recipients unaltered. That is, we are concerned with ensuring that what is received is exactly what was sent, no less no more. Non-repudiation relates to the issue whereby having sent a particular item of correspondence, the sender must not be able to repudiate (deny) sending same. That is they cannot say “it wasn’t me”. There is also a less considered aspect of non-repudiation which deals with the receiver’s ability to deny receiving any particular piece of communication.
In the next article we will look at how these issues are determined in traditional paper-based commerce and communication and in subsequent articles we will develop the models whereby these issues are addressed in electronic commerce. Because some of the essential subject matter is rather dry, as an incentive to readers, we will develop a hypothetical case of a three-way e-commerce transaction involving two companies Cell2AllComers Ltd., Cellular Records Investigation Management Enterprises (C.R.I.M.E) Inc., and the authorities of an imaginary country the Republic of Cayanna.