Privacy Fear over Digital Signatures

Article excerpt

A

BACKLASH by privacy campaigners could hit the growth of e-commerce. Digital signatures, backed up by authentication technology, will allow internet users to realise the full potential of electronic commerce, say government officials and analysts.

But concerns are growing that the adoption of identity verification could be hindered by the pro-privacy lobby.

Authentication aims to ensure that an internet user is who they purport to be a critical factor in e-commerce where the business aim is to secure a successful financial transaction but avoid fraud.

Surfers can be verified by using electronic signatures supported with digital certificates (which prove that a signature belongs to a particular person), or using hardware such as smart cards, biometric measurement (fingerprint or retinal recognition), or embedded chips.

But campaigners say the increasing use of authentication risks forcing users to identify themselves online, infringing their right to privacy by remaining anonymous.

There was uproar last year when it emerged that Intel's Pentium III chip contained an electronic serial number unique to each chip, which could be read over the internet.

The feature was designed to let corporate IT managers track and remotely administer computers as well as making e-commerce more secure. But critics complained it might be used to identify and monitor people online. Intel subsequently released the chip with the feature turned off by default.

Frank Prince, senior analyst at Forrester Research, says privacy demands pose a problem for e-business because the ground-rules have not been set.

'It is a problem because what constitutes inappropriate use of thorough identification of an individual has not yet been established in the electronic environment,' he says.

Prince says the solution to the competing demands of e-commerce and privacy may be to match levels of identification and authentication to the scale and type of transaction.

'There is no reason why there cannot be a variety of middle grounds to do with identification in electronic environments, just as there are in physical environments. An example of a middle ground is the idea of pseudonymity'. Not anonymity, not full identification, but some entity or individual or organisation acting as a cut-out between you and the actual transaction. …