Third Parties: Toward a Restoration of Trust in Cyberspace?

AUTHOR
Paul B. de Laat

ABSTRACT

The ‘information technology field’ (Friedman) is entering its fourth phase: organizations cross their boundaries and ‘connect’ with other organizations, clients, suppliers, etc. In a similar fashion, individuals connect with one another in Cyberspace. Such relations open up new problems. A central one is that of trust: how can I be sure my partner in transacting keeps to the terms of the agreement? How can I even be sure of his supposed identity? If partners intend to communicate, or to do business with each other, they need enough trust in each other; otherwise the transaction will not get started. Next to this problem, transacting is of course liable to outside intrusion and disturbance. Hackers and criminals pose the problem of security.

Both problems have been fought with technological means. The whole area of cryptography has developed from these concerns. Progress surely has been made: tight security can be obtained, though at a price. However, the basic problem of trust between transacting partners has remained the same. It is true, I can be surer than before, that my partner is the one (s)he pretends to be (e.g. by using digital signatures). But as to his/her intentions, I am in the dark as ever before. Ironically, the issue of trust has also become more complicated by the development of cryptographic instruments. If partners communicating in Cyberspace, or in business networks, take to cryptographic means to protect their dealings against outside intrusion, they may obtain almost complete protection against the outside world. Now, in the US particularly, this has provoked a vivid reaction from security agencies, that want to maintain the prerogative of surveillance of their citizens. So another type of trust problem has emerged: the state wants to continue to be able to check upon dealings that take place between their citizens. Next to what may be called the problem of bilateral trust, now a trilateral trust type of problem has emerged.

How to tackle the issue of trust, either bi-lateral or tri-lateral, in transaction networks? It is principally by interposing third parties that solutions are being sought. Accountants step in, and certify that a web-site is bonafide in terms of business practices, transac-tion integrity, and information protection. A clearing house offers consumers anonymity, and enables them to surf on the Internet with their privacy protected. An `electronic shopping mall’ may even take care of both certification and anonymity concerns. Urged by the government to do so, organizations hand over the key to their cryptosystem to a Trusted Third Party. Note the resemblance with the earlier invented key escrow system, where a software producer deposits the source code of his program with a third party, in order to pacify his client.

To elucidate these third party solutions, and explore their implications, a comparison will be made with inter-firm alliances, as these have developed the last two decades. Firms temporarily ally together to pursue common goals. Also here, the problem of trust looms large. And also here, to fight a lack of trust, third party mechanisms have been invented, especially for strategic alliances involving mutual R&D co-operation (cf. De Laat, Noo-teb-oo-m). Examples include the following: a network broker who is to generate mutual trust between future partners; a third party that mediates or arbitrates in case of conflict (cf. `neo–classical contracting’, and ACR); a third party that confidentially assesses the mutual stock of knowledge in order to establish mutual rapport; a third party that functions as a trustee of knowledge while the alliance is running (erecting a `Chinese wall’). These last two constructions effectively use the third party as a screen against unwanted spillover of knowledge and information.

In the article third party solutions for interfirm alliances on the one hand, and in Cyberspace on the other will be compared. They will be shown to have a lot of similarities. Both kinds of mechanisms will also be integrated into a theoretical framework, along the following lines. Third parties are always interposing formal procedure between parties. However, the amount of `substance’ that is entrusted to them may vary. Mediators and arbitrators, on the one hand, remain empty handed (`pure procedure’). A trusted third party, on the other hand, receives a cryptokey or vital knowledge in his hands (`substance embedded in procedure’). In the latter case, the third party acts as a keeper or filter of transaction sensitive information. In a quite literal sense he has become the arbiter in information space.

An Emerging Ontology of Jurisdiction in Cyberspace

AUTHOR
David R. Koepsell

ABSTRACT

Over the past 100 years, as international commerce has expanded, nations have grappled with ever-changing notions of legal jurisdiction. When conflicts arise in commerce, and where crimes are perpetrated across or involving borders, courts must determine the applicable laws based once upon ancient notions of legal jurisdiction. The old rule of lex loci delicti has often and increasingly been abandoned in favor of contractual notions and rules determined by treaties. Under the old rule, the place of the crime determined the applicable law. As well, where the contract was negotiated determined the applicable law of contract. As the speed and frequency of trade and travel over national borders has increased, so have the modifications that have been necessary to accommodate legal conflicts involving both. A good amount of commercial litigation involves issues of international jurisdiction. Over time and with advances in technology, it became harder to determine where a particular crime took place, or where a particular contract was negotiated.

The emergence of the new information economy has complicated jurisdictional issues in commerce and crime. Many of these difficulties are simply extensions of problems that arose due to other media. Telephones and fax machines had already complicated jurists determinations of applicable laws. Even before the Internet, contracts were often negotiated without any face-to-face contact — entirely by telephone and fax. Where is such a contract negotiated? The answer to this question is critical to any litigation that may arise over such contracts. The laws of contract are often quite different from one jurisdiction to the next.

The Internet has, of course, muddied the waters even further. The Internet has brought with it new forms of communication which make determining the loci of acts even more complicated. Where are contracts negotiated when they are negotiated in cyberspace? Business is being conducted in chat rooms, on web sites, and through e-mail. Each of these is technically distinct from telephones and fax machines. More importantly, these tools are ontologically different, in varying degrees, from traditional methods of communication. The question is, are these ontological differences sufficient to warrant new legal notions of jurisdiction in cyberspace?

Only a thorough ontological analysis of the parts of cyberspace and acts “in” it can reveal the answers to the legal questions posed by this new medium. Traditional legal analyses have relied, in part, on a crude legal ontology. That is, courts have grappled with notions of the topology and mereology of the world and legal objects when considering questions of jurisdiction. However, new methods in the ontology of legal objects, most notably Searle’s recent contributions to the field, have afforded philosophers and jurists a mostly unexplored means for resolving practical problems which have arisen. A proper examination of these problems can only be undertaken by first asking questions such as: what is a contract anyway? Where do these things exist after all? Searle’s examination of social objects opens the door for a critical examination of emerging notions of jurisdiction in cyberspace and beyond.

Virtual Organizations, Real Business and National Work

AUTHOR
Jorma Kajava

ABSTRACT

The word ‘virtual’ has acquired a meaning that in some cases approaches the opposite of ‘real’. The current preference tends towards multidimensionality, i.e., that an activity is virtual from one perspective and real from another. We shall draw on our earlier experiences concerning outsourcing of software and information processing, with a special emphasis on information security, to explore the effects of virtual organizations. This discussion soon leads to the question of the distribution of work as globalization makes it easy to transfer mass production to a country where it is cheapest. As some countries are developing products, while others are producing them, we might ask where the balance between these countries is? How could we divide the different activities in the sense of national work? The current discussion around the topic has centred around its business aspects, maybe it is time to start a discussion on its ethical aspects.

The industrial society was characterized by real work, i.e., manufacturing, marketing and business, carried out by people employed by organizations. A weak link in the chain could cause an entire organization to collapse. The activities of organizations were based on real work carried out in the aforementioned areas. The primary goal was business and the secondary goal was employment.

In our modern information society, there’s an ongoing discussion on the distribution of work. Alvin Toffler once said that in the industrial society machines and buildings are a part of an organization’s capital, people comprise only a cost factor. Such a view is no longer considered valid, the current view holds that people with ideas are the most valuable asset of any organization.

At the end of the millennium, information technology offers us new avenues of making business. One such avenue comprises virtual organizations. The basic idea is to focus on the organization’s main activity and cut away all extraneous activities. If the organization is not working within the fields of software or information systems, it might consider the option of outsourcing all or a part of its information processing. It might also consider subdeliveries and benchmarking. At any rate, if the organization does not thoroughly explore its options, it could end up losing money and/or going to the wall. The most potent threats lurk in business and information security.

In this paper, we shall explore virtual organizations through outsourcing. The purpose is to learn about virtual organizations by investigating their effects within a narrowly confined area. Having understood the basics of virtual business, we will be in a better position to predict what the future of the Internet and networks might include.

Outsourcing refers to the use of external companies to perform one or more organizational activities. It can be applied to a host of activities ranging from the use of contract programmers to managing third party facilities. The most common reason for companies to outsource their information systems include cost efficiency and the need to free resources for more essential functions.

The economic aspects of outsourcing will not be examined in this work. Outsourcing will be limited to the clien’s information systems so, for instance, outsourcing software development will not be considered here. Furthermore, this paper does not attempt to describe detailed steps during the implementation of an information security programme or to provide implementation procedures for security controls.

Aspects related to information security are often paid little attention to in outsourcing. This is easy to understand, for outsourcing is a way of making savings, and information security is known to be a difficult, and often very expensive, undertaking. Furthermore, organizations may still think that information security does not bring any profits. It should be borne in mind, however, that breaches of information security may be catastrophic to the organization. Logically, information security should be a justifiable and important consideration for all organizations.

Our modern society with its soft and hard solutions has made the world smaller than ever before. We can transfer our activities to countries where they can be carried out most efficiently. But the question is, are we going back to mercantilism? How should we distribute work in the future – real manufacturing and design and virtual work? We are currently talking about the globalization of work activities and the harmonization of international legislation. Now we must start to talk about the distribution of work, because the global work situation is very serious. We may not have ready solutions to this problem, but we must have courage enough to start the discussion.

The discussion on outsourcing has highlighted the central role of information security work. The experience we have acquired from outsourcing should be applied to electronic commerce and public transactions on the Internet. It has been suggested that the situation should be described by means of graphical presentations. Ethical aspects are rather like security in that their significance should not be underestimated. When it comes to virtual organizations, we must first have a set of commonly accepted values and norms. Then we can start the process of ethical decision making. We have earlier discussed ways of harmonizing national legislations. Now we shall have to start discussing the harmonization of ethics in different countries.

The credibility of electronic activities at large is central to the whole discussion about virtual organizations and Internet business. A fault in the systems or organizations, could result in people, customers, losing their trust in electronic commerce. Thus, transparent security solutions form the basic building blocks of the new society. It might be said that business is based on technology and legislation, but society is based on people, their values and norms, their ethics.

Young People and New Media in Sweden

AUTHOR
Ulla Johnsson-Smaragdi

ABSTRACT

This paper discusses children and teenagers’ access of screen and computer based media in home, either in own room and/or elsewhere in house. The influence of demographic background on access to media is analysed. Homes differ substantially in their media access and it is shown how ownership of certain media relates to ownership of other media. Children’s exposure to media to which they have home access are discussed, that is, the proportion of users and for how long the media are used.

Children’s rooms are filled with screen and computer based media to different extent. The use of screen and IT-media is compared if having access in own room or elsewhere in house only. It is shown that children spend more time with media when they have access to them in their own room. The relation between bedroom type and demographic background is analyzed. Young people’s media use in relation to their bedroom type was analyzed. Young peoples attitudes towards computers and the specific use made of them, if writing, drawing, playing, seeking information and so on, are presented. It is shown that there are different types of users with different purposes: those with a single purpose, with a restricted purpose or with a multi-purpose. Finally, data describing at which places Internet is used and for what purpose is presented.

The data and results presented draws upon a Swedish national study forming part of a multinational comparative project. More than 1600 children and teenagers between 7-16 years participated in the study conducted during spring 1997. A year later 1050 of the parents (65%) answered a set of questions about their socio-economic

Square eyed and Virtual – A Vision of the Information Age?

AUTHOR
Pat Jefferies and Fiaz Hussain

ABSTRACT

UK society seems to be increasingly encouraged, through a variety of agencies, to make the Internet an integral part of its everyday life with little regard, it appears, to many of the ethical and social implications this may have. Such encouragement is coming from a variety of sources aimed at cultivating the social and cultural climate for the adoption of the WWW as well as from the advancement and convergence of current technology. This paper seeks to raise some of the ethical issues and concerns which, it seems, must be carefully considered by society as a whole before it commits itself totally to the ‘technological vision’ of the future. Such issues will include exploring the notion that there may be a danger of society becoming ‘squared eyed and virtual’ by becoming dependent on the WWW technology as the mediator for much of its interaction. Other concerns will include consideration of possible threats to identity, fragmentation and isolation as a result of interacting through virtual technologies as well as addressing some of the other ethical considerations such as privacy and accessibility.

Privacy, Autonomy and Workplace Surveillance

AUTHOR
Lucas D. Introna

ABSTRACT

Modern technologies are providing unprecedented opportunities for surveillance. In its attempts to compete in the global market the modern organisation can and do draw on these technologies to produce comprehensive systems of employee surveillance. This surveillance is often justified by arguments about competitiveness, efficiency, and the right of the employer to ‘get what it pays for’. Defenders of the employees right to privacy counter these claims by calling on moral grounds for their defence, such as privacy as fundamental human right. The debate is often structured in a way that sees the right of the employer to surveil and the right of the employee to privacy as mutually exclusive and as the manifestation of an inherent conflict between employer and employee. In this paper, I want to argue that there is no need to depend solely on moral claims to defend the employees right to privacy. I want to argue that there is an interesting paradox in the emerging economic context that may provide a more pragmatic basis for defending the employees right to privacy. That it may ultimately be in the interest of the employer to protect the privacy of the employee. In other words, that it may be a win-win situation rather that a zero sum game.

I will argue that privacy is central to autonomy. In other words, individuals need privacy in order to develop autonomous behaviour. Autonomous behaviour is widely acknowledged by authors on organisation development as the cornerstone of learning organisations’ the sort of organisational form essential to survive in a dynamic (even chaotic) environment resulting from, amongst others, globalisation processes. Surveillance would tend not to develop the sort of employees demanded in this emerging chaotic environment. Rather, it would tend to locate the locus of control outside the employee, and in so doing keep them in a state of dependence and ‘immaturity’. Simply put: what you gain in control you loose in learning, or, if you want learning, you must pay for it in privacy. Since the emerging economic environment requires learning rather than control, it is in the interest of the employer to develop information systems as systems for learning rather than as systems for surveillance.

If this argument can be sustained then there may in fact be a possibility to see employee privacy as a value that can serve the interest of both stakeholders. Articulated in this manner employee privacy does not merely become an idea we come to ‘at the end’ but becomes and essential element of modern organisation development efforts. This way of conceiving the problem highlights the very subtle, and hereto under-appreciated, link between privacy, autonomy, learning, organisation development, and actual choices in information systems design and implementation. It is to this end that this paper will contribute to the debate.

I will structure the paper as follows: First, I will discuss the rise of workplace surveillance and some of the debates about the conflict that it expresses. Second, I will discuss the relationship between privacy, autonomy and learning. Third, I will discuss organisational learning and its link with privacy. Finally, I will discuss some of the implications of these ideas for organisation and information systems design and implementation.