John (and cypherpunks/cryptography), I just posted this review of Camp's book on Technology & Society Book Reviews (http://www.techsoc.com/), a non-commercial site. Title Trust and Risk in Internet Commerce Author L. Jean Camp Publisher The MIT Press Copyright 2000 ISBN 0-262-03271-6 Pages 279 Price $32.95 Rating 86% Reviewer Curtis D. Frye, Editor and Chief Reviewer ([EMAIL PROTECTED]) In Trust and Risk in Internet Commerce, L. Jean Camp surveys technologies that enhance trust and reduce risk in Internet commerce transactions. The book is definitely a high-level survey, though one that can serve as the base for further explorations in a graduate-level e-commerce class. Camp, an Assistant Professor at Harvard's Kennedy School of Government, devotes the first five chapters to the basic technologies of electronic commerce: Internet protocols and economics, money, cryptography, key management, and security goals. While each of these chapters effectively presents the basic issues involved of each topic, there's nothing there for the advanced practitioner or student who has taken a course in electronic commerce. I also found the choices made in separating chapters 3, 4, and 5 made for awkward reading. As an example, consider Chapter 3: Basic Cryptography. This chapter, which is only eight pages long, does mention symmetrical and asymmetrical encryption schemes (though occasionally, and confusingly, under different labels), hash functions, and some of the security problems faced by those methodologies, but the in-depth discussion of asymmetrical encryption, digital certificates and signatures, and key management infrastructure issues are left for Chapter 5. The intervening Chapter 4, which is also quite short (13 pages) discusses the security goals that must be met for effective Internet commerce (reliability, security, privacy, confidentiality, system availability, scalability, authentication, data integrity, and nonrepudiation). Again, each discussion covers the elements required to meet each goal, but the choice to mention zero-knowledge protocols here instead of in Chapter 3 means the reader must flip between the two chapters to find what I feel is related information. One place Camp does hit the mark is in Chapter 5, which discusses key management systems in some depth. I also appreciated the table at the end of Chapter 4 which mapped different technologies to the security goal they fulfilled. Chapters 6 and 7 deal with privacy issues from the theoretical (Chapter 6) and implementation (Chapter 7) perspectives. As before, these chapters cover many of the relevant American court cases and laws, though two important cases were left out of the discussion. The first case, Paul v. Davis, dealt with false light claims brought by an individual identified as a shoplifter in a police brochure despite having charges against him dismissed. The second case, Reno v. Condon, is a more serious omission in that it dealt with an ultimately unsuccessful South Carolina challenge to a federal law that prohibited the sale of driver's license data by the states. Camp also criticizes Hagel and Armstrong's Net Gain, which encourages online community builders to track user interests and surfing habits. That criticism is true, but ignores Armstrong's new position in Net Worth (co-authored with Marc Singer) which calls for those communities to serve as infomediaries, defined in the later work as entities that protect consumer privacy while still collecting interest profiles. Chapters 9-11, which cover Internet currencies and transactions, are the crux of the book and offer more depth and insight than the preceding chapters. The author's discussions of the types of transactions, what properties a valid transaction processing system must have, and payment systems (credit cards, digital cash, and so on) are full of great information. Still nothing new for the experienced practitioner, but definitely enough content to provide a solid base for later explorations. The final chapter, Chapter 12: The Coming Collapse in Internet Commerce, is simply a call to avoid hysteria should an element of the Internet commerce infrastructure prove unreliable. Camp's argument that one of the main benefits of open-source software and protocol development, which has been the norm for most successful electronic commerce systems, is that the community of developers will solve any problems that arise. The flip side of that argument, which she makes explicit in Chapter 8 and elsewhere, is that government regulation impedes the development of effective electronic commerce systems. In all, Trust and Risk in Internet Commerce is a good book that offers readers a solid foundation in electronic transactions and payment methods and enough of a policy and technology background to provide instructors a jumping-off point for other classroom readings. That said, Camp might have chosen to miss out most of Chapters 6 and 7, combine any remaining material with the discussion of bank secrecy and reporting requirements in what is now Chapter 8, and provide more details on the payment protocols and transaction systems in Chapters 9-11. Curt -- Curtis D. Frye [EMAIL PROTECTED] Professional Writer and Speaker Editor: Technology and Society Book Reviews http://www.techsoc.com/ Author: Privacy-Enhanced Business (Fall 2000 from Quorum Books) Agent: Neil Salkind of StudioB, [EMAIL PROTECTED]
