[Previous] [Next] [Index]
[Thread]
Re: iKP requirement for privacy
What was not evident to me while reading the paper was how the information
was kept secret. The models described in the paper assume the order
information was initiated by the consumer - as if the consumer inherently
knew product codes and prices. What isn't shown is the fact that the
merchant provided this information in the first place. It makes no sense to
try to hide information that is already known.
The only argument I can see that suggests the merchant doesn't know what the
consumer is buying is if sufficiently diverse types of product info in large
quantities is delivered as an atomic unit. This would make it difficult to
guess (aggregate) what's contained in the actual order.
Realistically, this will not happen. The very nature of 'browsing' restricts
the range of possible choices; a key feature of web based e-com. It is
likely store fronts will be architected to allow consumers to select
products with precision. If a merchant relays an order, even though they do
not know the exact contents of the order, they can predict with high degree
of accuracy what the customer ordered.
Indeed, merchants are motivated to know as much as they can about their
customers to sharpen marketing effectiveness. Catering to individuals rather
than market segments or demographics is the ultimate goal so long as it's
cost effective. I think Web based E-com promises this in the eyes of many
retailers.
I agree that there may exist consumers who wish to remain anonymous to their
merchant but I don't see how iKP delivers. Privacy scenarios may exist, but
the iKP paper is not explicit in this regard. The requirement to separate
order info from payment protocol specifically SHTTP and SSL smacks of a
hidden agenda. The 3KP protocol even requires the merchant to calculate
H(ORDER). In fact, according to figure 5, the ORDER information is broadcast
in plaintext. I don't think the proponents of iKP are really serious about
privacy in general or wrt client/aquirer privacy. There are too many other
issues to consider. Including legally binding trust relationships
specifically addressing privacy. I doubt legal issues will be resolved
anytime soon.
Regards,
Ned Smith
-------------------------------------------------------------
|Ned Smith, <nedbob@sequent.com>, said:
|
|>"Privacy, The privacy of order information and amount of payment should be
|>implemented independently of the the payment protocol, e.g. SHTTP or SSL"
|> [ . . . ]
|>The merchant already knows this information as a result of the customers
|>interaction with the cyber-store. What is the security principle that
|>motivates the above requirement?
|
|It's probably not so much a _security_ issue as it is a
|_privacy_ issue. In the same way that it's no-one's business
|what library books a person has checked out, it's also no-one's
|business what products someone has purchased from an on-line
|mall or how much he has spent there.
|
|Keeping the two sets of information separate is safer for the
|fulfillment house in case of some catastrophe like a systems
|failure, a security breach, etc.
|
|
|M. L. Grant
|<grant@medio.com>
|<URL:http://www.medio.net/users/grant/index.htm>
|