The need for commerce to be secure is not new. Traditional commercial transaction systems have always shared the needs for predictability, confidentiality, and resistance to fraud. So why is e-commerce different?
Much has been learned about the nature of computer-based information since it became a subject of renewed concern in the mid- to late 1980s. For example, great intellectual energy has been spent in trying to define a precise legal and business equivalency between paper-based and computer-based data. Most of these efforts have failed.2 It is now apparent that there are fundamental, practical, and legal differences between traditional paper-based commerce and computer-based commerce. Signed paper documents have inherent security attributes that are absent in computer-based records. These attributes include the semipermanence of ink embedded in paper fibers, the uniqueness of any particular printing process (such as for letterhead), watermarks, the biometrics of signatures (where characteristics such as pressure, shape, and pen direction are unique to the signer), the availability of time stamps (such as a postmark), and the obviousness of modifications, interlineations, and deletions.
Computer-based messages and records do not inherently enjoy such security attributes, if any at all. Computer-based messages are simply strings of binary digits or bits-zeros and ones-that represent information, such as words and numbers, in a coded form. The difference between a zero and a one depends on where the message happens to currently reside. For example, when residing in a computer memory, the difference amounts to a fraction of a volt variation at some point within an electronic circuit. Without the application of specialized external security mechanisms, computer-based records can be modified freely and without detection. That is, certain supplemental control mechanisms, including both physical and electronic protections, must be applied to achieve a level of trustworthiness comparable to that which inherently exists on paper.
Furthermore, paper-based and computer-based documents may not perform equal or exactly analogous functions in business and law. Negotiable documents of title exemplify differences between these media because of their need for originality and uniqueness. The negotiation of a paper document of title serves legally to transfer the goods or property that the document represents. The recipient of that document can have confidence that the transfer will be legally recognized, in part because proof of transfer is evidenced by a unique, original, paper document.
In contrast, computer-based records are not inherently unique. Indeed, one benefit of digital data is that one can make any number of identical copies with a simple keystroke, with each copy being indistinguishable from the original. Unfortunately, this characteristic counters the use of such records for providing robust legal proof in the same way as traditional paper-based documents. Thus, the inherent differences between paper documents and computer-based records demand different methods and procedures for achieving negotiability and other similar legal functions. Whereas a single paper document is adequate to negotiate a transfer of title, it may take a series of cryptographically secured computer-based messages, in conjunction with logical and physical controls, to accomplish the same task with a computerized title registry.
In reality, there are few straightforward, one-to-one, legal analogs for paper-based transactions in the e-commerce world. Rather, it is necessary to find relative functional analogs while taking into account the unique qualities of digital media.