Electronic Commerce Relationships: 

Predictions made by respected experts over the past several years about the size of the Internet market in the year 2001 range from $1 to $3 trillion. All we can be sure of is that the market will be somewhere between zero and infinity. Add to this the wildly optimistic and inaccurate forecasts made in the early 1990s about the coming explosion of interactive TV as a mass market, the failure of many early Internet shopping mall ventures, plus the as-yet tiny fraction of retail sales made electronically, and there's plenty of reason to doubt the many claims about consumer-to-business EC that scatter the pages of the Internet and IT trade press. To read Wired, the magazine of Internet utopians, you'd believe that Internet EC was already in the trillion-dollar range and has taken over the mainstream of business; it hasn't, and total revenues are as yet well under a billion dollars. 

That said, look at business-to-business EC on the Net. Here, a number of companies are handling a billion dollars or more of transactions. Cisco, the manufacturer of network equipment, is one. GE has made the Internet the base for its billion-dollar-plus of procurement bids. Business-to-business EC is close to being a requirement for being a well-run firm. In 1990, it was fully practical to be well run, making only limited use of PCs, fax machines, and 800 numbers. Now, it's pretty dumb. We're within a few years-five at most-of it being dumb not to make EC a foundation of business logistics. So here is a prediction we can make with confidence and plenty of supporting evidence: EC will be the base for next-century logistics, supply chain management and enterprise resource planning. The paper invoice, accounts receivable, and related documents will become the exception, not the norm. This won't happen in a flash, but it will happen quite soon. 

It's not that clear what will happen in the consumer sphere. So far, none of the hype has been matched with results. Internet advertising, retailing, and financial services are still a miniscule fraction of total business and there are very few profitable firms on the Net. That could change quickly; anyone who like us-is skeptical that consumer EC on the Internet will be in the mega-billion dollar range in 2001 must, of course, accept that a massive increase in EC cannot be ruled out. The World Wide Web shows that; after over a decade of slow but sustained Internet growth, this relatively simple but astonishing innovation moved the Net from a specialized comer of the network world to its very center, with growth in users and volumes that were so large and so rapid that Internet statistics are out of date the moment they are collected and are very unreliable. The Internet is as embedded in the fabric of everyday life as is the cell phone (and used by very much the same demographic groups as those who own mobile phones) and that ensures that consumer-to-business EC is as sure to come as ordering pizzas over a cell phone. 

Obviously, EC is on an overall growth path, and that growth path will be a steep one well within the next five years. Although, it may take time for consumer-to-business EC to get up speed, as it did for business-to-business EDI and electronic payments, once that happens, the minimal growth rate should be the 15-20% that has marked EDI for over a decade. That adds up to a doubling every five years. And that's at the bottom end of the growth rate. What other areas of business in this time of immense competitive stress offer that opportunity? 

HOW TO PLAN WHEN YOU CAN'T PREDICT

In this chapter, we take up the challenge. We make no direct predictions, though we give our own best estimates of trends. We do this so that we can highlight opportunities for you to look out for and assess their implications for security, audit, and control. We classify these trends in four categories of likelihood: inevitabilities, strong probabilities, possibilities, and unknowns. We add a second dimension of assessment: time horizon (near-term, medium-term, and unknown).

The likelihood categories are as follows:

• Inevitability. Here, all the evidence points toward this being a certainty, at some point in time. We add that last emphasis because in technology so often the issue is not "if' but "when." Thus, it's very easy to be sure that interactive television will at some point in time become a major element in EC. Billions of dollars have been invested on the basis of that inevitability, with many trials and pilot projects, great expectations and even greater financial write-offs. As one expert commented in the late 1980s, EC via interactive television will be a $60 billion business-the only question is whether that will be $60 billion of revenues or losses. That statement is as applicable now as then.
  
  
• Strong probability. Less than certain, but more than just a possibility: These are often the developments that rest on market forces rather than technology, whether a critical mass of users adopts them and makes them a de facto standard. They are thus not "sure things" but have plenty of factors and forces moving them forward.
  
  
• Possibility. There's enough evidence that this has a more than 50% chance of happening. There are so many of these in the market and on the horizon that many will move quickly from possibility to probability to inevitability and others will slide down the likelihood scale.
  
  
• Potential "wham". This is a possibility that could relatively suddenly become a bandwagon; it's something to watch for and think about but there's as yet no basis for factoring it into business planning. The World Wide Web was a "wham." It took off so fast that much of the IT industry was taken by surprise-Microsoft in particular. In 1996, intranets were a wham application; even though most experts expected them to become a routine component of corporate telecommunications and computing, few predicted the massive explosion which, if 1996 was the year of the Internet, made 1997 the year of the intranet and 1998 the year of the extranet.

For the time-horizon dimension of our matrix, the categories are as follows:

• Near term. This indicates that the technology or application should become a force or factor that will be part of mainstream EC, and hence part of business planning, within the next 3-5 years. Three to five years ahead is the time frame for innovation; the company has time to build policies, skills, and procedures now to be positioned when demand takes off.
  
  
• Medium term. Five to eight years. This is the practical long-term horizon for business planning and for addressing infrastructure needs. It's too early for the firm to make specific moves and investments but not for it to begin to assess business opportunities and technology needs. Beyond this period, it's close to impossible to make assessments. We recommend a strong focus on the near term as a necessary base for strategic planning and a more relaxed assessment of the medium term as the base for strategic brainstorming.
  
  
• Unknown. Here, no one knows, and there will be optimists who see it as the "Something of the Future" and realists who point to the optimists' last urgent predictions and recommendations. Here, our recommendation is to periodically update your mental map, looking for where and when "unknown" starts looking like "coming soon." An obvious example here is digital cash. It could be 20 years away from becoming the mainstream of EC, but it's not too fanciful to see some force jump-starting the so-far experiment-perhaps Japanese consumers, a very trend conscious society, making the Mondex smart wallet the next equivalent of the 1997 Tameguchi fad.

The resulting likelihood/time horizon matrix is shown in Table 10. 1, with examples that we review in more detail later in this chapter. The examples are based on our own conclusions from experience, research, and the opinions of the experts we most respect. Some of our assessments will inevitably be incorrect, and there will be many surprises that no one can reliably anticipate. For instance, had we filled out this matrix in, say, 1990, Java would not be on the list for the obvious reason that it did not exist. In some areas, our opinion is far less optimistic than that of many experts in the technology field. We strongly feel that, for example, e-cash---electronic cash, di gital wallets, Mondex, cybercash, microcurrencies, and the like-will take many years to build to a critical mass; we classify it as an inevitability in the unknown time horizon category. 

By contrast, we are more sanguine than many commentators about the likelihood of network appliances and network computers reaching a critical mass strong probability - within the near term. You may disagree. That in no way invalidates the assessment, ours or yours, as the aim is to examine the implications for the central topics of our book: safety for EC. If you think that, say, e-cash is a near-term strong probability, then it should move up on your learning and planning agenda. If you believe the network appliance is no more than a medium-term possibility, then you can simplify your agenda and have one less item to worry about in this time of constant technology change. 

We thus suggest that you develop your own matrix and keep it updated over time. The goal is to make change your ally, not a threat, and to be alerted to the implications of trends, so that if, say, the death of copyright - a potential "wham!" with an unknown time frame-should relatively suddenly move to, say, a strong medium-term probability, you have at least a broad sense of the opportunity, problems, and challenges it implies and can map these into the business enhancement strategy of business policy, relationship design, and front-ending that we presented in Chapter 7.

Table 10.1 The Likelihood/Time Horizon Matrix
	Near Term	Medium Term	Unknown
Inevitability	Component software as the mainstream of EC application development	Widespread use of credit cards on the Internet by consumers	Digital Cash Total dematerialization
	Rapid growth in intranets, extranets
	The triumph of ANSI X12
Strong Probability	Network appliances	International regulation of EC	Shortage of expertise needed for EC safety
	Standardization of EC secure payments	Consumer protection laws for EC transactions	Emergence of established third-party trust industry
	Growing use of software agents	Full implementation of "strong" encryption	Interactive television succeeds - at last!
		Widespread adoption of EC in business-government transactions
Possibility	Widespread adoption of Microsoft's EC standards and tools	Disappearance of VANs as major EC force
		Growing use of wireless telecommunications for EC
Potential "wham"	Massive litigation as a fallout from the Year 2000 date problem	Sustained Internet breakdowns	The death of copyright
		The internet as "cracker" heaven

THE NEAR TERM

The near-term scenario we outline in Table 10. 1 is:
Technology. Component software like Java will become the mainstream computer programming language for EC applications (inevitable); network appliances capture a significant fraction of the corporate market (highly probable); at the same time, Microsoft's standards and tools become de facto standards for merchant systems and secure electronic payments (possible). Software agents become a powerful element in all aspects of information technology application-and a major problem for safety (highly probable).

EC standards. ANSI's X12 becomes the central framework for more and more aspects of EC (highly probable).

Organizational applications. Intranets and extranets grow very rapidly, far faster than Internet EC (inevitable).

Business environment. The Year 2000 problem creates a nightmare situation (a "wham" potential).

This scenario assumes no technology surprises in the next few years and also assumes no major legal or regulatory moves in such areas as consumer protection, privacy, taxation, and strong cryptography. What does it imply for EC safety professionals? The obvious answer is that they will need much sharper and more focused knowledge of technology than they now do. Currently, there are three main technology issues that they must address: PCs, and mainframe processing "engines," both of which handle EC transactions, and corporate databases and large scale telecommunications networks, ranging from corporate private networks to industry VANS to the Internet.

Transforming the Nature of Security with Agents

If the scenario we sketch out above is an accurate broad picture of key emerging trends, then it defines a very different technology environment for EC safety professionals to apply their expertise and accept their responsibilities. Most obviously, the combination of Java, agents, and network appliances has the potential to transform the nature of security. We emphasize "potential" because there remain some skeptics of the claims that Java is inherently more secure than alternate programming languages. It almost certainly is, because its basic design principles provide for "applets" - mini-applications - to be self-contained and self-monitoring, with built-in protections against viruses. Given how new component software is, it may take another year or so before the language is backed up by the tools needed to fulfill its promises, but that seems sure to happen.

Change Through Component Software - An Observation on Java

The combination of Java and applets marks a major shift in the very nature of IS in general. It is no exaggeration to say that we are rapidly moving from the era of applications to the era of agents. Basically, an agent is a small piece of mobile software. Once activated, it can move across networks and computers, carrying out its function with no direct supervision from the application that launched it. Agents are already widely used in such areas as telecommunications network management, where they roam the network looking for problems and monitoring performance. Commercial uses include agents searching the Internet to locate bargain air fares. Several Internet search engines employ agents to locate, classify, and index new information sources.

Change Through Cookies

Cookies are a form of unlicensed agent. They are routinely used in Internet EC to store information when a PC user makes a hit on a Web site. They are stored on his or her hard disk; when the user next hits the site, the information is accessed to either speed up processing, customize offers and information flows (Bank of America uses them to display a screen that shows additions and changes "since you were last here"), or to capture information about the customer. They can be seen as either adding value to the business-customer relationship or as a dangerous invasion of privacy. Many people do not realize that their surfing of the Web is in effect monitored and information is collected that can be misused. This concern led to the eTrust certification service, which displays a Web site's policy about cookies: A guarantee that it will not give the information to other parties and will store the cookie only for a short period. This is the highest level of certification. Browsers like Netscape Navigator allow PC users to be alerted when a site tries to download a cookie and to accept or refuse them. 

Cookies are a signal of massive coming change through agents. Obviously, they are a relationship safety issue. At least cookies have a direct link from a Web site to a PC. Agents, once launched across the Internet, are independent of either. They may be anywhere and may arrive at a site or PC at any time. They may stay for just a few milliseconds and then move on, leaving no trace. This challenges the traditional system defense approach to security and will demand creative ways of handling the potential flood of tiny, speedy movements of an unknown volume of agents whose functions range from the harmless and trivial to the consequential and risk-loaded.

Change Through Network Computer Growth

Network appliances (NAs) will speed up the growth in agents. There are many other names for them, network computers and Internet computers, for example, but the underlying principle is the same: to shift processing and storage from the PC hard disk to the network. A stripped-down processor uses a Java compiler and minioperating system to access applets on an as-needed basis. In the words of the chairman of Sun Microsystems, the firm whose staff invented Java, "the network is the computer." There are many skeptics about NAs, which are, to a large extent, a counterattack on the stranglehold that "Fortress Wintel" (Microsoft and Intel) has on the PC market; they may not become the mainstream of Internet usage, but there is plenty of evidence that businesses will adopt them to reduce growing PC costs and complexity of operation, and that they will be a substantial niche product in the consumer and education markets. Again, this poses challenges to the traditional approach to security. The very idea of an audit "trail" looks less and less sustainable, given the dynamic and volatile nature of the flow of agents, the lack of any fixed location of the flood of Java applets that the NA downloads, and the loss of traditional application controls. These are all challenges to be turned into opportunities. That requires that security professionals adopt the perspective we recommended in Chapter 7: a focus on relationship safety and on front-ending. 

Of all the technology innovations and tools relevant to EC, software agents are, in our view, the single most important topic for security and auditing specialists to be concerned with.

ANSI and Internet/Extranet Growth

In our near-term scenario, we see two obvious organizational and business trends: ANSI X12 as the core of EC standard-setting and the continued growth of intranets and extranets. Both of these strong trends largely simplify relationship safety, given appropriate business policies and Big Rules. The main danger is that intranets may lead to the same ad hoc and localized developments that marked the early days of the PC revolution, where little, if any, attention was paid to safety; Big Rules are essential to avoid that happening with intranets. However, intranets resolve many of the worries concerning the Internet itself. They can be far more easily protected, through firewalls and gateways, and policies more easily defined and enforced-virtually nothing can be enforced on the Internet. Extranets are an extension of intranets.

We have included as a potential "wham" in our short-term scenario the nightmare possibility-inevitable in many experts' opinion-of the Year 2000 date problem generating massive breakdowns across the business supply and relationship chain. We do not discuss this in detail, and it is not in itself a security issue, but it will surely take much of the time and attention of just about everybody involved in EC.

THE MEDIUM TERM

In our near-term scenario, the main issues concern technology. We see this shifting in the medium term - 5-8 years out-to the consumer side of EC: payments, protection, and regulation. We anticipate a rapid growth in the use of wireless communications, to the degree that there is quite a strong possibility that it will become the mainstream of telecommunications. That will obviously make strong encryption a vital issue.

Already, there is a rapidly accelerating convergence of Internet technology, consumer electronics, and wireless technology. Here were just a few recent innovations of 1998:

 
• The Nokia 9000I digital cellular phone: This device was the first of a growing flood of hand-held tools for which there is no term as yet: a digital cell phone, pager, Internet browser, and fax machine. 
  
  
• Palm Pilot: This small personal digital assistant (PDA) sold well over a million units in its first year. It includes reliable and simple handwriting recognition, calendar management, scheduler, address book and notepad. The newer versions added a wireless modem and Internet browser.
• Cars: Ford announced that it will offer Internet and e-mail wireless capabilities in its year 2002-model cars.
  
  
• Iridium: The long-planned satellite-based service that makes the entire world a local phone call went live (and in 1999 declared itself insolvent). 

All of these have the same basic features: mobility plus Internet access plus the standard consumer electronics price curve. That price curve virtually guarantees a takeoff in consumer EC at some point: Whatever the initial price of a device, it ends up costing around $300. The Palm Pilot was announced in that range, and the new versions added processing power and features for no additional cost. The Nokia 90001 came on the market at around $1,200. Ericsson's and Canon's offers pushed the price down in the very same year to the $600 level. 

Wireless EC opens up many new opportunities-and new safety challenges. It's an area to watch.

Safe Payments

Safe payments are the single key issue today for the growth of Internet EC, and there is also a whole host of proposals for new forms of digital currencies that will charge small fees for services and make information cost effective. Basically, there are three issues that must be resolved:

1. Security. That's basically a matter of encryption and adoption of standards for payment processing. It's an area of intense activity and innovation. PKI seems to be leading the way.
   
   
2. Perceived safety. That is the issue that will pace progress in consumer EC.
   
   
3. Regulation. EC on the Internet poses many new problems of warranties, taxation, privacy, liability, and contract. So far, there has been little intervention by governments, but we see a strong probability of this changing. 

Nowhere is the distinction between security and safety in EC more marked than in the area of credit cards. Using a credit card in an Internet transaction is far more secure than in most everyday routines. People have no concerns about giving their card number over the phone, faxing it, or leaving it on file with a travel agent. Internet credit card fraud to date is tiny in comparison with cellular phone theft, for instance. But most people simply don't as yet feel safe using their cards on the Net. That will surely change over time; the only question is, how soon? We take a conservative position here. We see mass use of credit cards as being over five years away. We expect it to be moved forward by the diffusion of strong encryption techniques and tools, such as PKI, with DES gradually eroding. There will be more initiatives to ensure consumer protection. Internationally, there will almost surely be a flood of regulatory moves. Already, the United States government is attempting to extend its legal authority to cover one of the fastest-growing areas of EC: gambling over the Internet. Antigua, a small Caribbean nation that has made support of the gambling industry a cornerstone of its economic planning, with a government Minister overseeing it, is challenging that attempt. There will be many similar arguments between nations about which laws apply where and to whom. It's likely that there will be increased cooperation in the end. That cooperation will center on the problems of pornography, fraud, and consumer protection-safety.

Taxation

Much of the conflict and cooperation between governments will address consumer protection and privacy, but one major driver will also be taxation. That is a topic that accounting professionals involved in EC need to track carefully and continuously, because it may demand very new and very complex record-keeping and tracking systems. In the United States, the government has to date avoided imposing new procedures or taxes; the priority has been not to impede the innovation that has marked the Internet and not to make any moves that may slow down the take-up of EC. That won't be the case abroad. The European Commission, centered in Brussels, has been dominated by centralist and restrictive policies in most areas that come under its jurisdiction; it's a regulation machine. It is targeting EC on the Internet as a growing concern. The basic issue is, where is tax paid on purchases? The United States wants it paid at the point where the goods are sold; there are some problems to resolve here about where that point is when the transaction is handled by a server in State A, whose customer service operations are in State B, and the goods are delivered from State C - but these are manageable. The European Union wants tax paid in the country of purchase. The reason is that goods such as books, records, and computers are generally much cheaper in the United States than in France, Germany, or Belgium. Thus, there are far fewer purchases by U.S. consumers from European sites. That means there will be a tax imbalance; the European Union doesn't want it to be in the favor of the United States.
The Effect of "Crackers" 

One element we include as a potential "wham" in our middle-term scenario is very difficult to assess: the Internet becoming cracker heaven. "Cracker" has increasingly replaced "hacker" to describe those who view the Internet and computer systems as a domain for play, experiment, mischief, and profit. Hackers include good guys; crackers are definitely bad guys. That there are criminals and saboteurs in cyberspace is not new; for decades, all large organizations have had to protect against efforts to intrude into their systems. Every year, a company with experience and expertise in security suffers from a break-in. The Internet makes it easy for them to get into where the goodies are-Web sites-and opens up massive opportunities for them to do damage. 

What has to be of most concern is that the sophistication of crackers is growing rapidly as are the tools they have access to and the clandestine electronic communities they form, which anonymously share tips, software, and strategies. Even relatively unskilled crackers can cause plenty of damage. What stands out in a 1997 book, @Large, which reviews "the strange case of the world's biggest Internet invasion," is how easily the Phantom Dialer was able to intrude on hundreds of highly "secure" university, military, business, government, and bank systems even though he was a neophyte. In addition, the book reveals how unprepared and short of expertise law enforcement agencies and the FBI are in facing off against the cracker community. The original design of the Internet is in the public domain, so that many crackers are totally familiar with its weak points. It was never intended to be secure; in the pre-Web days, security was Big Brother and the antithesis of the open and sharing community of researchers who formed its early user pool.

It's quite possible that in the medium term, there will be a retreat from the Internet as EC base and that intranets and extranets will take over. It seems close to certain that there will be new legislation and regulation. We expect this in the medium term rather than the near term because of the long lead times and political maneuvering required for what is sure to be controversial and widely opposed-trying to "control" the Web-and because there are as yet no clear principles for defining new laws and even fewer principles for making them work. 
Obviously, computer crime and hacker/cracker activities are a matter for constant vigilance, and many of the well-established tools and procedures firms now use to secure their networks and systems will still apply and will, of course, evolve. But the challenge gets tougher and tougher to meet. Our own concern here is to emphasize that the priority remains business enhancement of the EC relationship plus system defense, not one at the cost of the other.

THE UNKNOWN TIME FRAME

We've highlighted in our matrix just a few trends, all of which have major implications for relationship safety.

Digital Cash

The first is digital cash; this seems an inevitability in the long term, but for all the claims, hype, and proposals, there has been little activity to date. From the perspective of safety, just about all the main schemes offer immense improvements over existing payment mechanisms in terms of security and privacy; Mondex and CyberCash are the leaders here. (Governments, of course, are more anxious to limit privacy and security when it's a code phrase for tax evasion and money-laundering.) Our personal view, however, is that they will take far longer to reach critical mass than their proponents expect, for two main reasons: (1) Existing mechanisms work pretty well, and (2) the organizations that operate them have a major investment to protect.

Changes in Payment Mechanisms

Checks, debit cards, and credit cards are the main payment mechanisms of consumer commerce. The main requirement for them to remain so in electronic transactions is relationship safety and, more important, users' confidence and trust that they are truly safe. For business-to-business EC transactions, firms have a wealth of experience and tools to draw on: financial EDI (FEDI), electronic funds transfer, electronic cash management, and others. All of these can evolve to meet the needs of all parties in the EC chain. 

Changes in payment mechanisms and forms of currency have been very slow over the past decade. An example is the smart card, which has been widely promoted for well over a decade. It offers many advantages over credit cards, in terms of security, features, and storage of information and currency. Its use has remained very limited in the United States, though it is more widely employed in Europe and Asia. Only in the past 2-3 years have stored-value cards, a far simpler technology, become widely distributed, mainly for phone calls. Debit cards are increasing rapidly in use but, again, this is a simple and very dated tool. 

One continuing barrier to the adoption of smart cards, debit cards, and stored value cards has been the self-interests of players in the traditional market. Visa and MasterCard throughout the 1980s dabbled with smart-card pilot programs, each watching the other warily; the strategy seems to have been to make sure that, if smart cards took off, they would not be left behind, but at the same time not to move ahead until there were a clear opportunity or competitive necessity. They have taken the same tack with smart wallets. The credit card system works very well indeed and is global in span. Why change it? 

Checks and currency work well, too, and meet most routine needs. Government treasuries have a large vested commercial interest in their continuance, too. The U.S. Federal Reserve Bank is a check-processing factory system, with massive warehouses and an entire fleet of aircraft that manage their sorting and sending to banks. The dollar bills and coins in our pockets provide what is termed "seignorage," a fancy term for the earnings the Treasury gains around $70 billion a year-for what is a form of float, the interest on the currency it has issued and that is indeed floating around the financial system. A $100 bill hoarded in Russia is a contribution to seignorage. There are about $450 billion of U.S. currency bills in circulation. Of these, $150 billion is held outside the United States, in the form of $100 bills. In countries with financial instability and inflation, the $ 100 bill is the modem equivalent of gold bars, and more portable and convertible. When inflation in Bolivia reached rates of hundreds of percentages a day, the street dealers traded in dollars. They are a primary savings and storage vehicle in Russia. 
Why on earth would the Treasury rush to eliminate all this, especially by encouraging new forms of electronic currency that make tax collection more difficult and money-laundering far easier? 

We don't discount digital cash in our likelihood/time-horizon scenario. Indeed, we see it as an inevitability over the long term. We believe, though, that developments will be evolutionary and incremental-and relatively slow paced. Credit cards, checks, and cash will still be the trusted mainstay of commerce in general and will adapt to the demands of EC.

The Death of Copyright

There is one element in our evaluation of trends that has such huge implications that we can only guess at how it will play out. This potential "wham"/unknown time frame is the death of copyright. Digital technology, multimedia, and the Internet are fairly rapidly pointing to the loss of documentable "reality." Desktop publishing tools allow for forgeries of such accuracy that one German counterfeiter of U.S. $20 bills complained in court that he had had to lower his aesthetic standards because of the poor quality of the design. There can be no guarantee that any photograph has not been tampered with. Almost every day, there are published reports of e-mail hoaxes. Information accessed over the Web can be cut-and-pasted, plagiarized, and stored elsewhere. Multimedia makes it easy to "morph" a picture and so totally transform its details that it is unrecognizable from the original. 

Most of the topics we have reviewed throughout this book relate to security and control of messages and transactions. We speculate - and it is only speculation-that there will be growing attention in the future to the content of what is to be kept safe. That will include protection of intellectual property and ways of certifying the documentable "reality" of, say, a picture or document; this is an extension of authentication, where instead of authenticating the sender of a message and ensuring that it has not been tampered with, the process authenticates that this is a "real" photograph or the "true" document. There will need to be new information accounting mechanisms that may include electronic watermarks and other ways of preventing alteration of information content. If copyright is to be kept alive, ingenious ways of identifying and tracking information sources and movements must be designed. Personally, we doubt that they can be. 

The main implication for today in this scenario is simply that safety strategies will move from validating, protecting, and tracking transactions and messages in EC to validating, protecting, and tracking the information content of transactions and messages.

RECOMMENDATIONS TO MANAGERS

Whatever happens in any area of technology, business, government, and society relevant to EC, the need is to be there when demand takes off. Our recommendation is skeptical brainstorming:

• Make sure your firm tracks IT, EC payments, legislative moves, and the like.
  
  
• Don't fall for hype, but ask where's the evidence, who's actively behind this and can make it all happen, and how likely are EC customers to adopt this? When?
  
  
• Be alert to breakouts: when a previously niche aspect of EC or technology suddenly starts being discussed by businesses rather than just vendors, the IT trade press, and "gurus."
  
  
• Build a strong network of contacts in your region, industry, and professional field. Get out and meet them, through local universities, well focused conferences, and associations.
  
  
• Subscribe to relevant publications outside your own field: IT, international business, EC in general, and ones that cover your industry. Skim them, looking for patterns. Very often, you will see a topic that's been around for years in, say, IT, suddenly start showing up in articles about banking or manufacturing. This may sound heretical, but read outside rather than inside your area of expertise. If you read about a topic you know, well, it will just tell you what you already know or, if it's news, a colleague will bring it to your attention - "Hey, did you see that article on ... ?

Our final recommendation: View EC as the inevitable mainstream of business and look to make a major contribution to how your firm exploits the opportunity.