Secure Internet-based Electronic Commerce: The View from Outside the US

Because of a number of well-publicised computer break-ins there has been a steadily increasing demand for encryption and related security measures to be included in software products. Unfortunately these measures often consist either of “voodoo security” techniques where security is treated as a marketing checkbox only, or are rendered ineffective by the US governments refusal to allow non-Americans access to the same security measures which it allows its own citizens, making the current electronic commerce infrastructure a target-rich environment for attackers. Organisations employing such (in)security systems may make themselves liable for damages or losses incurred when they are compromised. This paper covers the issues of using weak, US government-approved security as well as problems with flawed security measures, examines some of the measures necessary to provide an adequate level of security, and then suggests several possible solutions.