Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2013
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Xamax Consultancy Pty Ltd, Canberra
Version of 22 September 1996
© Xamax Consultancy Pty Ltd, 1996
Invited Address to the Annual Conference of the Society of Consumer Affairs Professionals (SOCAP), Carlton Crest Hotel, Albert Park, Melbourne, 26 September 1996
This paper is at http://www.rogerclarke.com/SOS/SOCAP96.html
Information technology is changing the whole nature of transactions between consumers and the suppliers of goods and services. Over a dozen key issues are identified and outlined.
If consumer affairs regulators and advcoates want to remain relevant to their constituencies, they must invest in an understanding of these issues, formulate strategies to ensure that the consumer interest is forcefully represented in the designs of schemes, and act quickly.
Technological developments, especially in computing and communications, are dramatically changing the patterns of consumers' interactions with the providers of goods and services.
The purpose of this paper is to identify some key consumer issues arising from information technology (I.T.) and its applications. Consumer affairs regulators and advocates must appreciate the challenges, and influence the application of these technologies, and must do so now.
The scope of the paper is not restricted to goods and services provided by the private sector. Notwithstanding the government downsizing, privatisation and outsourcing movements, governments remain very important providers of services to the public. Moreover, some government agencies, particularly the Commonwealth, and in recent times Victoria, are among the most sophisticated users of I.T. in service delivery.
The starting-point for the analysis is the concept of 'extra-organisational systems' (Clarke 1992). I proposed this term some years ago, to refer to the increasingly large number of systems which involve not only medium-sized and large-scale organisations which have a fairly good understanding of I.T., but also small enterprises, micro-enterprises and members of the public.
Individuals and small organisations do not have professional I.T. managers. They have little understanding of or interest in arcane arts and technologies. Accordingly, argued that paper, new forms of systems analysis and design are urgently needed to ensure that extra-organisational systems address the needs of all participants.
Many of the early extra-organisational systems (such as Automated Teller Machine (ATM) services, Electronic Funds Transfer at Point of Sale (EFT/POS) services, and electronic home and office banking services) were driven by large corporations. The sponsors of many such schemes have had their fingers burnt by designs that did not satisfy the 'win-win-win' criterion, whereby all of the participants share in the dividends. These organisations are endeavouring to improve the sophistication with which they test their products on consumers before launching them into wide usage. They are even considering the bold step of consultation with representatives of stakeholders before designing the product.
But many extra-organisational systems are not, to the chagrin of people like Bill Gates, under the control of any one large organisation, nor even of alliances or consortia. Rather, they are more 'organic' in their origins.
Some are based on shared, formal standards (such as X.500 directories that provide the framework for such services as yellow-pages; and X.509 certificates, that will soon be supporting the authentication of message-senders). But the various services that are available over the Internet are based on the much looser arrangements generically referred to as the Internet Protocol Suite (IPS). These include email, file transfer capability (FTP), and the currently most significant of them all, the HyperText Transaction Protocol (HTTP), the foundation-stone of the World-Wide Web.
The breadth of the 'electronic commerce' services that are being thrust at a largely bemused public is indicated by the following list:
In order to reflect the audience for which it is prepared, this paper primarily adopts the perspective of the consumer. It is, however, not reasonable to constrain the discussion to consumer protection alone. Providers of goods and services need to be able to rely upon consumers partipating in the process, and hence any charter needs to deal with both the rights and the responsibilities of both consumers and suppliers.
In developing the discussion that follows, the aspects of such a charter that have been taken into account are:
The body of this paper identifies and introduces in turn each of the following issues:
One of the initial uses of technology by suppliers is to reduce the cost of supporting interaction with their customers, by substituting relatively cheap technology for relatively expensive human resources.
One example of such a technology is interactive voice response (IVR), which provides a telephone-number connected not to human operators but to a computer. The computer plays back pre-recorded messages and/or program-generated sentences, and accepts data from the caller's phone key-pad. Many IVR arrangements are excruciatingly badly designed from a consumer's perspective, offering barely comprehensible messages, and a series of options most of which are irrelevant to any given caller, and are in an inappropriate sequence for many of them. Many IVR facilities are not back-ended by an appropriate, or an appropriately-resourced, human help-centre.
Another example is public kiosks, and yet another, currently burgeoning, is corporate and governmental web-pages. In some cases, these technologies are being well-applied, and are performing information-provision functions effectively and efficiently. This may well reduce the demand for counter-services, just as ATMs did. Such technologies can also be used as a mere excuse for reducing human services.
In an environment in which information discovery and acquisition are being displaced from interaction with humans at counters and on telephones, consumers are increasingly dependent on their ability to use technologies. The telephone is widespread, though not ubiquitous and not always convenient. Kiosks are (so far) fairly localised. Connections to the Internet, while increasingly accessible, are also anything but ubiquitous.
Even given appropriate infrastructure at a location reasonably convenient to the consumer, he or she needs a level of education, and what is commonly called 'functional literacy'. In this context, functional literacy includes the abilities to see and to hear; to listen, to read and to understand; to formulate questions, answers and requests; and to speak and to type meaningful statements.
It is currently unfashionable to use the term 'equity'; but the fact remains that a level of sophistication is being demanded of consumers that some proportion of them are simply not presently up to. It is also unfashionable to talk of 'safety nets'; but that term conveys the kinds of mechanisms that are needed to cope with the problem. At the very least, the organisations that design systems need to be much more closely in touch with the characteristics of the various segments of their customer populations.
More generally, there is a serious risk that corporate Australia may be successful in causing the Internet and other elements of the information infrastructure to be based on a supply-push model. The vocabulary currently being used by the Minister for Communications makes it appear that he is in the thrall of 'big business', and that he conceives of cable as being merely another broadcast medium, suitable for force-feeding consumers with a diet of pre-packaged entertainment and shopping alternatives.
The information infrastructure is much more than this. Attempts to subvert it, and to create barriers against consumer-pull and consumer-as-provider need to be strenuously resisted.
I have previously proposed that the following principles are necessary, as underpinning for a participative information infrastructure:
For a discussion of this topic, see Clarke (1994).
A further threat to the openness and consumer-orientation of the information infrastructure is the knee-jerk demands for regulation of the Internet that are currently arising from the media publicity about 'porn in kiddies' bedrooms'. For background on this matter, see Clarke (1996).
The term 'intermediary' is commonly used to refer to 'middle-men', who perform functions (in return for a premium), that mediate between the originator of goods or services and their ultimate consumer. They include wholesalers, retailers, the corner-shop, warehousers, distributers, agents, and brokers of many different kinds.
The term 'disintermediation' refers to the tendency for intermediaries to be rendered unnecessary by developments in technology. This has already occurred in logistics, with local distribution becoming less relevant, and cost-effective door-to-door delivery over long distances taking its place.
Such technologies as IVR, kiosks and Internet-based ordering are creating a trend towards 'remote-purchasing' patterns. The disintermediation that this is engendering is a double-edged sword. It is capable of significantly reducing the costs of delivering goods and services, but it may also compromise aspects of purchases that go beyond the mere price, such as quality, installation, demonstration, provision of advice, and the bundle of things summed up in the term 'after-sales service'.
Many self-appointed business strategy gurus trumpet the disappearance of middle-men. A more sober assessment is that some kinds of middle-men will indeed disappear; but that many kinds of middle-men will substantially modify their services; and that at least some kinds of middle-men will flourish, and the balance of power will pass from large upstream suppliers to those intermediaries, because they will be the ones with the all-important relationship with the ultimate customer. The emergence in Australia of articulated wholesale/retail banking mechanisms will be a case in point.
Understanding of the dynamics of marketplaces depends on analysis of the particulars kind of goods and services and of each particular industry value-chain. Guidance on these points is to be found in Clarke (1992), Clarke (1993) and Clarke (1994).
Disintermediation is resulting in greater distance between supplier and consumer. This means that consumers can no longer depend on a physical relationship with a shop-keeper who sold him the goods; and this leads to a need for consumers to be able to identify and find information out about the supplier.
In tele-marketing, there is limited opportunity for consumers to check the nature of the organisation they are dealing with The Internet, on the other hand, does create some real possibilities for supplier authentication. The primary means, which is due for launch in the Australian and U.S. markets in the next few months, is based on public-key certification. Guidance on this topic can be found in Clarke (1996).
The capability to be sure who one is dealing with will be particularly important in circumstances in which payment is required as a condition of delivery of the goods or services, and where significant elements of the relationship depend on ongoing delivery by the supplier (e.g. relationships involving an annual subscription, and goods with a warranty and/or maintenance component).
There are also circumstances in which the supplier will seek to authenticate the consumer. The most common of these will be where payment is made after the goods or services are delivered, and the supplier seeks some form of surety that at least a credible threat of legal proceedings exists in the event that the consumer does not fulfil his or her side of the bargain.
Another circumstance arises where the supplier is under a compulsion to check the eligibility of the consumer to receive the good or service (e.g. firearms, explosives, government benefits, personal data). In addition, suppliers may seek consumers' identities in order to enable follow-up calls for maintenance, possible safety recall, and marketing purposes.
In the context of the Internet, individuals will have much the same public-key certification techniques available to them as will corporations. These may be designed with more or less attention to the needs of consumers.
There is also a real possibility that an additional element of consumer authentication will be a chip-card bearing the person's private-key, and enabling them to digitally sign electronic documents. Depending on how such a scheme were implemented, this might be the most utterly privacy-intrusive mechanism imaginable, worse by far than the once-mooted Australia Card scheme; or it could be a balanced scheme embodying architectural, procedural and legal features that protect consumers' interests very effectively. Guidance on this topic can be found in Clarke (1996).
When purchases of goods or services are made from a supplier within the same legal jurisdiction as the consumer, there is a reasonable chance that terms and conditions might be able to be enforced, albeit with the assistance of consumer affairs professionals.
With transactions that are conducted remotely, it is quite likely that the consumer and the supplier are in different legal jurisdictions. The likelihood of being able to enforce terms and conditions will therefore be reduced.
This decreased protection will be of greatest concern in the case of high-value and high-impact goods and services, and those which involve a medium- or long-term relationship. This is one of the many reasons that the naively disintermediationist view misses the mark.
A further consideration is that, taking advantage of the more fluid arrangements that are possible in the information age, many suppliers are moving towards a 'virtual organisation' model. This involves a minimal amount of 'core competency' activities being performed by the 'supplier' and a large amount by 'strategic partners', 'associates', 'agents' and 'subcontractors'.
Valuable though this model is proving to be in many different industries, it involves the diffusion of responsibility. The web of related sub-organisations that make up the supplier are dispersed, and may be quite small; and they may be ephemeral as well. Sheeting home responsibility to a legal entity of sufficient substance to be worth pursuing will sometimes be a serious challenge.
The customer's identity is becoming apparent to the supplier in an increasing proportion of transactions. This is arising because of several tendencies, including:
In some contexts, particularly in government, but also in private sector settings such as building access, and toll-roads and -bridges, the nature of human identification methods is changing. From simple mechanisms such as self-nomination of identity, and token-based schemes, there is an increasing tendency towards the use of biometric identifiers. For a comprehensive examination of identification technologies and their implications, see Clarke (1995).
The ready tendency of many organisations to presume that transactions between suppliers and customers need to be identified needs to be challenged.
Throughout the twentieth century, a vast proportion of transactions have been anonymous, including almost all that involved cash, ticket and barter, and many that involved visits to counters and telephone enquiries.
Organisations should be required to justify their need for identity in order to conduct a transaction. Of course there are many settings in which identification is entirely justifiable as a condition of dealing, such as where an organisation or individual would otherwise be unreasonably denied the opportunity to protect their interests (e.g. lending, hiring of employees, and acceptance of a deferred- and non-guaranteed payment instrument such as a cheque).
Another common, and equally unjustified, presumption is that the choice lies between transactions being identified or being anonymous. In fact there is a variety of ways in which transactions can be undertaken pseudonymously, yet still protect the various interests involved.
The essential idea is that the transaction is recorded using a pseudonym, pseudo-identifier, or indirect identifier. An index is maintained between that identifier and the 'real' identity of the individual or organisation concerned. That index is protected by technical, organisational and legal means, such that, in the normal course of events, the identity of the party is not known or even knowable. Subject to such judicially-administered mechanisms as search warrants and sub poena, the link can be made, however, enabling court processes and law enforcement to overcome the privacy protection, when it is established through an appropriate legal process that some other interest overrides the individual's privacy.
Pseudonymous techniques have many applications to consumer transactions. Background information is to be found in Clarke (1993).
Suppliers are gathering increasing quantities of transaction data, and applying long-standing techniques under such new names as 'data warehousing' and 'data mining', in order to extract information from those databases that will assist their marketing and selling activities. There is also a degree of consolidation of databases (e.g. through takeovers within market segments, such as bank mergers; and through rationalisation between industry sectors, as is currently occurring between the banking and insurance industries).
It would be unreasonable to suggest that the gathering of data is of itself an evil thing. Used effectively, it can provide a basis whereby suppliers can satisfy consumers' needs. However it creates enormous potentials for abuse, and these need control. In some circumstances, the potential may be so great that data collection should be precluded (e.g. in relation to treatments for sensitive medical conditions).
The 'loyalty scheme' mania that has been sweeping the corporate world, and has to some extent infected consumers as well, exacerbates the concerns. This is because the schemes generate substantial trails, and because in many cases the data is intended to, or may come to be, shared across multiple organisations participating in the scheme, for purposes that have little to do with the nominal purpose of collection.
Background is available on the general issues in data surveillance and information privacy, and on specific matters such as the range and intensity of data trails that exist and are being created,
Public concern about these issues is quickly increasing. As a result, calls for the imposition of privacy protections are being heeded by legislatures. There is a current initiative in Victoria in association with that Government's electronic services delivery programme, and an initiative at Commonwealth level in relation to the private sector generally.
Transaction data can be used by suppliers as a means of ensuring effective and efficient marketing communications. This is a polite way of referring to the promotion, to individual consumers, of those goods and services that they appear most likely to be interested in buying, at the time, and in the manner, in which their past record suggests is the most propitious from the seller's viewpoint.
The boundary between effective and efficient marketing on the one hand, and consumer manipulation on the other is, unsurprisingly, a matter of serious contention.
A further means whereby large quantities of data can be exploited by suppliers is referred to by the (unfortunately ambiguous) term 'consumer profiling'. This involves the analysis (or 'mining') of large volumes of data in search of hitherto hidden linkages. It can be applied to producing abstract profiles of likely drug-offenders, of adolescents more likely than others to attempt suicide, and of consumer segments more likely to be interested in or susceptible to particular kinds of campaigns. For example, one celebrated instance was the discovery that young married men on the way home from work buy both beer and disposable nappies, and that placing the two products close to one another in a supermarket increased the sales of both.
Clearly, some applications of profiling will have valuable social outcomes, some will have negative impacts, and many will have both. For background on profiling, see Clarke (1993).
The mapping of the human genome, and the vast investment currently being made in research into associations between particular genetic patterns and particular medical and psychological conditions has potentially dramatic consequences for consumers.
One of the most apparent is the use by insurers of individuals' DNA as a determinant of whether they will provide such cover as health insurance and life assurance, and if so at what premiums and with what exclusions.
The 'substance abuse testing' mania that has reached epidemic proportions in the United States appears likely to be closely followed by a 'DNA testing' epidemic. Australia and Australians, both as suppliers and consumers, tend to be a little more sceptical of such fashions than Americans, and to avoid at least the more extreme abuses of consumer rights and of privacy. Nonetheless, attempts can be confidently anticipated to introduce some quite serious impositions on Australian consumers.
This paper has focused on the serious challenges that many of these technologies present to consumer interests. My perspective should not, however, be interpreted as being unduly pessimistic. One reason is that consumer affairs professionals are far from powerless, and can exercise significant influence on the ways in which these technologies are applied, the features that are designed into the products, and the safeguards that are built into the systems that use them.
Another reason for my optimism is that these new technologies also create opportunities for improvements in consumer protection. One aspect is that greatly enhanced communication channels are available for consumers to access supplier information, for consumers and their representatives to share information among themselves, and for consumers and their representatives to communicate with suppliers.
Another example of a potentially positive application of remote-purchasing is for suppliers to demonstrate their commitment to consumer interests (and even to differentiate themselves from their competitors) by committing some micro-margin of their revenues to consumer advocacy organisations.
This could be done as a per-mille of gross revenue; but the scope exists for a more adaptive mechanism. Members of consumer organisations could attach their consumer-organisation affiliation with their orders, creating what is in effect a 'loyalty scheme' approach. Associations would, for their part, identify to their members those suppliers that participate in the scheme.
Few technologies are usable exclusively for evil or exclusively for good. Their impact is generally a result of their potentialities being mediated by social values and processes. It is up to consumers and consumer affairs professionals to ensure that the designers of schemes applying technologies to consumer transactions are cognisant of consumers' interests.
Clarke R. (1992) 'A Contingency Model Of EDI's Impact On Industry Sectors' Journal of Strategic Information Systems, at http://www.rogerclarke.com/EC/AbstractIndySect.html
Clarke R. (1992) 'Extra-Organisational Systems: A Challenge to the Software Engineering Paradigm' Proc. IFIP World Congress, Madrid, September 1992, at: http://www.rogerclarke.com/SOS/PaperExtraOrgSys.html
Clarke R. (1993) 'When Do They Need to Know 'Whodunnit?' The Justification for Transaction Identification; The Scope for Transaction Anonymity and Pseudonymity', at http://www.rogerclarke.com/DV/PaperCFP95
Clarke R. (1993) 'EDI Is But One Element of Electronic Commerce', Proc. 6th International EDI Conference, Bled, Slovenia, June 1993, at http://www.rogerclarke.com/EC/Bled93.html
Clarke R. (1993) 'Profiling: A Hidden Challenge to the Regulation of Data Surveillance', Journal of Law and Information Science 4,2 (December 1993), at http://www.rogerclarke.com/DV/PaperProfiling.html
Clarke R.A. (1993) 'Profiling: A Hidden Challenge to the Regulation of Dataveillance' Int'l J. L. & Inf. Sc. 4,2 (December 1993). At http://www.rogerclarke.com/DV/PaperProfiling.html. A shorter version was published as 'Profiling and Its Privacy Implications' Australasian Privacy Law & Policy Reporter 1,6 (November 1994). At http://www.rogerclarke.com/DV/AbstractProfiling.html
Clarke R.A. (1994) 'The Digital Persona and Its Application to Data Surveillance' The Information Society 10,2 (June 1994). Abstract at http://www.rogerclarke.com/DV/AbstractDigPersona.html
Clarke R. (1994) 'The Information Age as Threat' Address to the Round Table on 'Public Access to Networked Information', National Scholarly Communications Forum (NSCF), Canberra, 13-14 October 1994, at http://www.rogerclarke.com/II/PaperNSCF.html
Clarke R.A. (1994) 'The Path of Development of Strategic Information Systems Theory', at http://www.rogerclarke.com/SOS/StratISTh.html
Clarke R.A. (1995) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (March 1995). At http://www.rogerclarke.com/DV/HumanID.html
Clarke R. (1995) 'Electronic Payment Mechanisms', at http://www.rogerclarke.com/EC/EPMIntro
Clarke R. (1995) 'Issues Arising From Electronic Payment Mechanisms', at http://www.rogerclarke.com/EC/EPMIssues
Clarke R. (1996) 'Regulating the Net', at http://www.rogerclarke.com/II/Regn.html
Clarke R.A. (1996) 'Crypto-Confusion: Mutual Non-Comprehension Threatens Exploitation of the GII' Privacy Law & Policy Reporter 3, 4 (May 1996). At http://www.rogerclarke.com/II/CryptoConf.html
Clarke R.A. (1996) 'Cryptography in Plain Text' Privacy Law & Policy Reporter 3, 4 (May 1996). At http://www.rogerclarke.com/II/CryptoSecy.html
Clarke R. (1996) 'Privacy and Dataveillance, and Organisational Strategy', presented at EDPAC, May 1996, and at http://www.rogerclarke.com/DV/PStrat.html
Clarke R. (1996) 'Trails in the Sand', at http://www.rogerclarke.com/DV/Trails.html
Clarke R. (1996) 'Chip-Based Payment Schemes: Stored-Value Cards and Beyond', at http://www.rogerclarke.com/EC/CBPSBk.html
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 40 million by the end of 2012.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916
Created: 22 September 1996 - Last Amended: 22 September 1996 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/SOS/SOCAP96.html