9. Economics and Ecommerce
For a very utopian view of ecommerce and encryption, you might want to read the novel Cryptonomicon by Neal Stephenson; this book also has some entertaining World War II history, especially of the war in the Philippines, of course mixed in with some even more entertaining fiction.
This course takes the view that neo-classical economics is an extremely oversimplified theory which does not take account of many very important factors (such as depletion human and natural resources) and which often yields incorrect results, but which nonetheless has a strong intuitive appeal. In these respects it is much like technological determinism; however, it is better than technological determinism in that its way of thinking is interesting and potentially valuable.
Dan Geer, in Risk Management is where the Money is, draws the distinction between risk and security, and argues that the key concept is risk, not security, even though the computer science community has concentrated almost exclusively on security (encryption, etc.). This point can be illustrated by some facts from a more familiar mediator of commerce, the credit card. Security is actually fairly low, as it is easy to get someone else's credit card number, and identities are not very carefully checked in most outlets, and not at all over the internet. The usual agreement between the cardholder and the card issuer involves a bank that accepts all risk except the first $50, which the cardholder must accept. The system works well because the delay involved in finalizing the transaction lets the cardholder confirm transactions by default (if you do nothing, the transaction is accepted). Credit cards would not work if the risk were not dealt with in some way that was at least as effective as this. The situation for ecommerce is similar: most book buyers prefer to deal with some well established company like amazon.com rather than assume the (perceived) higher risk of a less well known firm, even though they know that they are likely to pay a slightly higher cost for this risk reduction.
It is interesting to compare the ISHTAR Medical Database Security Guidelines with the material usually found in books on computer security. These very pragmatic guidelines were designed for the administrators of hospital databases in European countries, and are based on real experiences with such databases, often of an unfortunate nature. Encryption is not even mentioned, but several standard software engineering practices are highlighted.
The paper The Multiple Bodies of the Medical Record, by Marc Berg and Geoff Bowker is a beautiful application of ANT to the work done by medical records in hospitals in the UK national health system (it is also another example of a paper with a bad pun in its title). We can summarize the topics of this paper by the following table:
|human body||human body|
|body politic||body politic|
The medical record contains at least the following major sections:
It is interesting to contrast the Berg & Bowker paper with the material on the Data Fusion for the Multi-media Medical Database website of the Fraunhofer Center, which takes an almost totally technology-based approach - the exception is some lip service to meeting its technical goals "in a way that reduces stress, uses the physician's time more effectively, and increases communication with the patient." It is difficult to see how the third goal can be met by imposing yet another layer of computer mediated interaction, and I would predict that this project will encounter (or has already encountered) major problems if its software is deployed in real situations.