Review chapter for the New Economy Handbook (Jones, ed.), in press
Privacy and Security Issues in E-Commerce
Mark S. Ackerman and Donald T. Davis, Jr.
Privacy – the control over one’s personal data – and security – the attempted access to data by
unauthorized others – are two critical problems for both e-commerce consumers and sites alike.
Without either, consumers will not visit or shop at a site, nor can sites function effectively
without considering both.
This chapter reviews the current state of the art and the relevance for
privacy and security respectively.
We examine privacy from social psychological, organizational,
technical, regulatory, and economic perspectives.
We then examine security from technical,
social and organizational, and economic perspectives.
Privacy is a serious issue in electronic commerce, no matter what source one examines.
 reported "Forty-one percent of Web buyers surveyed last year by Forrester Research of
Cambridge, Mass., said they have contacted a site to be taken off their databases because they felt
that the organization used their information unwisely. (pp. 20-21).”
A Business Week/Harris Poll
found that over forty percent of online shoppers were very concerned over the use of personal
information, and 57% wanted some sort of laws regulating how personal information is collected
and used [Harris Poll 2000].
Similarly, Culnan  argued that privacy concerns were a
critical reason why people do not go online and provide false information online.
Why this concern about privacy?
The answer is simple.
As of 1998, the FTC found that the
majority of online businesses “had failed to adopt even the most fundamental elements of fair
information practices. ([Culnan 2000], p. 8).”
Indeed, relatively few consumers believe that they
have very much control over how personal information, revealed online, is used or sold by
businesses [Culnan and Armstrong 1999].
The combination of current business practices,
consumer fears, and media pressure has combined to make privacy a potent problem for
Tackling privacy, however, is no easy matter.
If nothing else, privacy discussions often turn
heated very quickly.
Some people consider privacy to be a fundamental right; others consider it
to be a tradable commodity.
Detailed arguments about the historical progression of privacy can
be found, for example, in [Davies 1997] and [Etzioni 1999].
(Even these historical accounts
have sharply differing viewpoints.
For example Etzioni argues that privacy is societally
illegitimate or infeasible, while Davies argues that it has become a squandered right.)
purposes of this article, we will explore the potential space of privacy concerns, not privileging
any particular viewpoint.
In our view, both consumers and businesses may have legitimate
viewpoints, sometimes conflicting.
This is in the nature of most societal issues.
We also restrict
ourselves to the privacy issues that accrue in electronic commerce; we omit, for examples, the