Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Marta A.Tomovska]

Dear GKD Members,

This discussion on cyber-security and e-commerce is a very crucial and
immediate one for us in Macedonia.

I work with Unet, the first ISP in Macedonia, which currently serves
more than 15,000 customers with Internet connectivity services, more
than 1,000 customers with web design, development and maintenance
services, and more than 1,000 customers for Domain registration
services.

We are registering domains for our customers under the .mk extension and
also top level domains under .com, .net, .org, .biz extensions. To
register the top level domains we are using the services of a few American
companies' websites like Secureserver.net, Securepaynet.net,
Cheap-DomainRegistration.com, Domain-name-store.com, Registrar.host.net,
Turbosales.com, Searchhostdirectory.com, Domainlinks.com,
Virtualvision.net, Domains.compuweb.com etc.

We are paying these organizations for domain registration for periods of
at least 1 year. For that period of time, we are supposed to have access
to our registered domains in order to manage them, renew them, change
their DNS's etc.

In June of this year, when we tried to log into
Cheap-DomainRegistration.com, we have noticed that we cannot access
their login page. We sent an e-mail to their support team, but there was
no reply. Then we used our hotmail e-mail account and we received the
following answer:


> Thank you for writing customer support. We are unable to process
> transactions originating from the following countries: Bulgaria,
> Indonesia, Malaysia, Nigeria, Pakistan, Romania, Vietnam, Ghana,
> Macedonia
> 
> Also, the US Government asks that we do not conduct business with these
> nations: Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria
> 
> If your credit card is from one of these countries, or if you reside in
> any of these countries, you will not be able to view or complete a
> purchase from our website. I apologize for any inconvenience this may
> cause you. We recommend either using a connection that does not use a
> local IP address (such as through a internet cafe for example), or
> contact a trusted party outside of your area to log in and approve
> domain name transfers to move your domain to a registrar that you can
> access. 
> 
> Regards,
> 
> Nick P.
> Customer Service
> 480-624-2500


This is not just an isolated case. Please check what yahoo says:
http://store.yahoo.com/vw/warsigoffrau.html

It is evident that Macedonia is blacklisted and anyone with a Macedonian
IP address is blocked from access to all the above and many more
commercial websites.

There are many problems and issues of lack of fairness related to this
situation. One of the problems is that we -- and our customers as well
-- are not receiving the services we and they have paid for.

An additional problem is that there is no chance to re-register already
registered domains with another company, so a number of Macedonian
websites will become unavailable on the net very soon!

And of course, the worst and biggest problem is that we have restricted
access to the global network and therefore, are not able to have fast
information exchange with the world, which, if added to the current
situation on the Macedonian Internet market (raised prices for telephony
services from the Incumbent monopoly fixed line provider), will keep us
in the dark age.

While doing some investigation on the net covering this problem, I have
found one very interesting reading at the following address:

I recommend you to check it!

Perhaps the worst part of this terrible problem is that we are working
tremendously hard here in Macedonia trying to build our country's
economy. We are a small country and our economic future depends on our
becoming part of the global economy. We have apparently been accused of
not having enough cyber-security but it is as though the entire country
is accused and punished for cyber-fraud! I can assure you that if there
is any type of cyber-fraud from Macedonia it is far, far smaller than it
is in any developed country. We are accused but there is no way for us
to clear our name! The accusation just floats around the world on the
Internet and there is no judge or jury or even global administrative
body who we can appeal to and prove our innocence and regain our right
to enter into e-commerce with all the other nations. There is no process
or procedure we can take (that we know of) that will let us fight this
blacklist and clear our name!  After everything we have been through in
the past decade, this is a terrible blow to us and our hopes for
building our economy.

Finally, we have a message for anybody concerned with this problem or
who has a good will and belief in our country's potential. Please,
please help us by lobbying to the responsible instances or institutions
in the world to delete Macedonia from the IP blacklists. Let us know
what information you need to help us clear our name and b

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Cornelio Hopmann]

Dear Colleagues,

(1) Commerce at a distance with shortened transaction-times, was well
started about 150 years ago by an invention called the "Telegraph" and
the respective world-wide network.

(2) May I recall that the very Credit Card (as handsome substitute for
the much older Credit Letter) was originally invented to allow
separation of buying and paying.

(3) May I again recall that trustworthy merchant-agents as middlemen
appear centuries ago to allow for advanced/delayed partial payments.

(4) May I finally recall, that countries branded as "unsafe" for
e-commerce are normally already branded as "unsafe" for any commerce at
a distance or with delayed/advanced payments (I don't know of any
exception).

Corollary: countries are branded as "unsafe" for commerce normally and
mostly not for the lack of laws, regulations, standards, certificates or
whatever but for the lack of law-enforcement.

I do doubt that a public sector unable or unwilling or not ready to
implement unbiased and timely law-enforcement on ordinary subjects will
do so with respect to eCommerce, which renders laws, regulations,
standards, certificates or whatever for eCommerce simply and plainly
"useless".


Yours truly,

Cornelio



On Thursday, September 30, 2004, Sam Lanfranco wrote:

> The hallmark of e-commerce is that it involves a transaction that takes
> place across time and space, and in the first instance involves a
> virtual transaction (the order, the payment, etc.) with the good or
> service to follow. This is in contrast to a commerce transaction at a
> time and a place, where frequently the produce is examined (book,
> appliance) and received or consumed (food, parking) at the time of the
> purchase.
> 
> It comes as no surprise that fraud artists try to take advantage of this
> temporal and spatial distance to engage in deception. In the past the
> same has been done via postal service, telephone service, fax, and any
> transactions venue where there is a degree of seperation between the
> perpetrator and the intended victim. Scams and fraud can go in both
> directions, with either the buyer or the supplier as the victim. For
> developing and transition economies, newly emerging on the global
> economic stage, the larger victim is the growth of their e-commerce
> sectors.
> 
> However, what is different about e-commerce is that the distances can be
> greater but the speed of transactions is faster. This has a negative
> side, but it also has a positive side. The negative side is that it is
> harder for the client (consumer, buyer, etc.) to carry out due diligence
> with respect to the integrity of the supplier, and it is harder for the
> supplier to prove (or build) a reputation for trust and integrity. Both
> factors cause reluctance on the part of potential clients and stiffle
> the growth of the e-commerce sector.

..snip...





This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and Human Rights

[Fola Odufuwa]

Dear Colleagues,

Richard Downing's contributions on the subject of anonymity made very
interesting reading. In Nigeria, as in much of Africa, secure,
nationally acceptable, authenticated identification for individuals
(both for private, business and regulatory purposes) in the real world
is highly undeveloped. Matching individuals to fixed locations for
transaction purposes is well near impossible in the near term for many
developing nations, making the question of web world identities for real
world peoples even more complex. The populations of Africa, to a large
extent and in many respects, are mobile and culturally nomadic, both in
the cities and in the villages.

Even if it where possible to identify and match a specific web
transaction to an online personality, how then will you match that
online figure to his (non-existent) real world database? If real world
identities can be changed or even recreated (for any number of reasons),
how would you be able to link the transactions (positive or negative) on
the Internet to the real world people behind them?

Regards,
Fola Odufuwa
ED

--
eShekels Limited
West Africa Office
13th Floor, Left Wing
Nigeria Stock Exchange House
2/4 Customs Street 
Lagos, Nigeria
Tel: +234-1-8116899
Fax: +234-1-2642852
Web: www.eshekels.com 
__



On Monday, September 27, 2004, Richard Downing wrote:

> I wanted to comment on the discussion of anonymity & security.
> 
> I would like to suggest that the question is really quite nuanced, not a
> black and white issue.

> The question of anonymity is a difficult one, and one that we have not
> quite worked out in our own society. There are certainly some things
> that we agree people should be able to do anonymously (pay for things
> with cash), and others that shouldn't be done anonymously (driving a
> car, opening a bank account).

   ...snip...

> It should also be clear that we, as a society, have long since decided
> that it is a necessary power of the government -- with appropriate
> restrictions and safeguards -- to have the authority to intercept
> communications.

> I would also like to point out that "anonymity" is a relative term that
> takes into account a broad spectrum of activities or regulations. For
> example, I understand that in order to obtain an Internet account in
> Australia, you need to provide certain sorts of proof of identity (as
> you would when applying for a driver's license). There is also the
> question of how much traffic information Internet service providers
> retain, as this information can, in many cases, allow the identification
> of the source of communcation after the fact. There are also questions
> of how to deal with wireless networks or Internet cafes that are open
> for use by anyone without any authentication or identification. There
> are lots of policy choices that law makers and Internet engineers can
> make that serve to increase or decrease anonymity.
> 
> Finally, it is worth noting that the primary problem with solving all
> sorts of Internet crime -- from hacking credit card databases to sending
> child pornography over the Internet to using the Internet to communicate
> with terrorists -- is identifying the perpetrator. Very often WHAT has
> occurred is fairly clear, but figuring out WHO the person is is the most
> difficult part. Without the ability to identify the perpertrator, there
> is no way to deter this conduct or bring those responsible to justice.





This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Leo D. Waters]

Dear GKD Members,

Based on its sheer size and endowed resources, Nigeria is a power house
of economic gain for determined investors (locally and internationally).
However, economic frauds are rife in the country's system as it seems to
have become a culture to conduct business dubiously. Also, the growth of
Internet use verges on exponential.

On the flip side however, this presents vast opportunites for economic
security providers to establish credible measures to make e-commerce a
truly safe medium to conduct transactions in Nigeria. Is anyone really
looking into this? I'd like to help.


Leo Waters


=

Best regards & God bless,

Leo D. Waters
Tel: +234(0)805.506.7103, or +234(0)802.338.1628




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[L Sharkovski]

Dear GKD Colleagues,

I think perhaps some on the GKD list have missed the problem that my
compatriot in Macedonia is describing. The point, for us at least, is
not that there is rampant cyber-criminality in Macedonia that the
government has failed to prevent. The point is that it is just as safe
to buy from Macedonia, or sell to Macedonians online, as it is from any
other country. Yet the organization Exportbureau.com has alleged that
there are online fraud schemes based in Macedonia and has placed
Macedonia on their list of Suspect Shipping or Contact Addresses. There
is no contact address or information listed on THEIR website, so it is
extremely difficult to determine who this group is and where they reside
(although, after some research, we believe they reside in Taiwan). 

Yet computer fraud has been part of the Macedonian Criminal Code since
March 2004. Perhaps even more importantly, the fact is that companies in
Macedonia use the same cyber-security systems as every other company in
the world. I own a major firm in Macedonia that provides e-commerce
solutions to our customers, as well as web portals, online databases,
etc. We don't build our own security systems - we use worldwide
standard systems. For example we use standard Visa and Mastercard
online security systems, and have been using them for four or five years
and have never had a single problem. The point is that when we buy
something online, or someone from another country buys from us, we are
all using the same system -- with the same level of security.

It is bitterly ironic that Macedonia -- a very small country with
relatively low cyber-density compared with the industrialized countries
in Western Europe and the US -- is accused of being major sources of
cyber-fraud. In a world of cyber-criminality, what percentage of that is
Macedonian? I will tell you: Zero.

Yet our companies are shut off from access to major e-commerce channels.
So it is not an issue of lack of laws or lack of enforcement. It is an
issue of too much power in the hands of groups that seem to be informal
arbiters of which countries are "secure" enough for e-commerce.
Furthermore, they are completely inaccessible and unaccountable. They do
not reply to our requests for evidence of their accusation. And there is
no way for us to counter their accusation other than trying to publicize
our security through discussions like this one. It is difficult for us
to convey how frustrating and damaging this situation is for us. In
many ways, this type of baseless accusation, which harms our economy, is
just as lawless as the accusation they are making.

We all -- but especially developing countries -- definitely need an
international formal, clear procedure for establishing national
cyber-security credentials, so that all countries have a rational,
accessible way to make it clear that they are secure, and can provide
assurances to their suppliers and customers that they are safe places to
do business with online.


L Sharkovski
Einsof
Macedonia
<[EMAIL PROTECTED]>




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org