1 2 3 4 5 6

money's worth. As the Net continues to grow and evolve, people will have more and more at stake, personally, professionally, and financially; the more there is at stake, the more necessary third parties will be for such familiar functions from the real world as authentication, verification, and credit checking.

A. Michael Froomkin, who has written several papers on the legal problems posed by the Net, says, "I think there are going to be a lot of things that you wouldn't do in your right mind without a middleman."[1] He sees these middlemen as enablers.

As Froomkin points out in his paper "The Essential Role of Trusted Third Parties in Electronic Commerce,"[2] third parties are already setting up shop in the area of authentication and verification: certifying a company or personal digital signature--essentially, notary services for the Net--or verifying for a vendor that your digital wallet is good for the $4.50 you want to spend (that latter function is designed into most digital cash schemes). Credit card companies are also scrambling to figure out how they could handle microbilling, that is, charging tiny amounts--a tenth of a cent, say, to pick up the tennis results every day, or a nickel to listen to a radio program. A lot of sites would love to implement something like this, but no one's quite figured out how yet because transaction costs are too high. Microbilling would open a lot of commercial possibilities for electronic content beyond the current models, which are generally limited to subscription, advertising sponsorship, and no-charge. With microbilling, you could charge someone as little as a fraction of a penny to, say, use a special font just once in a document being formatted.[3] A 1996 Forrester Group report predicts the rise of Internet transaction brokers,[4] whose function would be to consolidate these purchases into a single bill--also a possible future role for the traditional online services, especially CompuServe, which has long had structures in place to aggregate charges, albeit somewhat larger ones.

The W3 Consortium, which guides the development of the Web from its home base at the Laboratory of Computer Science at MIT, has drafted a proposed standard for microbilling called the Micro Payment Transfer Protocol. In the draft, a third-party broker would keep accounts for both the customer and the merchant.[5]

Other payment systems take different approaches, but all involve the intervention of third parties in one way or another.[6] The SET (Secure Electronic Transaction) standard, developed by companies like MasterCard, Visa, and IBM, adds a layer of security for both parties of a transaction using existing credit card accounts and banks. Credit card users don't give participating merchants actual credit card numbers, but rather identifiers that the merchant can present for verification to the bank, which also dispenses a certified receipt to the purchaser. The first trials using SET began in January 1997, when the combination of MasterCard, IBM, and Danish Payment Systems opened their doors to between 500 and 1,000 customers in Denmark.

Also based on existing financial services is CyberCash, which allows a user to select from a list of already registered credit cards and authenticates the transaction for both merchant and customer, also certifying the agreement of both merchant and customer to the exact details of the transaction. A CyberCoin system, available only in the United States in early 1997, gives customers an electronic wallet from which smaller amounts--under ten dollars--can be spent.

Financial third parties are only the beginning. The many proposals for key escrow (or "key recovery," as Clinton dubbed it in his December 1996 policy announcement) will require trusted third parties to store and manage cryptographic keys. Even if key escrow doesn't become an international regulatory requirement, there are so many good reasons to escrow keys that there is going to be demand for those services.

Placing large numbers of cryptographic keys--which in a digital world will be our identities--in the hands of trusted third parties is going to create a new set of institutions with the kind of power and responsibilities currently associated with