Acc 680 Research Seminar in Accounting: Security & Privacy in Electronic Commerce





Welcome

Administrivia

Course Objectives

Catalog Description

An Honest Description

Textbooks/Readings

Requirements

Grading

About Instructor

Student Presentations

Welcome

Welcome to Acc 680, and to the world of electronic commerce. This section of the course is offered for the students in the AIS emphasis in the MS Accounting Program. Others will need to register in the other section. We also assume that you are curious, and passionate in learning about information systems by DOING, i.e., by programming, and not hearing or talking about them. If not, you will be doing yourself a favour by looking elsewhere to cover your semester schedule. If you do continue in the course, we expect you to be deeply committed to the field of information systems, passionate about learning new things, and demonstrate such passion and committment by setting this course (along with Acc 683) at the TOP of your priorities.

During the course of this semester you will have ample opportunity to gain an understanding of the communications, software, and legal infrastructure supporting electronic commerce. You also will have hands-on exposure to auditing in the context of electronic commerce including network penetration audits. We will conduct these tutorials in a safe and sequestered computing environment. You need to be aware that use of any software covered in the course and on the floppy-disk accompanying the texts on ANY computing equipment on campus may be a violation of the university policies, and may even be illegal, and result in your expulsion from the university. Their use off-campus also may be legal only under narrow circumstances, and so you will need to be careful.

You have access to one of the finest stocked (in terms of hardware as well as software) computing facility any where in the Arthur Andersen Laboratory. For the study of network penetration testing and audits, we have arranged hands-on tutorials and exercises at an off-campus facility. Use the labs, and enjoy the course!

TOP

Administrivia

Semester: Spring, 2001
Time: TTH: 4:15 - 7:05 PM
Room: BA 363 (Arthur Andersen Systems Lab)
Instructor: Jagdish S. Gangolly & Kinsun Tam
Graduate assistants:Jongwoo Park
Office: BA 365C
Phone: (518) 442-4949
Fax: (707) 897-0601; (518) 442-3944
Office Hours: M: 2:45 - 4:15 PM. or by appointment
Instructor Homepage: http://www.albany.edu/acc/gangolly
Newsgroup: sunya.class.acc680

Prerequisites:
This course is intended to be taken concurrently with Acc 683. You also are expected to have taken Acc 681 and Acc 682, and therefore are expected to be familiar with the materials on topics such as data structures, discrete mathematics, algorithms, markup languages, to the extent needed and covered in those courses. You are also expected to have background in accounting as well as auditing at least at the level of Intermediate accounting, and the first course in Auditing, and be quite familiar with the fundamentals of controls in accounting systems. You are also expected to be quite familiar with working in the unix environment.


Class Conduct:
The course consists of lectures, solution of problems, short cases, and discussion of late-breaking developments in the field. You are expected to do the readings well ahead of the class. Class time is to be used for the clarification of any doubts that you may have. Do not expect to merely listen to the instructor and gain knowledge. This is a hands-on course, and you are required to demonstrate competence in the topics covered in order to receive an acceptable grade.
Since this course is being offered during the first seven weeks of the semester, it will be quite intensive. We shall be dealing with the communications and software aspects of electronic commerce during the meetings on tuesdays, and on the legal aspects during the meetings on thursdays. The thursday meetings will consist entirely of the study of the latest law review materials dealing with the internet law, laws affecting electronic commerce, intellectual property, privacy & security of data and information.

Arthur Andersen Laboratory Access:
As a graduate student in the Department, you have access to the Arthur Andersen Laboratory. You will need to get from Ms. Lisa Scholz the password to enter the lab. Contact her in BA 365 as soon as possible. Should you have special requirements for software (DBMS servers) or hardware (Windows 2000 Servers) for your projects, let me know, and arrangements will be made. for your access.

TOP

Course Objectives

The main objectives of the course are:

  • To gain an understanding of the technological and communications infrastructure supporting electronic commerce, and its impact on auditing.
  • To gain an understanding of the software infrastructure supporting electronic commerce (including encryption, public key infrastructure, digital signatures, and their integration into internet payment schemes and web commerce), and its impact on auditing.
  • To gain an understanding of the evolving legal infrastructure supporting electronic commerce, and its implications for evidence gathering and auditing.

    • TOP

    Catalog Description

    Intensive reading and research on an approved topic of special interest in the student's field of concentration; a comprehensive report and an oral presentation required.

    TOP

    An Honest Description

    The technological and communications infrastructure supporting electronic commerce, (data communications, networking, value added services, protocols, etc.), its vulnerabilities and impact on auditing. Software infrastructure supporting electronic commerce (including encryption, public key infrastructure, digital signatures, and their integration into internet payment schemes and web commerce), and its impact on auditing. The evolving legal infrastructure supporting electronic commerce, and its implications for evidence gathering and auditing.

    TOP

    Textbooks/Readings

    The main textbooks for the course are:

    {short description of image}
    Network Auditing: A Control Assessment Approach by Gordon E. Smith. ISBN: 0471179752.Publisher: Wiley, John & Sons, Incorporated Pub. Date: March 1999
    {short description of image}
    Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption by Warwick Ford Michael S. Baum. ISBN: 0130272760. Publisher: Prentice Hall. Pub. Date: December 2000
    {short description of image}
    Trust and Risk in Internet Commerce by L. Jean Camp ISBN: 0262032716.Publisher: MIT Press. Pub. Date: November 1999

    In addition, I shall also be using extensive law review materials in the class. from the reading list below:



    Additional Readings:

    The following is a list of law review articles of interest to our themes in the thursday seminar. You should use the guides & annotated bibliographies for your research. We have divided the articles into the following themes: Internet transactions and Internet Fraud; Encryption, Digital Signatures, Trust; Information Security & Privacy; and General & Constitutional Issues.Each student enrolled in the seminar should pick three articles from each section for detailed research, class presentation, and written issues papers.

    • Guides,Annotated Bibliographies:
      • 1 Va. J.L. & Tech. (1997) 6, A Law Student's Guide to the Future of Transactions Over the Internet: A Review of the Digital Signature Guidelines, by Christopher P. Keefe
      • 17 J. Marshall J. Computer & Info. L. (1999) 1043, The Law of Electronic Commerce and Digital Signatures: An Annotated Bibliography, by John R. Austin
    • Internet transactions and Internet Fraud:
      • 49 S.C. L. Rev. (1998) 787, Electronic Commerce on the Internet and the Statute of Frauds, R. J. Robertson, Jr.
      • 72 Tul. L. Rev. (1998) 2203, Is the Internet Participating in Securities Fraud?: Harsh Realities in the Public Domain, by Will Morrow
      • 5 B.U. J. SCI. & TECH. L. (1999) 4, Legal Aspects of Internet Securities Transactions , by Henrique de Azevedo Ferreira Franca
      • 74 Chi.-Kent. L. Rev. (1999) 1055, Updating the Concept of Embodied Rights for Electronic Commerce, by Jane Kaufman Winn
      • 50 Fla. L. Rev. (1998) 295, Cyberlaundering the Risks, The Responses, by Sarah N. Welling, Andy G. Rickman
      • 21 Fordham Int'l L.J. (1998) 799, Encrypted Digital Cash Transfers: Why traditional Money Laundering Controls may Fail Without Uniform Cryptography Regulations, Christopher D. Hoffman
      • 11 Harv. J. Law & Tec (1998) 733, How to Encourage Global Electronic Commerce: The Case for Private Currencies on the Internet, Kerry Lynn Macintosh
      • 1999 COLUM. BUS. L. REV. 165, Taming the Frontier?: An Evaluation of the Sec's Regulation of Internet Securities Trading Systems, by Andrew R. Thompson
      • 47 Emory L.J. (1998) 1, The Future of Corporate Disclosure: The Internet, Securities Fraud, and Rule 10b-5, by Robert A. Prentice
      • 22 Fordham Int'l L.J. (1998) 612, You Can Not Fight What You Can Not See: Securities Regulation on the Internet, by David M. Cielusniak
      • 37 Am. Crim. L. Rev. (2000) 207, Computer Crimes, by Laura J. Nicholson, Tom F. Shebar and Meredith R. Weinberg
      • 36 Am. Crim. L. Rev. (1999) 397, Computer Crimes, by Michael Hatcher and Jay McDannell and Stacy Ostfeld
      • 11 Harv. J. Law & Tec (1998), How to Encourage Global Electronic Commerce: The Case for Private Currencies on the Internet, byKerry Lynn Macintosh
      • 10 Harv. J. Law & Tec (1997) 321, Coins, Notes, and Bits: The Case for Legal Tender on the Internet, by Joshua B. Konvisser
      • 22 Rutgers Computer & Tech. L.J. (1996) 1, Legal and Technological Infrastructures for Electronic Payment Systems, by Henry H. Perritt, Jr.
      • 49 S.C. L. Rev. (1998) 739, Couriers Without Luggage: Negotiable Instruments and Digital Signatures, by Jane Kaufman Winn
      • 12 Harv. J. Law & Tec (1999) 263, The Internet and Its Challenges for the Future of Insider Trading RTegulation, Robert A. Prentice
      • 22 Hastings Comm. & Ent. L.J. (1999) 97, When Cyberspace Meets Main Street: A Primer for Internet Business Modeling in an Evolving Legal Environment, by Christopher Paul Boam
      • 26 Rutgers Computer & Tech. L.J. (2000) 215, Adapting Contract Law to Accommodate Electronic Contracts: Overview and Suggestions, Donnie L. Kidd, Jr. and William H. Daughtrey, Jr.
      • 53 SMU L. Rev. (2000) 1395, Legal XML and Standards for the Legal Industry, Winchel "Todd" Vincent, III
      • 53 SMU L. Rev. (2000) 1431, Interpretation and Standardization in Electronic Sales Contracts, Clayton P. Gillette
      • 53 SMU L. Rev. (2000) 1477, Making XML Pay: Revising Existing Electronic Payments Law to Accommodate Innovation, Jane K. Winn
      • 85 Va. L. Rev. (1999) 1447, Is the Statute of Frauds Ready for Electronic Contracting?, Shawn Pompian
    • Encryption, Digital Signatures, Trust:
      • 45 UCLA L. Rev. (1998) 1805, Internet Commerce and the Meltdown of Certification Authorities: Is the Washington State Solution a Good Model?, by Lonnie Eldridge
      • 34 San Diego L. Rev. (1997) 1225, Legislating Market Winners: Digital Signature Laws and the Electronic Commerce Marketplace, by C. BRADFORD BIDDLE
      • 49 S.C. L. Rev. (1998) 739, Couriers Without Luggage: Negotiable Instruments and Digital Signatures, by Jane Kaufman Winn
      • 15 J. Marshall J. Computer & Info. L. (1997) 703, Notaries Public - Lost in Cyberspace, or Key Business Professionals of the Future?, by Michael L. Closen , R. Jason Richards
      • 17 J. Marshall J. Computer & Info. L. (1999) 723, Moving with Change: Electronic Signature Legislation as a Vehicle for Advancing E-Commerce, by Thomas J. Smedinghoff & Ruth Hill Bro
      • 17 J. Marshall J. Computer & Info. L. (1999) 769, Electronic Document Certification: A Primer on the Technology Behind Digital Signatures, by David L. Gripman
      • 17 J. Marshall J. Computer & Info. L. (1999) 833, Document Authentication in Electronic Commerce: The Misleading Notary Public Analog for Digital Signature Certification Authority, by John C. Anderson & Michael L. Closen
      • 7 CommLaw Conspectus (1999) 297, The ABA's Digital Signature Guidelines: An Imperfect Solution to Digital Signatures on the Internet, by Edward D. Kania
      • 17 J. Marshall J. Computer & Info. L. (1999) 873, The Utah Digital Signature Act as "Model" Legislation: A Critical Analysis, by R. Jason Richards
      • 46 Am. U.L. Rev. (1996) 511, International Harmonization In Electronic Commerce and Electronic Data Interchange: A Proposed First Step Toward Signing On the Digital Dotted Line , by Randy V. Sabett
      • 17 J. Marshall J. Computer & Info. L. (1999) 1003, A Proposed Code of Professional Responsibility for Certification Authorities, by Dina Athanasopoulos-Arvanitakis & Marilynn J. Dye
      • 17 J. Marshall J. Computer & Info. L. (1999) 723, Moving with Change: Electronic Signature Legislation as a Vehicle for Advancing E-Commerce, by Thomas J. Smedinghoff & Ruth Hill Bro
      • 22 Rutgers Computer & Tech. L.J. (1996) 1, Legal and Technological Infrastructures for Electronic Payment Systems, by Henry H. Perritt, Jr
      • 75 Or. L. Rev. (1996) 49, The Essential Role of Trusted Third Parties in Electronic Commerce, by A. MICHAEL FROOMKIN
      • 17 J.L. & Com. (1997) 53, From Clipper Ships to Clipper Chips: The Evolution of Payment Systems for Electronic Commerce, by Janine S. Hiller and Don Lloyd Cook
      • 49 Fed. Comm. L.J. (1997) 701, Regulating Electronic Money in Small-Value Payment Systems: Telecommunications Law as a Regulatory Model, by Randall W. Sifers
      • 14 Berkeley Tech. L.J. (1999) 675, Clash of the Titans: Regulating the Competition between Established and Emerging Electronic Payment Systems, by Jane Kaufman Winn
      • 14 Berkeley Tech. L.J.(1999) 463, Recent Developments in Digital Signature Legislation and Electronic Commerce, By Kalama M. Lui-Kwan
      • 52 Stan. L. Rev. (2000) 1251, Hardware-Based ID, Rights Management, and Trusted Systems, Jonathan Weinberg
    • Information Security & Privacy:
      • 69 S. Cal. L. Rev. (1996) 949, Uncertain Privacy: Communication Attributes After the Digital Telephony Act , by Susan Freiwald
      • 24 S. Ill. U. L. J. (2000) 201, The Illinois Electronic Commerce Security Act: Too Much Too Soon or Too Little Too Late?, by Martin I. Behn
      • 50 Stan. L. Rev. (1998) 1193, Information Privacy in Cyberspace Transactions, by Jerry Kang
      • 13 Computer & High Tech. L.J. (1997) 217, The Future of Internet Security: How New Technologies will Shape the Internet and Affect the Law , by William A. Hodkowsk
      • 6 Rich. J.L. & Tech. (1999) 2, Database Protection in a Digital World, by Mary Maureen Brown and Robert M. Bryan and John M. Conley
      • 4 J. Tech. L. & Pol'y (1999) 1, With Nowhere to Hide: Workers are Scrambling for Privacy in the Digital Age, by Rod Dixon
      • 17 J. Marshall J. Computer & Info. L. (1999) 909, Potential Liability under the Illinois Electronic Commerce Security Act: Isw it a Risk Worth Taking?, by Stephen G. Myers
      • 8 Alb. L.J. Sci. & Tech. (1997) 65, Communications Privacy in the Digital Age: Revitalizinhg the Federal Wiretap Laws toi Enhance Privacy, by James X. Dempsey
      • 3 B.U. J. SCI. & TECH. L. 4, Financial Services: Security, Privacy, and Encryption , by Thomas W. Cashe
      • 18 J. Marshall J. Computer & Info. L. (1999) 1, Global Trends in Privacy Protection: An International Survey of Privacy, Data Protection, And Surveillance Laws and Development, by David Banisar and Simon Davies of Privacy International
      • 34 San Diego L. Rev. (1997) 1153, Lost and Found in Cyberspace: Informational Privacy in the Age of the Internet, Susan E. Gindin
      • Stan. Tech. L. Rev. (1999 ) 1, Controlling Chaos: The Emerging Law of Privacy and Speech in Cyberspace, by Eric J. Sinrod and Barak D. Jolish
      • 77 Wash. U. L. Q. (1999) 461, Financial Privacy and the Theory of High-Tech Government Surveillance, by Peter P. Swire
      • 5 B.U. J. SCI. & TECH. L. (1999) 5, Marginalizing Individual Privacy on the Internet, Deborah M. McTigue
      • 88 Calif. L. Rev. (2000) 1507, The Licensing of Our Personal Information: Is It a Solution to Internet Privacy?, Kalinda Basho
      • 67 U. Cin. L. Rev. (1999) 779, Electronioc Money, Internet Commerce, and the Right to Financial Privacy: A Call for New Federal Guidelines, Bryan S. Schultz
      • 34 U.S.F.L. Rev. (2000) 633, Our Data, Ourselves: Privacy, Propertization, and Gender, By Ann Bartow
      • 52 Stan. L. Rev. (2000) 1315, Resolving Conflicting International Data Privacy Rules in Cyberspace, Joel R. Reidenberg
      • 52 Stan. L. Rev. (2000) 1461, The Death of Privacy?, A. Michael Froomkin
      • 52 Stan. L. Rev. (2000) 1125, Privacy As Intellectual Property?, Pamela Samuelson
      • 74 Wash. L. Rev. (1999) 1033, Opting In, Opting Out, or No Options at all: Thye Fight for Control of Personal Information, Jeff Sovern
    • General and Constitutional Issues:
      • 85 Va. L. Rev. (1999) 1163, Application-Centered Internet Analysis, by Timothy Wu
      • 75 Wash. U. L. Q. (1997) 779, Securities Regulation in an Electronic Age: The Impact of Cognitive Psychology, by Robert B. Thompson
      • 75 Wash. U. L. Q. (1997) 857, The Fundamentals of an Electronic-Based Federal Securities Act, by James D. Cox
      • 4 Wm. & Mary Bill of Rts. J. (1996) 1165, Freedom to Speak Unintelligibly: The First Amendment Implications of Government Controlled Encryption, by Jill M. Ryan
      • 148 U. Pa. L. Rev. (2000) 673, A Riff on Fair Use in the Digital Millenium Copyright Act, by David Nimme
      • 15 J.L. & Com. (1996) 395, Regualation and Computing and Information Technology, Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Databases, A. Michael Froomkin
      • 36 Am. Crim. L. Rev. (1999) 397, Computer Crimes, by Michael Hatcher and Jay McDannell and Stacy Ostfeld
      • 22 Dalhousie L.J. (1999) 190, Spirits in the Material World: Intelligent Agents as Intermediaries in Electronic Commerce, by Ian R. Kerr
      • 26 Fla. St. U.L. Rev. (1999) 285, The Changed (and Changing?) Uniform Commercial Code, by Larry T. Garvin
      • 33 Gonz. L. Rev. (1998) 417, The Pandora's Box of Cyberspace: State Regulation of Digital Signatures and the Dormant Commerce Clause, by John P. Tomaszewski
      • 10 Harv. J. Law & Tec (1997) 465, Why the Police Don't Care about Computer Crime, by Marc D. Goodman
      • 113 Harv. L. Rev. (200) 1131, Cyber-Race, by Jerry Kang
      • 65 U. Chi. L. Rev. (1998) 1199, Against Cyberanarchy, by Jack L. Goldsmith
      • 63 U. Chi. L. Rev. (1996) 761, Property in Cyberspace, by Harold Smith Reeves
      • 26 Rutgers Computer & Tech. L.J. (2000) 215, Adapting Contract Law to Accommodate Electronic Contracts: Overview and Suggestions, by Donnie L. Kidd, Jr. and William H. Daughtrey, Jr.
      • 34 San Diego L. Rev. (1997) 1263, The Legal Architecture of Virtual Stores: World Wide Web Sites and the Uniform Commercial Code, Walter A. Effross
      • 14 Berkeley Tech. L.J. (1999) 503, The Legal and Policy Framework for Global Electronic Commerce: A Progress Report, By Kalama Lui-Kwan * and Kurt Opsahl
      • 14 Berkeley Tech. L.J. (1999) 635, Progressing Towards a Uniform Commercial Code for Electronic Commerce or Racing Towards Nonuniformity?, By Maureen A. O'Rourke
      • 6 B.U. J. SCI. & TECH. L. (2000) 1, The Challenges of Law in Cyberspace - Fostering the Growth and Safety of E-Commerce, Commissioner Mozelle W. Thompson, Federal Trade Commission
      • 21 Cardozo L. Rev. (1999) 121, Muddy Rules for Cyberspace, Dan L. Burk
      • 12 Harv. J. Law & Tec (1999) 419, The Markerplace vs. The Ideas: The First Amendment Challenges to Internet Commerce, By Todd G. Hartman
      • 113 Harv. L. Rev. (2000) 1131, Cyber-Race, Jerry Kang
      • 61 Mont. L. Rev. (2000) 77, Legal Audits for E-Commerce Ventures, Richard C. Bulman, Jr., Esq. and Jorge R. Gutierrez, Esq.
      • 25 Yale J. Int'l L. (2000) 1, Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U.S. Privacy Standards, Gregory Shaffer

    TOP

    Requirements

    The classes will consist of lectures, discussion of cases, hands-on network penetration studies, and some programming exercises. You also will be making individual oral presentation of your review of cases and articles, submitting written issues reports, and a substantial term paper that you'll present at the end of the course.

    TOP

    Grading

    Being a seminar, this is a S/U graded course. To obtain an S grade in the course, you will need to participate adequately in the course lectures, make oral presentations, as assigned, submit written issues reports, and a substantial term paper.

    • Oral Presentations: You will need to make a 20 minutes class presentation on each article you have chosen for research.
    • Issue Reports: For each article, you will need to submit a four page written report summarising the main issues discussed in the article, the seminal literature & land-mark cases for each issue.
    • Term paper: The term paper must deal with a substantive issue related to the course content, or a substantial programming project related to security, privacy, or audits of complex systems.

    Student Presentations

  • Calabro: Presentation 1
  • Curtin: Presentation 1 Presentation 2 Presentation 3 Presentation 4 Presentation 5 Presentation 6 Presentation 7
  • Lohr: Presentation 1 Presentation 2
  • Nellegar: Presentation 1 Presentation 2
    •

    TOP

    Updated on December 12, 2000 by Jagdish S. Gangolly and Kinsun Tam.