Introduction

Internet is going through major changes. It is shifted from being a non-commercial network used by scientists and universities for informal information exchange into being a public network used to support commercial transactions. The new uses are very different from the former, and it is unclear what will happen when this extremely open network is used in the new context of commerce. But, having previously been considered uninteresting, it is likely that the introduction of money will be the motivation for criminal activities.

The salient feature of the Internet is it being an open system. Anyone is free to add what components (hardware and software) as he/she wishes. This is one of the most important factors for the public acceptance of the net. Even though most Internet shopping malls and advertising services today are closed, often company specific systems, it seems probable that the most successful market systems of the future will be as open as the net itself.

A major problem with open systems is that there is no easy way for a component to know all the other components. It might be hard or software originating from different companies, or which has to work with components conceived long after its own conception. As is the case for Internet, no central authority keeps track of who is using it and how. An electronic market with a centralised verifying authority that checks and certifies (human and electronic) participants would be a very non-open solution. Instead, we should look for decentralised and open mechanisms that allow participants in a market to know something about other participants. This should be done without having the participants depend on some central authority, but rather it should be accomplished through the interactions of the participants themselves. We call this family of mechanisms social control.

Figure 1: Hard security is vulnerable if someone finds a way to bypass it. Soft security permits anything as long as it is good behaving.

Social control is a more soft security approach than traditional hard approaches such as passwords, program verification, access control, capabilities etc. Hard approaches demand that you are certain that the components work as intended and if they do so, they will provide a waterproof protection from illegal use. Unfortunately hard mechanisms often fail due to unexpected behaviour of some components. This is what hackers exploit when they use bugs in a mail daemon to gain access to a computer. It doesn't matter that the system used a secure password encryption mechanism since it was possible to sneak in elsewhere. Once the hard security system has been passed, everything lays open to the intruder.

Soft security expect and even accept that there might be unwanted intruders in the system. The idea is to identify them and prevent them from harming the other actors. There shall never be a key that uncritically opens up all locks on the system. Social control is therefore a soft security mechanism. An actor is accepted as long as her actions aren't harming anyone else, but if her behaviour changes, she will loose the ability to act, accordingly.

Who will be active in this global open system that we envision? We think that it will be a mix of (human) users and autonomous computer programs. In this paper we use the terminology actor when it is unimportant whether it is a human or a computer program who is acting, and we reserve the term agent for computer programs. There is a difference between how a system of actors and a system of agents can be allowed to function. In a pure agent system we can allow economic mechanisms to remove agents from the system, mechanisms that could be devastating if they were used on real persons. We also use the term agent when we describe related work in agent oriented computing.

We have built a simple market simulation workbench (available on the net [9]) to simplify discovering and analysing potential threats to an open market system and possible remedies in the form of mechanisms for social control.

In the next few sections, we discuss the notion of social control, describe the tool, illustrate threat scenarios, propose possible remedies, and ask questions about the relation between these and the law.

___________________________________________________