Integrity of forms

[Ross Anderson]

Nick: 

> Has anyone come across the use of cryptography to assure the integrity of a
> form for completion in this way?  It could be a quite widespread e-commerce
> requirement.

We have a system in which you can protect the integrity of style sheets,
so that for example someone filling out an electronic cheque would
automatically end up with something which would satisfy the legal
requirements under the Bills of Exchange Act (assuming of course that 
the style sheet were competently designed). Further information at
http://www.cl.cam.ac.uk/~jhl21/jikzi-cpw/

Ben Laurie:

> What really needs to happen, I'd say, is for there to be agreed ways to
> deliver forms to the punters and for them to be able to fill them in and
> sign them without major hassle, and without screwing around with the
> "fixed" parts of the form.

Unfortunately, browsers already support this. That's why you can't buy a
book from Amazon without giving them a phone number. This is actually a
serious erosion of consumers' rights compared with the world of paper,
where if you send in an order with a cheque but leave the `phone' part of
the form blank (or write `NOYB') the chances are that the order will get
processed.

Incidentally, the Data Protection Registrar, to whom I complained about
Amazon, has taken the view that what they do is fine. I am increasingly
concerned about the plan to appoint her Information Commissioner too. A
commissioner who won't stand up for the rights of the little guy against
big guns such as Amazon or the Department of Health isn't likely to be
much use.

Ross
s