Security Issues of Online Communities

Security Issues of Online Communities

Online communities have emerged in recent years as a result of the rapid growth of the Internet, arousing intrigue in citizens, policy-makers and government officials. An online community is a group of people who interact in a virtual environment. They have a purpose, are supported by technology, and are guided by norms and policies. The problem with the term "online community" is that it often refers to a wide range of online activities, and has as a result, been subject to different definitions. Although online communities exist predominantly online, they vary depending on the software environment supporting them, purpose, size and duration of existence, culture of their members, and governance structure (Preece, et.al., 2003). The characteristics of an online community are determined by the social interactions of the members, and the policies that guide them, a concept known as sociability. Other characteristics include the economic and legal aspects of an online community. Attention to social policies and software design is therefore an important component in community development and evolution.

I. History of Online Communities & the Internet

The Internet is unlike any other type of communications medium the world has ever experienced, defined as "a unique and wholly new medium of worldwide human communication (Jacobson, 1999)."

The Internet evolved from interactive computer technology as part of a networked system that began as an outgrowth of a military program called "ARPANET" in 1969 (Djavaherian, 1998). The system was designed to enable military computers to communicate with each other, even if some portions of the network were damaged during war, by communicating over redundant channels. This network, while no longer in operation, provided an example of the mass amounts of information that could be communicated over a network linking millions of people together. (Jacobson, 1999). In recent years, the Internet has experienced drastic growth, appearing in homes, schools, libraries, and the workplace.

Email, the first and currently remaining as the most frequently used communication tool on the Internet, was developed by ARPANET in 1972. Early systems were point to point; one person could send a note to just one other person (Preece, et.al., 2003). Listservers, which allow one to many postings, were not invented until 1975. The basic form of this technology has not changed much since that time, although email readers have improved greatly (Preece, at.al, 2003). Listservers are used in two ways: trickle through and digests. Trickle through systems distribute each message as it is received. Digests comprise a list of messages presented one after the other, usually in chronological order of receipt.

In the mid to late 1980s, systems with improved graphical user interfaces started to appear. Bulletin boards, in existence for a similar time, are designed based on the metaphor of a physical bulletin board (Preece, at.al., 2003). People post messages to the board and they are displayed in various ways. Usually the messages are threaded which means that messages on the same topic are associated with each other. The first message forms the beginning of the thread and later responses are stacked beneath it. During the last five years, systems have appeared that offer many fine enhancements: search engines enable users to search on topics, user name, date; emoticons; private conversation spaces; links to email, user profiles and web pages; and graphical two dimensional pictures and avatars (Preece, at.al., 2003). Email, listservers, bulletin boards and their web-based cousins, are asynchronous communication technologies, which means that communication partners do not have to be co-present in time (Preece, at.al., 2003). Messages can be read and then responded to, hours, weeks or months later. Chat systems, instant messaging and texting systems are synchronous, so correspondents must be co-present online. Typically, conversations are rapid and each individual comment is short.

In 1991, one year after ARPANET ceased to exist, the World-Wide Web, developed by Tim Berners-Lee, was released by the European Organization for Nuclear Research (Preece, et.al., 2003). This event facilitated the widespread use of web sites and the development of online community groups supported by web pages and various forms of communications software. Online communities appeared in a variety of media, which were gradually integrated into single environments (Preece, at.al., 2003). Graphical, three-dimensional environments started to emerge, as well as highly sophisticated gaming worlds. In these worlds, participants represented themselves on the screen as graphical characters known as avatars, which can move through the world accompanied by sound, messaging, and streaming video (Preece, et.al., 2003).

With the rapid changes in technology, online communities have contended with smaller devices, and have become adaptable to accommodate various sizes of screen displays and bandwidth. Although the technology that supports online communities has changed tremendously over the years, the biggest change lies not in technology but in who is using it (Preece, et.al., 2003). Early online communities for education, networked communities and office communities were developed for groups of users with similar goals and experience and who used similar communications software (Preece, et.al., 2003). From the late 1990s, the combination of less expensive computing power, the Web, and several successful Internet service providers, enticed tens of thousands of people online (Preece, at.al., 2003).

According to a 2001 Pew Internet & American Life Project report, 84% of all Internet users indicated that they contacted an online community and 79% identified at least one group with which they maintained regular online contact (Preece, et.al., 2003). Many used the Internet to extend their contact with churches, schools, local clubs and organizations. The Internet provides virtual "third places" that allow people to hang out and engage in activities with others (Preece, et.al., 2003).

The Internet has also transformed some work practices, as groups of professional scientists, engineers, health professionals, and researchers can now join forces informally to share their expertise, experiences and knowledge to foster new approaches to problems. Research in this area indicates that these communities of practice are emerging as new organizational forms that promise to change the way we work, learn, and share resources (Preece, et.al., 2003). Online learning communities have sprung up in the form of distance education classes, knowledge-building communities, and technological schools.

Numerous online health communities that provide support and information for members who are facing health problems have also come into existence. Unfortunately the Internet also provides an ever growing platform for hate groups which use it to create a sense of community, disseminate information, recruit new members, and sell hate paraphernalia (Preece, et.al., 2003). Today's online community participants come from all walks of life and cultures. Furthermore, an increasing number of people from across the world are becoming networked; particularly as small, handheld, relatively inexpensive telephones and other devices come onto the market (Preece, et.al., 2003).

Various Definitions of Online Communities

It was the development of the World Wide Web that brought access to an online community to the masses. With the widespread use of web sites and the development of online community groups supported by web pages and various forms of communication software, users are now able to communicate with each other. When communication is possible then relationships can be formed, whether professional, academic or personal, and it is this network of relationships from which communities can grow.

The definitions of exactly what constitutes an online community have differed across the board. For example, Hagel and Armstrong (1997) argue that virtual communities are a great marketing tool for businesses. They define virtual communities as computer mediated space where there is an integration of content and communication with an emphasis on member-generated content (Hagel, 1997). They also claim that the first virtual communities were composed of scientists using the Internet or its predecessors to share data, collaborate on research, and exchange messages. Additionally, Rheingold (1993), one of the prime popularizes of the term "virtual community," provides us with a more emotive definition, that virtual communities are social aggregations that emerge from the Net when enough people carry on those public discussions long enough, with sufficient human feeling, to form webs of personal relationships in cyberspace.

Rheingold's definition is extremely popular and has been quoted in many discussions about virtual communities even though it has raised many issues. This is due to the fact that Rheingold argues via a variety of analogies such as homesteading that virtual communities are indeed new forms of community. In fact, Rheingold implies that virtual communities are actually a kind of ultimate flowering of community. Still further, Rheingold argues that whenever computer mediated communications technology becomes available to people anywhere, they inevitably build communities with it. Rheingold can thus be labeled as a technological determinist as he holds that there is a predictable relationship between technology and people's behavior.

Augments over the Existence of Online Communities

As a result, other researchers have argued over the existence of virtual communities and the appropriate use of the term. Weinreich (1997) argues that the idea of virtual communities must be wrong because a community is a collective of kinship networks which share a common geographic territory, a common history, and a shared value system, usually rooted in a common religion. This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community.

For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are: (1) a minimum level of interactivity; (2) a variety of communicators; (3) a minimum level of sustained membership; and (4) a virtual common-public-space where a significant portion of interactive computer mediated groups occur (Weinreich, 1997). The notion of interactivity will be shown to be central to virtual settlements. Further, it will be shown that virtual settlements can be defined as a cyber-place that is symbolically delineated by topic of interest and within which a significant proportion of interrelated interactive computer mediated group communication occurs (Weinreich, 1997). It also follows that the existence of a virtual settlement demonstrates the existence of an associated virtual community (Weinreich, 1997).

It has been argued by some sociologists that our understanding of community begins with an examination of interaction and that leads to commitment to a given place and group. Both communities and virtual communities are composed of groups. Previous research defines group as a number of persons who communicate with one another often over a span of time, and who are few enough so that each person is able to communicate with all the others, not at second hand, through other people, but face-to-face. Additionally, a chance meeting of casual acquaintances does not count as a group.

Other researchers indicate that it is possible just by counting interactions to map out a group quantitatively distinct from others. The impact of new technologies suggests that our understanding of what makes up a primary human group needs to be radically changed. This is because interactive-group-communication no longer requires face-to-face communication and is not restricted to a few people. The extent to which online communities are dependent on interactive communication represents a significant departure from the more traditional mass media forms and emphasizes the need for a paradigm shift by media researchers. At the same time the advent of online communities has further highlighted the importance of human interactions.

Characteristics of Online Communities

Other researchers have interactivity is not a characteristic of the medium, rather that it is the extent to which messages in a sequence relate to each other, and especially the extent to which later messages recount the relatedness of earlier messages. Interactivity is an expression of the extent to which in a given series of communication exchanges, any third or later transmission is related to the degree to which previous exchanges referred to even earlier transmissions. This definition of interactivity recognizes three levels of communication: two-way non-interactive communication; reactive communication (or quasi-interactive); and fully interactive communication. Two-way communication is present as soon as messages flow bilaterally. Reactive communication is when in addition to a bilateral exchange, later messages refer to earlier ones. Fully interactive communication requires that later messages in any sequence take into account not just messages that preceded them, but also the manner in which previous messages were reactive. In this manner interactivity forms a social reality.

The literature regarding online communities is insistent that interactive communication is a necessary condition for a series of computer mediated messages to demonstrate the existence of a virtual community. Some researchers have defined online communities as a set of on-going many-sided interactions that occur predominantly in and through computers linked via telecommunications networks. Rheingold stated that virtual communities result from public discussions with sufficient human feeling to form webs of personal relationships in cyberspace. This is because online communities are long-term, computer-mediated conversations they are both indirectly acknowledging the interactive nature of virtual communities. Long-term meaningful discussions or conversations require interactivity.

The second necessary condition of an online community is a variety of communicators, which is linked to the first condition of interactivity. Clearly, if there is only one communicator there can be no interactivity. It is commonly understood that online communities exist within cyber-space. Some authors have noted the connection between common-virtual public space and virtual community. Fernback and Thompson (1995) define virtual communities as social relationships forged in cyberspace through repeated contact within a specified boundary or place that is symbolically delineated by topic of interest. Therefore, some researchers have indicated that an online community needs a virtual-space, but at the same time a virtual community is not equivalent to its cyberspace.

By arguing that a necessary condition for virtual communities is the existence of a virtual-place it is possible to distinguish between an online community and a number of other categories of computer communication. This is because this requirement distinguishes a virtual settlement from private communication where postings go directly from one individual to another with no common virtual-place. A similar process can be noted in non-virtual human settlements where there is often overlap in the citizenship and allegiances and where a variety of social structures exist. At the same time the notion of common public space raises the issue of when an area of cyberspace consists of one or many virtual settlements.

As noted above, some of the first online communities resulted from the online bulletin board services of the mid-1970s. It is likely that these early bulletin board services were accurately associated with the label virtual communities because the necessary conditions specified here were met. However, these early systems were not originally connected to the Internet and as such often catered to geographic localities. Users were likely to participate in many of the discussion areas contained on the bulletin boards so that user interaction was often at the level of the bulletin board services. The virtual common-public space was the bulletin board itself.

Economic Aspects of Online Communities never-ending endeavor of the corporate world is the establishment of trust in business relationships. Contracts that end with a handshake come only after many hours of negotiation, compromise, face-to-face meetings and telephone conversations. These contacts detail the boundaries of an agreement and clarify a system of personal trust between the parties. The trust established through personal contacts, however, does not easily transcend to e-business, where documents are exchanged over Internet. The Electronic Signatures in Global and National Commerce Act (E-Signature Act) was signed into law on June 30, 2000 as a resolution.

The Act established a manner in which an electronic signature (e-signature) can substitute for an actual written signature.

The Act's goal was to put contracts in electronic form with electronic signatures on equal footing with their paper-based counterparts. The act says an electronic contract, signature or record is legally equivalent to a hard-copy contract, signature or record. It attempts to provide the consumer with an opportunity to make an informed choice in deciding whether to use an electronic signature. The Act requires the consumer's consent to using an e-signature but fails to detail the technical requirements of an electronic or digital signature or recommend implementation models.

E-signatures can be obtained through secured processes, such as secret passwords or digital fingerprints, or clicking an acceptance button on a Web page. It defines an electronic signature as "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record." This lets vendors offer a range of options for signing electronic documents. Many of these options, however, do not take into account the risks inherent in electronic signatures, including fraud and the liability for insecure signatures. Flaws in e-signature software may result in susceptibility to hackers and identity theft.

The use of an electronic signature is more efficient for the corporation - it creates less paperwork, an organized method in which to track signed documents, and none of the hassles of in-person meetings and negotiations. That being said, it is beneficial to the corporate world to have access to the appropriate software with which to contract electronically. Since the consumer must also be appraised of his right to stop using the electronic form and continue contracting in paper form, it is significant to portray the electronic process in the most desirable light.

As unethical as it sounds, businesses have the most to gain from electronic signatures. The option of an e-signature makes it easier for consumers to accept contractual obligations. It is not unusual for individuals to download software or other products from the Internet while clicking through the host of limitations on liability that producers have placed on their products. As people in online communities have become accustomed to instantaneously purchasing and receiving products without a traditional writing, much of the public has become careless. Many consumers fail to read the disclaimers, and very well may enter into contracts without the proper reflection a written instrument usually attains.

The consumers belonging to the online community, and the corporation selling the goods must also be protected, from exposure of private information and damaging lawsuits. The corporate world would necessitate the results of studies conducted on e-signatures and their effect on online communities. It would be of the utmost importance to businesses to be aware of the latest technological advances and also of the possible dangers of information systems hackers and fraud. Corporations and consumers would need to be completely updated in order to protect themselves. This would include tracking the results of studies to constantly be aware of the state of the related technology. A corporation would also want to regularly be on the watch for fraud and take measures to protect itself legally and financially from hackers. This could easily be done by monitoring study results and plan to implement any technological advances as soon as they become available.

Legal Aspects of Online Communities

In recent years, the importance of legal issues in information systems security as it affects online communities has emerged as a pressing concern for both governments and companies regarding the protection of the confidentiality, integrity, and availability of data. In this context it has become vital to develop an efficient and secure infrastructure of information and telecommunication systems with the inclusion of protective devices for organizations and private citizens against misuses of these systems. Securing Internet commerce is probably the biggest challenge that software development companies have yet faced.

Investors are enthusiastically backing companies that promise to deliver the hardware and software which Internet commerce requires. Companies are investing in purchases of hardware and software to permit them to engage in Internet commerce. Internet commerce can involve credit card orders, and dealing electronically with clients and suppliers. The security problems affecting Internet commerce involve credit card transactions, which raise concerns involving privacy issues, integrity, and authenticity.

There is considerable, and justifiable, fear that confidential information, such as credit cards and personal details, could be intercepted during transmission over the Internet when submitting an order form on the Web. The challenge is to transmit and receive information over the Internet while insuring that it is inaccessible to anyone but sender and receiver, that it has not been changed during transmission, and that the receiver can be sure it came from the sender.

Without special software, all Internet traffic travel becomes susceptible to various forms of attack. An attack can proceed by compromising a local ISP at one end of the transmission, where no special physical access is required if the hacker has physical access to the network cabling. Passwords and credit cards can be distinguished from the rest of the traffic using simple pattern matching algorithms. The defense against this type of attack is to encrypt the traffic, or at least that portion which contains the sensitive data. However, encryption incurs performance overhead and requires coordination between legitimate parties to the communication.

Social Aspects of Online Communities

Operating online offers special opportunities and challenges for online communities. The Internet erases boundaries created by time and physical distance, and makes it dramatically easier for people to meet others they otherwise never have met, to maintain connections with people they have already met, and share knowledge with each other (Zhang, 2003). Both individuals and organizations are turning to online communities to get their personal, social and professional needs satisfied (Zhang, 2003). Online communities in turn also have made tremendous social impact on people and various organizations.

Main "social" benefits of online communities include making sure knowledge can get to people who can act on it on time; connecting people and building relationships across boundaries of geography and discipline; providing an ongoing context for knowledge exchange that can be far more effective than memos; making everyone more aware of each others needs in the organization; multiplying intellectual capital by the power of social capital, reducing social friction and encouraging social cohesion, and creating an ongoing shared social space for people who are geographically dispersed (Zhang, 2003). Other social aspects include the promotion of innovation; creating a community memory for group deliberation and brainstorming; improving the way individuals think and work collectively; turning training into a continuous process, not divorced from normal business practices; and attracting and retaining best employees by providing access to social capital that is only available within the organization (Zhang, 2003).

Research indicates that knowledge management is not just an information problem, but also a social problem. By managing knowledge or expertise through an online knowledge community that supports group communication and collaboration, users engage socially with one another and, in the process, discover, develop, evolve and explicate knowledge relevant to shared projects and goals (Zhang, 2003). One of the benefits of online community activities is promoting social capital because the features of social organizations such as networks, norms, and social trust that facilitates coordination and cooperation for mutual benefit (Zhang, 2003).

Research studies of online communities have revealed a connection between social capital and the networked organization. Social capital makes an organization, or any cooperative group, more than a collection of individuals intent on achieving their own private purposes (Zhang, 2003). Social capital bridges the space between people, and its characteristic elements and indicators include high levels of trust, robust personal networks and vibrant communities, shared understandings, and a sense of equitable participation in a joint enterprise (Zhang, 2003). This kind of connection supports collaboration, commitment, ready access to knowledge and talent, and coherent organizational behavior.

Effective knowledge management involves networks of people, relationships, and social factors like trust, obligation, and commitment (Zhang, 2003). As indicated by Zhang, (2003) one can not isolate knowledge from its social context without denaturing it, without stripping it of the social resources and social knowledge that contribute to its utility. Online knowledge communities with support for social context are ideal environments for organization knowledge management.

Technical Aspects of Online Communities

The technical aspects of online communities are closely linked to the legal aspects. The significance of information technology systems development in both businesses and the private field has grown considerably in the decade. Companies of all sizes are heavily dependent on the technology driving e-commerce and software development, and ultimately on the workforce that is available for information systems. The continuing technology boom is resulting in companies being forced to innovate in areas such as information technology recruitment, staff motivation, resource management, and performance management. Human capital has become the driver for the intellectual capital propelling software development, which also drives the information technology industry. Despite rapid advances in technology and more automation of processes and services, the demand for talented information technology staff will continue, requiring management to implement hiring practices that build in policies aimed at retaining staff long-term.

Information systems' staff continually find themselves in a challenging position; the industry is constantly changing, and the skills they have learned today will be obsolete tomorrow. Thus, the effective management of information systems' staff must have strong roots in recruitment, motivational work, and maintenance work. A good, integrated strategy for keeping information systems staff includes incentives, good communications, and an understanding of your culture. If the staff receives certifications on their own time at their own expense, they are more likely to seek a job elsewhere. If management is a part of the staff's advancement, the staff is more likely to stay. Managing, incensing, compensating, and motivating information technology professionals has moved to the level of key strategic importance for many organizations. The critical importance of these issues to nation-wide business is prompting companies to reevaluate their overall information systems retention efforts.

Unfortunately, the vast majority of companies do not have integrated strategies for information technology staff retention, and fail to integrate hiring efforts to include a view of the whole candidate such as personality, technical skills, business acumen, and potential "fit" with the organization. Effective retention of information systems' staff necessitates an understanding the specific cultural environment, and the move to a plan for integrating all aspects of human capital management. In addition to focusing on understanding the culture and building of information systems, management will also need to develop commitment from their employees in order to keep them longer.

Increased competition and global economic aspects have forced companies to significantly cut costs, to reduce their scope of operations through outsourcing, and to improve flexibility and responsiveness through the empowerment of lower-level staff and the removal of layers of middle management (Serafeimidis, 2003). These trends are increasingly supported by developments in information technology and information systems. Technological advances, supported by increased user expertise and familiarity with technology, has allowed information technology to break away from it traditional, low-level data processing tasks. The growing dependence or organizations on information technology means that information technology is viewed by many as a further source of uncertainty.

In addition to difficulties in identifying and measuring potential benefits and costs, problems inflicted as a result of growing dependence on information technology have forced many organizations to establish management control mechanisms. These mechanisms are those such as the appraisal of potential information technology investments and the evaluation of their deliverables. Evaluation, as an organizational process, plays a multi-faceted role and is strongly related to other management and decision making processes.

A full consideration of costs requires attention both to opportunities and indirect costs. An opportunity cost framework takes into account what alternative actions or returns would be missed as a result of a particular investment decision. Indirect costs are those that are not incurred or measured directly, but are calculated or estimated from other measures. Additionally, there are no standard accounting practices to guide the measurement of these costs. However, opportunity costs are even more problematic and are often not included, leading to a possibly significant underestimation of overall costs.

II. Review of Literature

Economic Aspects of Online Communities (Literature Review)

The literature concerning the economic aspects of online communities is closely fitted to both the current economic state, and can be impacted by any legal ramifications involving electronic signatures in the context of e-commerce. Studies such as the one conducted by Katholieke University and the European Commission have provided an analysis of both the legal and practical issues relating to electronic signatures. In this study, the research team worked together with a network of national correspondents, consisting of lawyers with a sound knowledge of technical matters. They were chosen for their practical knowledge and for their understanding of electronic signature applications on use in their home market. The corespondents were asked to respond to a questionnaire containing more than 200 questions relating to both the legal and the practical implication of the electronic signature Directive in their country. They were also asked to collect and send all relevant national legislation, case law and documentation on significant practical applications of electronic signatures to the research team. The study determined that most of the countries had faithfully transposed the Directive into national legislation. Many elements were included in the study, however, only the aspect of the conformity assessment of secure signature creation devices will be addressed here.

A common theme in the study was that many countries seemed quite reluctant to designate their own bodies for security assessment of e-signatures. This has a direct impact on the economic aspects of online communities, and was concluded to be due to the very high security requirements and the lack of active vendors in most countries. Another reason is the very large resources needed for operating an assessment body. The process of assessing a product is usually extremely expensive as well as time consuming. Additional reasons why vendors are sometimes reluctant to have their products assessed is that an assessment is usually only valid for a fairly short amount of time. The next section will also further discuss the literature in the economic area in relation to the legal aspects of online communities.

As e-commerce and virtual communities fundamentally change the way Americans do business and build relationships, researchers have dealt with the issues of how can people be assured of safety in unfamiliar cyberspaces. A study involving eBay provides that an online community of commerce must provide a foundation for trust between users in order to be successful. The advent of the Internet has brought with it a number of signature companies: for retailing, amazon.com; for service providers, aol.com; and for auctions, eBay.com. With the convenience of the new economy, however, have come concerns about security, such as whether Web sites can be trusted, whether other people on the Web be trusted, and whether information be transmitted safely. Because of the physical separation of the actors involved, e-commerce requires more fraud controls than traditional trade (Boyd, 2002).

The most fundamental security issue online is the basic question of trust. Users must be able to trust each other in order for meaningful, ongoing interaction to occur. Web sites, then, must construct messages that provide users with motives to trust and to be trustworthy. For any online auction site, Internet security concerns only add to fears about all kinds of auctions: is it possible to bid on something accidentally, or will people find unpleasant surprises after they become high bidders on items (Boyd, 2002). At eBay, these basic auction fears are compounded by the fact that bidders cannot examine and touch the items they are bidding on; they must trust descriptions and photographs (Boyd, 2002). For example, they cannot see the people they are bidding against; they can only see letters on a screen. They cannot depend on the physical presence of the auctioneer who oversees things and ensures fairness; they must trust a computer system that handles bids, runs a timer, and declares auction winners (Boyd, 2002). Research indicates that for a company like e-Bay, the biggest rhetorical challenge facing eBay, is how to create messages that communicate safety in an inherently risky environment.

On e-Bay, dozens of online auctions exist today selling everything from cigars to patents, but with over four million auctions at any one time and 42.4 million registered users (Boyd, 2002). eBay is clearly the leader in the online auction business and arguably in any online business. It has consistently earned profits and has at times been the most visited shopping Website (Boyd, 2002). Its success would not have happened had eBay not established a system that allowed people to feel safe enough to participate. How has eBay rhetorically constructed its online auction extravaganza as a safe and trustworthy place to do business? The answer is community. Recent changes at eBay have introduced methods of credit card and electronic check payment as well as insurance and escrow services, but the foundation of eBay's safe trading environment is the community itself (Boyd, 2002). Users trust each other and the system because they are all part of an "eBay community" in which they can feel safe.

Boyd (2002) states by rhetorically calling a community into being and reinforcing the power of community as an instrument of trust, eBay has made community the foundation of its online security communication, reinforcing the observation that the trustworthy person is aware of being trusted and...he is somehow bound by the trust which is invested in him. Research indicates that community trust is an ongoing system of risk-taking enabled by good will and positive expectation in other members of the system rather than by controls and guarantees that reduce user choice (Boyd, 2002).

Most auctions are finalized to both parties' satisfaction. But security threats, and perceived security threats as well, abound at eBay and other auction sites, and when threats become reality they are often heavily publicized. When the Today show listed an autographed jacket for sale on eBay with the proceeds to benefit charity, for instance, bids got as high as $200,000; the highest legitimate bid turned out to be just $11,400, however, prompting a large donation from eBay's corporate coffers (Boyd, 2002). The reason for problems like this one is that underage bidders occasionally drive up auction prices with no intention of paying, such as the 13-year-old who bid more than $3 million on various items in 1999 (Boyd, 2002). eBay asserts that these and other embarrassing stories, such as illegal items for sale that have included a baby boy and a kidney are anomalies. eBay CEO Meg Whitman says that 99.97% of eBay users... have a fun, positive and rewarding trading experience. There are also many opportunities for individuals to abuse the system.

Rheingold (1997 observed that computer-mediated communications provide new ways to fool people. The National Consumers League Internet Fraud Watch (2001) reported that 78% of all complaints it received dealt with online auctions. Many potential problems, whether isolated or recurring, create the need for effective trust communication to reassure potential users that they can participate safely in virtual auctions. Ultimately, the risk at eBay and many online sites is rooted in the desire to maintain a balance between privacy and security. Researchers have highlighted several dialectic tensions of online community that coincide with tensions of eBay's community of commerce such as privacy and accountability, reliability and self-expression, security and accessibility (Boyd, 2002).

Although various so-called security features have been proposed or implemented recently such as Verified User/IDVerify, and iEscrow/Tradenable, the basis of eBay's fraud prevention/safety assurance communication is what one columnist has called creative self-policing (Boyd, 2002). eBay calls its approach simply "community," a community comprising the corporate entity eBay and its employees as well as all 42+ million registered users (both buyers and sellers) (Boyd, 2002). eBay's primary trust communication has been that community itself is the safety net for transactions. If all interactions are in full view of other community members, there will be tremendous incentive to act fairly and honestly.

Research indicates that online communities are defined and constituted by rhetorical discourse (Boyd, 2002). eBay is not a classic community in the spatial or geographic sense. But members of electronic virtual communities act as if the community met in a physical public space (Boyd, 2002). Senior director of communications Kevin Pursglove compared the need for trust at eBay to the need for trust in a neighborhood where people would feel comfortable living.

More recently, e-Bay's growth in 1999 was described as a vibrant community about the size of Portland, to more users than the population of Michigan, the nation's eighth largest state (Boyd, 2002). Conventions for off-line communication cannot automatically be transferred to the online environment of eBay.

Not only does the eBay community share narratives about insiders, it also shares an antagonism towards outsiders, following the argument that for every community, there is also an uncommunity, or an assembly of the befouled and besotted who have heard the Word and rejected it. The uncommunity that reinforces eBay's community is made up of all those who threaten the security of the online auction-deadbeat bidders, NARUs, frauds, and sellers who gouge buyers on shipping and handling costs (Boyd, 2002). Dialogue on eBay's bulletin boards often focuses on condemning people who have become or deserve to become members of this uncommunity. By putting the transgressors in the category of "them," the "us" of community is more clearly defined. (Boyd, 2002).

Legal Aspects of Online Communities (Literature Review)

New and highly sophisticated opportunities for new kinds of abuse are prevalent where the information systems and their components themselves become the target of criminal attack. A review of the literature reveals that one of the first difficulties governments and law enforcement agencies have faced when dealing with computer related crimes is the arrival at a uniform, generally accepted definition of "computer crime (Mohrenschlager, 1997). Various definitions have been instituted by different federal law enforcement agencies.

The United States Department of Justice has defined computer crime as any illegal act for which knowledge of computer technology is essential for its perpetration, investigation or prosecution (Mohrenschlager, 1997). The OECD Committee for Information, Computer and Communications has defined it as any illegal, unethical or unauthorized behavior involving automatic data processing and/or the transmission of data (Mohrenschlager, 1997). Other researchers have defined computer crime as any intentional act associated in any way with computers where a victim suffers or could have suffered, a loss, and a perpetrator made, or could have made, a gain (Mohrenschlager, 1997).

In particular, New Zealand companies have faced severe information security threats and resulting legal challenges, which the New Zealand government has addressed through legislation. Even as recent as 1997, New Zealand has faced difficulties with prosecuting information technology crimes as a result of a lack of Parliament Acts that provide laws relating to information technology crimes. Before the introduction of Acts between 2003 and 2004, prosecutions were attempted using laws that were designed before computers were commonplace and did not adequately address the advancements in information technology (Walsh, 2004). In 1997, the New Zealand Law Commission began a project studying international trade, and produced four reports to its' Parliament on the subject of "electronic commerce (Walsh, 2004)." Two key Acts emerged as a result of these reports, the Electronic Transactions Act of 2002 and the Crimes Amendment Act of 2003.

New Zealand was one of the later countries to introduce laws around computer crimes. Many computer professionals at the time were unaware of the potential issues the lack of laws raised. The Electronic Transactions Act of 2002 (ETA) intended to clarify the legal status of business and legal transactions that occur in an electronic format. This Act was enacted partly to ensure contracts that were agreed by email or other binding electronic techniques (Walsh, 2004). The ETA was primarily aimed at clarifying that electronic transactions do have legal recognition, and contains sections for information technology staff to securely implement solutions for electronic transactions, whether they are legal or commercial. Prior to this act, businesses had a high level of doubt in such transactions, thus some form of legislation was required.

The ETA was also intended to act as an enabler for prior laws that did not cover the needs of electronic transactions. Furthermore, the ETA dealt with the reliability of electronic signatures and related documents. Although the technologies and techniques behind electronic signatures has evolved and will continue to evolve, the lawmakers allowed for changes in technology by using wording that does not lock the public into one technology in order to satisfy the law (Walsh, 2004).

Other studies indicate that the ETA achieves many of the requirements an information technology professional would impose on an e-commerce system, such as authentication, integrity of data and non-repudiation. Similar to the ETA, the Crimes Amendment Act of 2003 was worded in such a way that allows it to apply today as well as twenty years from now (Walsh, 2004). The Crimes Amendment Act broadly defines four new computer crimes. The new crimes are as follows: 1) assessing a computer system for a dishonest purpose; 2) damaging or interfering with a computer system; 3) making, selling or disturbing or processing software for committing a crime; and 4) accessing a computer without authorization. Most situations involving legitimate use of computers or software have been covered by sections of the Act. The Act allows security professionals to use dual tools, while still making unauthorized hacking illegal (Walsh, 2004).

The Crimes Amendment Act of 2003 defines what a computer system is, as "a computer; or two or more interconnected computers; or any communications links between computers or to remote terminals or another device; or two or more interconnected computers combined with any communications links between computers or to remote terminals or another device (Crimes Amendment Act of 2003, Section 248)." review of the literature involving online communities in many different countries and nations have addressed the issues of information systems security. Research indicates that the security professional must advise that any practical answer to computer crime related problems has to be a compromise between vulnerability and risk. The assessment of each threat must be weighed against what is at stake, the exposure faced by proceeding with the knowledge that some attacks are possible. This takes system managers into the area of due diligence and liability. Current technologies for encrypting Web transactions do not protect customer or company data that sits on the Web server, and is relatively easy to attack. Research indicates that the limitations of current Internet transaction technology are frustrating as a result of the knowledge that powerful encryption exists to insure the confidentiality, integrity, authenticity, and non-repudiation of data.

Research of online communities reveals that the deployment of this technology is hampered by market forces, which apply immense pressure on companies to release products and create continually shifting alliances between groups of companies. Historically, the Internet was built upon public domain code, free software, and mutual co-operation in an academic and research environment. Proposed security measures or operating system enhancements were subject to public scrutiny. Software flaws, including those in production systems, have been widely broadcast and openly discussed.

The effect on Internet commerce, one of the attractions of which is its global reach, is to produce a lowest common denominator effect in terms of cryptographic strength. Research indicates that while the eventual emergence of security standards for Internet transactions is expected, it will not automatically result in secure Internet transactions (Schjolberg, 2003). Even if governments relent and allow strong encryption, there are a wealth of security issues that will continue to require attention. The simplest way is redefining or amending existing definitions. In Canada, Finland, Greece and the U.K., the notion of "document" was extended to include data stored on a data carrier (Mohrenschlager, 1997). In some states, completely new criminal law provisions have been created, following existing provisions, either in the form of additional subsections, or independently, as in Austria, Germany and Switzerland (Mohrenschlager, 1997). Particular consideration will have to be given to the possibility of independent new criminal law provisions where it is a question of unauthorized interference with electronic data protection systems. French law introduced a new set of provisions in its criminal code, an approach also taken by the United States and Italy (Mohrenschlager, 1997).

Strong arguments have been put forward in favor of criminalizing "hacking." One of the basic threats to which computer systems are exposed is the loss of exclusive control and confidentiality. The need for protection against such dangers reflects the interests of organizations and individuals to manage, operate and control their systems in an undisturbed manner. Being able to think like a hacker, while acting like a guardian of the public trust, will always be a requirement for assuring the security of computer-based information. Researchers have stated that the need to promote ethical behavior in all aspects of business and personal life will remain a priority if we are not to cripple powerful new technology with ancient human weaknesses (March, 2003).

An important restriction is the requirement that the computer system or the data should be specially protected or that security measures must have been overcome, bypassed or evaded (Mohrenschlager, 1997). In Germany, a review of the literature indicates that the law states that any person who obtains without authorization, for himself or for another, data which are not meant for him and which are specially protected against unauthorized access shall be liable (Mohrenschlager, 1997). In Norway, the computer crimes law states that any person who, by breaking a protection, obtains unauthorized access to data or programs stored or transmitted by electrical or other technical means (Mohrenschlager, 1997). A review of the literature indicates that Australia has enacted similar legislation to Norway, codified in Australia's Cybercrime Act of 2001. This act states that a person is guilty of an offense if the person causes any unauthorized access to, or modification of restricted data; and the person intends to cause the access or modification; and the person knows that the access or modification is unauthorized (Schjolberg, 2003).

Furthermore, a review of the literature indicates that Belgium also protects the rights of online communities. Belgium has a specific law addressing computer forgery, computer fraud, hacking and sabotage, making them criminal offenses. In Belgium, unauthorized access of a computer system carries a sentence of imprisonment of three months to one year. If this crime is committed with the intention to defraud, the term of imprisonment may be from six months to two years (Schjolberg, 2003). Brazil also has similar provisions which state that the modification or alteration of the information system or computer program by an employee, without authorization, carries a penalty detention for three months to two years (Schjolberg, 2003). Even Canada has provisions that provide imprisonment for a term not exceeding ten years. Hungary's computer fraud laws penalizes an individual who, with the intent of obtaining for himself an unlawful gain, or by damaging, interfaces with the results of electronic data processing, by altering programs, by erasing, by entering incorrect or incomplete data, with imprisonment for a term not exceeding three years (Schjolberg, 2003).

Thus, a review of the literature indicates that the majority of countries protect the legal rights of online communities and as a result have enacted laws and legislation in these countries. Some of the countries do not impose any term of sentencing or minimum penalty of imprisonment, whereas about half of them do impose such penalties. Information technology security will become an issue in this matter, for a range of solutions, technologies and service providers are sure to emerge from this process.

Many other legal issues exist in this realm of information system security as related to online communities. One potential problem is that with the use of modern technology, detecting electronic impulses generated by computer or telecommunication systems it is possible to intercept data without accessing a computer system. In this area, the traditional wiretap and eavesdropping provisions only cover tapping and recording of oral communications and telephone conversations between persons (Mohrenschlager, 1997). Generally, listening to such conversations using technical equipment is usually prohibited. As a result of technical requirements and the increasing interrelations between telecommunication and computer systems, different types of data transmission can no longer be distinguished or will soon be indistinguishable (Mohrenschlager, 1997). This will become a potential problem because various types of data are sent through the same media in the same digital form that does not permit them to be distinguished from one another. This legal issue will include not only the transmission of data communication within a computer system, but also the surveillance of internal or other external processes or functions of a computer system, including logic, control, arithmetic, deletion, storage and retrieval (Mohrenschlager, 1997).

Those in favor of extending the law in this area as it related to members of online communities stress the point that criminal law should adequately protect both computer systems and their communications from unauthorized surveillance (Mohrenschlager, 1997). Research indicates that there is a growing trend toward criminalizing such conduct. For those countries that punish unauthorized access to data even without entering the system, a specific provision may not be necessary. This is the case for countries such as the People's Republic of China, where punishment is imposed for the sale of special safety protection products for computer information systems without permission (Schjolberg, 2003). The People' Republic of China imposes a fine and the confiscation of illegal income from these sales. The fines imposed are in the amount of one to three times as much as the amount of the illegal income (Schjolberg, 2003).

Researchers have posited that another possibility in this case is to change the traditional wiretap or eavesdropping provisions extending to traditional forms of communications to include data transmitted in communications inside a computer system, between computers or between computers and persons (Mohrenschlager, 1997). New Zealand law in this area is similar to the People's Republic of China, and provides punishment not exceeding two years of imprisonment, for the sale or supply any software or information or other information that would enable a person to access a computer without authorization. Although New Zealand law does address this issue, maybe clearer legislation definitively stating that these crimes may be committed without directly accessing a computer or computer program is necessary.

Another potential legal issue is that access to computer or telecommunication system often requires the possession of passwords, access codes or similar means of access. As a result, there is a high incentive to obtain these means in an illegal manner that in turn can result in a black market for these items. Legislation in the United States has addressed this issue, by passing provisions which punish those who enable other persons to access computer systems illegally (Mohrenschlager, 1997). Several of these provisions are based on the Federal Computer Fraud and Abuse Act, making it a federal crime for someone to knowingly and with the intent to defraud traffics any password or similar information through which a computer may be accessed without authorization. In Germany, such an offense is greatly covered by the offense on the violation of trade secrets, as passwords and access codes for computer systems of companies (Mohrenschlager, 1997). It is now an offense in Italy if someone knowingly without authorization duplicates, obtains, distributes, communicates or passes on a code, password, or other means suitable to access data processing or telecommunications systems protected by security measures.

Social Aspects of Online Communities (Literature Review)

Knowledge has become a key element in ensuring the success of organizations. A review of the literature in this area indicates that there is an increasing need for organizations to become more intentional and systematic about managing knowledge. To manage knowledge effectively, organizations have been cultivating Communities of Practice in strategic areas of the business (Zhang, 2003). Examples of communities of practice are found in many organizations and have been called by different names at various times, names such as learning communities (at Hewlett-Packard Company), family groups (at Xerox Corporation), thematic groups (at the World Bank), peer groups (at British Petroleum), and knowledge networks (at IBM Global Services) (Zhang, 2003).

Among these organizations, IBM Global Services developed their knowledge networks communities of practice, in 1995. They are referred to as institutionalized, informal networks of professionals managing domains of knowledge (Zhang, 2003). Currently, there are over 60 knowledge network communities with members from virtually every country that IBM serves. The high participation level and sustainability indicates that the approach developed and used by IBM Global Services is significantly successful. Working with IBM Global Services, Mazda launched the Electronic Service Information Internet, the first of its kind in the automotive industry to replace thousands of printed repair manual pages with easy-to-use, searchable electronic documentation (Zhang, 2003). Service manuals, bulletins and newsletters are prepared centrally, posted to an IBM RS/6000 server, and available instantly through a T1 connection to the IBM Global Network (Zhang, 2003). Remote dealers dial a local phone number and access the security-enhanced server through their Web browsers. Service people can access workshop manuals, service bulletins, repair tips and training manuals, and can search the entire library by vehicle identification number, year, model, symptom, category or keyword (Zhang, 2003). They can also submit questions and suggestions or report procedure updates through an online feedback form.

SGML tools enable service people to link to more detailed information, such as repair instructions. The Electronic Service Information Internet helps Mazda increase customer service and brand loyalty, lower costs and comply with U.S. Environmental Protection Agency regulations (Zhang, 2003). Fount Solutions has developed a community software tool, called enable2, which provides a flexible web based infrastructure that supports organizations community of practice strategy (Zhang, 2003). The system allows users to create and concurrently manage many communities from a web browser. Communities can be managed by using its sophisticated email integration feature with functions such as community creation and registration, document management and coordinating communications. In this case, each community contains a Knowledge File System, which allows community members to share and version control documents, notes and insights. As enable2 is adopted the Knowledge File System becomes the central point of reference for knowledge in each community, and users can share, collaborate and version control documents using any email client (Zhang, 2003).

Additionally, by setting up an interest profile that will indicate how and when they want to be informed of change, community members can keep themselves updated even without opening enable2. This reduces the problem of information overload by making all communications based upon this interest profile and to help reduce the amount of unnecessary and distracting emails. Each community also contains a discussion area, and the ability to attach multi-media documents to discussions improved their context and relevance (Zhang, 2003).

Another feature of enable2 is the membership navigator, which allows community members to find out more about the other members of the community. Each user can attach important insights and documents to their profile, helping to increase trust and understanding amongst members. Enable2 also can track how each user participates in their communities, and automatically identifies experts using the Knowledge Champions functionality which serves as an expert system. A complete list of enable2's communities of practice features includes community management; shared file area and document management; user profiling; discussion board; collaborative project coordination; news desk; contextual search; and knowledge champions.

Finally, with the enable2 users can create knowledge-rich intranets and share knowledge effectively and easily on an anytime, anywhere basis. Users can prioritize information, assess its relevance and effectiveness and conduct intelligent and context-sensitive searches for the right information. The system's document management tools enable users to access the latest versions of all documents while being able to review and track changes, and avoid information overload and time-consuming administration tasks.

An important study that reveals the societal aspect of online communities involves a study by a-Saggaf in 2004. This study involved Saudi society, which is largely conservative and religious. In this society, Islam plays a central role in defining the culture and determining the norms, values, attitudes, and practices of society.

One of the important features that profoundly influence every aspect of public and social life in Saudi Arabia is the segregation of sexes. Segregation of the sexes is maintained physically, socially and psychologically. This segregation, which does not permit women to mix with unrelated men in Saudi Arabia, is prescribed by the Islamic religion (a-Saggaf, 2004). It is a general rule that applies to education, banking, public transportation and the work place, and it also applies to restaurants, schools, and libraries (a-Saggaf, 2004). The practice of segregation and confining women to their own company is an institutional mechanism designed to regulate women, to protect their chastity and to prevent other men from encroaching on the male honor of the family (a-Saggaf, 2004).

A-Saggaf (2004) studied online communities extensively as found that one of the most striking consequences of the use of online communities in Saudi Arabia is that they have enabled males and females to communicate with each other in a way not possible before. While they remain physically segregated when communicating with each other online, their communication makes them, to some extent, overcome this gender separation. This makes the question of whether (or not) this form of communication is wrong, remain unanswered. While it is clear that face-to-face contact between women and unrelated men is wrong, it is not clear if online communication across gender lines is also wrong, particularly because the later lacks face-to-face contact. As a result, more research on this technology will help answer this question.

The results of a-Saggaf's study of online communities reveals many sociological elements that would previously go unexamined. Religion and culture in Saudi Arabia not only shape people's attitudes, practices, and behaviors, but also shape the way they see and do things and perceive their lives. The study revealed that similarly, in the social environment, in the case of online communities the web-based forum technology, may also exact some influence on people's behavior both online and off-line. As indicated by this study, this makes social construct theory appropriate for understanding online communities in that society. Additionally, the use of this theory to investigate and understand online communities is also in line with the literature review.

The a-Saggaf (2004) study was conducted for the purpose of revealing the perceptions of participants about their online community experience in Saudi Arabia and how that online experience affected them, semi-structured, so in-depth interviews were considered appropriate. There are many reasons why the semi-structured in-depth interviews, used in the project, were conducted online. First, it is very difficult to conduct interviews with females face-to-face or on the phone in Saudi Arabia because Saudi society, as mentioned before, is gender-segregated.

It is also difficult to ask a female researcher or interviewer to help with interviewing females face-to-face, because the act of communicating with an unrelated female, either face-to-face or by telephone, is itself wrong according to the Saudi culture. This made conducting interviews online with females a strategic option. Second, and related to the first point, had interviews with males been conducted face-to-face and with females online, bias to the research findings may have been introduced as a result of the differences in the use of the techniques to collect data. Third, the anonymity inherent in the online medium often encourages people to disclose more about themselves.

The forum from which participants were recruited was an asynchronous public discussion web forum, hosted by one of the largest and fastest growing online service providers in Saudi Arabia.

At the time of collecting data for this research there were approximately 10,000 members in the forum studied. But of those 10,000 only some, in the order of a few hundreds, were active in their interaction with others. The rest were either irregular or inactive or joined the forum for a short while and then left. Members discussed all types of topics in this forum. Religion was important in the lives of these members as it is in their lives off-line. Participants for the interviews were selected from an asynchronous web-based forum, the interactions on which were observed by the researcher daily for twelve months before the interviews began.

One of the important lessons learned is that online interviewing enabled the researcher to access a wider geographical area from which to select participants the researcher was able to interview participants from different cities within the country, without moving from his chair. This would have been very difficult if interviews were to be conducted face-to-face. Also online interviewing enabled the researcher to interview groups of people, such as females, who are difficult to interview face-to-face, given the strict regulations against communication across gender lines in Saudi society. This made conducting interviews with females online the best technique available. The method and manner in which this study was conducted has revealed how important and valuable online communities can be from a sociological aspect.

Technical Aspects of Online Communities (Literature Review) review of the literature involving the technical aspects of online communities reveals that the federal government spends more than $50 billion on information technology annually, with much of that spending related to integrating the disparate legacy systems that constitute the majority of government information technology infrastructures and applications (Eveans, 2004). Two of the major problems with legacy systems, from both business and technical perspectives, are access and integration.

Access to these systems is often severely limited to direct connections inside an individual agency, and user interfaces are typically "green-screens," which limit the quality of human-computer interaction (Eveans, 2004). As a result, integration is often nonexistent in terms of having these systems connect and inter-operate with other government applications.

Access and integration issues are symbolic of the problems with legacy systems. They also make government collaboration and information sharing one of the biggest information technology challenges. Some researchers have argued that a solution to this challenge is to view the technology alternatives in the same manner as that of financial investments. These researchers suggest that as individuals look for "conservative," "moderate" and "aggressive" risk investments to build their financial portfolios, they should also can look for conservative, moderate and aggressive technology options to revitalize and extend their legacy systems (Eveans, 2004). Conservative investments come from technologies that are in the late-majority phase of their adoption, moderate investments in the early-majority phase, and aggressive investments in the pioneer and early-adoption stage. Thus, the technology options are selected from established, emerging and disruptive technologies.

To revitalize and extend legacy systems, some of the choices for improving access include simple Web enablement, wireless enablement, and, in some cases, even Radio Frequency Identification (RFID) technology (Eveans, 2004). These represent conservative, moderate and aggressive investments picked from established, emerging and disruptive technology categories, respectively. Some of the choices for improving integration include traditional enterprise application integration (EAI), Web services and the Semantic Web (Eveans. 2004). These represent a few of the conservative, moderate and aggressive options available in technology portfolios.

Although Web enablement and wireless enablement apply to end users, one of the more aggressive options for improving the access category is RFID. RFID can help to extend the reach of information technology to incorporate physical objects and people by serving as an automatic identification technology. It is considered the next step up from bar-coding by providing the ability for totally automated read-and-write transactions between RFID tags and readers. These three options improve access by taking access outside the firewall, into mobile workforce environments and even out to physical objects. Similar groupings exist in integration among applications, where the first step in improving integration among applications is traditional EAI (Eveanas, 2004). This can help to integrate disparate applications at the data, business logic, presentation layer and business-process levels.

The technological benefits for online communities include streamlined processes, faster decision-making and service delivery, and reduced administrative and maintenance costs (Eveans, 2004). The use of Web services is the next step for integration, which is an open-standards-based approach to integration. It provides both business and it benefits, including interoperability, flexibility and reuse of the business functions exposed via software. Although integration is still required, the communication interfaces between Web services-enabled software components are standardized, making it easier for components to work with one another as a result.

Another technology options for integration category is the use of the Semantic Web. The standards provided by the Semantic Web allow computers to more readily understand the meaning of information. Semantic Web leads to highly accurate and relevant computer-based searches and information processing and analytics with compelling benefits for interpreting and acting on the masses of government data collected and stored on a daily basis (Eveans, 2004). The options discussed above improve integration by connecting computers, making it easier for software components to talk to one another and for computers to understand the meaning of information.

Rheingold (1997) holds that there is a predictable relationship between technology and people's behavior. Whenever computer mediated communications technology becomes available to people anywhere, they inevitably build communities with it (Rheingold, 1997). Other examples of technological determinists in online communities are arguments that media technology will inevitably evolve towards human function. The notion that technological advances automatically lead to positive social change is also pervasive in the related field of Information Systems an online communities.

In other words, the particular form that an individual virtual community takes is not determined by technology but rather is dependent on its social context. From this we can conclude that we will not be able to accurately predict the exact form a virtual community will take without a detailed understanding of its social context. This has left virtual community researchers with a dilemma about how to relate technology to new social structures while avoiding technological determinism.

II. Research Results and Opinion

Researchers have raised questions regarding whether law enforcement agencies should have an information technology forensic unit or would such agencies rely on outside experts to gather evidence (Walsh, 2004). Computer crime investigations require skill, time and care and proving innocence would be achieved only by those very technically skilled (Walsh, 2004). I strongly believe that further acts must be taken to amend the current state of computer-related crimes to protect more than transactions.

Furthermore, since many Web applications require that the Web server interact with company databases, a link to internal networks is necessary. This "increased security" will attract more attention from hackers leading to costly cracking of codes. However, even if the encryption techniques employed by the digital tunneling systems currently on the market or under development prove to be very powerful, thus insuring confidentiality and availability of data, this still leaves open "availability." Clearly, more legislation is needed that specifically addresses such areas of concern that are too broadly defined

Since the emergence of online communities, there has been a continuing body of research on online communities coming from a variety of disciplines, including: communication studies, sociology, psychology, American studies, information systems, business studies, computing, information science and so forth. However, I believe that there are still areas of topics that require greater attention, such as characterizing the life cycle of different types of online communities and explaining how online communities organize themselves to develop norms, rules and policies. Additional areas include how to better support sociability and usability in online community development and how to develop flexible community software and social structures that can be rapidly scaled up or down as populations change. The future of online communities would greatly benefit from results of these researches as better community model and community support software will be developed and implemented.

As Internet access increases around the world an increasingly number of people will be able take part in online communities. As broadband and wider access increases, then these communities can be more sophisticated. Thus, the number of online communities is likely to increase but it is not so clear whether the size of or productivity of communities online will increase. It could well be the case that communities have a natural size, a population cap that is unlikely to be exceeded (Zhang, 2003). Research indicates that too large communities may produce too many unwanted emails or posts to remain attractive to users (Zhang, 2003).

Finally, organizations have realized the benefits offered by online communities. More and more organizations have started implementing online communities to facilitate knowledge management within the organization. With the ongoing research in the field of online community and knowledge management, and the use of tried and tested technology, an understanding of online psychology, and the experience built up over the past few years, there is a powerful combination, predicting a positive future for online communities.

The security communication. eBay has shown that community trust can succeed as a method of communicating trust and safety rhetorically. The number of complaints has consistently been a remarkably small percentage of all eBay transactions, and feedback profiles contain very few negative comments. At any Web site linking people, the community model merits serious consideration. In addition to sharing the burden of security with users, the community model also provides much more flexibility than corporate control allows. When users are responsible for spotting fraud and enforcing ethical guidelines, they have the ability to forgive legitimate problems and delays that a more rigid, authoritarian security system does not provide. The self-interested motives of the community security system also reduce the temptation to defraud others or to break rules -- doing so makes further participation on the site almost impossible because of the loss of status and even legitimacy that comes with negative feedback.

The ability to influence one's individual identity positively in an Internet community also represents an opportunity for other Internet communities to learn from eBay's community trust. And eBay's success in building shared narratives is another facet of "community trust" that other online communities would do well to imitate. Perhaps community-building values such as reciprocal influence and status can begin to construct safe places elsewhere on the Web where off-line strangers are brought together with the need to trust and be trusted. As one of the most successful e-commerce sites, eBay provides important lessons about establishing a community of commerce and maintaining "community trust" even through explosive growth. But its success includes a cautionary note for other sites that would imitate the community security philosophy: in its haste to add more tools to users' security possibilities, eBay could end up damaging the very foundation of its first seven years of secure operation.

Although there is no commonly agreed upon definition of knowledge management, companies, governments, institutions and organizations are demonstrating an increasing interest in the topic. Leading-edge companies are now embracing the Internet for its value as a powerful tool for distributed information technology applications, low-cost data communication and intra-company collaboration and communication. The research concerning the use of the Internet as a business management strategy appears to be split, however. Proponents of the Internet as a key management tool argue that there are numerous benefits that an organization can yield, while other research may prove the contrary.

The above mentioned research indicates that there are numerous benefits that an organization can reap through the implementation of an Internet transportation management strategy which features an online community. These benefits include improved visibility over the transportation network, improved operational efficiency, significant cost savings, and the standardization of processes. Other benefits include communication and compliance amongst disparate or decentralized operations, and knowledge retention and sharing of best practices across the enterprise. The rapid and enormous growth of the Internet has brought online communities into existence.

Risk management is the process that allows information technology managers of online communities to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the information technology systems and data that support their organization's missions. The upper level of an organization must ensure that the organization has the capabilities needed to accomplish its mission. These mission owners must determine the security capabilities that their information technology systems must have to provide the desired level of support.

Since most organizations have tight budgets for information technology security, the spending must be reviewed as thoroughly as other management decisions. A well-structured risk management methodology can assist management identify appropriate controls for providing the mission-essential security capabilities. Minimizing negative impact on an organization and need for sound basis in decision making are the fundamental reasons organizations implement a risk management process for their information technology systems.

Effective risk management must be completely integrated into the system development life cycle. An information technology system's system development life cycle has five phases. These phases are initiation, development or acquisition, implementation, operation or maintenance, and disposal. In some instances, an information technology system may occupy several of these phases at the same time. However, the risk management methodology is the same regardless of the system development life cycle phase for which the assessment is being conducted. As a result, risk management is an interactive process that can be performed during each major phase of the system development life cycle.

In the initiation phase, the need for an information technology system is expressed and the purpose and scope of the information technology system is documented. Identified risks are used to support the development of the system requirements, including security requirements and a security concept of operations. In the development of acquisition phase, the information technology system is designed, purchased, programmed, developed, or otherwise constructed. The risks identified during this phase can be used to support the security analyses of the information technology system that may lead to architecture and design trade offs during system development. In the implementation phase, the system security features should be enabled, tested and verified. The risk management process supports the assessment of the system implementation against its requirements and within its modeled operational environment. Decisions regarding risks identified must be made prior to system operation.

In the operation or maintenance phase, the system performs its functions. Typically the system is being modified on an on-going basis through the addition of hardware and software and by changes to organizational processes, policies, and procedures. Risk management activities are performed for periodic system reauthorization or whenever major changes are made to an information technology system in its operational, production environment. Finally, the last phase, disposal, involves the disposition of information, hardware, and software. Activities may include moving, archiving, discarding or destroying information and sanitizing the hardware and software. Risk management actives are performed for the system components that will dispose of or replaced to ensure that the hardware and software are properly disposed of, that residual data is appropriately handled, and that system migration is conducted in a secure and systematic manner.