Green Paper on Electronic Commerce for South Africa - for public discussion

THEME 2  - BUILDING TRUST IN THE ELECTRONIC ECONOMY

 

7. BUILDING TRUST IN THE ELECTRONIC ECONOMY

7.1  INTRODUCTION

The growth and development of electronic commerce relies primarily on building the confidence of the consumer, business and government in the e-commerce environment. Transmission of information over the Internet for the purpose of trading and communication presents new and sophisticated forms of threat for both the sender and the recipient of information.

One of the main differences between e-commerce and traditional commerce is that electronic transactions are largely impersonal, anonymous. Business and consumers require assurance that transactions that occur in an online environment are secure and private.

Security measures used in conventional commerce may not be adequate to provide trust in the electronic economy. For example, in a non-electronic or traditional environment, information is held in files securely locked in cupboards, or even in wall safes, depending on the sensitivity of information. The electronic world provides for the same information to be widely accessible via various media. Therefore it is crucial to ensure that information to those for whom it is intended, access information, and instruments that will ensure verification of parties to a transaction are available

To ensure transaction security, the following elements are necessary:

Authentication: securing the identities of the parties to a transaction
Confidentiality   - ensuring that the information is kept private
Integrity – ensuring that that information or process has not been modified or corrupted without detection
Non-repudiation:  ensuring neither party can refute that the transaction occurred, i.e. ensures that the transaction is binding.

Legal, procedural and technical means to ensure the security of data is important to allow e-commerce to reach its full potential.  For instance, admissibility of electronic signatures in a court of law could further enhance the confidence in e-commerce transaction.

The role of government should be to legislate or regulate if necessary and issue licenses where appropriate to encourage user trust; that of the private sector would be to introduce voluntary codes and develop technological solutions. This requires active partnership between government and the private sector.

This chapter will therefore focus on security and related issues, which include public key infrastructure, public key cryptography, digital certificates, electronic signatures, privacy and lawful access to encrypted data.

7.2  PUBLIC KEY INFRASTRUCTURE

What is a Public Key Infrastructure? 

A public key infrastructure (PKI) makes it possible for you to identify and trust another Internet user, which can be another person, a computer or other hand-held devices and/or some other electronic entity.  In a PKI, digital identification, called digital certificate is used to prove the identity of Internet users.  This certificate can also be used to verify a digital signature, which can be attached to e-mail.  The signature itself is created using public key cryptography.

 PKI provides confidentiality; integrity; authentication and non-repudiation. The goal of a PKI is to establish and maintain a trustworthy networking environment by providing keys and certificate management services that enable encryption and electronic signature capabilities across applications.

7.2.1  What is Public Key Cryptography? 

Public Key Cryptography is essentially a method of keeping data secure and protected by applying a mathematical formula to obscure the information being transmitted.  In cryptography, this mathematical formula or a value is used to transform information into a form that is unreadable (i.e. encrypted). The information can only be transformed back into a readable form (i.e. decrypted) using a complementary algorithm and a second related value.  These values are called public keys. One key is made publicly available (public key) while another is kept secret (private key).  Public keys are usually embedded in digital certificates.  By embedding the public key value in a digital certificate, the identity of the person, computer or entity identified in the digital certificate can be strongly associated with the public key value.

Digital signatures are one of the primary ways public key cryptography can be used to make Internet communication safer.  To create a digital signature for e-mail, for example, a copy of the communication is encrypted using a private key.  This encrypted information is called digital signature – digitally signed message.  The digitally signed message is sent along with sender´s digital certificate to another person.  The digitally signed message (or digital signature) can only be decrypted and verified using public key embedded in the sender´s digital certificate.  A digital signature can therefore be used to identify a person or a computer or a hand-held device. It can also be used to ensure that a message or file has not been tampered with.

While cryptography has many benefits, these same technologies can be used to hide trans-border criminal activities and threaten national security.  Therefore rules are required to govern the use and sale of cryptographic materials.

General guiding principles on the use of cryptographic methods

OECD recommends a less restrictive approach in the development and use of cryptography, as recommended in the summary of its guidelines:

The adoption of the above principles does not imply a complete denial of the need of government involvement, through regulation or otherwise. For instance, although technical standards are currently being developed by international standards setting bodies, the Government should foster compliance with such international standards. Accepting local or proprietary standards may well lead to South Africa being cut off from the global e-commerce market.


QUESTIONS FOR POLICY CONSIDERATION

South Africa has to consider its stance with regard to promoting the benefits of increased data security and to ensuring that law enforcement agencies will be able to investigate criminal and other illicit transmissions. These deliberations must take into account the various policies of other countries and the role that South Africa wishes to play in promoting uniform standards internationally.  Key questions relating to the above are as follows:

  1. To what extent do existing laws impact on the development, use and sale of cryptographic materials?
  2. Should South Africa adopt specific policies and legislation now to encourage and/or restrict the use of encryption in commercial data transmissions or should South Africa wait and take cue from what is being formulated by other countries?
  3. To encourage greater public confidence in e-commerce, should the South African government officially endorse certain cryptographic methods, or TTP/CA institutions? 
  4. What restrictions, if any, should be placed on the use and sophistication of cryptography in domestic businesses´ electronic transactions?
  5. Should government law enforcement agencies have access to public keys to private cryptographic technology? What rules should apply and which institutions should be involved?
  6. How should South Africa participate in international deliberations and agreements toward common standards for cross-border data security and access, or should South Africa have its own local/proprietary standards?
  7. To what extent should the state be involved in the control and interoperability of encrypted material?
  8. Should there be control of the production sale (both export and import) and use of encrypted material?
  9. Should South Africa adopt the above-mentioned OECD guideline as an international benchmark?
  10. Are there unique South African circumstances that will need special mention or a different set of guidelines from those of the OECD?


7.3   WHAT IS A CERTIFICATION AUTHORITY?

A Certification Authority  (CA) is a trusted third party that is responsible for creating, distributing, and revoking digital certificates.  A CA issues digital certificates to link digital signatures to particular individuals or business functions.  A process of binding a public key value to a person, computer, or entity is called certification. CA also responds to queries about the validity of certificates that they have issued.  CAs revoke certificates when information in the certificate becomes unexpectedly invalid.  CAs can be either commercial and/or governmental.

One of the main policy debate surrounding private sector CAs is whether they should require formal licensing by government or whether self regulation without official endorsement should be allowed. In view of the potential importance of CA activities and the potential liability questions that could arise, public licensing may be necessary.  A licensing regime would obviously offer strong re-assurance to the public that licensed CA is reliable and responsible. The opposing view contends that the hierarchy of licensing government certification and industry CAs could stifle e-commerce development.


QUESTIONS FOR POLICY CONSIDERATION

It is recommended that a voluntary but statutory framework for the licensing scheme be introduced. This would build consumer confidence in that their interests are well looked after.  The benefit of a voluntary scheme is that the decision on whether or not to rely on a statutory scheme is left to the end user.  For example, where trust already exists between the parties to a transaction, there may be less need for ‘trust´ in the service provider.  Users of approved service providers would also benefit from the assurance that their electronic signatures would likely be given legal effect throughout the country.

  1. Is the above recommendation viable?
  2. If South Africa intends establishing certification and public key infrastructure policies, there are several options and questions that will need to be addressed, among them:
  3. Where CAs are to be licensed, will it be necessary to define general policies or guidelines applicable to CAs and to appoint an official agency to issue licenses and monitor compliance with the policy standards?
  4. What should be the general policies or guidelines  governing CAs?
  5. What architecture should a South African PKI/CA have? The following are the options for consideration: establishment of a Root (level 0) Government Certification Authority, which would certify the public keys of level 1 CAs in individual government departments. The Root Government CA might cross-certify root CAs in private industry sectors. Establish public/private forum type CA with a joint board.
  6. Should legislation be passed to require mandatory, or at least voluntary, licensing of industry CAs and what structure should the licensing regime take?
  7. Which agencies should be responsible for establishing policy (the role of the policy approval authority) and for managing and implementing the licensing (the role of the policy management authority)?
  8. What should be the obligations and responsibilities, and the potential liability, of publicly licensed CAs with regard to electronic transactions, electronic signatures, and cryptography?
  9. Should the UN and EU standards apply to the makeup and operations of licensed CAs?
  10. What organisations can be licensed to be CAs? Will unlicensed CAs be allowed to offer services?
  11. What distinctions need to be made between certification authorities and other forms of trusted third parties?
  12. To what extent should South African policy draw on and be reconciled with emerging international standards for certification and the potential for multiple competing certification authorities and certification procedures, applying to transactions across international boundaries?


7.4  LEGAL ISSUES PERTAINING TO PRIVACY OF COMMUNICATIONS

Public safety, crime control, national intelligence agencies and regulatory requirements all require effective and timely gathering of accurate information and evidence about activities of criminal elements. The effectiveness of these agencies in monitoring criminal activities, investigating and prosecuting offenders often depend on their ability to conduct electronic surveillance of communications and to search or inspect places including computers for relevant information. There is also a concern that key recovery or weak encryption gives government too much power and technical capacity to engage in mass surveillance. 

Therefore, while there are legitimate reasons of providing lawful state access to encrypted information, implementation of such a practice raises human rights concerns mainly with respect to privacy and freedom of expression. Cryptography policy must be assessed against costs and benefits in terms of basic human rights, commercial interest, public security and crime prevention. As in many democratic countries, the rights of privacy and freedom of expression of all South Africans are constitutionally protected through the Bill of Rights.

Privacy rights seek to prohibit the state from decrypting data without some compelling justification, on the other hand, the right to freedom of expression extends to both the production of cryptographic product and their use to protect the messages that are being expressed or data being stored. These guarantees are important but not absolute in that privacy invasion, seizure of data, or interception of communication must be justified and authorized by a judge.

7.4.1  Current Situation in South Africa

In South African law the individual´s right to privacy and information is enshrined in the constitution.  Section 14 (d) of the constitution provides for the protection of the privacy of the individual with regard to communication.  However, Section 36 limits certain privacy rights where ‘reasonable and justifiable´

Section 32 of the constitution provides for the individuals right to ‘access to information´ The Promotion of Access to Information Act of 2000 has enacted to give effect to the right stipulated by section 32.


QUESTIONS FOR POLICY CONSIDERATION

  1. Is the current privacy regime adequate to address privacy challenges imposed by the electronic environment?
  2. To what extent does the Interception and Monitoring Prohibition Act (N0 127 of 1992) address issues of privacy in the electronic environment?
  3. What technical standards, criteria, and protocols should be developed and promulgated at national and international level to deal with issues of privacy?


7.5  CYBER CRIME AND LAWFUL STATE ACCESS TO ENCRYPTED DATA.

While the internet age has brought with it opportunities and challenges for both business and consumers, it has also generated new forms of criminal activities, improved methods of committing crimes, and new ways to conceal evidence.

"Cybercrimes" are illegal acts, the commission of which involves the use of an electronic system, networks, technologies and devices such as the telephone, microwave and satellite.

Where a computer is involved, it could be the object of a crime, an instrument used to commit a crime or a repository of evidence related to a crime. The first example is when a hacker tries to steal information from or damage, a computer or computer network.   The second, is when the computer replaces the telephone as a tool in an illegal telemarketing operation or simply to transmit child pornography. Last, is when the computer is used to store records of illegal schemes such as money laundering schemes or drug trafficking transactions?

Therefore restricting the use of encryption could well prevent law-abiding companies and citizens from protecting themselves against such criminal attacks. It would not however totally prevent criminals from using these technologies. Most countries in the world have no restrictions on the use of cryptography, which maybe freely used, manufactured, and sold without restriction. This is the international trend on cryptography, which puts emphasis on the liberalisation of controls on cryptography, and the development of market based, user driven cryptography products and services.

However this poses a problem for law enforcement agencies in their quest to monitor electronic crimes.  In South Africa, the Working Group on Security and Privacy has therefore recommended that: 

It is possible that local law enforcement agencies already have the rights envisaged under the above recommendation, provided that the existing laws on search and seizure are suitably widely interpreted, to allow for the “intangible” nature of electronic communications and data. 

In South Africa, a working committee for the South African Law Commission after reviewing the Interception and Monitoring Prohibition Act (No. 127 of 1992) and comparing it with the legal position of EU, Canada, Hong Kong and the United States; have recommended that the Act be amended to protect the consumer and the State from criminal activities through proper definition of words and clauses that may have ambiguity. The UK has adopted a similar position according to its Draft Regulatory Impact Assessment of the Draft Electronic Communications Bill (DTI, July 1999).


QUESTIONS FOR POLICY CONSIDERATION

1.    Should the use of cryptography be regulated?

The following are possible options aimed at addressing the use of cryptography:

  1. Is it entirely possible to use the traditional statutory tools to prosecute an offender who has committed an Internet crime, if not what changes should be made to the legal system to accommodate such a crime?
  2. In all crimes, including cyber crimes, the defendant's guilt must be proven beyond reasonable doubt, but global networks lack effective identification mechanisms for individuals.   How can society put in place law that circumvents such a problem?
  3. Should the issue of cybercrime (including viruses and hacking) be dealt with at the same time as general e-commerce legislation, or should the latter be dealt with first in order to hasten the process (as was decided during the UK e-commerce initiative)?
  4. What types of international agreement should South Africa pursue to ensure that cyberfraud and similar practices could be policed on a worldwide basis, through co-operative investigation and prosecution?

 

8.  CONSUMER PROTECTION

8.1 INTRODUCTION

The electronic market place offers consumers unprecedented choice and twenty-four hours accessibility and convenience. It gives established marketers and new entrepreneurs low-cost access to a virtually unlimited customer base. With these benefits also comes the challenge of ensuring that the virtual marketplace is a safe and secure one to purchase goods, services and access electronic information. Consumers must be confident that the goods and services offered online are fairly represented and that the merchants with whom they are dealing (many of whom may be located in another part of the world), will deliver their goods in a timely manner and are not engaged in illegal business practices such as fraud or deception.

Consumers must be protected against the following dangers:

On the other hand, suppliers are in some danger themselves, through exposing themselves to unknown liabilities, especially in view of the fact that the law on Internet commerce is as yet poorly defined, and differs from country to country.

Consumer confidence also requires that consumers have access to fair and effective redresses if they are not satisfied with some aspects of the transaction.  To ensure strong and effective consumer protection in an online environment and obviate the need for a long and arduous litigation process, alternative and easy-to-use mechanisms for consumer dispute resolution, redress and enforcement mechanisms are required. Again beyond enforcing current law and developing strong consumer protection policies, consumers must be made aware of the availability of instruments to help them use Internet safely.

8.2  INTERNATIONAL SITUATION

Any consumer, regardless of whether he or she is a South African or a foreigner, who accesses a commercial website, should feel comfortable dealing with any South African supplier of goods or services. While the physical location of such a supplier may be hard to determine, it is deemed to be an essential feature of any fair distance selling that the supplier provide such a physical address. This presents South African business with an opportunity to establish a reputation for sound e-commercial practices, not only locally or within the SADC but also worldwide.

Provisions of the European Directive on distance contracts.  The EU Directive applies to any “distance contract”, i.e. to any contract regarding goods or services which is concluded at a distance.  This includes traditional forms of business such as mail orders and the supply of financial services. The salient features of the EU provisions are as follows:

  1. Prior Information: The supplier must provide, in a clear and comprehensible manner, the consumer with his identity, including his physical address; the main characteristics of the goods or services; the price including all relevant taxes; the costs of delivery; the arrangements for payment and delivery or performance;  the existence of a right of withdrawal and  the period of time for which the offer remains valid.
  2. Written confirmation: At the latest at the time of delivery, the consumer must be informed, “in writing or on another durable medium”, of the conditions and procedures for exercising the right of withdrawal; the geographical address to which the consumer may address any complaints;  information on after sales service, and guarantees and the conditions applicable to cancellation of the contract.
  3. Right of Withdrawal:  The main provision is that the consumer can withdraw from the contract, without giving any reason, within the first seven days of conclusion of the contract.
  4. Performance:  Unless otherwise agreed, the supplier must honour his side of the contract within thirty days.
  5. Indemnity: The consumer may not be held liable in the case of fraudulent use of his or her card.
  6. Inertia selling: Supplying unsolicited goods and assuming that the absence of a response signifies consent is prohibited.
  7. Communication means: Some means of communication, such as automatic calling machines and fax machines, may only be used if the consumer has given prior permission.
  8. Judicial or administrative redress:  Among the various requirements under this heading is Article 11 3(a) which reads thus: “Member States may stipulate that the burden of proof concerning the existence of prior information, written confirmation, compliance with time limits or consumer consent can be placed on the supplier.”
  9. Binding nature:  “The consumer may not waive the rights conferred on him.

Consumer protection principles in Australia.  EU principles may be compared with those proposed by the Australian National Advisory Council on Consumer Affairs (NACCA).   These are as follows:

  1. Consumers using electronic commerce are entitled to at least the same levels of protection as provided by the laws and practices that apply to existing forms of commerce.
  2. Consumers should be able to establish the identity and location of businesses with which they deal.
  3. Consumers should have readily available clear and comprehensive information before and after any purchase of goods and/or services.
  4. Sellers must state contract terms in clear, simple language.
  5. Sellers should ensure they received confirmed meaningful consent from consumers for a purchase of goods and/or services.
  6. Consumers are entitled to receive clear information about the types of payments, which will be accepted by the merchant or the payment provider.
  7. Consumers are entitled to have their complaints and inquiries dealt with fairly and effectively.
  8. Sellers should provide information to consumers about affordable and effective dispute resolution arrangements, where they are available.
  9. Sellers must respect customer privacy.
  10. Industry code administration bodies must closely monitor the application and effectiveness of their codes and be able to correct any deficiencies, which are identified.
  11. Each code operating body should strive to maintain and promote consumer confidence in the global marketplace.
  12. Governments should actively develop their consumer protection responsibilities.

In line with international standards, South Africa should consider developing adequate measures for consumer protection, which include the following:

  1. Legislation on consumer rights needs to be reviewed, to ensure that this adequately applies to e-commerce, and where necessary that the relevant definitions are widened;
  2. The creation by industry of Codes of Practice must be encouraged; industry needs to be cognisant of generally accepted principles such as those of the EU Directive and of NACCA, and possible other examples.
  3. Industry should be encouraged to institute “Seal of Approval” programs.
  4. Industry and Government should collaborate on educating consumers on their rights and on the meaning of the “Seals of Approval”.
  5. Only if the above measures are seen to fail in their purpose, should additional legislation be considered.  

Awareness.  At the same time e-communications and e-commerce must be seen as providing new opportunities for small, medium and micro enterprises.  As part of its educational activities, the Government should, (recognising the vulnerabilities of possible new and inexperienced entrepreneurs), make them aware of their responsibilities and liabilities. These responsibilities include, apart from the matters touched upon above, such matters as checking and confirming incoming e-mail; confirming orders; checking links to and from their Website, and maintaining control over their own content as well as over that of sites to which they are linked, and if necessary disclaiming links. 


QUESTIONS FOR POLICY CONSIDERATIONS

  1. How should South Africa embrace these principles in its consumer protection laws or legislation? 
  2. Are these guidelines adequate? If not what else needs to be added?
  3. To what extent should law regulate consumer protection, and to what extent can commerce be trusted to regulate itself?
  4. What new or amended consumer laws and regulations need to be established or adopted to re-inforce the rights of the public in the context of e-commerce?
  5. How can the role of the existing consumer protection bodies be enhanced to effectively accommodate electronic communications and commerce?
  6. Should there be new bodies established particularly to generate awareness.
  7. How should current bodies be enhanced to deal with consumer issues and e-commerce.


8.3  PROTECTION OF PRIVACY AND PERSONAL INFORMATION

Privacy can be generally defined as the right to be left alone, free from intrusion or interruption.  Privacy or the lack thereof, is a major concern for individuals in the use of the electronic medium in commerce. This includes not only the privacy of the communication between the parties in a transaction e.g. the protection of credit and debit card numbers while traversing the Internet, or of other personal details,  which can be solved through the use of encryption; but also the accumulation of personal data at Websites visited, for example through the use of “cookies” or the introduction of Customer Relationship Management Tools (CRMs). In the nature of any distance-contract, the supplying party must collect a certain amount of personal information, even if this is only the name and address, and the credit card number, of the buyer.  However, it is possible, as noted in the document “Privacy Online: A Report to Congress (June 1998) from the U.S. Federal Trade Commission makes clear” that information of a much more personal nature, such as race, health, financial standing, sexual orientation, is collected, frequently without any indication of how this information is subsequently to be used.  In particular, the disclosure of such information to other parties must be controlled, if not prevented altogether.  


QUESTIONS FOR POLICY CONSIDERATION

  1. Given the ease of access and problems associated with lack of protection from information, what would be appropriate for South Africa?
  2. What policies need to be put in place regarding administration of private information collected on line?


8.4  OECD GUIDELINES ON THE PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA.

These requirements are covered by the OECD Guidelines on the Protection of Privacy and transborder Flows of Personal Data.  These establish the following eight principles:

  1. Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
  2. Data Quality Principle: Personal data should be relevant to purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and up to date.
  3. Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of collection,  and the subsequent use limited to those purposes or such others as are not incompatible with those purposes and are as specified on each occasion of change of purpose.
  4. Use Limitation principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with [the Purpose Specification Principle] except with the consent of the data subject or by the authority of law.
  5. Security Safeguards Principle: Personal data should be protected by reasonable security against such risks as loss or unauthorised access, destruction, use modification or disclosure of data.
  6. Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data.  Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
  7. Individual Participation Principle: An individual should have the right to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; to have communicated to him, data relating to him, within a reasonable time, at a charge, if any, that is not excessive, in a reasonable manner and in a form that is readily intelligible to him; to be given reasons if a request is denied, and to be able to challenge such denial; and last, to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended.
  8. Accountability Principle: A data controller should be accountable for complying with measures, which give effect to the principles stated above.

It should be noted that the members of the EU recommend different approaches to how the Directive should be implemented.  Thus it is recommended that a combined government and industry database be set up to enable South African businesses to establish practices in any EU member country from which they may acquire personal data, for example, to establish profiles of their customers in that country.  

While self-regulation of privacy matters would be preferable, experience indicates that such self-regulation has not been effective enough, for the simple reason that an organisation which does apply a stringent privacy policy is at a competitive advantage over another one which does not.

The current Promotion of Access to Information Act emphasises more the obligations of the state in the protection of personal data held by it, and less on the collection, use and dissemination of personal data by the private sector.  There is a significant difference between the U.S.A. and Europe in their approach toward privacy.  The U.S. legislation is mainly based upon its Bill of Rights, which primarily serves to protect the individual from the state.  Legislation to protect the individual from undue invasion of privacy by other legal persons is minimal and fragmented.  Europe, on the other hand, is more concerned about the latter.  The first draft of the Open Democracy Bill conformed more closely to the U.S. pattern. It is understood that either a new bill, or a second one, will deal with the protection of privacy against undue invasion by business or other individuals. The necessity of covering both aspects is clear from Section 32(1) of the Constitution,  which states that “Everyone has the right of access to any information held by the state; and any information that is held by another person and that is required for the exercise or protection of any rights.”   


QUESTIONS FOR POLICY CONSIDERATION

The OECD Guidelines and the EU directive on protection of personal data pose the following policy challenges for South Africa:

  1. Given the above background, should the privacy legislation be enacted, and if so, to what extent should the above OECD guidelines on data protection be taken into account.
  2. How should the requirements of the EU Directive on Data Protection be met, if necessary? What could be the implications if not met?
  3. What new or amended consumer protection laws and regulations need to be established or adapted to reinforce the rights of the public in the context of e-commerce?
  4. How should the issue of liability for the perpetration of illegal activities via the Internet be addressed, including the roles and accountabilities of ISPs, merchants, banks, web hosting and design services, and end-users?
  5. Should consumer protection and law enforcement issues form part of the subject matter in this Green Paper, or should their respective ministries and government departments address them, from time to time?
  6. What role should other consumer protection bodies (for example the Consumer Council) play in this regard?
  7. Should South African laws be established independently, or should the initiative come from international treaties?

Contents   |   Executive Summary   |   Chapter 1   |   Chapter 2   |   Chapter 3   |   Chapter 4   |   Chapter 5   |   Chapter 6

Chapter 7   |   Chapter 8   |   Chapter 9   |   Chapter 10   |   Chapter 11   |   Chapter 12   |   Chapter 13   |   Glossary and  References

Index