Prentice Hall, 2002 1 Chapter 17 The Regulatory Environment of Electronic Commerce

Prentice Hall, 2002 1

Chapter 17

The Regulatory Environment of Electronic

Commerce


Learning Objectives

List and describe the major legal issues related to ECUnderstand the difficulties of protecting privacy and describe the measures taken by companies and individuals to protect itDescribe the intellectual property issues in EC and the measures provided for its protection


Learning Objectives (cont.)

Describe some of the ethical issues in EC and the measures taken by organizations to improve ethicsUnderstand the conflict between Internet indecency and free speech and the attempts to resolve the conflict


Learning Objectives (cont.)

Describe the issues involved in imposing sales tax on the InternetDifferentiate between contracts online and off-lineDiscuss some legal issues of computer crimesDescribe the measures available to protect buyers and sellers on the Internet


EC-Related Legal Incidents

Contractual issues in ECProCD sold a database program (SelectPhone) containing information from 3,000 telephone directories to:

Commercial usersIndividual retail consumers

Discount offered to noncommercial consumers based on an agreement (license) that restricted use of the program to noncommercial purposes


EC-Related Legal Incidents (cont.)

Contract validity and software piracyMr. Zeidenberg bought a retail version of the program and resold it over the InternetArgued the contract was not enforceable since he was unable to examine it until after he had purchased and opened the package (contract shrink-wrapped inside)



Supreme Court ruled that shrink-wrap licenses are enforceable

Placing terms on outside of box would require fine print, would diminish the function of the information Increasing number of software sales performed by wire where opportunity to review conditions may not be available until after receipt of product



Copyright infringement on the WebMIT student offered free copies of software (Word, Excel, WordPerfect) free over his bulletin board systemWhen sued, found not guilty because he had not benefited financially as per the Copyright Infringement ActThis loophole has since been fixed, today it is illegal to do



E-music sues MP3.com over copyrightsMyMP3.com’s service allowed users to listen to their CDs from any computer with Internet connectionEMusic.com sued MP3.com for infringing on copyright of some albums for which they owned the digital rightsMyMP3.com was suspended, but is now running again as a subscription-based music service



Julia Roberts domain nameMovie star Julia Roberts claimed she owned her domain nameBoyd, a dealer in celebrity names, felt there was no common law trademark to the namesHe auctioned off 50 sites using celebrity namesWorld Intellectual Property Organization (WIPO) ruled that he had no rights or legitimate interest in the domain name and had registered in bad faith


Legal and Ethical Issues

PrivacyIntellectual Property

Difficult to protect since it is easy and inexpensive to copy and disseminate digitized information

Free SpeechInternet provides the largest opportunity for free speech; but, some postings are offensive to people

TaxationIllegal to impose new sales taxes on Internet business at the present time (U.S. and some other countries)


Legal and Ethical Issues (cont.)

Computer crimesUsually refers to computer fraud and computer abuse

Consumer ProtectionMany legal issues are related to electronic trade

Other legal issuesValidity of contracts, legality of public key encryption infrastructures, jurisdiction over trades, encryption policies


Figure 17-1Evolution of Ethical Code and Legislation


Ethical Issues

What is considered to be right and wrong?What is unethical is not necessarily illegal.Whether these actions are considered unethical depends on the organization, country, and the specific circumstances surrounding the scenarios.


Ethical Issues (cont.)

Code of EthicsA collection of principles intended as a guide for its membersMany companies and professional organizations develop their own codes of ethicsA guide for members of a company or an association


A Framework for Ethical Issues

Privacy—regarding information about individuals

CollectionStorageDissemination

PropertyOwnership and value of information and intellectual property


A Framework for Ethical Issues (cont.)

Accuracy of:AuthenticityFidelityInformation collected and processed

AccessibilityRight to access information Payment of fees for the access


Protecting Privacy

PrivacyThe right to be left alone and the right to be free of unreasonable personal intrusions

Information PrivacyThe “claim of individuals, groups, or institutions to determine for themselves when, and to what extent, information about them is communicated to others”


Protecting Privacy (cont.)

Two basic rulesThe right of privacy is not absolute. Privacy must be balanced against the needs of societyThe public's right to know is superior to the individual’s right of privacy


How is Private Information Collected?

Reading your newsgroups’ postings

Finding you in the Internet DirectoryMaking your browser record information about youRecording what your browsers say about you

Reading your e-mail


Web-Site Self-Registration

Registration QuestionnairesType in private information in order to receive a password to participate in a lottery, to receive information, or to play a game

Uses of the Private Information collected:For planning the businessMay be sold to a third partyMust not be used in an inappropriate manner


40% of all users have falsified information when registering online66% of all U.S. and European respondents don’t register as they don’t know how the information is going to be used63% don’t feel that registration is worthwhile considering the content of the sites58% don’t trust the sites collecting this information from them

From the Eighth User Survey by GVU (1998)


Cookies

A software program that allows a Web site to record one’s comings and goings

Web sites can “remember” information about users and respond to their preferences on a particular site, process is transparent to usersWeb sites can maintain information on a particular user across HTTP connections


Cookies (cont.)

Why vendors are using cookiesTo personalize informationTo improve online sales/servicesTo simplify tracking of popular links or demographicsTo keep sites fresh and relevant to the user’s interestsTo enable subscribers to log in without having to enter a password every visitTo keep track of a customer’s search preferencesPersonal profiles created are sometimes more accurate than self-registration


Cookies (cont.)

Solutions to unwanted cookiesUsers can delete cookie files stored in their computerUse of anti-cookie software (e.g., Cookie cutter and anonymous cookie)


Privacy Protection

5 basic principles1. Notice/Awareness

Customers must be given notice and be able to make informed decisions

2. Choice/ConsentCustomers must be made aware of their options as to how their personal information may be used. Consent may be granted through “opt-out” clauses requiring steps to prevent collection of information


Basic Principles (cont.)

3. Access/ParticipationConsumers must be able to access their personal information and challenge the validity of the data

4. Integrity/securityConsumers must be assured that the data is secure and accurate


Basic Principles (cont.)

5. Enforcement/RedressThere must always exist a method of enforcement and remedy. The alternatives are government intervention, legislation for private remedies, or self-regulation


Protecting Your Privacy

Think before you give out personal information on a siteTrack the use of your name and informationKeep your newsgroups’ posts out of archivesUse the Anonymizer when browsingLive without cookies

Use anonymous remailersUse encryptionReroute your mail away from your officeAsk your ISP or employer about a privacy policy


Legislation

The Consumer Internet Privacy ActThe Federal Internet Privacy Protection ActThe Communications Privacy and Consumer Empowerment ActThe Data Privacy Act


Federal Trade Commission (FTC) Audit

FTC examined these practices:Notice of site of information-gathering and dissemination policiesOpportunity for users to exercise choice over how personal information is usedUser control over personal informationVerification and oversight of claims made by the siteRecourse for resolving users’ complaints


Internet Privacy Protection

Movement of advocate groups and industryPrivate sector is apathetic regarding information protectionBusinesses prioritize business profits by collecting private information without disclosureBusiness strategy is to reduce consumers’ privacy concerns


Electronic Privacy Information Center

EPIC is a public-interest research center established to focus public attention on:

Emerging civil liberties issuesProtecting privacyFirst AmendmentConstitutional values

Proposed regulation of use of cookies


Electronic Surveillance

Tens of millions of computer users are monitored, many without their knowledgeEmployees have very limited protection against employers’ surveillance


Personal Information in Databases

Databases of:Banks and financial institutionsCable TVTelephonesEmployersSchoolsInsurance companiesOnline vendors


Personal Informationin Databases (cont.)

ConcernsUnder what circumstances will personal data be released?Do you know where the records are?How are the data used?How are data protected?


Privacy Policy Basics

Data collectionData should be collected on individuals only to accomplish a legitimate business objectiveData should be adequate, relevant, and not excessive in relation to the business objective.Individuals must give their consent before data pertaining to them can be gathered


Privacy Policy Basics (cont.)

Data accuracySensitive data gathered on individuals should be verified before it is entered into the database Data should be accurate and, where and when necessary, kept currentThe file should be made available, so an individual can ensure that the data are correctIf there is disagreement about the accuracy of the data, the individual’s version should be noted and included with any disclosure of the file



Data confidentialityComputer security procedures should be implemented to provide reasonable assurance against unauthorized disclosure of data Third parties should not be given access to data without the individual’s knowledge or permission, except as required by law



Data confidentiality (cont.)Disclosures of data, other than the most routine, should be noted and maintained for as long as the data are maintainedData should not be disclosed for reasons incompatible with the business objective for which they are collected


European Union Directiveon Internet Privacy

EU privacy directive reaffirming principles of personal data protection on InternetAims

Regulate activities of data user (person or company that controls collecting, holding, processing, use of personal data on Internet)Covers any data relating to data subject (a living subject)


EU Directive on Internet Privacy (cont.)

Data subjectsKnow where personal data is heldAccess, erase or block access to dataObject to usageOppose automated individual decision makingObtain judicial remedy and compensation for privacy infringement


EU Directive on Internet Privacy (cont.)

Data users ensure personal data on Internet is:

Collected fairly and lawfullyUsed only for specific, explicit legitimate purpose with consent of subjectAccurate, current, secureRetained no longer than necessary for fulfilling original purpose of collection


Protecting Intellectual Property

CopyrightA statutory grant that provides the creators of intellectual property with ownership of it for 28 years

Trade SecretIntellectual work such as a business plan, which is a company secret and is not based on public information

PatentA document that grants the holder exclusive rights on an invention for 17 years (U.S.)


Copyrights

Protects original expression of ideasLiterary worksMusical worksDramatic worksArtistic worksSound recordings, films, broadcasts, cable programsPublished editions of literary and musical works


Copyright Protection Techniques

Digital watermarksEmbedding of invisible marksCan be represented by bits in digital contentHidden in the source data, becoming inseparable from such data


Legal Perspectives of Copyrights

Electronic Theft (NET) ActImposed criminal liability for individuals who reproduce or distribute copies of copyrighted works even if no commercial advantage or financial gain exists


Legal Perspectives of Copyrights (cont.)

Digital Copyright Clarification and Technology Education Act

Limits the scope of digital copyright infringement by allowing distance learning exemptions



Online Copyright Liability Limitation ActSeeks to protect internet access providers from liability for direct and vicarious liability under specific circumstances where they have no control or knowledge of infringement



Digital Millennium Copyright ActReasserts copyright in cyberspaceMakes illegal most attempts to defeat anti-copying technologyRequires the national telecommunications and information administration to review the effect the bill would have on the free flow of information and makes recommendations for any changes two years after it is signed into law



Digital Millennium Copyright ActLets companies and common citizens circumvent anti-copying technology when necessary to make software or hardware compatible with other products, to conduct encryption research or to keep personal information from being spread via internet “cookies” or other copy-protection toolsForbids excessive copying of databases, even when those databases contain information already in the public domain


International Aspects of Intellectual Property

The World Intellectual Property Organization

More than 60 member countries come up with an international treatyPart of the agreement is called the “database treaty”

Its aim is to protect the investment of firms that collect and arrange information


Patents

Patent—a document that grants the holder exclusive rights on an invention for 17 years

Satisfy following legal criteriaNovel—does not already exist as part of the public domainInvolves sufficiently “inventive step”Capable of individual application (be put to practical use)


Trademarks

Trademarks—graphical sign used by businesses to identify their goods and servicesGives exclusive rights to:

Use trademark on goods and services registered to that signTake legal action to prevent anyone from using trademark without consent


Domain Names

Domain name refers to the upper category of Internet address (URL)Three controversies

Whether top-level domain names (similar to com, org and gov) should be addedThe use of trademark names by companies for domain names that belong to other companiesIf companies in different countries have the same name, who can use it as the domain name?


Domain Names (cont.)

Network Solutions, Inc.Contracted by the government to assign domain addresses (had a monopoly until 2000)

Increase top level namesIdea is that an adult-only top-level name will be created to prevent pornographic material getting into the hands of childrenArbitration can be done via an international body to resolve conflicts


Domain Names (cont.)

Trade Name DisputesCompanies are using trade names of other companies as their domain address to help attract traffic to their Web site


Defining Freedom of Speech

The Bill of Rights First Amendment to the Constitution of the U.S. of America reads:

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.”


The United Nations Universal Declaration of Human Rights in 1948 addresses the right of freedom of expression:

“Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive, and impart information and ideas through any media and regardless of frontiers.”

Defining Freedom of Speech (cont.)


The Debate AboutFree Speech on the Internet

Free speech debate“Most citizens are implacably opposed to censorship in any form — except censorship of whatever they personally happen to find offensive.”The debate: what restrictions, if any, should there be on Internet content, and how should it be monitored?


The Debate AboutFree Speech on the Internet (cont.)

What are the boundaries, and how should they be enforced?

Governments protective of their role in societyParents concerned about exposing their children to inappropriate Web pages and chat roomsFederal agencies attempting to deal with illegal actions


The Debate AboutFree Speech on the Internet (cont.)

What are the boundaries, and how should they be enforced? (cont.)

Citizen action groups desiring to protect every ounce of their freedom to speakIndividuals concerned about their right to information on the InternetOrganizations seeking to empower the citizens of the earth


The Debate About Free Speech on the Internet (cont.)

Provisions in law for 2 cases that limit free speech

Obscene materialCompelling government interest

“Indecency”“Any comment, request, suggestion, proposal, image, or other communication that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards, sexual or excretory activities or organs”


Protecting Children

3 approaches (regarding the protection of children from inappropriate material on the Internet)

No information should be held back and parents should be responsible for monitoring their own childrenThe government is the only one who can truly protect children from this materialTo hold the Internet providers responsible for all the material and information they provide, or enable access to it


Protecting Children (cont.)

Parents governing their own childrenGovernment protecting the childrenResponsibility of the Internet providersForcing Internet providers to be accountable, or enable access to information


Legal Perspectives in the USA

Child Online Protection ActInternet Tax Freedom ActFamily Friendly Internet Access ActInternet Protection ActInternet School Filtering Act


Controlling Spamming

What is spamming, why is it bad?Spamming

“The practice of indiscriminate distribution of messages (for example junk mail) without permission of the receiver and without consideration for the messages’ appropriateness”


Controlling Spamming (cont.)

Spamming’s negative impactsSpam comprised 30% of all mail sent on America Online (in the past, now less than 10%)Slows the internet in generalShuts ISPs down completely


Legislation, LegalThe Electronic Mailbox Protection ActThe Unsolicited Commercial Electronic Mail ActThe Netizens Protection ActThe Telephone Consumer Protection Act




How to cut spammingTell users not to validate their addresses by answering spam requests for replies if they want to be taken off mailing listsDisable the relay feature on SMTP (mail) servers so mail cannot be bounced off the serverDelete spam and forget it— it’s a fact of life and not worth wasting time overUse software packages, e.g. getlost.com and junkbusters.com


Taxation Policies

The Taxation Exemption Debate Internet Tax Freedom Act (October 8, 1998)

Promotes electronic commerce through tax incentives by barring any new state or local sales taxes on Internet transactions during the next three years (extended by 5 years)Being challenged in court as discriminatory against regular business


Taxation Policies (cont.)

Proposed TaxationSolutions in the USA

The Internal Revenue Service might “come to the rescue” with a single and

simplified national sales tax.

This will reduce 30,000 different tax codes to “no

more than 50”.

Net sales would be taxed at the same rate as mail order or

Main Street transactions.

While states could set their one rate, each sale could be

taxed only once.


Other Legal Issues

What are the rules of electronic contracting, and whose jurisdiction prevails when buyers, brokers, and sellers are in different states and/or countries?How can gambling be controlled on the Internet? Gambling is legal in Nevada and other states. How can the winner’s tax be collected? By whom?When are electronic documents admissible evidence in the courts of law? What do you do if they are not?


Other Legal Issues (cont.)

Time and place can carry different dates for the buyers and sellers when they are across the ocean. Which time should be considered?Is a digital signature legal?The use of multiple networks and trading partners makes the documentation of responsibility difficult. How is such a problem overcome?


Electronic Contracts

Uniform Electronic Transactions ActUniform Commercial Code (UCC)Shrink-wrap agreements (or box-top licenses)

The user is bound to the license by opening the package


Electronic Contracts (cont.)

Click-wrap contractsThe software vendor offers to sell or license the use of the software according to the terms accompanying the softwareThe buyer agrees to be bound by the terms based on certain conduct


Computer Crimes

Computer crimes refers to computer fraud and/or computer abuseComputer fraud committed by:

Alteration of inputAlteration of computer dataAlteration/misuse of programsDestruction/suppression/misappropriation of output


Computer Crimes (cont.)

Computer abuse committed by:Misuse of company computer service/resources by performing unauthorized private work or playing games by employeesCompromise of system integrity by:

Altering company dataIntroducing virusesHacking into the system



Characteristics of computer crimeChronic underreporting of abuseSecurity not introduced until abuse has occurredOrganizational size unrelated to severity of punishmentAbuses by high-level employees less likely to be prosecutedProgrammers most difficult to identifyPublicity discourages abuseSecurity efforts reduce abuse



Effective measures in deterring computer crime

Make computer security visibleDefine and communicate company’s policy regularlyMake staff aware of penaltiesReport cases to policePublicize successful prosecutionDeploy security technologies extensively



Legal aspectsAny person who, by using telecommunications, knowingly causes a computer to perform any function to obtain unauthorized access to a computer commits a hacking offenseTo do the following without consent

Cause a computer not to function normallyAlter or erase any program or dataAdd any program or data to a computer


Fraud on the Internet

Internet Stocks FraudSEC brought charges against 44 companies and individuals who illegally promoted stocks on computer bulletin boards, online newsletters and investment Web sites

Other Financial FraudSelling bogus investments, phantom business opportunities, and other fraud schemes


Fraud on the Internet (cont.)

Other Fraud in ECCustomers may:

Receive poor quality products and servicesNot get products in timeBe asked to pay for things they assume will be paid for by sellers


Consumer Protection

Tips for safe electronic shoppingLook for reliable brand names at sitesSearch any unfamiliar site for address and phone and fax number. Call up and quiz a person about the sellersCheck the seller with the local Chamber of Commerce, Better Business Bureau, or TRUSTe as described later


Investigate how secure the seller’s site is and how well it is organizedExamine the money-back guarantees, warranties, and service agreementsCompare prices to those in regular stores; too-low prices may be too good to be true

Buyer Protection (cont.)


Buyer Protection (cont.)

Ask friends what they know. Find testimonials and endorsementsFind out what you can do in case of a disputeConsult the National Fraud Information CenterCheck consumerworld.orgDo not forget the you have shopper’s rights


Third Party Services

Public organizations and private companies attempt to protect consumers

TRUSTe’s “Trustmark” (truste.com)non-profit groupto build user’s trust and confidence in the Internet by promoting the polices of disclosure and informed consent


Third Party Services (cont.)

Public organizations and private companies attempt to protect consumers (cont.)

BBB (Better Business Bureau)Private non-profit organizations supported largely by membershipTo provide reports on business firms that are helpful to consumers before making a purchase



Product informationAdvertisingOrdering methods pricesDelivery of goods

Consumer privacyReceiptingDispute resolutionSecurity

WHICHonline (whichonline.com)Gives consumers protection by ensuring online

traders abide by a code of proactive guidelines that protect



Web trust sealOnline Privacy Alliance

Diverse group of corporations and associations lead and support self-regulatory initiativesCreate environment of trustFoster protection of individuals’ privacy

Evaluation by consumers


Authentication

If authentication online can be verifiedStudents will be able to take exams online from homeFraud of recipients of government entitlements and other payments will be reduced to a bare minimumBuyers will be assured who the sellers are and sellers will know who the buyers are with a very high degree of confidence


Authentication (cont.)

Arrangements will be made so that only authorized people in companies can place purchasing ordersInterviews for employment, possible marriage, and other matching applications will be accurateTrust in your partners and in EC in general will increase significantly


Biometric Controls

Matching against a template:Photo of faceFingerprintsHand geometryBlood vessel pattern in the retina of a person’s eyeVoiceSignatureKeystroke dynamicsIris

Cathy .


Figure 17-3Capabilities of Biometric Controls

Source: InfoWorld (June 29, 1998) pg, 88 and courtesy of International Biometric Group.


Seller Protection

Sellers must be protected against:Dealing with customers who deny placing an orderCustomers downloading copyrighted software and/or knowledge and selling it to othersNot being properly paid for products and services providedUse of their names by othersUse of their unique words and phrases, names, and slogans and their Web addresses by others


What Can Vendors Do?

Use intelligent software that signals questionable customersDevelop a list of warning signals for possibly fraudulent transactionsAsk customers to have shipping address added to their bank account if different from billing address


Managerial Issues

Multinational corporations face different cultures in the different countries in which they are doing businessIssues of privacy, ethics, and so on may seem to be tangential to running a business, but ignoring them may hinder the operation of many organizations


Managerial Issues (cont.)

The impact of EC and the Internet can be so strong that the entire manner in which companies do business will be changed, with significant impacts on:

ProceduresPeople Organizational structure Management Business processes

Documents

Prentice Hall, 2002 1 Chapter 17 The Regulatory Environment of Electronic Commerce