Task 1
(5.b) Importance and Effectiveness of Legal Regulation in E-Commerce.
Introduction
The term 'Electronic commerce'(E-commerce) has been defined by Kalakota and Whinston as having many perspectives - communications, business, service and on-line. Electronic commerce is also defined as, any action undertaken by a business which requires a financial transaction to be carried out over a network such as the Internet. Electronic Data Interchange (EDI) is a form of electronic commerce concerned with the exchange of business documentation such as invoices and orders. Businesses have been slow to adopt EDI due to high costs, limited consumer access to proprietary networks and the inability to automate only part of the transaction. Electronic commerce has the ability to eliminate the time span between ordering, delivery invoicing and payment by using the World Wide Web. Electronic commerce transactions can be divided into two categories - Business to Business or Business to Individuals (consumer) and may involve the electronic supply of goods and services.
Electronic commerce offers benefits to both vendor and buyer. The vendor can create a global presence thus generating more potential business, reducing costs, increasing competition, and allowing the ability to customize products. The buyer benefits through increased choice which encourages better standards of service, price reductions and a more tailored service. “At present only eighty-five per cent of companies are using the Internet” [Feher and Towell, 1997] and uptake of electronic commerce is small. However it is estimated that there will be a two hundred per cent growth in electronic commerce transactions in future. This rapid increase inevitably leads to problems on a global scale with legislation and regulation.
Legal Regulation of E-commerce
Fraud, financial misbehavior and tax avoidance are not found just in electronic commerce, but electronic commerce presents new ways to commit old crimes. Electronic commerce is difficult to regulate for two main reasons. Firstly, the scope of electronic commerce and the technology involved changes rapidly. Traditionally, the formulation of the law has been an evolutionary process, adapting to suit the needs of society. Where electronic commerce is concerned the pace of change is and has been too great for this process to take place. This results in a situation where there is a choice of either applying current legislation or enacting new legislation specifically formulated to meet the challenge of electronic commerce. Secondly, the very nature of the technology involved means that it is transnational. This leads to problems as to which legal system a has jurisdiction over electronic commerce transactions.
Jurisdiction
Although consumers are prepared to conduct business by telephone and by fax, for some reason there appears to be a psychological barrier to transactions over the Internet. As the Internet has no regard for national boundaries the question of which legal system is responsible for cross-border transactions is central to the success of electronic commerce. Users are less likely to feel confident about making a transaction electronically if they are unsure of the legal protection they will be afforded. They may not be offered the same means of redress as in a purely domestic transaction. They may also be reluctant to transact with parties in a foreign or unknown jurisdiction due to lack of legal protection. This has implications for the development of global electronic commerce and raises several important issues.
Firstly, a vendor is expected to comply with the law of all the countries in which their clients reside, this place an unacceptable burden on the vendor - forcing them either to be aware of the legal situation throughout the world or to limit themselves to dealing with a few countries where they feel reassured by the law. The former is unfeasible and the latter is undesirable as it would be contrary to the spirit of electronic commerce which it is hoped will stimulate world-wide trade. One solution would be to establish international agreements stating that any contract signed in cyberspace comes under the jurisdiction of the territory in which the vendor resides. This, of course, raises problems relating with constitutes a residence and the problem is compounded if a business has operations in several countries. There is also a problem with server location; in the digital global economy it is quite feasible for an organization to have a server, but nothing else, in one country. The 'virtual organization' is therefore out with the jurisdiction of any one country.
Global Attempts at a Solution
The European Union has recently been formulating policy in a number of areas and is keen to ensure that regulation in Europe takes place in a unified way. Legislation on digital signatures, encryption and certificate authorities is imminent, and a Directive on data protection has been issued. (EU: 1995b) An outline of Commission policy can be found in 'A European Initiative in Electronic Commerce'. (EU: 1997c) At present there are no effective means for solving cross border dispute resolution in the area of electronic commerce. The proposals suggested by the UN and US should go some way to addressing this problem, although individual countries must accept the proposals and adopt national legislation. It is to be hoped this is done as soon as is practicable, in order to reassure consumers and businesses that electronic commerce is a safe and reliable way to conduct their business. The proposed legislation is based on a model of electronic commerce that would not have evolved naturally, and thus will be constrictive by attempting to shape electronic commerce instead of letting the needs of electronic commerce shape the law.
European Union Perspective
The EU is unique amongst international organizations in that it is able to make norms that are legally binding on its member states or which confer rights and obligations directly on the citizens of the EU. Harmonization within the EU is a priority in order to ensure the single market is not distorted. Europe, together with the US, is one of the key test-beds for electronic commerce. As the US and the EU are the largest trading blocs in the world, agreement between them would cover a large proportion of electronic commerce transactions. Agreement would also lead the way to a global legal environment, as other states dependent on trade with the US and the EU would be keen to enact similar legislation or enter into agreements which would make electronic commerce easier. Any kind of joint agreement must be swift, since it is inevitable that more and more nation-states will implement their own measures. It would be much more difficult to try to harmonize many individual laws than to encourage nations to follow a particular model from the beginning.
It appears that all parties are in agreement as to what is required - a flexible system led by the private sector allowing for the use of governmental rules in certain key areas. Example guidelines are already in place and it seems likely that more will follow adhering to the same formula. If world-wide agreement is to be found, one system needs to be adopted by the EU and USA in the hope that their trading partners will follow suit. In the absence of concrete international regulations the inevitable conclusion is for the buyer and seller to enter into a contract stating the conditions that have been agreed upon and the jurisdiction in which any dispute will be settled.
Technical Solutions and Legislation
Although the number of businesses on the Internet has grown, many of these organizations are simply maintaining a 'web presence' by providing information about themselves and their products and have not yet undertaken Internet-based transactions. This inertia is probably due to concern about security of transactions and user authorization. Technologies concerned with authorization include firewalls, password access, smart cards and biometric fingerprinting. However, in order to provide secure electronic transactions (SET), encryption technologies are used. Encryption technologies, which are supported by the appropriate legal mechanisms, have the potential to allow global electronic commerce to develop.
Digital Signatures
Digital signatures provide information regarding the sender of an electronic document. The technology has assumed huge importance recently with the realization that it may be the remedy to one of the major barriers to growth of electronic commerce: fears of lack of security. Digital signatures provide data integrity, thereby allowing the data to remain in the same state in which it was transmitted. The identity of the sender can also be authenticated by third parties.
The most widely used type of cryptography is public key cryptography where the sender is assigned two keys - one public, one private. The original message is encrypted using the public key while the recipient of the message requires the private key to decrypt the message. The recipient can then determine whether the data has been altered. However, although this system guarantees the integrity of the message, it does not guarantee the identity of the sender (public key owner). In order to remedy this Certificate Authority is required.
Certificate Authorities
Trusted Third Parties (TTP) provide a variety of cryptography services to their clients. Certificate Authorities (CAs) are TTPs who have been given license to produce digital certificates authenticating digital signatures. In order for this system to work, the Licensed CA must be reliable and have the confidence of the public and business community. In addition, those who rely on the services of the Licensed CA must be able to hold them legally liable for any loss suffered as a result of their error. Licensed CAs promotes the use of electronic commerce technology by reassuring the user that the authentication process is reliable, that is, the owner of the digital signature is who they say they are. This provides business with the reassurance that the electronic commerce transaction is secure.
Legal Position of Digital Signatures
Although digital signature technology has been available for some time, it has only recently become feasible to use digital signatures to authenticate a document. This breakthrough has made digital signatures one of the most important areas of development within electronic commerce. It is important because the technology, and the law governing it, must develop in a way that promotes, or at the very least does not inhibit, the growth of electronic commerce. A substantial amount of legislation regulating the use of digital signatures and their legal status has been enacted. So far, this has been enacted on a state by state basis, resulting in those countries taking contrasting legal positions. Germany has recently introduced the Digital Signature Law (Federal Act: 1998). France has enacted a law introducing Trusted Third Parties (Law Decreed: 1998) and the United Kingdom has released a consultation paper. Belgium, Italy and Sweden have also introduced legislation. Legislation on digital signatures has taken place on a state by state basis in the United States and so far nineteen states have legislated. International law on digital signatures has yet to be formulated.
As part of its plan to develop electronic commerce and create user confidence, the European Commission has unveiled a proposal for a directive on digital signatures. (EU: 1998d) The draft directive would lay down minimum requirements for electronic signature certificates and certification services and require legal recognition of electronic signatures to the same extent as written signatures, especially in cross border transactions (EU: 1998d). This is vital if electronic commerce is to become a viable alternative to traditional ways of conducting business. The proposal also envisages co-operation with third countries to enable recognition of digital signatures that have been certified by a CA in a third country, provided that CA meets the requirements of the directive or is situated in a country which has negotiated an agreement with the EU. (EU: 1998b). Negotiations with the US and Japan to this end have already begun. This is a very positive step as from its inception electronic commerce was intended to be global and this must be reflected in the law. Unfortunately, this concept does not fit well with legal tradition, and movement to create an international framework has not been swift. One important provision of the draft directive was that Certification Authorities should be allowed to operate without obtaining authorization in advance, although stating that they may seek voluntary accreditation if they wished.
Developments are also taking place at a global level. Bodies such as the Internet Engineering Task Force (IETF), the International Organization for Standardization (ISO) and W3C are currently working on standardization of digital signatures. The OECD has issued 'Guidelines for Cryptology Policy which includes a guide for states on the creation of legislation governing the use of digital signatures. UNCITRAL has also released draft legislation on electronic commerce, including guidelines for digital signatures. (UNCITRAL: 1998)
Electronic Commerce and the Abuse of Data
Personal databases of customer information allow businesses to tailor their marketing strategy to suit the individual and pinpoint the type of person they wish to target. Problems arise when that company chooses to share the data with someone to whom we have not chosen to give data or when details are taken without our knowledge. Technologies such as data mining have made it possible to use information much more productively. Misuse of personal data is not something that is limited to electronic commerce; we provide a great deal of information to various organizations on a daily basis. Again, a phobia about electronic commerce makes an appearance. Many high street stores provide in customer loyalty cards, with which our purchases can be monitored and we receive details of the latest offers which might interest us. The information taken from web sites regarding our buying preferences is treated equivalent to a store loyalty card in form of a cookie. The disturbing fact about cookies is that they have been designed to operate without the user knowing they are there thus, could be said to be an invasion of privacy.
Cookies are tiny pieces of data which are sent by web servers and which can be placed on the user's system for later retrieval. Cookies may be used perfectly innocuously, for example to find out if a visitor to a web site has been there
before and thus show customized information. However, cookies placed on your computer may be combined with malicious JavaScript or other code or may be designed in such a way as to reveal other sites your computer has visited, allowing marketers to attempt to create a picture of your interests and lifestyle. Cookies can be disabled, but this has implications for interaction with the web site as messages constantly appear asking the user to enable the cookie, thus wasting time and money.
“If consumers do not have control over the collection and use of their personal data, electronic commerce will facilitate the invasion of their privacy” (OECD, 1997) .It has also been argued that the use of cookies contravenes the principles of the Data Protection Directive (EU: 1995b). Although several groups concerned with privacy have objected to the use of cookies there appears to be little chance of their use lessening in the immediate future. This may change when the Data Protection Directive becomes part of the national law of states around Europe, and challenges to the use of cookies are made either by individuals or groups under the new laws.
Measures to Protect Users
On June 25 1998 the Director General for Financial Services and Internal Market of the European Commission met his American counterpart to discuss the issue of personal data protection in the electronic era. Such international co-operation is necessitated by the fact that the EU legislation affects transactions not only within the EU but also with third countries including the US. Until now measures to protect privacy in the US have largely taken the form of voluntary codes of conduct. The unanswered questions as to where liability lies for an infringement of the EU Directive and who could take action against such an infringement are detrimental to both parties as it has consequences for international trade. Discussions are continuing: the aim being to find some sort of solution before the Directive takes effect in October 1998. There are competing forces at work here. To increase levels of confidence we require accurate and reliable information about the person with whom we are transacting, presumably the more details the better. Yet we also fear what the result of disclosing this information will be and perhaps desire a means of conducting transactions anonymously, as we might on the high street.
It is important that in all the discussions on data protection that the consumer is adequately represented. It could be argued that this is not so at present. Businesses which use data are accustomed to being heard by government when legislation is in its formative stage. They can obtain expert advice and have the capability to form associations with like-minded organizations. To a certain extent this does not happen with consumers, leading to a danger that legislation is more suited to the users of data rather than the owners of it. The EU Directive is among the first pieces of legislation to be introduced with the intention of controlling the use of data in the information age. The problem with such far-
reaching legislation is that if everyone else must comply with it, the country (or group of countries) of origin may be seen as trying to impose its standards on others. However, this is preferable to no common standards at all, which would make it difficult for business to operate on the international stage. The EU Directive was influenced by the OECD guidelines, and it realistic that those guidelines should, when updated, be the model for others, since most industrialized countries are members of the OECD and have agreed to the Guidelines. However, it remains the case that there will be many different interpretations of the guidelines. For that reason the EU, US, Japan and others need to devise a common regulatory framework that will prevent any restrictions on trade.
Conclusion
Electronic commerce raises many new problems. It is not only the pace of its adoption that causes difficulty but the fact that it is an entirely new form of doing business which disregards national barriers and traditional means of forming contracts. The ease by which information may be transferred is partly responsible for the success of electronic commerce. It is also the cause of many of the problems, for example new mass marketing techniques have been made possible, thus raising privacy issues. With the rapid uptake of electronic commerce, predictably, there has been a rush to enact laws. However, these laws suffer from two fundamental problems: The changing nature of the technology has the potential to render any legislation redundant within a short period of time. In addition, national laws are inadequate to govern what is truly a global issue. Regulation poses further threats in that it risks stifling electronic commerce if it is unduly burdensome.
The aim of any regulation of electronic commerce should therefore be to facilitate the adoption of electronic commerce, or at the very least to avoid distortion of the market through laws which are not appropriate or which create strong local differences. Although there is an argument that legislation is not necessary, that clearly is not the case. Existing laws are not capable of being adapted to this truly new sphere of business. However, because there is no clear picture exists of what electronic commerce encompasses, how widespread it has become, and how it is likely to evolve in the future, it is difficult to reach a consensus on suitable laws. To some extent, this has been achieved through the various international agreements that have been signed, although no one agreement takes precedent over another and none are strictly binding. Of more legal effect are interstate agreements such as have taken place between the EU, the US and Japan. If a model can be created between these countries it will serve to encourage others to adopt similar legislation, perhaps leading to the certainty that is craved by business.
Task 2
(3) Evaluate the current state of legal thinking with regard to P2P downloading of copyright materials.
Introduction
The digital age poses many unique problems for law. One such problem is adapting intellectual property to meet the challenges of global computer networks. The nature and extent of a person's right to copy material in the online world has become for many the paradigmatic cyberspace-related inquiry. This considers copyright in relation to Internet file-sharing programs and the liability of intermediaries. The recent popularity of file-sharing programs over the Internet has resulted in copyright infringement on a grand scale. Making intermediaries liable for such infringement has been seen by Copyright Industries as key to preventing infringement. However, lawsuits have not deterred determined pirates. The Napster decision has confused this area of law and the Dutch KaZaA judgement has led to international disagreement over the liability of intermediaries. The normal user/people contends that ISPs should only be liable where they know of infringing material, are able to control it, and do not take action to prevent infringement. A general monitoring responsibility on ISPs would be counterproductive and detrimental to normal users. Instead, levies on digital material and compulsory licensing are promoted as being pragmatic methods for dealing with file sharing.
Combating P2P File-Sharing
Peer-to-Peer file sharing programs represent a unique problem to regulators. Currently, dozens of such programs exist where anonymous users swap millions of files per day, often infringing copyright. However, it would be unwise to have a blanket prohibition against them as some file-sharing programs have substantial non-infringing uses, as shown in the KaZaA judgement. A blanket prohibition would also be unenforceable. Evidence for this can be found by considering the situation after a preliminary injunction had been taken against KaZaA and the program had been removed from the official website. Even though official distribution had ceased the network continued to function unaffected. This was due to the completely decentralized nature of pure peer-to-peer file-sharing: a central server is not required for operation of the network. Any computer on the network is capable of acting as a super node and this process is automatically. The decentralized nature also makes it extremely difficult for any P2P creator to effectively monitor or control the content or actions of its users.
In America lawsuits against P2P operators have only resulted in many more appearing. For example, when Napster was sued replacements appeared that were potentially even more of a threat to copyright than the original had been. However, the situation is not without hope. Two possible regulatory options are proposed. The first option is the idea of levies. These are already common on the continent. The theory is that if infringement cannot be controlled, government can take money from the infringers before they infringe by taxing blank digital media, particularly CDs and hard drives. If levies were used they would have to be equal throughout the contracting states to avoid market inequality. One drawback with levies is that they could impede the development and uptake of new technology by making them financially prohibitive. A second option proposed by commentators is that of compulsory licensing. Spoor states: needed more practical solutions to make copyright on the Internet effective without making it threatening or needlessly interfering; such as campus licenses which allow certain user groups to access entire databases instead of making users pay per document they actually consult.
The idea of compulsory licenses could be used to make users pay subscription fees to access music libraries in the same way that online databases are currently accessed, on a flat fee system. The Music Industry is already trying to introduce similar subscription systems, based on proprietary music file formats that significantly restrict user access. Instead what is suggested is that P2P operators have a compulsory license whereby users pay a small monthly free for access to the service, with the revenue going to the artists whose work is being exploited. Lessig, among others, supports such licenses: Congress should pass low fixed compulsory license fees for distribution of music and entertainment content on the Web. These fees should not be tied to reporting every usage on the Web.
Conclusion
Global networks and digital media represent a great challenge to copyright law. Infringement of music and movies through file-sharing programs is staggering. Legal efforts have thus far been ineffective at preventing what many view as socially acceptable. The targeting of direct infringers is difficult due to the nature of the Internet. Although targeting intermediaries could decrease infringement this must be done carefully and uniformly throughout the world to avoid safe havens for rogue servers. Globally, ISPs should only be liable for the actions of their users where they have been made aware of the infringing material and were able to control the material but failed to take action. This would follow the U.S. and European initiatives. Further, ISPs should not have a general duty to monitor conduct because this would likely be detrimental to normal users. Support for intermediary regulation may be gained by aiding ISPs in establishing their own Codes of Practice, as occurs in parts of Europe. On the issue of file-sharing operators, it has been shown that lawsuits have proven ineffective at deterring infringement. Therefore, either a well-considered system of levies or compulsory licensing is proposed. It is hoped that in this way a compromise between Copyright Industries and Internet users might be reached.
Task 3
(2) Evaluate the Debate over the Desirability of Extending Patent Protection over Software.
Introduction
The patent is the instrument of the intellectual property system best known and most closely associated with innovation. The patent is the outcome of a bargain between the inventor and society by which society grants the inventor certain rights to his invention in return for the inventor's disclosure of whatever it is he has invented. Without these rights, it is conventionally argued, the inventor would be unable to reveal his invention for fear that others would steal it. Consequently, the inventor would have little incentive to invent, and society would forego the invention and all its benefits. Thus, the patent system neatly offers the inventor the opportunity to reap some reward from his invention, and provides society with an invention it would not otherwise have had. The patent system bestows its benefits by giving intangible resources, the information of invention, the legal status of tangible property. This is daunting stuff, usually left to those lawyers and economists who are patent experts. And yet, there are many other fields with an interest in innovation: in the sciences, any branch of engineering; in the arts and humanities, anything to do with creativity; and in the social sciences, any of a wide range of subjects from management studies to technology policy, from sociology to politics. Indeed, it is hard to think of an area in which innovation is not a major interest, and be it remembered, is supposed to be the whole purpose of the patent system. It is innovation not invention that society wants, and it is for innovation that society has devised the patent system. While the experts are engrossed in the niceties of the patent system, the complications and implications of the system pass virtually unnoticed in the world at large, masked by the simple assumption that the patent stimulates innovation, and equally innocent that something would surely be done about the system.
Strengthening the System
Innovation was the key to competitiveness, but government policy and corporate strategy found difficulty accommodating the undisciplined information flow fundamental to the innovation of a freewheeling Silicon Valley. Policy and strategy were much more comfortable with an interpretation of high technology entrepreneurialism that flaunted the trappings of Silicon Valley in the science park or the European Commission's Esprit Programme (Macdonald; 1987) while denying the unmanaged and uncontrolled information flow critical to innovation in high technology. The information required for innovation was to be captured and retained, whether in a Fortress Europe defended by the national champions of the electronics industry or a Fortress America, where alarm at the Japanese and even European threat to competitiveness led to the imposition of national security export controls designed to prevent the loss of high technology information. At the corporate level, information mercantilism also prevailed with innovation strategy based on the acquisition and retention of information. Clearly, this climate was hostile to the patent system disseminating information widely for the use of others, but not to the patent system providing a temporary monopoly so that inventors could innovate. The climate was conducive to the strengthening of the patent system.
Pressure to extend the scope of patents was fuelled by the observation that much modern invention did not fit easily within the system's arcane classification. The scope of patents had to be extended if the system were to stimulate the innovation a modern economy requires. The patenting of genetic material is one result, the extension of the patent system to computer software and to business methods in the United States two more. The value of the patent monopoly is related not just to the scope of the patent, but also to the ease with which the patent can be defended. The US Court of Appeals of the Federal Circuit (CAFC) was established in 1982, a response to the need for a specialist body to cope with the growing complexity of some of the new areas into which patents were entering. The Court was also a product of powerful groups looking after their own interests. Very small group of large high technology firms and trade associations in the telecommunications, computer and pharmaceutical industries was essentially responsible for the creation of the CAFC. The group believed that a court devoted to patent cases would better represent its interest.
Conclusion
Nonsensical as it may sound, the patent system is essentially anti-innovative. This is not just because it assists a much specialised sort of innovation and discourages other sorts. Much more important is that the patent system satisfies the requirements of those who need to feel that innovation is controlled and contained, that innovation is in its place, part of process. Most innovation is not like this at all. This is not to say that the patent system should be changed. Small business counsellors, enterprise consultants and patent office officials proffer advice on how to use the system better, and on how it might be adapted to offer even better service to users. They argue that, while the fundamentals of the patent system are sound, there is always scope for improvements that would increase the benefits for everyone. It may not, though, be as bad as it gets. While the role of patents in innovation may not be about to increase, there would seem to be considerable potential for the expansion of their role in strategy. While they may offer the occasional opportunity for the weak to impede, and thus profit from, the innovation of the strong, this is a role demanding the resources of clever lawyers, accountants and consultants. Just as there is no necessary place for innovation in the strategic use of patents, there is no obvious place for the entrepreneur.
References
* Cordell Arthur J (1997) Taxing the Internet: the proposal for a bit tax. Speech to the International Tax Program at Harvard Law School
* EPIC (1998) Preliminary analysis of E-PRIVACY encryption bill < http://www.epic.org/crypto/legislation/epriv_analysis.html>
* HMSO (1998) Data Protection Act <http://www.hmso.gov.uk/acts/acts1998/19980029.htm>
* 'Information and Communication Services Act' Federal Law Gazette 1 1998 http://www.urjura.uni-sb.de/BGBL/PEIL1/1997/19971870.1.html
* Information Society Project Office (1997) 'Building the Global Information Society for the 21st Century', New applications and business opportunities - coherent Standards and regulations, October 1997, <http://www.ispo.cec.be/standards/conf97>
* United States Department of Commerce - A framework for electronic commerce <http://www.iitf.nist.gov/eleccomm/execsu.htm>
* Borland, J. Eminem CD spotlights new piracy patterns', CNET Tech News, May 28, 2002, <http://news.com.com/2102-1023-923472.html> (Last Accessed: 05/06/02).
* Out-Law Dot Com New, 'Does P2P help or hinder music sales?', 10/05/2002,
<http://www.out-law.com/php/page.php3?page_id=doespphelporhin1021028325> (Last Accessed: 16/05/02).
* Aharonian G (2001) 'Why all business methods achieve a technical effect', October, http://www.bustpatents.com/aharonian/technical.htm (accessed 20 July 2002).
* Blackman M (1994) 'Taking patent information services to small and medium enterprises', Intellectual Property in Asia and the Pacific, 40, pp.44-67.
* Beresford K (2000) Patenting Software under the European Patent Convention (Sweet and Maxwell: London).
