Chapter 10

Public Policy:
From Legal Issues to Privacy
 Learning Objectives

● List and describe the major legal issues related

to electronic commerce
● Understand the difficulties of protecting privacy
and describe the measures taken by companies
and individuals to protect it
● Describe the intellectual property issues in EC
and the measures provided for its protection
● Describe some of the ethical issues in EC and
the measures taken by organizations to improve
ethics
2
 Learning Objectives (cont.)
● Understand the conflict between Internet
indecency and free speech, and the attempts to
resolve the conflict
● Describe the issues involved in imposing sales
tax on the Internet
● Discuss the controls over exporting encryption
software and the issues of government policies
● Differentiate between contracts online and
offline
● Describe the measures available to protect
buyers and sellers on the Internet
3
Legal and Ethical Issues: an Overview
● Privacy
● Intellectual Property
● Difficult to protect since it is easy and inexpensive to
copy and disseminate digitized information
● Free Speech
● Internet provides the largest opportunity for free speech
● Taxation
● Illegal to impose new sales taxes on Internet business
at the present time
● Consumer Protection
● Many legal issues are related to electronic trade
7
8
 Ethical Issues (cont.)

● Code of Ethics
● Many companies and professional
organizations develop their own codes of
ethics
● A collection of principles intended as a
guide for its members
● A guide for members of a company or an
association

9
Organize IT Ethical Issues into a
Framework

● Privacy ● Property
● Collection, storage, ● Ownership and
and dissemination of value of information
information about and intellectual
individuals property

● Accuracy ● Accessibility
● Authenticity, fidelity, ● Right to access
and accuracy of information and
information payment of fees to
collected and access it
processed

10
 Protecting Privacy

● Privacy
● The right to be left alone and the right to
be free of unreasonable personal
intrusions
● Information Privacy
● The “claim of individuals, groups, or
institutions to determine for themselves
when, and to what extent, information
about them is communicated to others”
11
 Protecting Privacy (cont.)

● Two rules
● The right of privacy is not absolute.
Privacy must be balanced against the
needs of society.
● The public’s right to know is superior
to the individual’s right of privacy.

12
 How is Private Information
Collected?

● Reading your newsgroups’ postings

● Finding you in the Internet Directory

● Making your browser record information
about you
● Recording what your browsers say about
you
● Reading your e-mail
13
 Web-Site Self-Registration

● Registration Questionnaires
●type in private information in order to
receive a password to participate in a
lottery, to receive information, or to play
a game
● Uses of the Private Information
●collected for planning the business
●may be sold to a third party
●used in an inappropriate manner
14
 From the Eighth User Survey by
GVU (1988)

● 40% of all users have falsified information

when registering online
● 66% of all U.S. and European respondents
don’t register as they don’t know how the
information is going to be used
● 63% don’t feel that registration is worthwhile
considering the content of the sites
● 58% don’t trust the sites collecting this
information from them
15
 Cookies

● Piece of information that allows a Web site

to record one’s comings and goings
● Web sites can ‘remember’ information about
users and respond to their preferences on a
particular site, process is transparent to users
● Web sites can maintain information on a
particular user across HTTP connections

16
 Cookies
Cook (cont.)

● Reasons for using cookies

● to personalize information
● to improve online sales/services
● to simplify tracking of popular links or demographics
● to keep sites fresh and relevant to the user’s interests
● to enable subscribers to log in without having to enter a password
every visit
● to keep track of a customer’s search preferences
● personal profiles created are more accurate than self-registration
● Solutions to cookies
● users can delete cookie files stored in their computer
● use of anti-cookie software (e.g. Cookie Cutter and Anonymous
Cookie)
17
 Privacy Protection
● 5 basic principles
● Notice/Awareness— Customers must be given notice and be
able to make informed decisions.
● Choice/Consent— Customers must be made aware of their
options as to how their personal information may be used.
Consent may be granted through ‘opt-Out’ clauses requiring
steps.
● Access/Participation— Consumers must be able to access
their personal information and challenge the validity of the data.
● Integrity/security— Consumers must be assured that the data
is secure and accurate.
● Enforcement/Redress— There must always exist a method of
enforcement and remedy. The alternatives are government
intervention, legislation for private remedies, or self-regulation.
18
 Protecting Your Privacy
● Think before you give out personal information
on a site
● Track the use of your name and information
● Keep your newsgroups’ posts out of archives
● Use the Anonymizer when browsing
● Live without cookies
● Use anonymous remailers
● Use encryption
● Reroute your mail away form your office
● Ask your ISP or employer about a privacy policy
19
 Legislation
● The Consumer Internet Privacy Act
● The Federal Internet Privacy Protection
Act
● The Communications Privacy and
Consumer Empowerment Act
● The Data Privacy Act

20
 Electronic Surveillance - Monitoring
Computer Users
● Tens of millions of computer users are
monitored, many without their knowledge
● Employees have very limited protection
against employers’ surveillance
● Personal Information in Databases
● Databases of banks and financial institutions; cable
TV; telephone ; employers; schools; insurance
companies; and online vendors
● Concerns
● Under what circumstances will personal data be released?
● Do you know where the records are?
● How are the data used?
21
 Privacy Policy Basics
● Data Collection ● Data Accuracy ● Data Confidentiality
● Sensitive data gathered on
● Data should be ● Computer security procedures
individuals should be verified
collected on individuals should be implemented to provide
before it is entered into the
only to accomplish a reasonable assurance against
database.
legitimate business unauthorized disclosure of data.
● Data should be accurate
objective. ● Third parties should not be
and, where and when
● Data should be given access to data without the
necessary, kept current.
adequate, relevant, and individual’s knowledge or
● The file should be made
not excessive in relation permission, except as required by
available so the individual
to the business objective. law.
can ensure that the data are
● Individuals must give ● Disclosures of data, other than
correct.
their consent before data the most routine, should be noted
● If there is disagreement
pertaining to them can and maintained for as long as the
about the accuracy of the
be gathered. data are maintained.
data, the individual’s version
● Data should not be disclosed for
should be noted and included
reasons incompatible with the
with any disclosure of the
business objective for which they
file.
are collected. 22
 Protecting Intellectual Property
● Copyright
● A statutory grant that provides the creators of
intellectual property with ownership of it for 28
years
● Trade Secret
● Intellectual work such as a business plan, which
is a company secret and is not based on public
information
● Patent
● A document that grants the holder exclusive
rights on an invention for 17 years
23
Copyright Protection Techniques

● Digital watermarks
●embedding of invisible marks
●can be represented by bits in digital
content
●hidden in the source data, becoming
inseparable from such data

24
 Legal Perspectives
● Electronic Theft (NET) Act
● imposed criminal liability for individuals who reproduce
or distribute copies of copyrighted works even if no
commercial advantage or financial gain exists
● Digital Copyright Clarification and Technology
Education Act
● limits the scope of digital copyright infringement by
allowing distance learning exemptions
● Online Copyright Liability Limitation Act
● seeks to protect Internet access providers from liability
for direct and vicarious liability under specific
circumstances where they have no control or
knowledge of infringement
25
 Legal Perspectives (cont.)
● Digital Millennium Copyright Act
● reasserts copyright in cyberspace
● makes illegal most attempts to defeat anti-copying
technology
● requires the National Telecommunications and Information
Administration to review the effect the bill would have on the
free flow of information and makes recommendations for any
changes two years after it is signed into law
● lets companies and common citizens circumvent anti-
copying technology when necessary to make software or
hardware compatible with other products, to conduct
encryption research or to keep personal information from
being spread via Internet “cookies” or other copy-protection
tools
● forbids excessive copying of databases, even when those
databases contain information already in the public domain
26
International Aspects of Intellectual
Property

● The World Intellectual Property

Organization
● more than 60 member countries to come
up with an international treaty
● part of the agreement is called the
‘database treaty’
● its aim is to protect the investment of firms
that collect and arrange information
27
 Domain Names

● Two controversies
● Whether top-level domain names
(similar to com, org and gov) should
be added
● The use of trademark names by
companies for domain names that
belong to other companies

28
 Domain Names (cont.)
● Network Solutions Inc.
● Contracted by the government to assign domain
addresses
● Increase Top Level Names
● Idea is that an adult only top-level name will be
created to prevent pornographic material getting
into the hands of children
● Trade Name Disputes
● Companies are using trade names of other
companies as their domain address to help
attract traffic to their Web site
29
 Defining Freedom of Speech

● The Bill of Rights First Amendment to the

Constitution of the U.S. of America reads

● “Congress shall make no law respecting an

establishment of religion, or prohibiting the free
exercise thereof; or abridging the freedom of
speech, or of the press; or the right of the people
peaceably to assemble, and to petition the
government for a redress of grievances.”

30
 Defining Freedom of Speech
(cont.)
● The united nations Universal Declaration of
Human Rights in 1948 addresses the right of
freedom of expression

● “Everyone has the right to freedom of opinion

and expression; this right includes freedom to
hold opinions without interference and to seek,
receive, and impart information and ideas
through any media and regardless of frontiers.”

31
 The Debate about Free Speech
on the Internet
● Free speech debate
● “Most citizens are implacably opposed to censorship in
any form — except censorship of whatever they
personally happen to find offensive.”
● What the boundaries are, and how they
should be enforced
Governments protective of their Citizen action groups desiring to
role in society, parents concerned protect every ounce of their
about exposing their children to freedom to speak, individuals
inappropriate Web pages and concerned about their right to
chat rooms, and federal agencies information on the Internet, and
attempting to deal with illegal organizations seeking to empower
actions the citizens of the earth
32
 The Debate about Free Speech
on the Internet (cont.)

● Provisions in law for 2 cases that limit free

speech
● obscene material
● compelling government interest
● “Indecency”
● “any comment, request, suggestion, proposal, image, or
other communication that, in context, depicts or describes,
in terms patently offensive as measured by contemporary
community standards, sexual or excretory activities or
organs”

33
 Protecting Children

● 3 approaches (regarding the protection of children

from inappropriate material on the Internet)
● No information should be held back and parents
should be responsible for monitoring their own
children
● The government is the only one who can truly
protect children from this material
● To hold the Internet providers responsible for all
the material and information they provide

34
 Protecting Children (cont.)

● Parents Governing Their Own Children

● Government Protecting the Children
● Responsibility for the Internet Providers

● Forcing Internet Providers to be Accountable

35
Legal Perspectives in the USA

● Child Online Protection Act

● Internet Tax Freedom Act

● Family Friendly Internet Access Act
● Internet Protection Act
● Internet School Filtering Act

36
 Controlling Spamming
● What is spamming, why is it bad?

● Spamming
● “the practice of indiscriminate distribution of messages (for
example junk mail) without permission of the receiver and
without consideration for the messages’ appropriateness”

● Spamming’s negative impacts

● Spam comprised 30% of all mail sent on America Online
● slowing the Internet in general
● shutting ISPs down completely
● now less than 10%
37
 Controlling Spamming (cont.)

● Legislation, Legal

● The Electronic Mailbox Protection Act

● The Unsolicited Commercial Electronic Mail Act

● The Netizens Protection Act

● The Telephone Consumer Protection Act

38
 Controlling Spamming (cont.)
● How to cut spamming
● Tell users not to validate their addresses by
answering spam requests for replies if they want
to be taken off mailing lists
● Disable the relay feature on SMTP (mail) servers
so mail cannot be bounced off the server
● Delete spam and forget it— it’s a fact of life and
not worth wasting time over
● Use software packages, e.g. www.getlost.com
Use software packages, e.g. www.getlost.com
and www.junkbusters.com 39
 Taxation Policies
● The Taxation Exemption Debate
● Internet Tax Freedom Act (8 Oct,98)
● promotes electronic commerce through tax incentives by
barring any new state or local sales taxes on Internet
transactions during the next three years
Electronic commerce Non-electronic commerce
industries industries must pay its
The Internet businesses
Applying existing law to new
fair share of the bill for the nation’s
mediums of exchange is far more
social and physical infrastructure. They
difficult than ever imagined. The
feel that the Internet industries are not
global nature of business today
pulling their own weight. These
suggests that cyberspace be
companies are screaming that the same
considered a distinct tax zone unto
situation exists in the mail order
itself with unique rules and
business and that there are sufficient
considerations befitting the stature
parallels to warrant similar legal
of the environment.
considerations.
40
 Taxation Policies (cont.)
● Proposed Taxation Solutions in the USA
The Internal Revenue
Service might “come to the
rescue” with a single and
simplified national sales tax.
This will reduce 30,000
different tax codes to ‘no
more than 50”.
Net sales would be taxed at
the same rate as mail order
or Main Street transactions.
While states could set their
one rate, each sale could be
taxed only once.
38 41
 Encryption Policy

● The 128-BIT Encryption Debate

● Export 128-bit encryption is 3.09X10 to the 26th
power times more difficult to decipher than the
preceding legally exportable technology.
Secure e-commerce Government’s legal requirements
For the past 20 years Recent legislation
there was a limitation allows 128 bit in
on exported encryption specific circumstances
devices of 56 bit codes thus paving the way for
the Compaq permit

42
 Encryption Policy (cont.)
● Data Encryption Standard (DES)
● A published federal encryption standard created to
protect unclassified computer data and communications
● Law Enforcement’s Plea
● Cryptographers would follow an audit trail to ensure that keys
haven’t been released improperly, however, law enforcement
does not trust that process
● First Amendment Right
● Technology can encrypt so thoroughly, that every computer on
earth, working in tandem, would take trillions of years to decode
the encryption
● Business View
● EFF (Electronic Frontier Foundation) believes that
software, networked communications and cryptography
industries are suffering
43
 Other Legal Issues
● What are the rules of electronic contracting, and whose jurisdiction
prevails when buyers, brokers, and sellers are in different states
and/or countries?
● How can gambling be controlled on the Internet? Gambling is legal
in Nevada and other states. How can the winner’s tax be
collected?
● When are electronic documents admissible evidence in the courts
of law? What do you do if they are not?
● Time and place can carry different dates for the buyers and sellers
when they are across the ocean.
● Is a digital signature legal?
● The use of multiple networks and trading partners makes the
documentation of responsibility difficult. How is such a problem
overcome? 44
 Electronic Contracts

● Uniform Electronic Transactions Act

● Provides the means to effectuate transactions
accomplished through an electronic medium
● Uniform Commercial Code (UCC)
● Provides a government code that supports
existing and future electronic technologies in the
exchange of goods or of services related to
exchange of goods

45
 Electronic Contracts (cont.)
● Shrink-wrap agreements (or box top licenses)
● The user is bound to the license by opening the package
● This has been a point of contention for some time
● The court felt that more information would provide more
benefit to the consumer given the limited space available on
the exterior of the package
● Click-wrap contracts
● The software vendor offers to sell or license the use of the
software according to the terms accompanying the software
● The buyer agrees to be bound by the terms based on
certain conduct
46
 Fraud on the Internet
● Internet Stocks Fraud
● SEC brought charges against 44 companies and individuals
who illegally promoted stocks on computer bulletin boards,
online newsletters and investment Web sites
● Other Financial Fraud
● Selling bogus investments, phantom business opportunities,
and other fraud schemes
● Other Fraud in EC
● Customers may
● receive poor quality products and services
● not get products in time
● be asked to pay for things they assume will be paid for by sellers
47
 Federal Trade Commission (FTC)
Consumer Alerts
The “Dirty Dozen”
● Business opportunities ● Free goods
● Bulk mail solicitors ● Chain letters
● Investment opportunities ● Cable descrambler kits
● Work-at-home schemes ● Credit repair
● Health and diet schemes ● Vacation prize
● Effortless income promotions
● Guaranteed loans or credit,
on easy terms

48
 Buyer Protection

● Tips for safe electronic shopping

● Look for reliable brand names at sites.
● Search any unfamiliar site for address and
phone and fax number. Call up and quiz a person
about the sellers.
● Check the seller with the local Chamber of
Commerce, Better Business Bureau, or TRUSTe
as described later.
● Investigate how secure the seller’s site is and
how well it is organized.
49
 Buyer Protection

● Examine the money-back guarantees,

warranties, and service agreements.
● Compare prices to those in regular stores; too-
low prices may be too good to be true.
● Ask friends what they know. Find testimonials
and endorsements.
● Find out what you can do in case of a dispute.
● Consult the National Fraud Information Center.
● Check www.consumerworld.org
● Do not forget the you have shopper’s rights.
50
 Third Party Service
● Public organizations and private companies
attempt to protect consumers
● TRUSTe’s “Trustmark”
● non-profit group
● to build user’s trust and confidence in the Internet by
promoting the polices of disclosure and informed consent
● BBB (Better Business Bureau)
● private non-profit organizations supported largely by
membership
● to provide reports on business firms that are helpful to
consumers before making a purchase

51
 Authentication
● If authentication can be solved …..
● students will be able to take exams online
● fraud of recipients of government entitlements and
other payments will be reduced to a bare minimum
● buyers will be assured who the sellers are and
sellers will know who the buyers are with a very high
degree of confidence
● arrangements will be made so that only authorized
people in companies can place purchasing orders
● interviews for employment, possible marriage, and
other matching applications will be accurate
● trust in your partners and in EC in general will
increase significantly
52
 Biometrics Controls

● Photo of face
● Fingerprints
● Hand geometry
● Blood vessel pattern in the retina of a
person’s eye
● Voice
● Signature
● Keystroke dynamics t hy .
Ca
53
 Seller Protection
● Sellers must be protected against:
● Use of their names by others
● Use of their unique words and phrases, names, and
slogans and their web addresses
● Dealing with customers that deny that they placed
an order
● Several other potential legal issues are related to
sellers’ protection
● Customers downloading copyrighted software and/or
knowledge and selling it to others
● Not being properly paid for products and services
provided
54
 Managerial Issues

● Multinational corporations face different cultures in the

different countries in which they are doing business
● Issues of privacy, ethics, and so on may seem to be
tangential to running a business, but ignoring them
may hinder the operation of many organizations
● The impact of electronic commerce and the Internet
can be so strong that the entire manner in which
companies do business will be changed, with
significant impacts on procedures, people,
organizational structure, management, and business
processes
55