Chapter 10
Public Policy:
From Legal Issues to Privacy
© Prentice Hall, 2000
1
Learning Objectives
List and describe the major legal issues related
to electronic commerce
Understand the difficulties of protecting privacy
and describe the measures taken by companies
and individuals to protect it
Describe the intellectual property issues in EC
and the measures provided for its protection
Describe some of the ethical issues in EC and
the measures taken by organizations to improve
ethics
© Prentice Hall, 2000
2
Learning Objectives (cont.)
Understand the conflict between Internet
indecency and free speech, and the attempts to
resolve the conflict
Describe the issues involved in imposing sales
tax on the Internet
Discuss the controls over exporting encryption
software and the issues of government policies
Differentiate between contracts online and
offline
Describe the measures available to protect
buyers and sellers on the Internet
© Prentice Hall, 2000
3
Legal and Ethical Issues: an Overview
Privacy
Intellectual Property
Difficult to protect since it is easy and inexpensive to
copy and disseminate digitized information
Free Speech
Internet provides the largest opportunity for free speech
Taxation
Illegal to impose new sales taxes on Internet business
at the present time
Consumer Protection
Many legal issues are related to electronic trade
© Prentice Hall, 2000
4
Ethical Issues
What is considered to be right and wrong?
What is unethical is not necessarily illegal.
Whether these actions are considered
unethical depends on the organization,
country, and the specific circumstances
surrounding the scenarios.
© Prentice Hall, 2000
5
Ethical Issues (cont.)
Code of Ethics
Many companies and professional
organizations develop their own codes of
ethics
A collection of principles intended as a
guide for its members
A guide for members of a company or an
association
© Prentice Hall, 2000
6
Organize IT Ethical Issues into a
Framework
Privacy
Property
Collection, storage,
and dissemination of
information about
individuals
Accuracy
Ownership and
value of information
and intellectual
property
Accessibility
Authenticity,
fidelity, and
accuracy of
information
collected and
processed
Right to access
information and
payment of fees to
access it
© Prentice Hall, 2000
7
Protecting Privacy
Privacy
The right to be left alone and the right to
be free of unreasonable personal
intrusions
Information Privacy
The “claim of individuals, groups, or
institutions to determine for themselves
when, and to what extent, information
about them is communicated to others”
© Prentice Hall, 2000
8
Protecting Privacy (cont.)
Two rules
 The right of privacy is not absolute.
Privacy must be balanced against
the needs of society.
 The public’s right to know is
superior to the individual’s right of
privacy.
© Prentice Hall, 2000
9
How is Private Information
Collected?
Reading your newsgroups’ postings
Finding you in the Internet Directory
Making your browser record information
about you
Recording what your browsers say about
you
Reading your e-mail
© Prentice Hall, 2000
10
Web-Site Self-Registration
Registration Questionnaires
type in private information in order to
receive a password to participate in a
lottery, to receive information, or to play
a game
Uses of the Private Information
collected for planning the business
may be sold to a third party
used in an inappropriate manner
© Prentice Hall, 2000
11
From the Eighth User Survey by
GVU (1988)
40% of all users have falsified information
when registering online
66% of all U.S. and European respondents
don’t register as they don’t know how the
information is going to be used
63% don’t feel that registration is worthwhile
considering the content of the sites
58% don’t trust the sites collecting this
information from them
© Prentice Hall, 2000
12
Cookies
Piece of information that allows a Web
site to record one’s comings and goings
Web sites can ‘remember’ information about
users and respond to their preferences on a
particular site, process is transparent to users
Web sites can maintain information on a
particular user across HTTP connections
© Prentice Hall, 2000
13
Cook (cont.)
Cookies
Reasons for using cookies
to personalize information
to improve online sales/services
to simplify tracking of popular links or demographics
to keep sites fresh and relevant to the user’s interests
to enable subscribers to log in without having to enter a password
every visit
to keep track of a customer’s search preferences
personal profiles created are more accurate than self-registration
Solutions to cookies
users can delete cookie files stored in their computer
use of anti-cookie software (e.g. Cookie Cutter and Anonymous
Cookie)
© Prentice Hall, 2000
14
Privacy Protection
5 basic principles
Notice/Awareness— Customers must be given notice and be
able to make informed decisions.
Choice/Consent— Customers must be made aware of their
options as to how their personal information may be used.
Consent may be granted through ‘opt-Out’ clauses requiring
steps.
Access/Participation— Consumers must be able to access
their personal information and challenge the validity of the data.
Integrity/security— Consumers must be assured that the data
is secure and accurate.
Enforcement/Redress— There must always exist a method of
enforcement and remedy. The alternatives are government
intervention, legislation for private remedies, or self-regulation.
© Prentice Hall, 2000
15
Protecting Your Privacy
Think before you give out personal information
on a site
Track the use of your name and information
Keep your newsgroups’ posts out of archives
Use the Anonymizer when browsing
Live without cookies
Use anonymous remailers
Use encryption
Reroute your mail away form your office
Ask your ISP or employer about a privacy policy
© Prentice Hall, 2000
16
Legislation
The Consumer Internet Privacy Act
The Federal Internet Privacy Protection
Act
The Communications Privacy and
Consumer Empowerment Act
The Data Privacy Act
© Prentice Hall, 2000
17
Electronic Surveillance - Monitoring
Computer Users
Tens of millions of computer users are
monitored, many without their knowledge
Employees have very limited protection
against employers’ surveillance
Personal Information in Databases
Databases of banks and financial institutions; cable
TV; telephone ; employers; schools; insurance
companies; and online vendors
Concerns
Under what circumstances will personal data be released?
Do you know where the records are?
How are the data used?
© Prentice Hall, 2000
18
Privacy Policy Basics
 Data Collection  Data Accuracy
 Data should be
collected on individuals
only to accomplish a
legitimate business
objective.
 Data should be
adequate, relevant, and
not excessive in relation
to the business objective.
 Individuals must give
their consent before data
pertaining to them can be
gathered.
 Sensitive data gathered on
individuals should be verified
before it is entered into the
database.
 Data should be accurate
and, where and when
necessary, kept current.
 The file should be made
available so the individual can
ensure that the data are
correct.
 If there is disagreement
about the accuracy of the
data, the individual’s version
should be noted and included
with any disclosure of the file.
© Prentice Hall, 2000
 Data Confidentiality
 Computer security procedures
should be implemented to provide
reasonable assurance against
unauthorized disclosure of data.
 Third parties should not be
given access to data without the
individual’s knowledge or
permission, except as required by
law.
 Disclosures of data, other than
the most routine, should be noted
and maintained for as long as the
data are maintained.
 Data should not be disclosed
for reasons incompatible with the
business objective for which they
are collected.
19
Protecting Intellectual Property
Copyright
A statutory grant that provides the creators of
intellectual property with ownership of it for 28
years
Trade Secret
Intellectual work such as a business plan, which
is a company secret and is not based on public
information
Patent
A document that grants the holder exclusive
rights on an invention for 17 years
© Prentice Hall, 2000
20
Copyright Protection Techniques
Digital watermarks
embedding of invisible marks
can be represented by bits in digital
content
hidden in the source data, becoming
inseparable from such data
© Prentice Hall, 2000
21
Legal Perspectives
Electronic Theft (NET) Act
imposed criminal liability for individuals who reproduce
or distribute copies of copyrighted works even if no
commercial advantage or financial gain exists
Digital Copyright Clarification and Technology
Education Act
limits the scope of digital copyright infringement by
allowing distance learning exemptions
Online Copyright Liability Limitation Act
seeks to protect Internet access providers from liability
for direct and vicarious liability under specific
circumstances where they have no control or
knowledge of infringement
© Prentice Hall, 2000
22
Legal Perspectives (cont.)
Digital Millennium Copyright Act
reasserts copyright in cyberspace
makes illegal most attempts to defeat anti-copying
technology
requires the National Telecommunications and Information
Administration to review the effect the bill would have on the
free flow of information and makes recommendations for any
changes two years after it is signed into law
lets companies and common citizens circumvent anticopying technology when necessary to make software or
hardware compatible with other products, to conduct
encryption research or to keep personal information from
being spread via Internet “cookies” or other copy-protection
tools
forbids excessive copying of databases, even when those
databases contain information already in the public domain
© Prentice Hall, 2000
23
International Aspects of Intellectual
Property
The World Intellectual Property
Organization
more than 60 member countries to come
up with an international treaty
part of the agreement is called the
‘database treaty’
its aim is to protect the investment of firms
that collect and arrange information
© Prentice Hall, 2000
24
Domain Names
Two controversies
Whether top-level domain names
(similar to com, org and gov) should be
added
The use of trademark names by
companies for domain names that
belong to other companies
© Prentice Hall, 2000
25
Domain Names (cont.)
Network Solutions Inc.
Contracted by the government to assign domain
addresses
Increase Top Level Names
Idea is that an adult only top-level name will be
created to prevent pornographic material getting
into the hands of children
Trade Name Disputes
Companies are using trade names of other
companies as their domain address to help
attract traffic to their Web site
© Prentice Hall, 2000
26
Defining Freedom of Speech
The Bill of Rights First Amendment to the
Constitution of the U.S. of America reads
“Congress shall make no law respecting an
establishment of religion, or prohibiting the free
exercise thereof; or abridging the freedom of
speech, or of the press; or the right of the people
peaceably to assemble, and to petition the
government for a redress of grievances.”
© Prentice Hall, 2000
27
Defining Freedom of Speech
(cont.)
The united nations Universal Declaration of
Human Rights in 1948 addresses the right of
freedom of expression
“Everyone has the right to freedom of opinion
and expression; this right includes freedom to
hold opinions without interference and to seek,
receive, and impart information and ideas
through any media and regardless of frontiers.”
© Prentice Hall, 2000
28
The Debate about Free Speech
on the Internet
Free speech debate
 “Most citizens are implacably opposed to censorship in
any form — except censorship of whatever they
personally happen to find offensive.”
What the boundaries are, and how they
should be enforced
Governments protective of their
role in society, parents concerned
about exposing their children to
inappropriate Web pages and
chat rooms, and federal agencies
attempting to deal with illegal
actions
Citizen action groups desiring to
protect every ounce of their
freedom to speak, individuals
concerned about their right to
information on the Internet, and
organizations seeking to empower
the citizens of the earth
© Prentice Hall, 2000
29
The Debate about Free Speech
on the Internet (cont.)
Provisions in law for 2 cases that limit free
speech
obscene material
compelling government interest
“Indecency”
“any comment, request, suggestion, proposal, image, or
other communication that, in context, depicts or describes,
in terms patently offensive as measured by contemporary
community standards, sexual or excretory activities or
organs”
© Prentice Hall, 2000
30
Protecting Children
3 approaches (regarding the protection of children
from inappropriate material on the Internet)
No information should be held back and parents
should be responsible for monitoring their own
children
The government is the only one who can truly
protect children from this material
To hold the Internet providers responsible for all
the material and information they provide
© Prentice Hall, 2000
31
Protecting Children (cont.)
Parents Governing Their Own Children
Government Protecting the Children
Responsibility for the Internet Providers
Forcing Internet Providers to be Accountable
© Prentice Hall, 2000
32
Legal Perspectives in the USA
Child Online Protection Act
Internet Tax Freedom Act
Family Friendly Internet Access Act
Internet Protection Act
Internet School Filtering Act
© Prentice Hall, 2000
33
Controlling Spamming
What is spamming, why is it bad?
Spamming
“the practice of indiscriminate distribution of messages (for
example junk mail) without permission of the receiver and
without consideration for the messages’ appropriateness”
Spamming’s negative impacts
Spam comprised 30% of all mail sent on America Online
 slowing the Internet in general
 shutting ISPs down completely
 now less than 10%
© Prentice Hall, 2000
34
Controlling Spamming (cont.)
Legislation, Legal
The Electronic Mailbox Protection Act
The Unsolicited Commercial Electronic Mail Act
The Netizens Protection Act
The Telephone Consumer Protection Act
© Prentice Hall, 2000
35
Controlling Spamming (cont.)
How to cut spamming
Tell users not to validate their addresses by
answering spam requests for replies if they want
to be taken off mailing lists
Disable the relay feature on SMTP (mail) servers
so mail cannot be bounced off the server
Delete spam and forget it— it’s a fact of life and
not worth wasting time over
Use software packages, e.g. www.getlost.com
and www.junkbusters.com
© Prentice Hall, 2000
36
Taxation Policies
The Taxation Exemption Debate
Internet Tax Freedom Act (8 Oct,98)
promotes electronic commerce through tax incentives by
barring any new state or local sales taxes on Internet
transactions during the next three years
Electronic commerce industries
Non-electronic commerce industries
Applying existing law to new
The Internet businesses must pay its fair
mediums of exchange is far more
share of the bill for the nation’s social
difficult than ever imagined. The
and physical infrastructure. They feel
global nature of business today
that the Internet industries are not pulling
suggests that cyberspace be
their own weight. These companies are
considered a distinct tax zone unto
screaming that the same situation exists
itself with unique rules and
in the mail order business and that there
considerations befitting the stature
are sufficient parallels to warrant similar
of the environment.
legal considerations.
© Prentice Hall, 2000
37
Taxation Policies (cont.)
Proposed Taxation Solutions in the USA
The Internal Revenue
Service might “come to the
rescue” with a single and
simplified national sales tax.
This will reduce 30,000
different tax codes to ‘no
more than 50”.
Net sales would be taxed at
the same rate as mail order or
Main Street transactions.
38
© Prentice Hall, 2000
While states could set their
one rate, each sale could be
taxed only once.
38
Encryption Policy
The 128-BIT Encryption Debate
Export 128-bit encryption is 3.09X10 to the 26th
power times more difficult to decipher than the
preceding legally exportable technology.
Secure e-commerce
For the past 20 years
there was a limitation
on exported encryption
devices of 56 bit codes
Government’s legal requirements
Recent legislation
allows 128 bit in
specific circumstances
thus paving the way for
the Compaq permit
© Prentice Hall, 2000
39
Encryption Policy (cont.)
Data Encryption Standard (DES)
A published federal encryption standard created to
protect unclassified computer data and communications
Law Enforcement’s Plea
Cryptographers would follow an audit trail to ensure that keys
haven’t been released improperly, however, law enforcement
does not trust that process
First Amendment Right
Technology can encrypt so thoroughly, that every computer on
earth, working in tandem, would take trillions of years to decode
the encryption
Business View
EFF (Electronic Frontier Foundation) believes that
software, networked communications and cryptography
industries are suffering
© Prentice Hall, 2000
40
Other Legal Issues
 What are the rules of electronic contracting, and whose jurisdiction
prevails when buyers, brokers, and sellers are in different states
and/or countries?
 How can gambling be controlled on the Internet? Gambling is legal
in Nevada and other states. How can the winner’s tax be
collected?
 When are electronic documents admissible evidence in the courts
of law? What do you do if they are not?
 Time and place can carry different dates for the buyers and sellers
when they are across the ocean.
 Is a digital signature legal?
 The use of multiple networks and trading partners makes the
documentation of responsibility difficult. How is such a problem
overcome?
41
© Prentice Hall, 2000
Electronic Contracts
Uniform Electronic Transactions Act
Provides the means to effectuate transactions
accomplished through an electronic medium
Uniform Commercial Code (UCC)
Provides a government code that supports
existing and future electronic technologies in the
exchange of goods or of services related to
exchange of goods
© Prentice Hall, 2000
42
Electronic Contracts (cont.)
Shrink-wrap agreements (or box top licenses)
The user is bound to the license by opening the package
 This has been a point of contention for some time
 The court felt that more information would provide more
benefit to the consumer given the limited space available on
the exterior of the package
Click-wrap contracts
The software vendor offers to sell or license the use of the
software according to the terms accompanying the software
The buyer agrees to be bound by the terms based on
certain conduct
© Prentice Hall, 2000
43
Fraud on the Internet
Internet Stocks Fraud
SEC brought charges against 44 companies and individuals
who illegally promoted stocks on computer bulletin boards,
online newsletters and investment Web sites
Other Financial Fraud
Selling bogus investments, phantom business opportunities,
and other fraud schemes
Other Fraud in EC
Customers may
receive poor quality products and services
not get products in time
be asked to pay for things they assume will be paid for by sellers
© Prentice Hall, 2000
44
Federal Trade Commission (FTC)
Consumer Alerts
The “Dirty Dozen”
 Business opportunities
 Free goods
 Bulk mail solicitors
 Chain letters
 Investment opportunities  Cable descrambler kits
 Work-at-home schemes
 Credit repair
 Health and diet schemes  Vacation prize
promotions
 Effortless income
 Guaranteed loans or credit,
on easy terms
© Prentice Hall, 2000
45
Buyer Protection
Tips for safe electronic shopping
Look for reliable brand names at sites.
Search any unfamiliar site for address and
phone and fax number. Call up and quiz a person
about the sellers.
Check the seller with the local Chamber of
Commerce, Better Business Bureau, or TRUSTe
as described later.
Investigate how secure the seller’s site is and
how well it is organized.
© Prentice Hall, 2000
46
Buyer Protection
Examine the money-back guarantees,
warranties, and service agreements.
Compare prices to those in regular stores; toolow prices may be too good to be true.
Ask friends what they know. Find testimonials
and endorsements.
Find out what you can do in case of a dispute.
Consult the National Fraud Information Center.
Check www.consumerworld.org
Do not forget the you have shopper’s rights.
© Prentice Hall, 2000
47
Third Party Service
Public organizations and private companies
attempt to protect consumers
TRUSTe’s “Trustmark”
non-profit group
to build user’s trust and confidence in the Internet by
promoting the polices of disclosure and informed consent
BBB (Better Business Bureau)
private non-profit organizations supported largely by
membership
to provide reports on business firms that are helpful to
consumers before making a purchase
© Prentice Hall, 2000
48
Authentication
If authentication can be solved …..
students will be able to take exams online
fraud of recipients of government entitlements and
other payments will be reduced to a bare minimum
buyers will be assured who the sellers are and
sellers will know who the buyers are with a very high
degree of confidence
arrangements will be made so that only authorized
people in companies can place purchasing orders
interviews for employment, possible marriage, and
other matching applications will be accurate
trust in your partners and in EC in general will
increase significantly
© Prentice Hall, 2000
49
Biometrics Controls
Photo of face
Fingerprints
Hand geometry
Blood vessel pattern in the retina of a
person’s eye
Voice
Signature
Keystroke dynamics
© Prentice Hall, 2000
50
Seller Protection
Sellers must be protected against:
Use of their names by others
Use of their unique words and phrases, names, and
slogans and their web addresses
Dealing with customers that deny that they placed
an order
Several other potential legal issues are related to
sellers’ protection
Customers downloading copyrighted software
and/or knowledge and selling it to others
Not being properly paid for products and services
provided
© Prentice Hall, 2000
51
Managerial Issues
 Multinational corporations face different cultures in the
different countries in which they are doing business
 Issues of privacy, ethics, and so on may seem to be
tangential to running a business, but ignoring them
may hinder the operation of many organizations
 The impact of electronic commerce and the Internet
can be so strong that the entire manner in which
companies do business will be changed, with
significant impacts on procedures, people,
organizational structure, management, and business
processes
© Prentice Hall, 2000
52