Chapter 10: Public Policy: From Legal Issues to Privacy doc

Learning Objectives❚ List and describe the major legal issues related to electronic commerce ❚ Understand the difficulties of protecting privacy and describe the measures taken by comp

Chapter 10 Public Policy:

From Legal Issues to Privacy

Learning Objectives

❚ List and describe the major legal issues related

to electronic commerce

❚ Understand the difficulties of protecting privacy

and describe the measures taken by companies

and individuals to protect it

❚ Describe the intellectual property issues in EC

and the measures provided for its protection

❚ Describe some of the ethical issues in EC and

the measures taken by organizations to improve

Learning Objectives (cont.)

❚ Understand the conflict between Internet indecency

and free speech, and the attempts to resolve the

conflict

❚ Describe the issues involved in imposing sales tax

on the Internet

❚ Discuss the controls over exporting encryption

software and the issues of government policies

❚ Differentiate between contracts online and offline

❚ Describe the measures available to protect buyers

Legal and Ethical Issues: an Overview

❚ Privacy

❚ Intellectual Property

❙ Difficult to protect since it is easy and inexpensive to copy and

disseminate digitized information

Ethical Issues

❚ What is considered to be right and wrong?

❚ What is unethical is not necessarily illegal.

❚ Whether these actions are considered unethical

depends on the organization, country, and the

specific circumstances surrounding the scenarios.

Ethical Issues (cont.)

❙ Many companies and professional

organizations develop their own codes of

ethics

❙ A collection of principles intended as a

guide for its members

❙ A guide for members of a company or an

Protecting Privacy

❚ Privacy

free of unreasonable personal intrusions

❚ Information Privacy

institutions to determine for themselves

when, and to what extent, information

about them is communicated to others”

Protecting Privacy (cont.)

❶ The right of privacy is not absolute

Privacy must be balanced against the needs of society.

❷ The public’s right to know is superior

to the individual’s right of privacy.

How is Private Information

Collected?

❙ Reading your newsgroups’ postings

❙ Finding you in the Internet Directory

❙ Making your browser record information about you

❙ Recording what your browsers say about you

❙ Reading your e-mail

Web-Site Self-Registration

❙ Registration Questionnaires

❘ type in private information in order to receive a password

to participate in a lottery, to receive information, or to play

a game

❙ Uses of the Private Information

❘ collected for planning the business

❘ may be sold to a third party

❘ used in an inappropriate manner

❙ 40% of all users have falsified information when registering

online

they don’t know how the information is going to be used

content of the sites

them

From the Eighth User Survey by

GVU (1988)

to record one’s comings and goings

❘ Web sites can ‘remember’ information about

users and respond to their preferences on a

particular site, process is transparent to users

❘ Web sites can maintain information on a

particular user across HTTP connections

❙ Reasons for using cookies

❘ to personalize information

❘ to improve online sales/services

❘ to simplify tracking of popular links or demographics

❘ to keep sites fresh and relevant to the user’s interests

❘ to enable subscribers to log in without having to enter a password every visit

❘ to keep track of a customer’s search preferences

❘ personal profiles created are more accurate than self-registration

❙ Solutions to cookies

❘ users can delete cookie files stored in their computer

❘ use of anti-cookie software (e.g Cookie Cutter and Anonymous Cookie)

Cook

Privacy Protection

❙ 5 basic principles

❘ Notice/Awareness— Customers must be given notice and be able

to make informed decisions.

❘ Choice/Consent— Customers must be made aware of their options

as to how their personal information may be used Consent may be granted through ‘opt-Out’ clauses requiring steps.

❘ Access/Participation— Consumers must be able to access their

personal information and challenge the validity of the data.

❘ Integrity/security— Consumers must be assured that the data is

secure and accurate.

❘ Enforcement/Redress— There must always exist a method of

enforcement and remedy The alternatives are government

intervention, legislation for private remedies, or self-regulation.

Protecting Your Privacy

❙ Think before you give out personal information on a site

❙ Track the use of your name and information

❙ Keep your newsgroups’ posts out of archives

❙ Use the Anonymizer when browsing

❙ Live without cookies

❙ Use anonymous remailers

❙ Use encryption

❙ Reroute your mail away form your office

❙ Ask your ISP or employer about a privacy policy

❙ The Consumer Internet Privacy Act

❙ The Federal Internet Privacy Protection

Act

❙ The Communications Privacy and

Consumer Empowerment Act

❙ The Data Privacy Act

❚ Personal Information in Databases

❙ Databases of banks and financial institutions; cable TV; telephone ; employers; schools; insurance

companies; and online vendors

❙ Concerns

❘ Under what circumstances will personal data be released?

Electronic Surveillance - Monitoring

Computer Users

❚ Tens of millions of computer users are monitored,

many without their knowledge

❚ Employees have very limited protection against

employers’ surveillance

Privacy Policy Basics

❍ Data Collection ❍ Data Accuracy ❍ Data Confidentiality

adequate, relevant, and

not excessive in relation

to the business objective.

❏ Individuals must give

their consent before data

pertaining to them can be

gathered.

❏ Sensitive data gathered on individuals should be verified before it is entered into the database

❏ Data should be accurate and, where and when

necessary, kept current.

❏ The file should be made available so the individual can ensure that the data are

correct.

❏ If there is disagreement about the accuracy of the

❏ Computer security procedures should be implemented to provide reasonable assurance against

unauthorized disclosure of data

❏ Third parties should not be given access to data without the individual’s knowledge or

permission, except as required by law.

❏ Disclosures of data, other than the most routine, should be noted and maintained for as long as the data are maintained.

Protecting Intellectual Property

Copyright Protection Techniques

❙ Digital watermarks

❘ embedding of invisible marks

❘ can be represented by bits in digital

content

❘ hidden in the source data, becoming

inseparable from such data

Legal Perspectives

❙ Electronic Theft (NET) Act

❘ imposed criminal liability for individuals who reproduce

or distribute copies of copyrighted works even if no

commercial advantage or financial gain exists

❙ Digital Copyright Clarification and Technology Education Act

❘ limits the scope of digital copyright infringement by

allowing distance learning exemptions

❙ Online Copyright Liability Limitation Act

❘ seeks to protect Internet access providers from liability

for direct and vicarious liability under specific

circumstances where they have no control or

knowledge of infringement

Legal Perspectives (cont.)

❙ Digital Millennium Copyright Act

❘ reasserts copyright in cyberspace

❘ makes illegal most attempts to defeat anti-copying technology

❘ requires the National Telecommunications and Information

Administration to review the effect the bill would have on the

free flow of information and makes recommendations for any

changes two years after it is signed into law

❘ lets companies and common citizens circumvent anti-copying

technology when necessary to make software or hardware

compatible with other products, to conduct encryption research

or to keep personal information from being spread via Internet

“cookies” or other copy-protection tools

❘ forbids excessive copying of databases, even when those

databases contain information already in the public domain

International Aspects of Intellectual

Property

❙ more than 60 member countries to come up with

an international treaty

❙ part of the agreement is called the ‘database treaty’

❙ its aim is to protect the investment of firms that

collect and arrange information

Domain Names

❙ Whether top-level domain names

(similar to com, org and gov) should

be added

❙ The use of trademark names by

companies for domain names that

belong to other companies

Domain Names (cont.)

❚ Network Solutions Inc.

❙ Contracted by the government to assign domain addresses

❙ Companies are using trade names of other

❚ Increase Top Level Names

❙ Idea is that an adult only top-level name will be created to

prevent pornographic material getting into the hands of

children

Defining Freedom of Speech

❚ The Bill of Rights First Amendment to the

Constitution of the U.S of America reads

❙ “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press;

or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.”

❚ The united nations Universal Declaration of Human

Rights in 1948 addresses the right of freedom of

expression

❙ “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive, and impart

information and ideas through any media and regardless of frontiers.”

Defining Freedom of Speech

(cont.)

The Debate about Free Speech

on the Internet

❚ Free speech debate

❚ “Most citizens are implacably opposed to censorship in

any form — except censorship of whatever they

personally happen to find offensive.”

❚ What the boundaries are, and how they should be

enforced

Governments protective of their

role in society, parents concerned

about exposing their children to

inappropriate Web pages and

Citizen action groups desiring to protect every ounce of their freedom to speak, individuals concerned about their right to

The Debate about Free Speech

on the Internet (cont.)

❙ Provisions in law for 2 cases that limit free speech

❘ obscene material

❘ compelling government interest

❙ “Indecency”

other communication that, in context, depicts or describes,

in terms patently offensive as measured by contemporary

community standards, sexual or excretory activities or

organs”

Protecting Children

❚ 3 approaches (regarding the protection of children

from inappropriate material on the Internet)

❙ No information should be held back and parents should be responsible for monitoring their own children

❙ The government is the only one who can truly protect children from this material

❙ To hold the Internet providers responsible for all the material and information they provide

Protecting Children (cont.)

❚ Parents Governing Their Own Children

❚ Government Protecting the Children

❚ Responsibility for the Internet Providers

❚ Forcing Internet Providers to be Accountable

Legal Perspectives in the USA

❚ Child Online Protection Act

❚ Internet Tax Freedom Act

❚ Family Friendly Internet Access Act

❚ Internet Protection Act

❚ Internet School Filtering Act

Controlling Spamming

❚ What is spamming, why is it bad?

❙ Spamming

example junk mail) without permission of the receiver and without consideration for the messages’ appropriateness”

❙ Spamming’s negative impacts

❚ Legislation, Legal

❙ The Electronic Mailbox Protection Act

❙ The Unsolicited Commercial Electronic Mail Act

❙ The Netizens Protection Act

❙ The Telephone Consumer Protection Act

Controlling Spamming (cont.)

❚ How to cut spamming

❙ Tell users not to validate their addresses by answering spam requests for replies if they want to be taken off mailing lists

❙ Disable the relay feature on SMTP (mail) servers so mail cannot be bounced off the server

❙ Delete spam and forget it— it’s a fact of life and not worth wasting time over

❙ Use software packages, e.g www.getlost.com and www.junkbusters.com

Taxation Policies

❚ The Taxation Exemption Debate

❙ Internet Tax Freedom Act (8 Oct,98)

❘ promotes electronic commerce through tax incentives by barring any new state or local sales taxes on Internet transactions during the next three years

Applying existing law to new

mediums of exchange is far more

difficult than ever imagined The

global nature of business today

suggests that cyberspace be

considered a distinct tax zone unto

Electronic commerce industries

The Internet businesses must pay its fair share of the bill for the nation’s social and physical infrastructure They feel that the Internet industries are not pulling their own weight These companies are screaming that the same situation exists

Non-electronic commerce industries

Taxation Policies (cont.)

❚ Proposed Taxation Solutions in the USA

The Internal Revenue

Service might “come to the

rescue” with a single and

simplified national sales tax.

This will reduce 30,000 different tax codes to ‘no

more than 50”.

Net sales would be taxed at the same rate as mail order or Main Street transactions.

Encryption Policy

❚ The 128-BIT Encryption Debate

❙ Export 128-bit encryption is 3.09X10 to the 26 th power times more difficult to decipher than the preceding legally exportable technology.

For the past 20 years

there was a limitation

on exported encryption

devices of 56 bit codes

Recent legislation allows 128 bit in specific circumstances thus paving the way for

Secure e-commerce Government’s legal requirements

Encryption Policy (cont.)

❚ Data Encryption Standard (DES)

❙ A published federal encryption standard created to

protect unclassified computer data and communications

❘ Cryptographers would follow an audit trail to ensure that keys haven’t been released improperly, however, law enforcement does not trust that process

❘ Technology can encrypt so thoroughly, that every computer on earth, working in tandem, would take trillions of years to decode the encryption

Other Legal Issues

❚ What are the rules of electronic contracting, and whose jurisdiction prevails when buyers, brokers, and sellers are in different states

and/or countries?

❚ How can gambling be controlled on the Internet? Gambling is legal

in Nevada and other states How can the winner’s tax be

collected?

❚ When are electronic documents admissible evidence in the courts

of law? What do you do if they are not?

❚ Time and place can carry different dates for the buyers and sellers when they are across the ocean.

❚ Is a digital signature legal?

Electronic Contracts

❚ Uniform Electronic Transactions Act

❙ Provides the means to effectuate transactions accomplished through an electronic medium

❚ Uniform Commercial Code (UCC)

❙ Provides a government code that supports existing and future electronic technologies in the exchange of goods or of services related to exchange of goods

Electronic Contracts (cont.)

❙ The user is bound to the license by opening the package

➥ This has been a point of contention for some time

➥ The court felt that more information would provide more benefit

to the consumer given the limited space available on the

exterior of the package

❙ The software vendor offers to sell or license the use of the

software according to the terms accompanying the software

❙ The buyer agrees to be bound by the terms based on certain