ECONOMIC AND SOCIAL COMMISSION FOR ASIA AND THE PACIFIC
STUDIES IN TRADE AND INVESTMENT 54
HARMONIZED DEVELOPMENT
OF LEGAL AND
REGULATORY SYSTEMS FOR
E-COMMERCE IN ASIA AND
THE PACIFIC:
CURRENT CHALLENGES AND
CAPACITY-BUILDING NEEDS
UNITED NATIONS ESCAP STUDIES IN TRADE AND INVESTMENT No. 1. Strengthening Capacities in Trade, Investment and the Environment for the Comprehensive Development of Indo-China (ST/ESCAP/1482) 2. Regional Cooperation in Export Credit and Export Credit Guarantees (ST/ESCAP/1438) 3. Expansion of Manufactured Exports by Small and Medium Enterprises (SMEs) in ESCAP Region (ST/ESCAP/1457) 4. Towards a More Vibrant Pepper Economy (ST/ESCAP/1494) 5. Sectoral Flows of Foreign Direct Investment in Asia and the Pacific (ST/ESCAP/1501) 6. Review and Analysis of Intraregional Trade Flows in Asia and the Pacific (ST/ESCAP/ 1506) 7. Prospects of Economic Development through Cooperation in North-East Asia (ST/ESCAP/ 1472) 8. An Analysis of Fiji’s Export Potential to Asia (ST/ESCAP/1511) 9. Development of the Export-Oriented Electronics Goods Sector in Asia and the Pacific (ST/ESCAP/1512) 10. Assessing the Potential and Direction of Agricultural Trade within the ESCAP Region (ST/ESCAP/1517) 11. Benefits and Challenges Facing Asian and Pacific Agricultural Trading Countries in the Post-Uruguay Round Period (ST/ESCAP/1526) 12. Trade Prospects for the Year 2000 and Beyond for the Asian and Pacific Region (ST/ESCAP/1516) 13. Electronic Commerce Initiatives of ESCAP Ð Role of Electronic Commerce in Trade Facilitation (ST/ESCAP/1557) 14. Promotion of Investment in Countries in the Early Stages of Tourism Development: Mongolia, Myanmar, Nepal, Viet Nam (ST/ESCAP/1597) 15. Implications of the Uruguay Round Agreements for the Asian and Pacific Region (ST/ESCAP/1535) 16. Implications of the North American Free Trade Agreement for the Asian and Pacific Region (ST/ESCAP/1627) 17. Prospects for the Textile and Clothing Sector of the ESCAP Region in the Post-Uruguay Round Context (ST/ESCAP/1642) 18. Trade and Investment Complementarities in North-East Asia (ST/ESCAP/1640) 19. Myanmar: Trade and Investment Potential in Asia (ST/ESCAP/1671) 20. Promoting Exports of Fish and Fishery Products in Selected Island Developing Countries of the ESCAP Region (ST/ESCAP/1677) 21. Enhancing Trade and Environment Linkages in Selected Environmentally Vulnerable Export-Oriented Sectors of the ESCAP Region (ST/ESCAP/1704) 22. Asian and Pacific Developing Economies and the First WTO Ministerial Conference: Issues of Concern (ST/ESCAP/1705) 23. Inter-networking through Electronic Commerce to Facilitate Intra-regional Trade in Asia (ST/ESCAP/1721) 24. Tea Marketing Systems in Bangladesh, China, India, Indonesia and Sri Lanka (ST/ESCAP/ 1716) 25. Private Sector Development and ODA in Indo-China (ST/ESCAP/1723) 26. Implications of the Single European Market for Asian and Pacific Economies: Opportunities and Challenges (ST/ESCAP/1744) 27. Trade Effects of Eco-labelling (ST/ESCAP/1792) 28. Assistance to Small and Medium-sized Enterprises for Enhancing Their Capacity for Export Marketing (ST/ESCAP/1816) 29. Border Trade and Cross-border Transactions of Selected Asian Countries (ST/ESCAP/ 1824) (Continued on inside back cover) ECONOMIC AND SOCIAL COMMISSION FOR ASIA AND THE PACIFIC
STUDIES IN TRADE AND INVESTMENT 54
HARMONIZED DEVELOPMENT OF LEGAL AND REGULATORY SYSTEMS FOR E-COMMERCE IN ASIA AND THE PACIFIC: CURRENT CHALLENGES AND CAPACITY-BUILDING NEEDS
UNITED NATIONS New York, 2004 ESCAP WORKS TOWARDS REDUCING POVERTY AND MANAGING GLOBALIZATION
ST/ESCAP/2348
The opinions, figures and estimates set forth in this publication are the responsibility of the authors, and should not necessarily be considered as reflecting the views or carrying the endorsement of the United Nations.
The designations employed and the presentation of the material do not imply the expression of any opinion whatsoever on the part of the Secretariat of the United Nations concerning the legal status of any country, territory, city or area, or of its authorities, or concerning the delimitation of its frontiers or boundaries. Mention of firm names and commercial products does not imply the endorsement of the United Nations.
This publication has been issued without formal editing. Preface
This publication is the result of a project on the Harmonization of e-commerce Legal Systems in Asia and the Pacific (Phase I), implemented by the United Nations Economic and Social Commission for Asia and the Pacific, with technical and financial support of the Government of France. ITC UNCTAD/WTO also contributed significantly to the project.
This publication is a compilation of papers presented or prepared for the Regional Expert Conference on Harmonized Development of e-commerce Legal Systems in Asia-Pacific held at the United Nations Conference Centre, Bangkok, Thailand, from 7 to 9 July 2004. Documents related to the Expert Round Table on Capacity-building Needs for Harmonized Development of e-commerce Legal Systems, held on the last day of that Conference, have also been included.
Part One provides an overview of the e-commerce laws and regulations in some of the subregions of Asia and the Pacific, including Central Asia, South Asia, South-East Asia and the Pacific islands. The last paper in this part focuses on the e-ASEAN (Association of Southeast Asian Nations) legal framework and its challenges.
Part Two is a selection of papers presented by experts during the conference on topics ranging from legal issues related to electronic contracts and security to jurisdiction and privacy protection issues. The first two papers in this section are country papers that discuss the status and challenges of e-commerce legal system development in two countries at different stages of development.
Part Three focuses on the capacity-building needs for harmonized development of e-commerce legal systems in Asia and the Pacific. It begins with a review of short country papers submitted by selected government officials and experts prior to the conference, with a focus on capacity-building needs. The conclusions and recommendations of the expert round table and related documents, including training programmes for lawmakers, regulators, lawyers and judges, are also presented.
The full text of this publication, as well as related documents, are available for download on the web site of the ESCAP Trade and Investment Division (www.unescap.org/tid/).
iii Mr. Roland Amoussou-Guenou, Regional Expert on Legal Cooperation in ASEAN (Embassy of France in Thailand), visiting lecturer (Asian Institute of Technology) and Mr. Yann Duval, Economic Affairs Officer (ESCAP TID) were responsible for project design and implementation, while Mr. Kiran Pyakuryal and Mr. Ravi Ratnayake, Section and Division Chiefs, respectively, were responsible for the overall supervision and management of the project. Useful inputs were provided by Ms. Maria Margarethe van Doodewaard, Mr. Guennady Fedorov and Mr. Shahid Din, Regional Advisor, Section Chief and Economic Affairs Officer (ESCAP ICSTD), respectively. Their contributions and suggestions are gratefully acknowledged.
iv CONTENTS
Page
Preface ...... iii
Abbreviations ...... vii
PART ONE
I. Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives ...... 3 II. Harmonization of e-commerce laws and regulatory systems in South Asia...... 23 III. E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus ...... 37 Annex I ...... 48 Annex II ...... 49 Annex III...... 50 IV. Overview of the regulatory framework for e-commerce in selected Pacific island countries ...... 67 V. The e-ASEAN legal framework and its challenge ...... 81
PART TWO
I. Current challenges for Viet Nam in developing the legal and regulatory system for e-commerce...... 93 II. National e-commerce legislation in Asia and the Pacific: the case of Singapore ...... 103 III. Current issues and developments of privacy protection in the Republic of Korea ...... 115 IV. Electronic contracting: legal problem or legal solution? ... 125 Annex IV ...... 144 V. Current challenges of developing a legal infrastructure for securing e-commerce ...... 149
v CONTENTS (continued)
Page PART THREE
I. Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific ...... 161 II. Conclusions and recommendations of the round table on capacity-building needs...... 177 III. Training-of-trainers programmes for policy makers, regulators, judges and lawyers ...... 181 Annex ...... 192
List of tables
PART ONE
1. List of countries surveyed ...... 3 2. Organizational membership of surveyed countries ...... 14 3. Overview of enacted or drafted basic e-commerce legislation in Asian and Pacific countries ...... 17 4. Elements of e-ASEAN ...... 82
PART TWO
5. The variety of legal decisions by type of electronic contract issued in the United States of America ...... 128
PART THREE
6. Status of e-commerce legislation in selected Asian and Pacific countries ...... 162
Figures
1. Overview of regional capacity-building proposal ...... 176 2. Technical assistance project overview ...... 179
vi ABBREVIATIONS
APEC Asia-Pacific Economic Cooperation ASEAN Association of Southeast Asian Nations CAs Certification authorities (Singapore) COE Council of Europe EA Evidence Act (Singapore) EAP East Asia/Pacific ETA Electronic Transactions Act (Singapore) ETO Electronic transaction ordinance (Pakistan) EU European Union IAI Initiative for ASEAN Integration ICSTD Information, Communication and Space Technology Division (ESCAP) ICT Information and communication technology ILKAP Institut Latihan Kehakiman dan Perundangan (Malaysia) IMF International Monetary Fund ISP Internet service provider ITC International Trade Centre UNCTAD/WTO ITU International Telecommunication Union KAIT Korea Association of Information and Telecommunication (Republic of Korea) KISA Korea Information Security Agency (Republic of Korea) LDCs Least developed countries MSCT Ministry of Communication Science and Technology (Maldives) NCIT National Centre for Information Technology (Maldives) OECD Organization for Economic Cooperation and Development PCA Partnership and Cooperation Agreement (Armenia and EU) SAARC South Asian Association for Regional Cooperation SME Small and medium-sized enterprise
vii STEA Science Technology and Environment Agency (Lao People’s Democratic Republic) ToT training-of-trainer UCITA Uniform Computer Information Transactions Act (United States of America) UETA Uniform Electronic Transactions Act (United States of America) UNCITRAL United Nations Commission on International Trade Law UNDP United Nations Development Programme UNCTAD United Nations Conference on Trade and Development UNIDROIT International Institute for the Unification of Private Law WIPO World Intellectual Property Organization WSIS World Summit on the Information Society WTO World Trade Organization
viii Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
PART ONE
1 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
I. BENCHMARKING REGIONAL E-COMMERCE IN ASIA AND THE PACIFIC AND ASSESSMENT OF RELATED REGIONAL INITIATIVES
By David Satola, Rajesh Sreenivasan and Lenka Pavlasova1
Introduction
The World Bank commissioned a report on national and regional developments about e-commerce in Asia and the Pacific.2 The focus was on legal enabling environments in 23 countries designated as East Asia/Pacific (EAP). Table 1 presents a list of the countries included in the study. The legal enabling environment would include the reach, scope and the extent of EAP regional initiatives dedicated to the development of e-commerce in the region. The report was funded through Trust
Table 1: List of countries surveyed
Cambodia Palau China Papua New Guinea Democratic People’s Republic of Korea Philippines Fiji Republic of Korea Indonesia Samoa Kiribati Solomon Islands Lao People’s Democratic Republic Thailand Malaysia Timor-Leste Marshall Islands Tonga Micronesia (Federated States of) Vanuatu Mongolia Viet Nam Myanmar
1 David Satola is Senior Counsel at the World Bank in the Legal Department, Finance, Private Sector Development and Infrastructure. Rajesh Sreenivasan is a Partner at Rajah & Tann’s iTec Practice Group (intellectual property, technology, entertainment and communications). Lenka Pavlasova is Foreign Lawyer, iTec Practice Group, Rajah and Tann Advocates and Solicitors, Singapore. The views expressed are those of the authors and do not necessarily reflect the views of the Board of Executive Directors of the World Bank or the Governments they represent. 2 Full details of the project will be contained in the final Benchmarking Report, due to be completed in August 2004. The study will be available in December 2004.
3 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Funds provided by the Government of Singapore under its East Asia/Pacific Initiatives Project.
Preliminary findings of the report were presented at the Regional Expert Conference on Harmonized Development of Legal and Regulatory Systems for Electronic Commerce in Asia and the Pacific Region: Current Challenges and Capacity-building Needs held from 7 to 9 July 2004 in Bangkok. This paper highlights certain preliminary findings of the Benchmarking Report presented at the conference.
The countries surveyed span a wide range of economic development, geography and demography. Not surprisingly, the level of development of the e-commerce legal enabling environments in the countries also covers a wide range, which is sometimes, but not always linked to variation in economic development, geography, demography and other factors. Generally, it was found that the interoperability of e-commerce legal frameworks among the countries was low, even among countries that have adopted so-called international standards.
There were still national differences among countries, even when they based their laws on the United Nations Commission on International Trade Law (UNCITRAL) model laws. They still did not permit mutual recognition of electronic data messages and digital signatures necessary for cross-border e-commerce. Other examples included variation across countries in data privacy protection, as well as in consumer protection regimes applicable to transactions both online and in the real world. In some areas, such as communications infrastructure regulations, most countries have elements in their legal enabling frameworks, but the experiences in implementation are widely divergent.
This paper summarizes three main sections of the benchmarking report with an overview at the national level on the relative state of development for laws and regulations affecting e-commerce based on a common set of indicators. The assessment identified the most significant EAP regional initiatives that aimed at developing laws and regulations affecting e-commerce in the region. There is also an assessment of the geographic reach, scope, application and the extent of implementation for such initiatives.
Various recommendations are suggested about current EAP regional initiatives and a number of additional complementary regional initiatives are proposed to address the identified gaps in benchmarking and to enhance the legal and regulatory framework.
4 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
A. Research background
The benchmarking research was conducted in two phases. The first phase was desk research and a literature review. It was limited to information available from publicly accessible sources. In general, the availability, completeness and the quality of the information have been directly proportional to the level of e-readiness in a country. Relevant information was comparatively easier to obtain for more e-ready countries. A very limited amount of information could be obtained for the countries that were less e-ready, especially some LDCs.
In the second phase, the missing information was identified and a list of questions was formulated for each country. The lists of questions were presented to local consultants experienced in the area of information and communication technology (ICT) and e-commerce legal and regulatory issues.3
Findings for a number of countries were based solely on desk research. The limited amount of publicly available information on these countries meant that findings were also very limited. In addition, such findings have not been verified by any local counsel. Findings and conclusions provided in this paper must be viewed in this context.
B. Findings and conclusions of the benchmarking research
Economic indicators showed a contrast between some of the richest and the poorest countries in the region. There was also variation in types of economic regimes, ranging from free-market to mixed economies to centrally planned economies. Demographic indicators also showed the major contrasts between nations of continental size to small island nations.
Technology penetration indicators give one view of the ICT physical infrastructure in each country. ICT physical infrastructure is one element considered when assessing the e-readiness under e-readiness assessment model used by
3 At the time of the Conference, the research did not yet go through the second phase for several countries, such as Democratic People’s Republic of Korea, Mongolia and Pacific island countries. There were constraints in finding appropriate local consultants to assist in the research.
5 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Asia-Pacific Economic Cooperation (APEC).4 Indicators of technology penetration showed the variation among countries in terms of the development of basic ICT physical infrastructure. The Republic of Korea had fixed line penetration of 47 per cent, 69 per cent for mobile phone penetration and 56 per cent for computer penetration.5 Cambodia had fixed line penetration of 0.26 per cent, 2.76 per cent mobile phone penetration and 0.2 per cent computer penetration.6
1. Telecommunication regulations
The findings provide an overview of the current regulatory environment for telecommunications with a special focus on the regulation of Internet and broadband services. A majority of the countries have adopted national laws that establish a general regulatory framework for the telecommunications industry. However, levels of implementation vary by country for such laws.
Broadband services and their provision are generally not expressly recognized as a separate service category for licensing or regulatory purposes. Nevertheless, broadband services generally fall within the scope of definitions that cover telecommunications services. The identification of specific licensing and other regulatory requirements depends on the type and the extent of broadband services provided, such as whether a broadband service provider operates its own telecommunications network when providing such services or not. In some countries, broadband services expressly qualify as value added services or Internet access services. The regulations governing Internet service provision could involve mere notification through a registration to a class licence to the requirement to obtain an individual licence.
A separate regulatory agency for the telecommunications or communications industry has been established in almost half of the countries. In addition, Thailand and Samoa are currently in the process of establishing a separate national telecommunications regulatory agency. For the purpose of the Benchmarking Report, a regulator that is structurally separate from the country’s government bureaucracy
4 Under APEC’s e-readiness assessment model, six categories are measured for “readiness for e-commerce:” (i) basic infrastructure and technology, (ii) access to network services, (iii) use of the Internet, (iv) promotion and facilitation (industry led standards), (v) skills and human resources (ICT education, workforce) and (vi) positioning for the digital economy (taxes and tariffs, industry self-regulation, government regulations, consumer trust). http://www.bridges.org/ereadiness/tools.html#_Toc509205361 5 ITU Statistics at http://www.itu.int/ITU-D/ict/statistics/ 6 Ibid.
6 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
or ministries has been considered as a separate regulator.7 With the exception of Thailand, mechanisms for appointing regulators identified as separate were not completely independent from the executive branch of the government.
2. Content regulations
Findings about content regulations indicate the extent to which countries address the issues about what is published on and distributed via the Internet and its regulation. A number of countries, including China, Lao People’s Democratic Republic, Malaysia, Myanmar and the Republic of Korea, have legislation or other instruments to regulate the content published and distributed via the Internet. Other approaches to Internet content control are used as well, particularly in relation to content considered to be obscene. Approaches could include:
(a) Terms and conditions are set when registering for a domain name in some countries in order to prohibit publication of indecent content (Kiribati and Solomon Islands, for example). (b) Regulations governing mass media (broadcasting and the press) in some countries may also apply to the Internet to a certain extent (for example, Indonesia). (c) Generic provisions that prohibit the transmission of obscene content via telecommunications were found in some countries, for example Fiji and Papua New Guinea.
Only two countries address the licensing of Internet content providers. One is Viet Nam, where the licences are issued by the Ministry of Culture and Information. The other is Malaysia, which expressly exempts Internet content providers from licensing or registration requirements.
3. E-commerce
Findings concerning e-commerce start with an overview of laws legitimizing e-commerce in each country. Specific laws addressing e-commerce have been enacted in Myanmar, the Philippines, Republic of Korea, Thailand and Vanuatu. To a certain extent and with variations among countries, their national laws are based on the
7 Assessing the independence of the appointment mechanism might require finding a way to measure the level of real independence, perhaps by looking at the role of the government in the appointment process.
7 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
UNCITRAL Model Law on Electronic Commerce 1996 (UNCITRAL Model Law 1996).8 Cambodia, Indonesia, Malaysia and Viet Nam have been drafting such laws, but the laws are in different stages of the legislative process in each country.
Research for this paper showed that even though this set of countries used the UNCITRAL Model Law 1996 as their guideline, their respective e-commerce laws were different enough that cross-border interoperability has not been enabled. This might be explained by the fact that in the process of harmonizing the UNCITRAL Model Law 1996 and its implementation into national legal systems, some provisions were modified or omitted.
Other countries have not undertaken any significant steps to prepare such laws. Generic laws governing contracts in the offline environment generally do not expressly exclude electronic contracts from their scope of applicability. Nevertheless, such laws do not expressly extend to the online environment. The applicability of such general laws in the online environment has not been sufficiently tested in courts yet.
4. Electronic signature
An overview of laws legitimizing the use of electronic signatures and providing for the regulation of certification authorities in the countries under study constitute the findings in this area. Specific laws addressing the issues of electronic signatures and certification authorities have been enacted in Malaysia, Myanmar, the Philippines, the Republic of Korea, Thailand and Vanuatu.
It was found that Cambodia, China, Indonesia and Viet Nam have already drafted such specific laws. These laws are at different stages in the legislative process of each government. Findings for this study showed that other countries have not undertaken any significant steps to prepare such laws.
There are significant differences among countries in the scope, form and principles of the regulation on electronic signatures and certification authorities provided by law. With the exception of Thailand, none of the laws in other countries was
8 According to UNCITRAL, the Philippines, Republic of Korea and Thailand are the only countries whose e-commerce laws are based on the UNCITRAL Model Law 1996 (see http://www.uncitral.org/en- index.htm). However, e-commerce laws of Vanuatu and Myanmar adopted certain principles and wordings provided in this model law.
8 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
found to be based on the UNCITRAL Model Law on Electronic Signatures 2001 (UNCITRAL Model Law 2001) to any significant extent.9
It appears that legal issues concerning the interoperability of electronic signatures have been overlooked by most countries in the region. The Republic of Korea was the only country with a Digital Signature Act that included special provisions providing for national interoperability of digital signatures. International interoperability has not been addressed in any of the identified electronic signature laws. Nevertheless, the importance of the interoperability of electronic signatures in the East Asia and Pacific region has been recognized by private sector initiatives such as the Asia Public Key Infrastructure Forum.10
5. Data protection and privacy
Regulations and legislation concerning data protection and privacy adopted in various countries can be generally summarized as follows. The Republic of Korea is the only country in the region that has adopted a comprehensive data protection law. A different approach to data protection combining self-regulation and government supervision has been adopted in Vanuatu where binding codes of conduct and standards were prepared by a private organization and subsequently approved by the minister responsible for telecommunications and e-commerce.
Other countries do not have comprehensive data protection regulations in place. In most countries, protection of personal data and privacy is usually addressed on a constitutional level or, to varying extent, in laws governing industries dealing with sensitive information such as banking, insurance, medical and health industries. Privacy aspects of personal data protection in the online environment are largely covered by general regulations about the privacy of communications. The issue of the privacy of communications transmitted through communication networks was not a direct subject of the research.
6. Consumer protection
Findings about consumer protection start with an overview of laws or other regulations that specifically addresses the protection of consumers in the online
9 http://www.uncitral.org/en-index.htm 10 In March 2004, the Asia Public Key Infrastructure Forum announced that it had finalized the “Asia PKI Interoperability Guideline v1.0” as a benchmark for technical standards for international PKI interoperability.
9 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs environment. The particular focus was on the regulation of online fair marketing and dispute resolution.
As in the case of data protection, the Republic of Korea was the only country in the region that had adopted a law specifically addressing consumer protection in the online environment. Vanuatu adopted a different approach to consumer protection by combining self-regulation and government supervision. Vanuatu has binding codes of conduct and standards, which were prepared by a private organization and subsequently approved by the minister responsible for telecommunications and e-commerce.
The Philippines has addressed the issues of consumer protection in the online environment by expressly extending the applicability of the generic consumer protection law into the online environment. Malaysia has specifically excluded online transactions from the scope of its generic law on the consumer protection.11
In other countries of the region, national legislation governing consumer protection in the offline environment does not expressly exclude the online environment from the scope of its applicability. Nevertheless, such legislation does not expressly extend to the online environment. The applicability of such generic legislation in the electronic environment has not yet been sufficiently tested in courts.
7. Intellectual property
Findings related to intellectual property include an overview of laws or other forms of regulation that explicitly address issues of copyright, trademarks and database protection specific to the online environment. With the exception of China and the Republic of Korea, where the applicability of generic trademark protection has been expressly extended to the online environment by court decisions, none of the other countries have addressed issues concerning trademark protection in an online environment.
The applicability of the laws governing copyright protection in China, Indonesia, Malaysia, the Philippines and the Republic of Korea was extended specifically to the online environment. The copyright law of Fiji expressly extends the reception
11 Copyright laws of other countries also address issues of communication to the public and the broadcasting of copyrighted works via wireline or wireless transmission. Unless a judicial decision expressly extending such regulation to the online environment, in particular the Internet, has been located, the research has assessed such regulations as not being online specific.
10 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
of a broadcast to include reception of a broadcast relayed by means of a telecommunications system. All countries whose copyright laws qualified as online specific provide for the protection of databases or compilation works.
8. Electronic banking and finance
This area covers the regulation of services that are provided online in banking and finance. Palau was identified by the study as the only country that expressly regulates the provision of electronic banking services in a national law on financial institutions. Indonesia, Malaysia, the Philippines, the Republic of Korea and Thailand address the issue of Internet banking through regulatory instruments that have various types of legal standing (circulars, notifications, guidelines, etc.) adopted by the respective national financial service regulators. To a varying extent, such regulatory instruments also address the issues of secure electronic payments systems by prescribing security policies and guidelines that banks must comply with when providing electronic banking services.
Only China, Fiji, Myanmar, the Philippines and Thailand specifically extend the applicability of their national laws on anti-money laundering to cover electronic transactions.
9. Taxation and customs
Findings in this area concern the laws or other forms of regulation specifically addressing the issues of tax or custom duties for online transactions. The research found that none of the countries studied had adopted any legislation or regulatory instruments imposing a tax on online transactions beyond traditional taxes such as sales tax at the origin of sale. None of the countries studied imposes custom duties on online services at the point of consumption of services.
10. Conflict of laws
Information from the research in this area concerns the laws or other forms of regulation about the choice or determination of the jurisdiction and applicable laws for electronic transactions. In particular, attention focuses on dispute resolution for such transactions.
None of the countries studied had adopted any legislation or rules addressing the choice or determination of jurisdiction and law governing an electronic transaction. General rules established for this purpose that are traditionally applicable to offline
11 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs transactions would most likely apply for the online environment, although on a case-by-case basis.
11. Cybercrime
An overview of the status of legislation addressing cybercrime in the countries under study was mostly concerned with the following offences: (a) access to and interference with systems, (b) interception of and interference with data, (c) obscene Internet content, (d) e-fraud, (e) e-forgery, (f) online trade mark infringement offences and (g) online copyright infringement offences.
Generally, legislation addressing the above offences is more advanced in comparison to regulations about the availability of civil remedies for damages suffered due to such offences. Nevertheless, Malaysia was the only country that has adopted a comprehensive Computer Crimes Act. In addition, certain online offences fall within the scope of penalty provisions under Malaysia’s communications and multimedia regulations. Indonesia, the Philippines and Thailand have already drafted cybercrimes laws. However, these laws were at different stages in the legislative processes.
China, the Philippines and the Republic of Korea have specifically addressed certain aspects of cybercrime in their criminal codes, e-commerce enabling laws, other legislative instruments or in the case law. With respect to copyright offences, penalties are imposed for online copyright infringement in the countries that have copyright protection laws explicitly extending to the online environment.
Criminal penalties for acts such as those listed above when committed in the offline environment, such as forgery, fraud, obscene content, copyright and trademark infringement, are available in the generic criminal or penal codes of most countries. Nothing in such generic regulations expressly excludes the online environment from the scope of applicability. In addition, such generic regulations are usually formulated broadly enough to cover equivalent crimes committed in the online environment. Nevertheless, no case law or judicial decisions have been found during the research to confirm the applicability of general legislation to the online environment. In such cases, it was stated in the detailed research that penalties for specified offences were not provided for.
12 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
C. Assessment of regional e-commerce initiatives
The Internet is a global phenomenon, and e-commerce seems to be on the way to having global reach as well. Evidence from anecdotes and empirical research shows that harmonizing legal frameworks to ensure cross-border interoperability make it necessary to have global reach for certain applications associated with the Internet, such as e-commerce. Activities of countries taken in isolation have often proved to be ineffective in addressing this challenge. Research conducted for this study shows that e-commerce laws of five different countries do not enable cross-border interoperability, despite being based on the UNCITRAL Model Law 1996. International organizations and regional initiatives can thus have a critical influence on encouraging cooperation among countries and assist them in meeting this challenge.
Regional initiatives related to e-commerce legal and regulatory frameworks of the following selected organizations in the region have been reviewed: (1) United Nations Economic and Social Commission for Asia and the Pacific (ESCAP), (2) Asia-Pacific Economic Cooperation (APEC) and (3) Association of Southeast Asian Nations (ASEAN). This review and the Benchmarking Report assess the reach and effectiveness of the initiatives in promoting cross-border harmonization and interoperability of legal frameworks.
1. Geographical reach of the initiatives
The geographical reach of the regional initiatives related to e-commerce can be considered as limited. Table 2 shows the membership of the surveyed countries in three regional organizations. In geographical terms, initiatives have generally been limited to countries at relatively higher levels of development, such as Malaysia, the Republic of Korea, and Thailand. Recently, some of the less developed countries such as Cambodia, Lao People’s Democratic Republic, Myanmar and Viet Nam have also been included in these initiatives.
However, the regional initiatives tend to leave more isolated countries, such as small Pacific island countries and the Democratic People’s Republic of Korea, out of the scope of their geographical reach. In contrast, APEC member countries and economies include comparatively more developed countries, such as China, Indonesia, Malaysia, the Philippines, the Republic of Korea and Thailand. However, Viet Nam is a developing country member of APEC.
13 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Table 2: Organizational membership of surveyed countries
ESCAP ASEAN APEC Cambodiaa ✓✓ China ✓✓ Democratic People’s Republic of Korea ✓ Fiji ✓ Indonesia ✓✓✓ Kiribatia ✓ Lao People’s Democratic Republica ✓✓ Malaysia ✓✓✓ Marshall Islands ✓ Micronesia (Federated States of) ✓ Mongolia ✓ Myanmara ✓✓ Palau ✓ Papua New Guinea ✓✓ Philippines ✓✓✓ Republic of Korea ✓✓ Samoaa ✓ Solomon Islandsa ✓ Thailand ✓✓✓ Timor-Leste ✓ Tonga ✓ Vanuatua ✓ Viet Nam ✓✓✓ a Least developed country based on United Nations categorization.
The original ASEAN membership had also covered the more developed countries of Indonesia, Malaysia, Philippines, Singapore and Thailand. However, between 1995 and 1999, ASEAN membership expanded to some least developed countries, including Cambodia, Lao People’s Democratic Republic and Myanmar. Viet Nam could be considered as a developing economy in transition. One of the main objectives of the e-ASEAN Framework Agreement12 adopted in November 2000 is to reduce the digital divide existing between the more and less developed member countries. To address this issue, ASEAN leaders adopted the Initiative for ASEAN Integration (IAI) Work Plan for Cambodia, Lao People’s Democratic Republic, Myanmar and Viet Nam (designated as the CLMV countries) in November 2002.13
12 http://www.aseansec.org/6267.htm 13 http://www.aseansec.org/pdf/IAI_doc1.pdf
14 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
At the regional level, ESCAP is the only organization with a membership that includes all the countries in the region so that its initiatives can encompass all countries in Asia and the Pacific. In its recommendations and programme of work, ESCAP has explicitly recognized the special needs of developing countries and Pacific island countries. At ESCAP meetings, countries have been encouraged to consider such special needs when adopting new e-commerce legislation.14
2. Subject matter of the initiatives
The subject matter relevant to e-commerce legal frameworks addressed by APEC initiatives reflects the level of development of these frameworks in the APEC member countries. All APEC-member countries have already enacted or at least drafted e-commerce or electronic signature specific legislation. The current initiatives by APEC have been focused on the development and the interoperability of the existing legal frameworks. Current initiatives by APEC also address specific issues related to e-commerce, such as spam, paperless trading, consumer protection, data protection, electronic authentication and cybercrime.
Three member countries of ASEAN are categorized as least developed countries, and one ASEAN member is a low income country according to the World Bank.15 For this set of countries, the development gap and digital divide among member countries is more apparent in ASEAN than in APEC. ASEAN initiatives are therefore more focused on narrowing the existing gap and digital divide, in particular within the scope of the IAI Work Plan. In relation to ICT legal and regulatory frameworks affecting e-commerce, ASEAN activities are aimed mostly at the development of such frameworks in Cambodia, Lao People’s Democratic Republic, Myanmar and Viet Nam. Specific issues such as legal aspects of data protection, consumers and intellectual property protection or cybercrime are at this stage only addressed in high-level documents such as the e-ASEAN Framework Agreement.
14 This approach has been adopted in the following ESCAP documents: Draft action plan on cybercrime and information security for the Asia-Pacific region http:// www.unescap.org/icstd/documents/actionplans/cybercrime%20action%20plan.doc, Paper on Initiatives for E-commerce Capacity-building of Small and Medium Enterprises http:// www.unescap.org/tid/publication/indpub2261.pdf Diagnostic Report for the Trade and Investment Promotion in the Pacific islands through Effective Use of Information Technology http://www.unescap.org/tid/special_prog/t&iprom_kimberley.htm 15 The United Nations classifies Cambodia, Lao People’s Democratic Republic and Myanmar as least developed countries. Viet Nam is classified by the World Bank as a low income country. The first three countries are also classified as low income countries by the World Bank. World Bank, 2004. World Development Report 2005, Washington, DC, World Bank.
15 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
In the work of ESCAP, legal and regulatory issues of ICT, especially e-commerce, represent only a small portion of the work programme of the Information, Communication and Space Technology Division (ICSTD). Most ICSTD projects have been dedicated to space technology applications. They tend to be more focused on ICT applications and infrastructure rather than relevant legal frameworks.16 Similar to ASEAN initiatives, ESCAP has initiatives that focus mainly on the development of the basic regulatory and legal frameworks in less developed countries. ESCAP members have also specifically addressed the issues of cybercrime and information security at a high level.
3. Overall effectiveness of the initiatives
It is undisputed that the organizations have recognized the importance of harmonized and interoperable legal and regulatory frameworks giving effect to the use of ICT and e-commerce. They are, as well, aware of the potential consequences and risks arising from the use of ICT for commercial and non-commercial purposes in both public and private sectors. It is also indisputable that much progress has been made over last few years in the area of elaborating enabling legal and regulatory frameworks for the use of ICT.
Probably the most concrete example of the effectiveness of the initiatives appears to be the number of enacted basic e-commerce legitimizing laws in the EAP region. The following simple comparison of data provides the basis for this assessment.
The main initiatives focusing on the development of e-commerce legitimizing policies and legal frameworks were initiated as follows: the APEC Blueprint for Action on Electronic Commerce17 was adopted in 1998, the e-ASEAN Initiative was endorsed in 1999 and the ESCAP subprogramme on information, communications and space technology was established in 2002. Table 3 provides an overview of basic e-commerce laws enacted or drafted in the individual countries.
Comparing these two sets of data, it is clear that the initiatives implemented by APEC and ASEAN have had a positive effect to encourage the enactment of such
16 For example, only 2 out of 14 projects currently listed on the ICSTD web site address ICT regulatory and legal issues. The current calendar of ICSTD meetings for 2004 shows that out of 14 meetings, only one was dedicated to ICT policy and applications. The rest of the activities are dedicated to the space technology applications. Source on ICSTD Projects is at http://www.unescap.org/icstd/main/projects.asp and http://www.unescap.org/icstd/main/calendar2004.asp 17 http://www.dfat.gov.au/apec/e_com/ecom_blueprint.pdf
16 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
Table 3: Overview of enacted or drafted basic e-commerce legislation in Asian and Pacific countries
Law on e-commerce Year Law on e-signature Year
Cambodia Draft Sub-decree on Draft Sub-decree on Electronic Electronic Transactions Transactions China Ð Draft Electronic Signature Act Indonesia Bill on Electronic Bill on Electronic Information Information and and Transactions Transactions Malaysia Draft in legislative process The Digital Signature Act 1997 Myanmar Electronic Transactions 2004 Electronic Transactions Law 2004 Law Philippines The Electronic Commerce 2000 The Electronic Commerce Act 2000 Act Republic of Korea Framework Act on 1999a Digital Signature Act 1999 Electronic Commerce Thailand The Electronic 2001 The Electronic Transactions Act 2001 Transactions Act Vanuatu Electronic Transactions 2000 Electronic Transactions Act 2000 Act Viet Nam Draft e-commerce Law a The Republic of Korea Digital Signature Act was fully amended in 2001 and is currently cited as Digital Signature Act 6585/2001. laws in more member countries, such as Malaysia, the Philippines, Republic of Korea, and Thailand. Indonesia has been developing a draft law to enable e-commerce and it has been in the legislative process.
The same positive effect is apparent in relation to the least developed member countries of ASEAN. As discussed, ASEAN e-commerce related activities have been mainly focused on Cambodia, Lao People’s Democratic Republic, Myanmar and Viet Nam. In the IAI Work Plan for these countries, ASEAN set the goal to implement the policy and legal frameworks enabling e-commerce in the four countries by 2004. Information provided in table 1 shows the extent of ASEAN success in pursuing that goal. With the exception of Lao People’s Democratic Republic, the other three countries, namely Cambodia, Myanmar and Viet Nam, have recently enacted or prepared legislation enabling e-commerce.
Vanuatu is a Pacific island country that is not a member of either APEC or ASEAN, but it has already enacted e-commerce laws in 2000. In addition, Vanuatu passed the Interactive Gaming Act, which regulates interactive games conducted by
17 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs telecommunications devices. The e-Business Act allows people from anywhere in the world to select Vanuatu as a place to set up their Internet sites for B2B activities such as negotiating wholesale business contracts between companies in different nations and for e-commerce activities such as buying or reselling software of other goods and services to the public worldwide.
Vanuatu is a member of ESCAP, but as mentioned, ESCAP programmes focusing on information, communications and space technology did not start until 2002. The rapid development of frameworks enabling e-commerce in Vanuatu could not be directly attributed to initiatives of the regional organization. However, more detailed fact-finding might show that other forms of ESCAP assistance may have benefited Vanuatu prior to 2002.
Initiatives may have been effective in relation to other aspects of ICT and e-commerce legal and regulatory frameworks, such as: (a) protection of personal data in the online environment, (b) protection of consumers in the online environment, (c) protection against cybercrime and (d) interoperability of legal frameworks particularly in relation to electronic authentication. However, current initiatives at this stage mostly address the issues listed here in documents from high-level meetings that provide only the basic rationale and direction. APEC has only recently started addressing some of these issues in their specific projects.
D. Recommendations in relation to the development of regional initiatives for East Asia and the Pacific
Findings from the assessment of regional initiatives in East Asia and the Pacific show that there has been a significant amount of work done in formulating high-level recommendations related to the development of interoperable legal and regulatory frameworks affecting the legislation and security of e-commerce. The assessment also identified certain gaps in relation to the reach, scope and the extent of the regional initiatives. Several recommendations can be highlighted that suggest ways to address such gaps.
1. Extend the geographical reach of the initiatives
Countries cannot enjoy the full potential of the benefits made possible by ICT and electronic transactions in the region until all of them have adopted or adapted national policies and legal frameworks that enable and legitimize the interoperable use of ICT in its national and international aspects. At the same time, given its
18 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
global nature, ICT networks would only be as safe and secure as their weakest link. These two points are the main reason why more developed countries should get actively involved in assisting less developed countries to develop their legal and regulatory frameworks in ways that provide legitimacy and protection to the use of ICT.
This recommendation applies particularly to APEC and ASEAN whose membership includes a significant number of developed countries. APEC and ASEAN could consider encouraging member countries to establish international dialogue with the less developed countries on this matter.
ESCAP offers an established platform for less developed countries to present their specific needs for assistance. ESCAP can assist less developed countries to organize international seminars or conferences on ICT with the participation of both private and public sector representatives from the more developed countries. The aim of such seminars and conferences could be the introduction and discussion of the needs of less developed countries and identification of areas eligible for assistance from more developed countries.
2. Prepare more projects with detailed guides for the countries
Regional initiatives usually encourage the adoption of model laws and documents or the implementation of the principles provided in these laws.18 This approach might extend to drafting a new set of model laws or documents and would involve use of work already carried out using recognized international standards such as those promulgated by UNCITRAL, the World Intellectual Property Organization, the Council of Europe or the United Nations General Assembly.
Accepting general recommendations to adopt or implement model laws or model documents does not provide sufficient answers to the development of basic e-commerce legal and regulatory frameworks. A certain amount of localization will be required. A number of less developed countries would probably need a specific implementation roadmap. In addition, when incorporating text from the model documents into national legal systems, a country may modify or leave out some
18 For basic e-commerce legislation, this means adopting the UNCITRAL Model Laws 1996 and 2001. For the protection of intellectual property in the online environment, it means adopting or implementing the WIPO Copyright Treaty 1996 and the WIPO Performances and Phonograms Treaty 1996. For cybercrime, the provisions or measures specified in the Council of Europe’s Convention of Cybercrime of 2001 or the United Nations General Assembly Resolution 55/63 of 2000 “Combating the Criminal Misuse of Information Technologies” could be applied.
19 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs provisions. The process of localization then introduces the risk that the degree of harmonization achieved through model documents has the potential to be reduced.
Research for this project showed that the basic e-commerce laws adopted so far in the countries differ to the extent that they do not enable cross-border interoperability, although they are based on the UNCITRAL Model Law 1996. The fact is that some provisions of the UNCITRAL Model Law 1996 were modified or omitted in the process of harmonization and implementation into the national legal system.
The regional organizations could therefore consider developing more projects to include detailed implementation guides that reflect the specific needs of the countries in the region.19 Such guides should provide helpful information on the implementation of model laws and documents covering at least:
(a) Analyse the individual provisions of such model laws and documents and explain their purpose and effects. (b) Give examples of how the provisions of such model laws and documents can be harmonized with the existing local legislation. (c) Give examples from countries that have already implemented such model laws or provisions of model documentation. (d) Explain the consequences of amending provisions of such model laws documents and/or the partial implementation of such provisions.
3. Emphasize the importance of legal and regulatory frameworks
Lack of available funds is one significant impediment to project implementation dedicated to the development of e-commerce and ICT legal and regulatory frameworks in less developed countries. At the same time, it is apparent that the private sector of
19 The e-ASEAN Reference Framework for Electronic Commerce Legal Infrastructure could be a good starting point for such a guide. However, the e-ASEAN reference framework is strictly limited to basic e-commerce laws. Despite recognizing the need for implementation, it does not provide any guidelines for adopting legislation or codes of practice to address data and privacy protection, consumer protection, cybercrime, intellectual property, admissibility of computer outputs as evidence in court and Internet content. The e-ASEAN reference framework also excludes issues of cross-border e-commerce such as conflicts of laws or taxation. Another example of such a guide are documents prepared by APEC, in particular the Draft Guidelines for Schemes to Issue Certificates Capable of Being Used in Cross Jurisdiction E-commerce at http://www.apectelwg.org/apecdata/telwg/28tel/estg/telwg28-ESTG-14.htm
20 Benchmarking regional e-commerce in Asia and the Pacific and assessment of related regional initiatives
more developed countries would be willing to support ICT-related projects in less developed countries.20 However, most, if not all, of these projects have been dedicated to the physical development and implementation of ICT.
The regional organizations may consider implementing activities to increase the awareness of the private sector in more developed countries. The private sector could be made aware of the importance of implementation for e-commerce and the need for ICT legal and regulatory frameworks in less developed countries.
4. Identified gaps may be addressed
This research found that the following issues have not been addressed at all or have been addressed only in high-level basic documents: (1) Conflicts of laws in relation to electronic transactions; (2) intellectual property rights in the online environment; (3) electronic banking and electronic finance; (4) secure electronic payments systems; (5) Internet content; and (6) alternative dispute resolution mechanisms specifically dealing with disputes arising from the online environment. The regional organizations may consider establishing working groups that deal specifically with these issues and then prepare related pilot projects.
E. Conclusion
The global nature of ICT and its existence beyond physical boundaries creates benefits, challenges and risks that must be addressed internationally. This would require harmonized legal frameworks enabling international interoperability, for ICT itself, as well as systems for fighting the misuse of ICT for illegal and fraudulent purposes and providing ICT users worldwide protection regardless of their physical location.
The Benchmarking Report showed that awareness of the benefits, challenges and risks presented by the use of ICT has increased significantly in the last decade. Efforts by countries to address ICT issues have grown as well. Between 1997 and 2004, six countries adopted laws legitimizing the use of ICT and providing regulatory frameworks for electronic transactions and electronic signatures. One of those countries is Myanmar. In addition, four countries have prepared draft laws, including Cambodia and Viet Nam.
20 For example, under the leadership of the former e-ASEAN Task Force, about 40 private sector pilot projects were endorsed to leverage the profile of the ASEAN ICT companies and encourage their participation in ICT development. Source is http://www.aseansec.org/6269.htm
21 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
On the other hand, combating risks presented by the potential misuse of ICT for illegal and fraudulent purposes has yielded fewer achievements and positive results. Issues complementary to e-commerce such as consumer protection and protection of intellectual property in the online environment, protection of personal data, Internet content, secure electronic payment systems or cybercrime have been addressed by only a few countries. The extent and clarity of country approaches has been varied. Availability of civil remedies for damages and grievances that result from using ICT has so far been addressed directly only in China and the Republic of Korea. Taxes and custom duties in the online environment have been addressed only in the Republic of Korea. Conflicts of laws in the online environment have not yet been clearly addressed in any of the countries.
The Benchmarking Report showed that since 1998, the regional organizations have been developing initiatives that focus on development of the legal and regulatory frameworks to legitimize e-commerce in the region. Although the initiatives proved to be effective in developing and adopting the basic e-commerce legal frameworks, they have not yet sufficiently addressed other areas complementary to e-commerce. This may be due to the relative early stages for such initiatives. High-level agreements and statements adopted by the regional organizations show that these complementary areas are indeed included in working agendas of the organizations and their special groups established in order to address ICT issues. With the exception of APEC, however, none of the organizations has moved to the stage of implementing projects effectively by addressing such complementary issues.
22 Harmonization of e-commerce laws and regulatory systems in South Asia
II. HARMONIZATION OF E-COMMERCE LAWS AND REGULATORY SYSTEMS IN SOUTH ASIA
By Pavan Duggal21
Introduction
Many believe the Internet to be full of natural anarchy, so that a system of law and regulation for the Internet seems contradictory. However, cyberspace is, in fact, governed by a system of law and regulation called cyberlaw. There is no single exhaustive definition of the term cyberlaw. One broadly accepted definition of cyberlaw is a generic term that refers to all the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of people in cyberspace comes within the domain of cyberlaw.
The first use of the term cyberspace was in 1984 by author William Gibson in his science fiction novel Neuromancer. It described the virtual world of computers. Today, cyberspace is how most people describe the world of the Internet. Though far from the immersive virtual reality of the fictional version, and often regarded as an overused buzzword, cyberspace has become synonymous with the Internet. However, cyberspace is not the World Wide Web alone.
The growth of electronic commerce has created the need for vibrant and effective regulatory mechanisms, which would further strengthen the legal infrastructure that is crucial to the success of electronic commerce. All of these regulatory mechanisms and the legal infrastructure come within the domain of cyberlaw.
Cyberlaw is important because it touches almost all aspects of transactions and activities concerning the Internet, the World Wide Web and cyberspace. Cyberlaw also concerns everyone. As the nature and scope of the Internet is changing, it is perceived as the ultimate medium ever evolved in human history. Every activity in cyberspace can and will have a cyber legal perspective. From the moment a person registers a domain name, sets up and promotes his or her web site, and then conducts electronic commerce and has transactions on the site, various cyberlaw issues are
21 Advocate, Supreme Court of India; President, Cyberlaws.net; Member, Nominating Committee, ICANN; and cyberlaw consultant. The opinions, figures, and estimates are the responsibility of the author.
23 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs involved. Some people may not feel concerned about these issues today because they may feel that such issues do not have an impact or relevance to their cyber activities. However, each person would eventually have to take note of cyberlaw for the sake of his or her own benefit.
Awareness about cyberlaw has begun to grow. Previously, many technical experts felt that legal regulation of the Internet was not necessary. However, the rapid growth of technologies and the Internet made it clear that no activity on the Internet can remain free from the influence of Cyberlaw. Publishing a web page is an excellent way for any commercial business or entity to increase its exposure to millions of persons, organizations and governments worldwide. This feature of the Internet is causing much controversy in the legal fraternity.
Cyberlaw is also a constantly evolving process. As newer opportunities and challenges are surfacing, cyberlaw is being modifying to fit the needs of the time. As the Internet grows, numerous legal issues arise relating to domain names, intellectual property rights, electronic commerce, privacy, encryption, electronic contracts, cybercrime, online banking, spamming and so on.
The arrival of the Internet and related technologies has made irreversible changes to the world today. In a world, which is moving steadily towards the information society and knowledge economy, it is essential that law must contribute its inputs to promote e-commerce. In 1996, the United Nations came up with the UNCITRAL Model Law on E-commerce. This law encouraged member states to legislate various national laws and regulations in keeping with principles contained in the Model Law. In 2001, the United Nations drew up the UNCITRAL Model Law on Electronic Signatures.
As cyberlaw develops around the world, there is a growing realization among different nation states that their laws must be harmonized and international best practices and principles must guide implementation. Many countries are trying to establish harmonized legal regimes in order to promote online commerce.
However, in the subregion of South Asia, especially among members of the South Asian Association for Regional Cooperation (SAARC), India and Pakistan are the two predominant players who have enacted e-commerce laws. India enacted the Information Technology Act, 2000 while Pakistan promulgated the Electronic Transactions Ordinance, 2002. All of the countries in the SAARC region have not yet enacted e-commerce laws at the time of this paper, the other SAARC members had not yet enacted e-commerce laws.
24 Harmonization of e-commerce laws and regulatory systems in South Asia
India is an excellent example of how legal systems mature with the passage of time in order to provide the required boost to e-commerce. This paper examines the example of India in slightly more detail. E-commerce law in India is the Indian Information Technology Act, 2000 and it demonstrates the need for other countries to harmonize their legal systems to stay in tune with the rapidly growing requirements of e-commerce.
The next sections provide an overview of the e-commerce laws and regulatory systems in SAARC-member countries.
A. India
The Parliament of India passed its cyberlaw in the form of the Information Technology Act, 2000, which provides the legal infrastructure for e-commerce. The Act received the assent of the President of India and became the law of the land on 17 October 2000.
The objective of the Information Technology Act, 2000 would be to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as electronic methods of communication and storage of information. The act would also facilitate electronic filing of documents with various government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker’s Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 for related matters.
The Act thereafter stipulates numerous provisions in order to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act further states that unless otherwise agreed to, the acceptance of a contract expressed by electronic means of communication shall have legal validity and enforceability. The Act would facilitate electronic intercourse in trade and commerce, eliminate barriers and obstacles to electronic commerce that result from the celebrated uncertainties relating to writing and signature requirements over the Internet. The objectives of the Act also aim to promote and develop the legal and business infrastructure necessary for implementing electronic commerce.
Chapter II of the Act stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify the electronic record by the use of a public key of the subscriber.
25 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Chapter III contains details about e-governance and provides, among other things, that where any law provides that information or other matters shall be in writing, typewritten or printed form, then, notwithstanding anything contained in such a law, that requirement should be satisfied if the information or matter is:
(a) Rendered or made available in an electronic form; (b) Accessible to make it usable for subsequent reference.
That chapter also provides details about the legal recognition of digital signatures. The various provisions give further elaboration about the use of electronic records and digital signatures in government agencies. The Act also refers to publication of rules and regulations in an Electronic Gazette.
Chapter IV gives a scheme for the regulation of certifying authorities. The Act provides for a controller of certifying authorities who shall perform the function of supervising the activities of certifying authorities as well as setting standards and conditions governing the certifying authorities. The controller also specifies the various forms and the content of digital signature certificates. The Act acknowledges the need to recognize foreign certifying authorities and it further details the various provisions for granting the license to issue digital signature certificates. The duties of subscribers are also covered. The Act also covers penalties and adjudication for various types of offences and mentions the power and qualifications for the adjudicating officer.
A provision in Chapter X foresees a Cyber-Regulations Appellate Tribunal where appeals against the orders passed by Adjudicating Officers could be referred. The tribunal would not be bound by the principles of the Code of Civil Procedure, but would follow the principles of natural justice and have the same powers as a civil court. Any appeal against an order or decision of the Cyber-Regulations Appellate Tribunal would be made to the High Court.
Chapter XI covers various offences and stipulates that the investigation must be by a police officer only, and that officer should have the rank of deputy superintendent of police or higher. These offences include tampering with computer source documents, publishing obscene information in electronic form, breach of confidentiality and privacy, misrepresentation, publishing a digital signature certificate that is false in certain particulars and publication for fraudulent purposes.
26 Harmonization of e-commerce laws and regulatory systems in South Asia
Hacking and penalties if found guilty have been defined in Section 66. For the first time, punishment for hacking has been designated as a cyber crime.
The Act also provides for constituting the Cyber-Regulations Advisory Committee, which would advise the government about any rules or other matter connected with the Act. The Act also has four schedules which amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers’ Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them conform with provisions of the IT Act.
Overall, the Information Technology Act, 2000 is considered to be a commendable effort by the government to create the necessary legal infrastructure to promote and encourage the growth of electronic commerce.
B. Pakistan
Pakistan promulgated the Electronic Transactions Ordinance (ETO) in 2002 with the purpose to recognize and facilitate documents, records, information, communications and transactions in electronic form and to provide for the accreditation of certification service providers.
The ETO grants legal recognition to electronic forms and gives legal recognition to electronic signatures. The ETO establishes the attributions regarding electronic documents and makes provisions regarding acknowledgement, receipt and so forth. There are provisions concerning certification service providers and the establishment of the Certification Council.
The ETO defines certain offences such as violations of privacy of information and damage to the information system. It also limits the liability of network service providers in the absence of facilitation, aid and abetting.
The ETO also amends certain existing laws in order to make national laws more amenable to e-commerce. The Qanun-E-Shahadat Order, 1984 was thus amended to allow electronic documents as evidence.
C. E-commerce legislation in other South Asian countries
Bangladesh has prepared a Draft Information Technology (Electronic Transaction) Act that incorporates provisions from the UNCITRAL Model Law on
27 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
E-commerce, the Singapore Electronic Transactions Act and the Indian Information Technology Act, 2000.
At the time of writing, Bhutan and Maldives had yet to develop legislative provisions relating to e-commerce. However, new regulations were being drafted in Maldives under the responsibility of the Ministry of Communication Science and Technology (MSCT) and the National Centre for Information Technology (NCIT) in cooperation with the business community. Nepal had proposed legislation concerning e-commerce pending before the Government.
The Parliament in Sri Lanka passed the Information and Communications Technology Act, Number 27 of 2003. The ICT Act provides for the establishment of the national committee on ICT of Sri Lanka in order to set out of a national policy on ICT and prepare an action plan. The Act also calls for the appointment of a task force for ICT. There are also provisions for the establishment of the ICT agency of Sri Lanka to be charged with implementation of national policy related to both the public and private sectors and related matters.
D. Analysis of other ICT and e-commerce elements
Analysis of other elements related to ICT and e-commerce shows the diversity of approaches and a wide range in the scope and breadth of policy, laws and regulations. Much of the work concerning the legal and regulatory frameworks for e-commerce in South Asia has been done in India and Pakistan. Both countries have sought to legalize the electronic format and granted legality to electronic commerce transactions.
India and Pakistan have provided for authentication of the electronic documents and records. However, the approaches have differed. India has enacted a technology specific law by stating that the authentication of electronic information can only be done by use of an asymmetric crypto-system and hash function or public key cryptography. Pakistan has taken the more pragmatic approach by not committing the mistake of making a technology specific electronic law. Instead, the law is technologically neutral and talks about the authentication of electronic records by electronic signatures as compared to digital signatures.
Both India and Pakistan have relevant provisions relating to establishing the digital signature regime. India established the Office of Controller of Certifying Authority to head the digital signature regime. Pakistan entrusted this responsibility to the Certification Council. India has already granted licenses to five entities to act as certifying authorities to issue digital signature certificates.
28 Harmonization of e-commerce laws and regulatory systems in South Asia
India has incorporated some aspects relating to cybercrime into its cyberlaw. Certain acts have been stipulated as cybercrimes with punishment in the form of imprisonment and fines.
While India and Pakistan have covered some aspects in their e-commerce laws, there are still large areas that require appropriate attention. Additional objective examination of cyberlaws and e-commerce laws around the world shows that some extremely important issues need to be fully addressed by any nation. Related areas that concern ICT either directly or indirectly have been addressed by the other South Asian countries.
1. Telecommunication regulation policy
In terms of a general overall framework or guideline in the form of a Telecommunication Regulation Policy, the countries of South Asia have a variety of situations. Bangladesh has a policy, but it does not include complete privatization. Public and private sector entities are supposed to work together. A licensing scheme remains. Bhutan has the Telecommunications Act, 2000 and it stipulates that the sole provider of telecommunications is state owned. In India, there are private and public holdings for the ICT industry.
The four remaining South Asian countries have policies, but these would include more elements than just regulation. Maldives has the Telecommunications Policy covering 2001-2005. Nepal has had a Telecommunications Policy since 1996. Changes and reform concerning ICT in Pakistan began with the Pakistan Telecommunication (Re-Organization) Act 1996. As of 2004, Sri Lanka has had a National Telecommunications Policy.
2. Consumer protection22
India has the Consumer Protection Act 1986, however, nothing in the Act refers explicitly to e-commerce consumers. It provides for the regulation of trade practices, the creation of national and state level Consumer Protection Councils, consumer disputes redress forums at the National, State and District level to redress disputes, class actions and for recognized consumer associations to act on behalf of consumers. The Act provides a detailed list of unfair trade practices, but it is not exhaustive.
22 Consumers International Asia Pacific Office, Asia Pacific Consumer Law, www.ciroap.org/apcl
29 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Similarly, Maldives has had a consumer protection act since 199623 and Nepal has a consumer protection act, but there is no provision for e-commerce consumers. The Consumer Protection Act, 1998 of Nepal came into force on 13 April 1999 and establishes the Consumer Protection Council.
Pakistan has consumer protection acts in some provinces, but with no provision for e-commerce consumers.
Sri Lanka has a Consumer Protection Act 1979, which is not yet applicable to e-commerce, but policy to do so exists. The Act provides for consumer protection, regulation of internal trade and the establishment of fair trade practices. The Act creates the Office of Commissioner of Internal Trade with wide powers to permit creative, effective and expeditious intervention in the market place to ensure protection of consumers and fair trading. The Act was amended in 1980, 1992 and 1995. The 1980 amendment introduced a new feature, the Consumer Protection Fund.
3. Protection of intellectual property
Five countries in South Asia are party to the World Intellectual Property Organization (WIPO) Convention: Bangladesh acceded in 1985; Bhutan acceded in 1994; Maldives joined in 2004; Nepal joined in 1997; and Sri Lanka joined in 1978. Bhutan and Nepal are also members of the Paris Union. Bangladesh, and Sri Lanka are members of both the Paris Union and the Berne Union. As of this writing, Sri Lanka was the only country in South Asia to become party to the Trademark Law Treaty in 1996.24
Bangladesh Copyright Law, 2000 does provide for IT protection. The Copyright Act of India provides protection to computer programs, but specifically excludes computer software from the ambit of its protection. The Copyright (Amendment) Act, 1992 of Pakistan provides protection to computer programs.
Sri Lanka provides protection under Code of Intellectual Property Act Number 52 of 1979 as amended by (Amendment) Act 13 of 1997. Computer software is protected by copyright law as described in the Code of Intellectual Property Act
23 Refer to www.maldiveisle.com/consumerprotectionactofmaldives.htm 24 World Intellectual Property Organization, Treaties and Contracting Parties, www.wipo.int/treaties/en/
30 Harmonization of e-commerce laws and regulatory systems in South Asia
and Act Number 14 of 2000.25 However, it appears that the protection does not extend to computer programs/databases.
4. Cybercrimes and cyber-evidence
Cybercrime and the acceptance of cyber-evidence have become major concerns for all countries as part of globalization and the spread of e-commerce. However, there are some basic issues yet to be resolved, such as types of computer crime, set of procedural powers, specific definitions and scope of cybercrime, lack of a common understanding about the problem and how to respond, issues of sovereignty, problems of dual criminality and the limits of treaties that may not include necessary investigative powers.
The draft IT Act of Bangladesh appears to contain provisions that are similar to the India IT Act. There are sections of the India IT Act that make punishable such actions as hacking, tampering with computer source codes and publishing or transmitting obscene information.
It had been reported in 2002 that a Computer Crimes Act has been drafted in Sri Lanka.26
E. Recommendations
There are several issues that need to be addressed in order to have harmonization of legal and regulatory systems for e-commerce that could be acceptable to all countries in South Asia:
1. Telecommunication liberalization 2. Recognition of electronic documents 3. Consumer protection for e-commerce consumers 4. Electronic funds transfer 5. Dispute resolution 6. Liability of Internet service providers (ISP)
25 University of Colombo Computer Science Society, CompSoc Today, vol. 1, Issue 2 (June 2002). www.cmb.ac.lk/stud-acti/Clubs/compsoc 26 Ibid.
31 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
7. Domain names 8. Intellectual property protection 9. Privacy 10. Cybercrime
Addressing these issues by creating e-commerce laws in each South Asian country would help promote the growth of an e-commerce regime in South Asia.
However, clearly having such laws in place, which stipulate for the various issues as listed above, does not provide the only way to success in terms of achieving growth of e-commerce. Once a law is in place, an extremely important role is played by entities entrusted with implementation of existing laws enacted by the parliament. In this regard, the role of government as enforcer of laws must be kept in mind. In addition, countries such as Bangladesh, Bhutan, Maldives, Nepal and Sri Lanka would need to prepare solid drafts of e-commerce law in their respective countries.
There might be opportunities for this group of countries to learn from the experiences of India and Pakistan. However, the Indian experience has shown that it is easy to enact law on paper. However, it is extremely difficult to enforce laws in actual practice. There are numerous challenges that require appropriate awareness among citizens about e-commerce laws. This is so because at the end of the day, the e-commerce laws are basically targeted to protect and help those citizens.
It is also necessary for all nations in South Asia to ensure that there is adequate training of the relevant departments and government officials who would draft and implement policies relating to e-commerce. There is an urgent need in countries of South Asia to ensure that their lawmakers and policy makers are appropriately sensitized about the various nuances and legal issues that impact e-commerce. This is important in order to prevent the passage of some policy which may have no relation to the existing realities. The result might be implementation that is likely to create more obstacles or harm than achieve any good.
There is an urgent need to sensitize and educate the judiciary in South Asia about the various nuances and peculiarities of e-commerce laws. This is so because the judiciary, composed of judges, tribunals, lawyers and the like, play an extremely important role in the actual interpretation of the written provisions of the e-commerce laws. Due to historical reasons, the Internet has not fully penetrated into the heart
32 Harmonization of e-commerce laws and regulatory systems in South Asia
and rural areas of South Asian countries. As such, the proliferation of Internet growth is primarily limited to metropolitan areas, urban and semi-urban areas.
In a number of SAARC-member countries today, villages still do not have Internet connectivity. There is an growing requirement to ensure adequate development of infrastructure in South Asia. That means there is a need to spend a lot of money on telecommunications and related infrastructure facilities. This would enable further growth of e-commerce in South Asia.
F. Law enforcement and cyberlaw
Another issue that requires attention is the fact that law enforcement agencies and the police need to be duly trained about the various issues relating to e-commerce laws. While some acts have been designated as cybercrimes in India, with punishment by imprisonment and fine, a large number of cybercrimes that have already emerged still have not been regulated by the e-commerce laws of South Asian countries.
Since the enactment of the Information Technology Act 2000 in India, there is the start of some awareness about cyberlaw and cybercrime related issues. However, given the vast size of the country and the enormity of the task at hand, all existing actions have had virtually minimal impact. There is a need for the government to come up with strong training and awareness programmes on all related issues pertaining to cyberlaw and cybercrime. The crucial sectors, that are to be targeted have to be identified as a matter of policy and then appropriate programmes have to be targeted.
The Government needs to target all statutory authorities who have been constituted under the Information Technology Act for training and orientation. These statutory authorities include the Adjudicating Officers as well as the various Certifying Authorities. Adjudicating Officers are the relevant statutory authorities who have been given the power to grant damages by way of compensation up to the amount of Rs. 10 million, if certain specified unauthorized acts take place pertaining to computers, computer systems or computer networks. At present the Adjudicating Officers in India are not aware about how to proceed in adjudicating claims for damages by way of compensation.
This is due to the way in which the Central Government by means of notification, has only stipulated the Information Technology Secretaries of different states as the Adjudicating Officers. By designating technocrats to perform quasi-judicial functions, without giving them appropriate training or orientation, only leads to complications
33 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs of problems. This has resulted in a scenario where the adjudicating officers are not oriented to perform their quasi-judicial functions.
The Government of India also needs to plan and implement special awareness and orientation programmes for police officers. The Information Technology Act 2000 stipulates that cybercrime in India shall only be investigated by a police officer not below the rank of Deputy Superintendent of Police (DSP). Given the practical reality where a DSP in India, as a high ranking police officer, is already burdened with other critical issues and pressing problems and responsibilities, cybercrime investigation and prosecution becomes an extremely low priority for them. There is no orientation given to the police officers in an organized, systematic basis. Special training programmes are needed for those police officers who are designated to deal with cybercrime.
For the legal profession, there are various areas, which require maximum capacity-building. Lawyers in India are not very aware of information technology legal provisions and there is a compelling need to educate them. Lawyers need to be trained appropriately about various relevant issues relating to e-commerce law and the technical nuances of the law.
Judges also need to be duly trained about the various legal issues pertaining to the Information Technology Act, 2000. People in the lower and middle level judiciary are almost completely unaware of the various nuances and other technical details concerning such e-commerce laws. This area needs to be seriously and urgently addressed.
Cyberlaw training also needs to be given to the government departments and the relevant officers engaged in e-commerce and e-governance activities. This is essential, as the preamble of the Information Technology Act specifically states that the objective of this law is to promote e-commerce and electronic filing of documents with government agencies.
Nothing much has been done to facilitate access by consumers to the tribunal court alternatives for e-commerce disputes. The Indian e-commerce law has only provided that one statutory authority be established, namely adjudicating officers. At the time of writing, only one case has been filed in India before the adjudicating officer for grant of damages by way of compensation under the Indian Cyberlaw.
This industry and the public at large have been generally unaware of the provisions and remedies stipulated under the law. Until such time as the government
34 Harmonization of e-commerce laws and regulatory systems in South Asia
starts massive capacity-building programmes and initiatives, the situation is likely to continue to remain the same.
Various institutes in India conduct courses on cyberlaw for lawyers, students and other professionals. However, most of these courses are pure commercial ventures and the quality of knowledge and awareness imparted is not up to the standard and often leaves much to be desired. With the media reporting cyberlaw related issues, as well as various cases conducted under the law, awareness about crimes conducted over the Internet has been slowly increasing.
As time flies fast, e-commerce continues to grow with each passing day. However, a look at the existing laws shows that it will take a large amount of time and effort for South Asian countries to effectively put their legal regimes in agreement with the existing international best practices and procedures.
G. Concluding observations
This study has suggested that there is a need to improve Internet density, and this could be achieved through the entry of private parties into the field of telecommunications. This should be encouraged as a matter of policy. Greater cooperation among SAARC-member countries could enable exchange of information and experiences related to the establishment and successful implementation of e-commerce legal and regulatory systems.
Increased regional cooperation and negotiation of treaties between SAARC- member countries would ensure protection of legitimate e-commerce interests. Along these lines, there is a need to establish a regional mechanism on jurisdiction. This would ensure that in the event any e-commerce contracts would be violated, the jurisdiction of the victim/consumer’s country would prevail. The countries of South Asia could also benefit by coming to a joint agreement on the issue of ISP liability.
Comprehensive dissemination of information should be made to the public about existing e-commerce laws. Education and training for officials in enforcement agencies, the judiciary, the police force, and so forth is needed with a top priority given to the various legal issues relating to e-commerce.
There is an urgent and compelling need to set up an intergovernmental recommendatory body to help South Asian countries without laws to make e-commerce laws as soon as possible. Some existing laws in South Asian countries might need modification to meet international standards. One way to help would be through
35 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs propagation of existing model laws, such as UNCITRAL Model Laws on E-Commerce and Electronic Signatures.
The urgent requirement at this time is to ensure that countries in South Asia that have not yet enacted e-commerce laws consider how to learn from and take advantage of the good work already done in other countries of the region. There are no benefits from duplication of effort, but governments need to take into account international principles and best practices so that they can be incorporated in their e-commerce legal regimes. As a result, their e-commerce laws and regulatory frameworks would be in agreement with international best practice and evolving legal trends and developments around the world.
36 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
III. E-COMMERCE LEGAL AND REGULATORY SYSTEMS IN THE COUNTRIES OF CENTRAL ASIA AND THE CAUCASUS
By Tattu Mambetalieva27 and Andrew P. Beklemishev28
Introduction
In the twenty-first century, understanding and use of new technologies is becoming a new criterion for business competitiveness, especially for small and medium-sized enterprises (SMEs). When the governments of countries in Central Asia and the Caucasus have aimed at privatization and deregulation, the effort has revealed an important role for the private sector in promoting economic growth. A number of countries of Central Asia and the Caucasus have been willing to embrace the latest trends and recognize that legislation and government regulatory policy can play an important role in developing their economies, especially in such areas as electronic commerce.29 These countries have been taking the first steps in market liberalization and issues of information and communication technology (ICT) development have been among the priorities in the policies of these countries. Work has started on establishing legal and regulatory systems for e-commerce, but much work remains.
This paper provides an overview of the status of e-commerce and ICT development in the countries of the region by looking at the status and trends of legal and regulatory systems for e-commerce. There are also some recommendations for future development. As the political and economic situation varies significantly for each of the countries, only general trends are mentioned and specific examples are given in cases when a country has significantly outperformed or underperformed in comparison to the other countries of the region.
27 CIS regional consultant for ICT policy. 28 E-commerce consultant. 29 See Annex 1 for basic statistics on the geographic, economic and ICT infrastructure features of seven countries.
37 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
A. Current status of e-commerce and ICTs
1. E-commerce
In most countries of the region, the market for online goods and services is developing at a very slow pace. Only a few companies have simple informational web sites on the Internet. There are some web sites targeted to tourists by providing an opportunity to book hotel rooms through e-mail. Companies are not eager to sell their goods and services via the Internet, although they use information technologies in their offices for processing orders, document circulation, accounting and bookkeeping.
Such a situation is due to the restricted access to Internet for majority of the citizens, restricted number of competent and skilled staff and shortage of information about what ICT can offer. Preliminary study has revealed that the majority of SME entrepreneurs do not perceive the need to use ICT for running their businesses. Study also shows a low level of local understanding and perceptions of the Internet as a business tool, as well as insufficient Internet literacy among SME managers.
However, in some countries, such as Kazakhstan, electronic commerce is developing at a fast rate. Many businesses have established an Internet presence and some have attempted to sell their goods and services online. In Kazakhstan, commercial banks were pioneers in e-commerce fields by offering online banking and other electronic services, such as online payment of bills through the banks’ portals. Commercial banks have also introduced online credit card transaction processing, and this has stimulated SMEs to open online shops and try their entrepreneurial skills on the Internet.
2. Information and communication technologies
Access prices for ICTs in the countries of Central Asia and the Caucasus have been quite high. Internet providers have made their services available mostly in the biggest cities. Public access to telephone lines has been very restricted, while the main users of mobile phones are concentrated in big cities. This is largely due to low population density in most countries in the region. For example, Kazakhstan has one of the lowest population densities in the world.30 People and companies do not have much trust in a banking system of settlements, with the exception of Kazakhstan and possibly Armenia.
30 UNDP, Kazakhstan InfoBase, www.undp.kz/infobase/tables.html?id=5, accessed 3 July 2004.
38 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
One reason for this situation is the weak development and limited use of ICTs in remote areas of countries in Central Asia and the Caucasus. A second reason is insufficient information about opportunities that ICTs could offer to people in general and SMEs in particular. A third reason is lack of appropriate legislation to encourage market liberalization and create favourable conditions for competition to develop in the area of ICT. In fact, the lack of relevant legislation has now become a serious problem.
B. Current status of e-commerce legal and regulatory systems
The Inter-Parliamentary Assembly of Member Nations of the Commonwealth of Independent States (CIS) has suggested a model electronic commerce law.31 The parliaments of some countries in Central Asia and the Caucasus have used this model as a basis for national law. However, the provisions in this model law have raised serious grounds for concern about the development of electronic commerce. The draft law has been seen as an attempt to over-regulate the process. It does not give commercial companies adequate rights to choose ways of conducting business independently.
1. Electronic digital signature
The governments of states in Central Asia and the Caucasus that are willing to encourage development of ICT and e-commerce have decided that e-digital signature laws should take priority. These laws offer complicated systems of certifying bodies, which would be dealing with technologies for creating digital signatures. These laws or draft laws have stipulated state licensing or other permit procedures for certifying bodies. Some envisage that only the signatures created on the basis of technologies approved by a state would be recognized as having mandatory force. It has thus been suggested that a complicated system of recognizing digital signatures should be based on cryptography.
This approach ignores the issues of assuring legal guarantees. That is, no obstacles would block opportunities for business people to regulate technical standards between themselves for the purposes of concluding contracts in electronic form. Laws and draft laws on e-signature offer technical hardware and software and other facilities for securing and controlling the efficiency of information security and
31 Inter-Parliamentary Assembly of Member Nations of the CIS States, “Model Law on E-Commerce”, http://www.nwapa.spb.ru/model.htm, July 2004.
39 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs certifying compliance with information security requirements. However, standards have not yet been developed for such certification.
2. Security
Assuring security and identification of electronic deals in laws or draft laws on e-digital signature are the main issues for governments of Central Asian and Caucasus countries. There is an agreement of CIS member states on cooperation in combating crimes in the area of computer information that was signed on 1 June 2001. According to this agreement, countries of Central Asia and the Caucasus, except Georgia, made a commitment to cooperate for the purposes of efficient prevention, revelation, banning, detecting and investigating crimes in the area of computer information. The would also strive to harmonize national laws to combat crimes in the area of computer information.
It was recognized by the countries signing the agreement that according to national laws and when deliberately committed, the following actions are recognized as illegal: (1) illegal access to computer information that is protected by the law, if this act results in termination, blocking, modification or copying of information, breakage in operation of a computer, computer system or their network; (2) creating, using or disseminating harmful programs (software); (3) violating rules for operating a computer, computer system or their network by a person who has access to a computer, computer system or their network, that resulted in termination, blocking or modification of computer information protected by laws, if this act caused considerable harm or harsh consequences; and (4) illegal use of computer software and databases, which are objects to copyright, as well as misappropriation of authorship, if this act caused considerable damage.
National laws in Central Asia and the Caucasus do not regard all of these acts as crimes. However, there have been trends to harmonize laws of these countries to strengthen international cooperation. Objects of security, that is, security of information, have defined goals in the area of assuring security of electronic commerce in the countries of Central Asia and the Caucasus. The legal basis for security that sets the principle for securing any information source, includes the following: (1) the constitution; (2) legislation on state secrets; (3) legislation on information, informatics and information security; (4) legislation of competition and restricting monopolist activity; and (5) legislation on commercial secrets.
40 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
The legislation fixes the rights of an information holder to protect his or her interests in relationships with all entities in the market, including the state. However, there have been problems with the interpretation of the definition of “commercial secret”. In different laws, the notion of commercial secret is often interpreted as official secret. That means there is no clear definition of what list of information can be referred to as a commercial secret. This is related to the political situation in some countries of Central Asia and the Caucasus, which still preserve a command and controlled economy.
3. Intellectual property
Issues of intellectual property are becoming more significant in the economies of the countries in Central Asia and the Caucasus. Since intellectual property is used in many sectors of the economy, priority has been given to the need to change legal and regulatory approaches. All of the countries have adopted and validated laws that guarantee provision of copyright and related rights.
A number of countries in Central Asia and the Caucasus have signed the WIPO agreement, which deals extensively with the creation of an international legal base and further unification of norms in the area of intellectual property. WIPO has highlighted the need for its member states to bring domestic laws into conformity with modern requirements as dictated by the use of information technologies. While the countries have been trying to comply with the main principals of international provisions, they do not have efficient ways to secure procedural rights for holders of rights to information and communication technologies; thus, the practical application of guaranteed rights has been difficult.
The situation could be explained by differences in the legal systems of CIS and Western countries. For example, international norms stipulate availability of an independent and transparent judiciary in a country, and that has not been the case for countries of Central Asia and the Caucasus. The Central Asian countries have been having extensive discussions about the issues of regulating web sites. One reason is that international agreements do not envisage clear criteria for distinguishing between software and other copyright objects.
41 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
4. Tariffs and taxes
Electronic commerce as initiated by businesses from leading Western countries has been developing predominantly as a free cyber space, where no customs duties are applied and no other customs formalities and controlling procedures exist. The most complicated issue, although not requiring an immediate solution based on the small volumes of trans-boundary electronic commerce in Central Asia and the Caucasus, is the issue of applying a standard tax scale to the objects of electronic commerce. This involves mainly the application of a value added tax (VAT).
Peculiarities of electronic commerce, especially in case of trans-boundary transactions of “a legal entity to a physical person” creates restricted opportunities for a seller to confirm the fact of an export deal for the purposes of exemption from VAT based on uncertainty about the actual location of a consumer. At the same time, it is related to the possibility of considerable reductions in the collection of indirect taxes, such as VAT, in countries with a culture of low taxes and high levels of tax avoidance.
The governments see some contradictory fiscal implications from electronic commerce. This includes the fact that modern information technologies could increase operational speed and efficiency of interactions between taxpayers and tax agencies considerable. On the other hand, benefits of electronic commerce through the Internet could be used to avoid tax payments, hide actual income and illegally export capital to other foreign countries.
Today, the issues of customs duties and fees are not of concern to most countries examined in this study, since the costs for keeping a more or less efficient collection system would exceed any potential payments as revenue collected. Since the potential tax base from electronic commerce involving international trade of goods is insignificant, its consequences for importing countries in the form of collecting customs fees would be very small.
It is necessary to take country differences into consideration when looking at the structure of imports, as well as the strong dependence of budgets on customs collections in many developing countries, especially the least developed countries. Accordingly, this group of countries in Central Asia and the Caucasus believes that a duty-free regime with respect to electronic commerce is not an appropriate solution. The issue concerning taxation is to set a certain price limit, below which Internet transactions are legally out of the current taxation system. This arrangement is
42 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
related to transactions with low prices. However, no decision on tax issues has been made yet.
5. Legal protection for electronic transactions
The most important issues relate to assuring there are mechanisms for legal protection of electronic transactions, which would be the most fast-acting (taking in account geographic remoteness of the contractors from each other) and efficient (since this type of business has specific peculiarities). In this situation, a more important role belongs to the level of applying arbitration (non-judiciary) as a regulating mechanism. All countries of Central Asia and the Caucasus have laws on arbitration in place. According to the national legislation, arbitration can be used to resolve disputes in the area of electronic commerce.
There is already strong cooperation among arbitration courts in the countries of Central Asia. The Caucasian countries need to strengthen cooperation among their judicial bodies. Activities of arbitration tribunals in the countries of Central Asia and the Caucasus have been developed on the basis of generally recognized United Nations statutes.
C. Harmonization with international norms
There are few international model laws in the world. One is the model electronic commerce law designed in 1996 by the United Nations Commission on International Trade Law (UNCITRAL). In 2001, UNCITRAL also adopted a separate model electronic signature law. Following the same line, in 1999 the European Union adopted the European Union’s Electronic Signature Directive, which covered the issue of “public environment” for electronic signatures.
These model laws are applicable for both more developed countries and countries with developing or transitional economies. First, they reflect an initial condition that electronic commerce would flourish best, if the private sector would be allowed to develop decisions based on competition and market choice. Accordingly, international models are against almost any government involvement that might restrict market development of e-signature services. In particular, these model laws are against the system according to which organizations, rendering e-signature services for the purposes of e-commerce, must receive a license from the state first. The European Union Directive especially prohibits the member states from applying a mandatory licensing system.
43 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
However, these international models have been misinterpreted in the countries of Central Asia and the Caucasus. When e-signature laws have been adopted or are suggested in these countries, they are over-regulated and reject the flexibility of business approaches, which is a very important feature for electronic commerce. This may be due to the fact that one of the most important issues for the countries of Central Asia and Caucasus in the area of electronic commerce from both a legal and technical viewpoint is identifying a personality on the Internet.
In addition, the technological neutrality suggested by international models does not allow for assuring adequate authenticity in developing countries. Therefore, these countries have been moving towards a more regulated system. International models suggest that disputes should be processed by courts or regulating bodies or self-regulating sectoral bodies, which would set the standards. In the countries of Central Asia and the Caucasus, there is no judicial system with the practical or legal capability to interpret any general law for each specific case, and there are no competent self-regulating or regulating institutions.
The international models offer procedures for the most reliable form of e-signature, including the creation of certification service providers in order to assure accurate data for creating a signature of a physical or a legal person. Therefore, data for creating a signature could be linked exclusively to one person and nobody else. The proposed approach by the countries of Central Asia and the Caucasus for legal regulation could be important for electronic deals to take place between trade partners, which primarily sets up the relationship in a traditional way, that is, through personal communication.
The UNCITRAL and EU models provide for the principle that an e-signature law can allow companies and individuals participating in electronic commerce to reach agreements in traditional ways, according to their own methods of concluding electronic contracts (the “business choice” principle). The e-commerce model law drafted by the CIS Inter-parliamentarian Assembly, which has become a basis of electronic commerce draft laws for the countries of Central Asia and the Caucasus, does not comply with this principle. However, none of the models offer the recommended legal wording for the purposes of legalizing the “business choice” made by the parties in their electronic transactions. In some laws of the Caucasian countries and Kazakhstan, the “business choice” principle has been recognized only within private systems or corporate information systems or the systems that do not interact with common use networks.
44 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
Traditional laws of the countries of Central Asia and the Caucasus require contracts or other documents to be in written form or signed personally. The UNCITRAL electronic commerce model law does not stipulate that any electronic document is binding or any electronic signature is always valid. The model law is simply saying that a document or a signature cannot be denied legal effect even when provided that it is in electronic form. It appears to be quite difficult to adopt this provision in the countries of Central Asia and the Caucasus, because, according to people drafting legislation, the simple action of exchanging electronic messages does not assure the required trust.
National legislation in the area of electronic commerce can become burdensome for people engaged in electronic commerce, since an excessive form of regulation has been adopted to address these issues.
Governments of countries in Central Asia and the Caucasus have been trying to resolve issues of information security on the basis of merging the e-commerce and e-government systems. Such an approach is wrong, however, since protection of private information and security can be improved if individuals and organizations have several electronic identification forms available, each identifying a user within different areas of transactions. Another approach for assuring information security, which is also popular in the countries of Central Asia and the Caucasus, is mandatory application of cryptography. However, in this case the most efficient way to assure legal security for electronic commerce is to adopt laws that enable use of credit cards or other types of electronic payments, as well as setting up a law enforcement system that would efficiently combat fraud. In this situation, financial institutions would be able to take the risk of accepting arrangements with credit cards from developing countries. Laws and regulations covering electronic payments and credit cards in the countries of Central Asia and the Caucasus, have been adopted at the level of national banks in the form of orders and decisions, and not at the level of national laws, except for Kyrgyzstan and Kazakhstan.
D. Recommendations
Reforms in the area of telecommunications are vital for creating an appropriate legislative and regulating environment for electronic commerce. Access to the Internet is required for electronic commerce, but for these purposes and in the majority of cases, access to telecommunications is required.
45 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
It is also very important to eliminate unnecessary legal barriers for starting new businesses. Online and offline business people should have an opportunity to start business without barriers in the form of mandatory licensing. Regulation should aim only at protecting the interests of consumers. However, the existing forms of regulation in the countries of Central Asia and the Caucasus do not protect consumer interests and complicate procedures required to start a new business.
Banking laws are also extremely important since people without credit cards or access to other means of cashless settlements should be able to participate in electronic commerce. Countries with transitional economies should revise legal requirements applied to traditional commerce (offline trade). This would facilitate application of legal requirements to electronic transactions.
Efforts to develop electronic commerce based on legal reforms should start with an evaluation of what should be changed and why. Laws supporting the development of electronic commerce should not impose additional requirements, except for those that already exist for traditional paper documents. It is recommended that the countries of Central Asia and the Caucasus support the idea of electronic contracts, especially those between existing trade partners. Electronic commerce should be supported by eliminating barriers and not creating new ones should support electronic commerce.
Genuine support for the development of electronic commerce would be achieved by establishing a competitive environment in the market. It is thus necessary to avoid state licensing for electronic commerce, since it would be a barrier to innovations.
Legislation and a state system of regulation should ensure compliance with the “business choice” principle for electronic commerce. It is necessary to adopt laws that would regulate credit cards, debit cards and pre-payment schemes, or “cyber-money” where the most important identification functions are carried out mainly between a seller and a company, which issued a credit or a debit card or renders cyber-money services, but not between a seller and a buyer.
Businesses need a system of electronic signatures that they can trust at the international level. For the purposes of achieving international recognition for e-signatures, laws on e-signature should guarantee opportunities based on the principle of “business choice”. Otherwise, the relevant countries will create a rationale for global e-signature users to avoid electronic commerce with a country that lacks a legal system based on the international principle.
46 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
National legislation should guarantee the principle of neutrality of technologies, because this would enable courts to admit any technology that complies with objective criteria. It is necessary to avoid state licensing of service providers. In general, the policy should encourage development of a competitive market with many operating service providers and use of many different technologies.
47 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
)
(2002
)
(2002
Asia and the Caucasus
)
(2002
)
(2002
)
(2002
Annex I
)
(2002
infrastructure indicators for seven countries of Central indicators for infrastructure
)
3 900 3 400 2 500 7 000 1 600 1 000 1 700
2 850 1 139 3 032 16 562 5 930 302 281
(2002
29 800 86 600 69 700 2 717 300 198 500 143 100 447 400
71 900 870 000 503 600 1 027 000 53 100 13 200 186 900
60 000 300 000 73 500 250 000 152 000 3 500 275 000
542 800/ 923 800/ 648 500/ 2 081 900/ 394 800/ 237 600/ 1 681 100/
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
2 991 360 7 868 385 4 693 892 15 143 704 5 081 429 556 7 011 26 410 416
11.79 billion11.79 26.34 billion 12.18 billion 105.3 billion 7.725 billion 6.996 billion billion 44.11
Geographical, economic and ICT
Total area Total (sq. km) Total population Total (July 2004 estimates) GDP (purchasing power parity), power (purchasing US$ (2003 estimate) GDP per capita (purchasing power parity), power (purchasing US$ (2003 estimate) Telephone main Telephone lines/mobile cellular (2002) Internet hosts (2002) Internet users
48 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
Government
Asia and the Caucasus
participation in sociological surveys
state procurements monitoring (in Kazakhstan). elections; customs accountability (reports); (in Kazakhstan). elections
online submission of tax reports
Ð
Consumers to government (C2G): Ð
Government to government (G2G): Ð Ð
Business to government (B2G): Ð Ð
ce processes of countries in Central ce processes
Annex II
Consumer (a physical person)
online recruitment (in Kazakhstan).
announcement boards; online auctions and classifieds (in Kazakhstan). to reveal public opinion. online banking (in Kazakhstan); information (inquiry) services.
Internet advertisement; online shops; tourist and other services;
Ð
Ð Ð
Ð Ð
Consumers to consumers (C2C): Ð Ð Ð
Government to consumers (G2C):
Business to consumers (B2C):
Business (a legal entity)
information business systems; online procurement (in Kazakhstan).
private services; participation in sociological surveys and other advertising actions. announcement boards; online tenders; information (inquiry) services.
between banks; electronic payment systems Internet advertisement;
Ð Ð
Ð Ð
Ð Ð Ð
Ð Ð
Current relations between stakeholders in e-commer relations Current
Consumer Consumers to business (C2B):
Government Government to business (G2B):
Business Business to business (B2B):
49 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
y
The Law of Uzbekistan on E-digital signature, 2003
The registration centre is a legal entity registered by the state in a specially authorized body and implements the setting up and opening e-digital signature keys; certifying copies of electronic documents in hardcopy, signed hardcopy, with e-digital signatures; suspending, renewing and canceling validity of e-digital signature certificate keys; assuring protection
The E-document Law, 2002 Law,
Activity in the area of e-document circulation shall be subject to licensing. The procedures for issuing licenses, their term of validity and other conditions for licensing shall be set forth by the Government (article 19).
The Government of Tajikistan shall manage and regulate relations in the area of e-document circulation (article 5).
The procedures of information
, of
”
Asia and Caucasus by countr
On e-digital
Not stipulated by current legislation
The draft law of Kyrgyzstan “
signature 2002 mentions the centre for certifying validity of e-digital signature (certifying centre). This is a legal entity or is an independent entity, authorized entity, to certify possession of a concrete open e-digital signature key to a certificate holder, as well as holder, its validity (article 2).
The Law of Kazakhstan on E-document and E-digital signature, 2003
Certification centre shall be a legal entity. Activity of verification of conformity of open digital signature key to closed digital signature key as well as verification of registration certificate authenticity is subject to licensing. The certification centre may provide services to several systems of e-document
,
”
Annex III
legal
Ð
On e-trade,
Not provided for by current legislation
The draft law of Georgia “ e-signature, e-document and e-transactions 2003, provides for establishment and operation of the e-signature Certification centre. Certification body entity or its subsidiary, which subsidiary, is authorized to issue open e-digital signature key and to certify ownership thereof (article 2.1).
t of e-commerce related laws in Central related t of e-commerce
The E-signature and E-document Law, 2004 Law,
One month before starting its activity a Certification centre shall be registered in a relevant governmental body (article 10).
Means of e-documents circulation and e-signature shall be subject to certification in compliance with the legislation of Azerbaijan.
Any physical or legal entity irrespective of form of ownership can become a
Comparative char
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
Draft Law on E-document E-signature, 2002
Certification centres for legalizing e-signature can be represented by any organizations irrespective of their legal and organizational form, which carry out their activity in compliance with the law (article 17).
Authorship of an e-signature shall be confirmed by an e-signature certificate, issued by a certification centre (article 18).
Certification Authorities
50 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
(security) of an e-digital signature closed key; keeping a register of certificates of keys; assuring its renovation and confirming e-digital signature validity in electronic documents.
The Cabinet of Ministers of Uzbekistan shall set up the procedures for operation of the certification centres (article 6).
Certificate of e-digital signature key is issued by a registration centre (article 14).
filing and circulation, mentioned in the first part of article 18 of this Law, in the form Law, of e-documents shall be regulated by the rules and standards of the record keeping, set up by the laws of Tajikistan (article 11).
Services related to dissemination of open keys for checking signature be rendered by individual entrepreneurs or legal entities, who have licenses for rendering services related to dissemination of open keys of signature check (article 15).
It is also expected to have an authorized governmental body, which will body, keep a uniform state publicly accessible register of e-digital signature certificates and assure unlimited access to this register (article 8).
circulation (article 20).
Current legislation provides for Qualification requirements to type of licensed activity of verification of conformity of open digital signature key to closed digital signature key as well as verification of registration certificate authenticity, 2004.
The draft law provides for that the Centres activity be subject to licensing, which is to be executed by the State department of informatization (in 2004 the department was included into the structure of the ministry of transport and communication).
certification centre. To issue centre. To promoted certificates of a signature, a certification centre shall be subject to accreditation in an appropriate governmental body, which, in body, its turn, issues a promoted certificate to this certification centre.
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
For the purposes of assuring security, a centre security, for legalization can receive public accreditation from an authorized body (article 19).
Accredited centres shall take responsibility for damage incurred in the course of rendering services (article 21).
51 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
The Law of Uzbekistan on E-commerce, 2004
E-commerce is a business activity including sale of goods, supply of works and services, based on usage of information systems.
The Law of Uzbekistan on E-documents circulation, 2004.
E-documents circulation is a set of deliveries and receipts of e-documents through an information system (article 4).
An e-document is information, fixed up in an electronic form, confirmed by an
The Law on E-document, 2002
An e-document can be used in all areas of activities, where hardware and software, required for creation, processing, storage, transmission and receipt of information, are applied.
Restrictions for usage of e-documents can be set up in the cases stipulated by legislation (article 2).
If legislation requires notary certification and/ or state registration of a document, either an e-document or its
Ð
Draft Law on E-commerce, 2004 regulates legal conditions for e-commerce, sets up rights and duties of persons involved in e-commerce, determines rules for transactions on the basis of e-documents, signed by alternative means to manual signature; it also recognizes e-documents as an evidence in court (article 1).
The draft law gives such definitions as e-commerce concluding following transactions on the basis of exchanging e-documents: purchase and sale, supply, free sale, supply,
, 2003.
On
”
“
The Law on Regulation of Trade, 2004 Trade,
E-trade shall be implemented through entering into trade transactions supported by the contract between the parties of e-trade for purchase of goods by electronic communication means applied thereto. The thereto. procedure of e-trade shall be determined in pursuance with the rules approved by the government of Kazakhstan (article 29).
The law
e-document and e-digital signature Electronic
Draft Law on E-trade, E-signature, E-document and E-transactions, 2003, covers: Creation of legal conditions for e-commerce development, e-contracts, execution of e-transactions using e-records (article 1). The (article 1). draft law provides the following definitions: e-document is e-communication which possesses qualities required for identification thereof as the document.
,
”
The Law on E-signature and E-document
2004
Transactions carried out on the basis of e-document circulation shall be equivalent to transactions on paper. An paper. e-document shall be deemed as equal to a hardcopy and have same legal force, except for cases requiring notary certification or state registration of the document (article 3.4).
Paragraph 3 of Article 336 of the Azerbaijani Civil Code proclaims freedom of choice in using electronic means
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
Electronic commerce/ online transactions
52 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
e-digital signature, which has other attributes of an e-document, enabling its identification.
An e-document shall be created, processed and stored on the basis of technical facilities and services of information systems and information technologies (article 5).
An e-document shall be equal to a hardcopy document and have the same legal validity (article 7).
hard copy shall be certified or registered according to the procedure set forth by legislation (article 11).
services, carriage, borrowings and loans, cession financing, bank deposits, bank account, settlements, storage, insurance, commission contract, agenting, confidence property management, commercial concession, simple partnership, promising an award in public, public tender, as public tender, well as acquisition and usage in entrepreneurship based on use of electronic means;
e-document is a message, which has attributes for
document that complies with the requirements of this law shall be equivalent to the paper document (article 7).
Any contract, which does not require notary authorization or state registration, may be concluded with application of electronic documents certified by e-digital signature (article 7).
for written deals, including confirmation of documents on the basis of e-digital signatures and mutual consensus between parties.
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
53 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
The Law on E-documents circulation, 2004
An e-documents circulation can be used for deals (including conclusion of agreements), settlements, official and official non-official correspondence and to transmit any other information (article 4).
The E-document Law, 2002 Law,
An e-document can be used in all activities, which use software and hardware technical facilities, required for establishing, processing, storage, transmission and receipt of information. E-documents can be used for deals (to conclude agreements), settlements, correspondence,
The Law of Kyrgyzstan on E-payments, 1999
Sets up a legal status of e-payments and regulates relations occurring during e-payments in the Kyrgyzstan (article 2).
An e-payment document is a sort of a pay document, compiled in an electronic form, which contains information required for
, 2003
”
The Law on E-document and E-digital signature
This law is purposed at regulation of interactions arising from creation and use of e-documents, certified by e-digital signature, provided for establishment, amendment or termination of legal relations, and rights and obligations of the participants
its identification as a document;
In general the draft law has not been accomplished and contains many contradictions.
Law on E-signature and E-document, 2004
Services of an intermediary can be used to send, receive or store e-documents. An intermediary shall not be in charge for charge content of sent, received or stored information. During creation, storage, processing and transmission of an e-document, software and hardware can be
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
Electronic payments
54 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
transmission of documents and other information (article 2).
E-documents shall be equal to hardcopy documents with the same legal force (validity) (article 11).
The National Bank of Tajikistan, commercial banks or non banking crediting and financial institutions shall be the subjects (entities) for legal relations in the area e-documents circulation in the banking sector. Relations between subjects in the area e-documents circulation in the
settlements and certification by an e-digital signature (article 1).
The National Bank of Kyrgyzstan shall Kyrgyzstan execute the functions related to regulating relations on e-payments for the purposes of assuring efficiency, security and reliability of the payment system in Kyrgyzstan; it in Kyrgyzstan; shall be also in charge for charge licensing and regulating operation of financial and other institutions, which render services, related to e-payments on the territory of Kyrgyzstan (article 3).
of the legal relations, arising in the sphere of e-documents, including conducting of civil transactions.
Law on banks and banking activities in the Republic of Kazakhstan, 1996 as well as Law on payments and money transfers, 1997 have necessary provisions for electronic payments.
used provided that the latter comply with security requirements stipulated by legislation of Azerbaijan (article 32).
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
55 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
banking sector shall be based on agreements. Procedures for using e-documents for cashless settlements in Tajikistan shall Tajikistan be set forth by the national Bank of Tajikistan (article 21). A certification body, defined by body, the Government of Tajikistan, shall be in charge for certifying software and hardware technical facilities, required for establishing, processing and storage of information used in banking operations. The operations. list of software and hardware used in banking activities and
An electronic pay document, applied in compliance with relevant requirements in terms of a format and procedures of certifying validity on the basis of an e-digital signature, shall have a legal status equal to the legal status of original hardcopies of payment documents, certified in compliance with imposed requirements, and shall be accepted as a proof when judicial and other disputes are considered (article 6).
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
56 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
The E-digital signature law, 2003
An e-digital signature in an electronic document is equal to a sign manual in a hardcopy document, when certain conditions are complied with at the same time (article 7).
The Law on E-document, 2002
Sets up legal basis for using e-documents, defines main requirements to e-documents, as well as rights, duties and responsibility of participants of legal relations, occurring in the area of e-documents circulation.
It defines the following definitions: e-digital signature is a set of symbols,
subject to mandatory certification shall be defined by the National Bank of Tajikistan (article 22).
The Law on electronic payments, 1999
An analogue of a sign manual (e-digital signature) code, set up on the basis of certified software and hardware facilities through multilateral transforming a document content into a numerical consequence, coded with the help of a secret personal key. An e-digital signature shall be inseparably linked with
The law on E-document and E-digital signature, 2003
Electronic digital signature is a composition of symbols, created by electronic digital signature means and certifying identity of the e-document, attribution and invariability thereof (article 1).
E-document may have one or several electronic digital signatures.
Any contract, which does not
any
Ð
The draft law of Georgia on Georgia e-trade, e-signature, e-document and e-transactions, 2003, is purposed at: Creation of legal framework for usage of digital electronic signatures (article 1).
Electronic signature letters, digits or symbols in digital form, which are connected or logically associated with electronic data and are implemented or
The Law on E-document and E-signature, 2004
The goal of the law is technical organization and organization legal justification for using an e-signature in an e-documents circulation, as well as regulation of legal relations, which occur in a process of using an e-signature among participants.
An e-document is communicating data, presented in an electronic form, like an e-mail or other
Ð
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
Draft Law on E-document and signature, 2002
Regulates legal relations occurring in the area of application of e-documents; it also defines procedures for using e-documents and an e-signature.
Electronic data for creating a signature unique combination of data used by a person for the purposes of and e-signature (article 1).
Electronic signature
57 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
developed by means of an e-digital signature, it shall be an integral part of an e-document (article 1).
Means of e-digital signature are software and hardware facilities, providing for development and checking an e-digital signature and having a certificate of conformity or a document recognizing the certificate. An e-document is information fixed in a hardware, complying with relevant requirements (article 1).
a concrete sender only. An only. e-signature shall certify a payment document (article 1).
Instructions of the National Bank of Kyrgyzstan Procedures for applying e-digital signature in the payment system of Kyrgyzstan, 1999
Set up procedures for creation, registration, usage and storage of e-digital signatures for participants of Kyrgyzstan payment system. E-digital signature represents a tool, with the help of which a payment
require notary authorization or state registration, may be concluded with application of electronic documents certified by e-digital signature (article 7).
Electronic digital signature is equivalent to manual signature of the signatory and entails equal legal consequences (article 10).
Foreign electronic digital signature with foreign registration certificate, shall be admitted as electronic digital signature at the territory of Kazakhstan in
Ð
received with intention to certify or agree with electronic data (article 2).
Electronic digital signature electronic signature, which is transformation of electronic data by means of asymmetric cryptosystem.
information, communicated through communications facilities.
An e-signature cannot be recognized illegitimate based only on the fact that it is presented in an electronic form, does not have a certificate or created by uncertified signature means (article 3).
The laws provides for differentiation of differentiation an e-signature:
a) simple e-signature, which does not have legal protection (parties take their own responsibility,
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
Validity of an Validity e-document is a positive result of using checking facilities, confirming lack of in a document beginning form its creation.
E-evidence of signature is a hardcopy or electronic document, which contains data about checked e-digital signature and a name of an e-signature holder (article 1).
E-signature is a unique combination of data attached to an e-document or being its integral part, confirming validity of the document and identifying a person,
58 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
Ð
Ð
E-digital signature is applied for certifying information, which makes up a general part of an e-document, certifying validity and integrity of an e-document (article 12).
E-documents can be sent with the help of any types of communications, including information systems and networks, unless it contradicts legislation of Tajikistan, as Tajikistan, well as international agreements of Tajikistan (article 2).
was
”
On e-digital
system participant confirms validity and integrity of an e-payment document. A document. plastic card with a microprocessor (smart card), which keeps a personal secret key and implements a procedure of creating an e-digital signature passed in 2002. signature, is mentioned. It assures legal conditions for The draft Law using e-digital of Kyrgyzstan signatures in “ processes of exchanging e-messages, where an e-digital
pursuance with international treaties adopted by Kazakhstan or after introduction into the register of registration certificates (article 13).
such
Ð
this contradicts
when they use it) Ð the Civil Code;
b) a signature, created by certified entities and having an advanced certificate of signature a signature is equal to a signature in hardcopy;
c) apart from the provision of paragraph B, if an advanced certificate contains information about holder (user) of a signature, this signature shall deemed as equal simultaneously a signature and a seal in a hardcopy (strengthened signature).
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
creating the document (article 1).
An e-signature is a remedy to confirm integrity of an e-document and to assure an opportunity to identify a person holding the signature (article 10).
An e-document shall have internal and external forms (article 6).
An original copy of an e-document shall exist only in electronic form (article 7).
59 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
signature is recognized to be equal to sign manual; it also provides for services of certifying e-digital signatures (article 1).
Article 7.1. During documents circulation between governmental bodies and local self governing bodies only strengthened certified means of e-signature shall be used.
Article 7.2. Governmental bodies and bodies of self government shall use only e-signatures issued by territorial subordinated accredited certification centres.
Article 7.3. If legal or physical persons apply to governmental bodies or, only bodies or,
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
60 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
1. The Law of 1. Uzbekistan on electronic documents circulation, 2004
Security of electronic documents in e-documents circulation shall be carried out for the purposes of preventing any damage to, participants of e-documents circulation or other legal entities or physical persons within the procedures set forth by the laws (article 17).
2. The Law of 2. Uzbekistan on E-digital signature, 2003
’
The Law on protecting rights of consumers, 1997
Protection of consumers rights, provided by the laws, shall be responsibility of courts. Consumers shall be exempted from paying a state fee on suits, related to violation of their rights (article 15).
2. E-document Law, 2002 Law,
Original copies of e-documents and their copies, complying with requirements of article 10 of this law, shall have law, a similar legal
Ð
1. The Law on 1. Arbitration in Kyrgyzstan, 2002
There are no e-commerce restrictions in the list of disputes to be processed by courts (article 45).
2. The Law on 2. E-payments, 1999
Disputes occurring in the course of e-payments shall be resolved between parties on the basis of negotiations, and if a consensus is not reached through courts (article 11).
The Law on Regulation of Trade, 2004 Trade,
Protection of rights and lawful interests of e-commerce parties shall be provided according to the procedure provided for the subjects of trade activity (article 29).
Given adopted new legal provisions relating to e-document and e-signature, certain amendments have been introduced to the existing legislation. In particular, to the particular, Kazakhstan
The Draft Law of Georgia on of Georgia E-trade, E-signature, E-document and E-transactions, 2003
Where the contract is subject to this law, is an law, international contract and the dispute arises from it: a) the dispute shall be proceeded in pursuance with the provisions of the law agreed by the parties; b) in case of absence of the law agreed by the parties, the court shall apply a law at its discretion (article 11).
strengthened e-signatures shall be used.
Law on E-document and E-signature, 2004
A holder of an information system and network, which are used during an e-documents circulation, shall be in charge for be in charge a relevant level of their reliability and security (article 31).
,
»
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
Draft Law on E-document and E-signature 2002
Physical and legal entities, based on the procedures of the law, shall take law, responsibility for violation of the legislation related to circulation of e-documents (article 22).
Judicial system for security
61 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Disputes in the area of using e-digital signature shall be resolved in compliance with the laws (article 21).
force (article 11).
,
”
Breach
“
Administrative Code (issue of 2003) has been added new article: of the law of Kazakhstan on e-document and e-signature which stipulates that: failure of the certifying centre to meet obligations provided for by legal act on e-document and e-signature, entails penalty. Failure of the participants of e-document system to meet obligations provided for by legal act on e-document and e-signature entails penalty (article 497-2).
The certifying agency shall possesses appropriate financial resources to: a) implement operation according to its obligations; b) be able to undertake liability risks of other trusting parties for the certificate and electronic digital signature issued to its customer; c) certifying agency may provide insurance of its liability risks by different mechanisms, including issue of bonds and bills of credit through state or private insurance companies; d) for implementation
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
62 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
The Law on protecting rights of consumers, 1996
Laws or regulations cannot restrict rights of consumers, reduce guarantee of their protection, set forth by this law (article 2).
Losses of a customer because of goods (works, services) acquired as a result of dishonest advertisement, shall be subject to compensation by a producer
rights
’
state and
The Law on protecting rights of consumers, 1997
Regulates relations between consumers and entrepreneurs, sets up consumers to acquire goods (works, services) of the relevant quality, to quality, security of their lives and health, … public protection of their interests; it also defines mechanisms for enforcement of these rights.
Community organizations of organizations
The Law on protecting rights of consumers, 1997
Does not mention about e-deals. The law regulates relations occurring between consumers and producers, performers and sellers when goods are sold (works are carried out, services are rendered); it establishes rights of consumers to acquire goods (works, services) of the relevant quality and safe
The Law on regulation of trade, 2004
Protection of rights and lawful interests of e-trade parties shall be provided according to the procedure provided for the subjects of trade activity (article 29).
Control over commercial activities at the territory of Kazakhstan shall be executed by the authorized agency and other state agencies within scope of
of the aforesaid obligations the certifying agency may set up customer service tax (article 11).
The Draft Law of Georgia on Georgia E-trade, E-signature, E-document and E-transactions, 2003, regulates interactions of the e-commerce parties.
Customer possessing the certificate of e-digital signature shall be subject to liability for damages incurred by the person who trusts to the open key provided in this certificate, or other negative outcomes caused by unauthorized
’
The Law on protecting rights of consumers, 1995
Assures sufficient guarantee to consumers to protect violated rights. The state shall supply all the necessary information to consumers to assure legal protection of their rights (article 13).
Article 18 assures state guarantee for protection consumers rights. Relevant executive governmental
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
Draft Law on E-document and E-signature, 2002
Damage by a legalization centre to accredited legal and physical entities (persons) as a result of services rendered, shall be subject to compensation (article 21).
Protection of consumer rights
63 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
rights
rights
’
’
(performer, seller) in a full amount (articles 7, 12).
Compensation of moral damage shall take place irrespective of compensation of moral damage and losses by a consumer (article 22).
The state shall guarantee security of consumers and interests protected by the state in their acquiring and using goods (works, services).
Governmental bodies and courts shall assure state protection of consumers (article 23).
’
consumers shall be entitled to sue sellers (producers, performers) to recognize their actions to a certain group of consumers illegal and terminate these actions (article 42).
Moral damage to a consumer based on violation of his (her) rights by a seller (producer, performer), provided by the consumers rights protection law, shall be law, compensated by a damager, provided that his (her) fault is evident (article 12).
Damage to life, health or property of a consumer based on
of life and health of consumers, state and public protection of their interests, it also defines mechanisms for enforcement of these rights.
A seller (performer, producer), supplying false information about goods, certification, sponsorship or price, shall take responsibility in compliance with the laws of Kyrgyzstan (article 11).
Losses of consumers shall be compensated in a full amount plus fines, set forth by this law or an agreement (article 12).
,
”
on e-document
authority thereof (article 33).
The law of Kazakhstan “ and e-signature 2003. Participant of the system of e-document circulation has the right to apply to the certifying centre for confirmation of identity and validity of the open e-digital signature key, registered by this certifying agency (article 9).
Additionally, Law Additionally, on Protection of consumer rights of 1991 (amended in 1992) guarantees basic consumer rights. A draft of a new Law on Protection of consumer rights
usage of the key by other person, if it resulted from breach of the e-digital signature certificate use (article 23).
bodies and courts shall guarantee such protection within their authorities (competence).
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
64 E-commerce legal and regulatory systems in the countries of Central Asia and the Caucasus
rights
’
A producer (performer, seller) shall take responsibility violations of laws on protection of consumers (article 27).
A consumer can apply to courts if his (her) rights are violated (article 29).
construction, productive, prescription or other defects of goods (works, services shall be compensated in a full amount (article 11).
Losses of a consumer based on defects of goods (works, services) shall be compensated above a forfeit set forth by this law (article 10).
rights
’
Damage to life, health or property of a consumer as a result of construction, productive, prescription or other defects of goods (works, services) shall be compensated in full amount (article 13).
Compensation of moral damage shall be carried out irrespective of compensation of property damage and losses of a customer (article 14).
A court shall protect consumers (article 16).
is currently under works.
Armenia Azerbaijan Georgia Kazakhstan Kyrgyzstan Tajikistan Uzbekistan
65 Overview of the regulatory framework for e-commerce in selected Pacific island countries
IV. OVERVIEW OF THE REGULATORY FRAMEWORK FOR E-COMMERCE IN SELECTED PACIFIC ISLAND COUNTRIES
By Mohammed L. Ahmadu32
Introduction33
Economies based on information and communication technology would contribute significantly to facilitate the inflow of financial investments. Adopting online transaction systems would provide small island countries with the opportunity to show their natural and marine resource endowments to international markets through accessible information portals. E-commerce would also assist their rapid integration into the global economy.34
The increasing pace of globalization and advancements in technology stretch the traditional boundaries of contract and commerce, so much so that the conduct of electronic commerce by means of online transactions is fast becoming a worldwide phenomenon. It is clear that while small Pacific island states aspire to be part of this trend, they are nonetheless vulnerable in a number of ways.35 One common view of their vulnerability is the perceived geographical disadvantage associated with their remoteness from major global and trading centres.
To overcome challenges, the use of the Internet and associated technologies anchored and operating in a suitable legal framework has now been seen as necessary. The Internet and ICT would assist in converting their perceived disadvantages into strengths. With a suitable legal framework and a functional ICT infrastructure, particularly in the area of e-commerce, the small island states in the South Pacific would be in a position to open their economies to much-needed foreign investment in the form of equity as well as joint venture capital. At the same time, they would be able to market electronically their natural resources or products in regional or
32 Mohammed L. Ahmadu is Barrister and Associate Professor, University of the South Pacific, School of Law, Vanuatu. 33 Mohammed L. Ahmadu, 2004 (forthcoming), “E-Procurement as a Development Imperative in Small Island States in the South Pacific”, James Cook University Law Review. 34 Nick Carter, 2004. “E-Procurement in Aid of Business” International Trade Forum 4, 27. 35 Vulnerability is often described in terms of fragile ecology, comparatively small economies, low absorptive capacities, and so forth.
67 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs global markets, without the need to engage expensive intermediary services. There are innumerable benefits, both potential and actual, which flow from the electronic procurement and sale of goods and services.
A. Overview36
A general overview shows that the Pacific islands are comprised of 22 sovereign and dependent states covering 30 million square kilometres of ocean. For a number of years, many island nations have based their unique development strategies in terms of their geographical isolation, comparatively small land area, cultural and ethic diversity and vulnerability to nature.
Five Pacific island countries are considered in this study based on their varying levels of development and cultural diversity.37 Vanuatu is Melanesian, Kiribati is Micronesian and Samoa and Tonga are Polynesian. Fiji is a hybrid of the three, though identifying more generally with Melanesia.
B. Regulatory situation38
1. Kiribati
At present, there is no national ICT policy or e-commerce legislation. The Copyright Ordinance Cap 16 can be considered as supportive legislation, but there is no recognition for computer software or programmes.
2. Fiji
The national ICT policy extends to the departmental level and supports integrated government information portals. At the time of this writing, it was reported that no e-commerce legislation existed, although it was being contemplated. Supportive legislation includes the Copyright Right Act 1999.
In terms of administrative steps, there is a properly equipped and functional government ICT centre. A Cabinet Paper has been written on e-governance in 2001.
36 Based on Mohammed L. Ahmadu, 2004 forthcoming. “UNCITRAL Model Law on Procurement of Goods, Construction and Services: Globalizing Effects and Small Island States”, Asia-Pacific Journal of Law and Policy, 5(1). 37 Fiji, Kiribati, Samoa, Tonga and Vanuatu. 38 Information reproduced here is based on field research studies by the author in Fiji, Kiribati, Samoa and Vanuatu, funded by the University of the South Pacific Research Committee.
68 Overview of the regulatory framework for e-commerce in selected Pacific island countries
The Southern Cross Fibre-Optics Communications Cable linking Fiji with the United States of America, Australia and New Zealand has been completed.
3. Samoa
At present, Samoa does not have a national ICT policy. However, it is able to support limited government information portals. There is no e-commerce legislation.
Supportive legislation in Samoa consists of the Posts and Telecommunications Internet Act Number 27 of 1997, the Postal and Telecommunications Act 1999 and the Copyright Act Number 25 1998.
Administrative steps that have been taken include formation of an ICT Steering Committee in 2002.
4. Tonga
A policy revision has been under consideration for the national ICT policy in order to consider online economic activities. However, there was no e-commerce legislation at the time of this writing. Supportive legislation includes the Communications Act 2000 and the Radio-Communications, Telegraph and Broadcasting Acts (2000) as amended.
Several matters are still under consideration in terms of administrative steps. Consideration is being given to the Tongan Civil Service IT Strategic Plan. There is prospective legislation on (a) electronic signatures and authentication of a network user’s identity and (b) international cooperation on security on cyberspace issues. An ICT Consultative Committee has been established.
5. Vanuatu
The national ICT policy of Vanuatu is not integrated, but it is able to support limited government portals for mainly financial and commercial information. Two acts that can be considered as e-commerce legislation are the Electronic Transactions Act (2000) and the E-Business Act (2000).
There are two pieces of relevant supportive legislation. One is the Companies (e-Commerce Amendment) Act Number 27 of 2000 which amended section 378 of the Companies Act Cap 191. The other piece of legislation is the International
69 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Companies (e-Commerce Amendment) Act 2000 which amended section 10 of the International Companies Act Number 32 of 1992.
6. Prospective legislation in selected Pacific island countries
Several pieces or types of legislation are being considered in selected Pacific island countries. One is the Computer Misuse Act or Computer Crimes Act, or extensive amendment to the existing Penal or Crimes Act. Another piece of legislation is the Digital Signature Act or an amendment to the Evidence Act. Digital Telecommunications or Multimedia or Telemedicine Acts are also being considered, according to appropriateness.
C. Basic information on selected countries
1. Fiji
The country became independent in 1970, and the legal system is derived from Britain. The court system consists of the Magistrates’ Court, the High Court, Court of Appeal and the Supreme Court as the highest appellate court in the country. There is also the native or Tikina Courts system operating at the village level.39
In comparison to the other four countries, communications and information technology is fairly developed, although at present there is no coherent national ICT policy. However, departmental level initiatives support a number of government information portals. There is a properly equipped and functional government ICT Centre that services the IT needs of the government. There is a copyright law, and in the near future, e-commerce and ICT-related laws would be introduced.
2. Kiribati
The country became independent in 1979 and the legal system is derived from Britain. The court system consists of the Magistrates’ Court, High Court and the Court of Appeal is the highest appellate court for the country. There are also some local courts.40
39 Michael A. Ntumy (ed.), 1993, South Pacific Islands Legal Systems, Honolulu: University of Hawaii Press, chapter 2. 40 Ibid., p. 82.
70 Overview of the regulatory framework for e-commerce in selected Pacific island countries
There is at present no national information technology and communications policy in Kiribati. However, in the area of intellectual property, there is a Copyright Ordinance. However, this offers no recognizable protection for computer software or programmes. The situation in Kiribati could be described as an extreme case scenario for lack of policy or legal support of ICT in the Pacific island subregion.41
3. Samoa
At the time of independence in 1962, Samoa adopted the parliamentary system of representative government based on universal suffrage. The country has a written constitution that provides for the separation of powers for the executive, legislature and judiciary. There is a unicameral legislature.
The court system is made up of the Magistrates, Supreme and Court of Appeal, which is the highest appellate authority. The Court of Lands and Titles handles disputes affecting customary land.42
There is no national ICT policy at present. However, a number of initiatives have enabled the government to support limited government information portals. An Information and Communications Technology Steering Committee was formed in 2002. A number of associated laws have been amended.43
In 1997, Samoa amended its Communications Act to encourage the operation and development of Internet services in the country. It transferred the property held by the defunct Pacific Internet Services Limited to the Post Office.44 Aside from this action, nothing in policy formulations indicates movement in the direction of developing a national information and communication technology policy or promulgating e-commerce laws.45
41 Mohammed L. Ahmadu, 2004 (forthcoming), “E-Procurement as a Development Imperative in Small Island States in the South Pacific”, op. cit. 42 Michael A. Ntumy (ed.), op. cit., chapter 15. 43 These include the Posts and Telecommunications Internet Act Number 27 of 1997; Postal and Telecommunications Act 1999; and the Copyright Act Number 25 1998. 44 See the Posts and Telecommunications Internet Act Number 27 of 1997: Cf. Communications (Amendment) Act Number 251 (2000) Niue. It amended the Communications Act 1989 by designating the ownership and management of the country’s code Top level Domain NU. 45 Mohammed L. Ahmadu, 2004 (forthcoming), “E-Procurement as a Development Imperative in Small Island States in the South Pacific”, op. cit.
71 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
4. Vanuatu
The country became independent in 1980. The legal system was derived from the English, but also incorporates French laws formerly enforced by the French colonial power.46 The court system consists of the Magistrates Court, Supreme Court and the Court of Appeal, which is the highest appellate court in the country. There are also local customary courts known as Island Courts. A land tribunal has recently been established to resolve land disputes in line with local customs.47
Vanuatu has no integrated national ICT policy, but existing initiatives are able to support limited government portals used mainly for financial and commercial information. The government has passed laws on electronic commerce, international companies and trusts. Two laws that have been passed dealing with electronic commerce are the Electronic Transactions Act 2000 and the E-Business Act 2000.
The Electronic Transactions Act aims at regulating the increasing pace of electronic transactions, including telemedicine. This is primarily due to the trend of using information technology to conduct business deals based on Vanuatu’s status as an offshore finance centre. The law covers the legal requirements of electronic records; communication of electronic records; electronic signatures; encryption and data protection; and intermediaries and e-commerce service providers. These important aspects of e-commerce are now regulated in Vanuatu.
The E-Business Act is intended to complement the conduct of electronic business transactions, in a general sense. However, the scope of the law is limited to electronic businesses carried out by international companies.48 It is not of general assistance to all types of online contracts or transactions. The law covers cyber-suite contracts and electronic business contracts; cyber-suites and e-business accounts.
The laws in Vanuatu are not part of a national information technology or electronic commerce policy strategy of the government. While there is some progress, it is apparent that the current initiative is limited to private sector needs. It is confined only to the sectors of banking, Internet gambling and casino operations.49
46 Don Paterson, “Vanuatu” in M. Ntumy (ed.), op. cit. 47 Ibid. 48 The domestic counterpart is the Companies (E-Commerce Amendment) Act Number 27 of 2000, which amended section 378 of Cap 191. See also the International Companies (E-Commerce Amendment) Act 2000, which amended section 10 of the International Companies Act Number 32 of 1992. 49 These are also offshore transactions.
72 Overview of the regulatory framework for e-commerce in selected Pacific island countries
For now, there appears to be no public sector support towards ensuring that a technological foundation emerges to compliment the laws in this area. However, to a certain extent Vanuatu has recognized the need to pass such laws and prepare for integration into the global information revolution. Even though this preparation has been done step by step, it is a positive indication that Vanuatu is looking forward to developing the necessary integrated national infrastructure for e-commerce in the future.
D. Practical legal issues of common concern
Digital and Internet technologies have combined to create additional legal dilemmas in the way contracts are formulated and executed, as already pointed out. These problems can be overcome, but some important issues require clear legal resolution if e-commerce is to be accepted. This is especially significant for island states that have limited resources, lack requisite technical know how and have inadequate infrastructure. A few such legal issues can be considered.50
1. Security issues
The use of technology to transact online has created the problem of user-identification.51 This is a particular problem because the transaction has a remote nature, there is a physical distance separating the parties and people have the ability to make instantaneous changes to electronic documents with little or no trace of detection. The cost factor associated with putting a reliable identification system in place would make the technology suspect for some time to come, at least from a legal point of view and particularly in the context of small island states.
2. Problems of e-signature
The logic flowing from issues of security is also a problem of writing and authenticating digital signatures. The use of private and public keys encoded in electronic documents to authenticate or validate electronic transactions is widely regarded as a means for safeguarding the integrity of business deals. Encryption technology has also been aiding the process of authenticating digital signatures, but
50 Simon Potter, 2000, “In Search of the Paperless Transaction” E-Commerce Law and Policy 2(3), 10-11. Tonia Gilbert et al., 2000, ‘Surviving a Virtual Future” Legal Business (Supp) 105, 4-6. 51 Raymond Perry, 2003, “E-Conveyancing: Problems Ahead”, Conveyancer and Property Lawyer (May/June), 215-224.
73 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs appropriate laws would be needed to support the transition from conventional to electronic signature systems.
3. Integrity of digital information
There are other problems associated with establishing and managing round the clock digital databases. The fundamental issue is data integrity and the utmost importance for databases to be accurate and up-to-date in order to prevent fraud and unauthorized access or misuse.52 It is the responsibility of digital information registries to put in place adequate protection and security safeguards for storing electronic data, because they are custodians of the data, legally speaking. As Lipton observed, “Information property right holders have an obligation of accuracy in any information maintained by the right holder in a proprietary database.”53
4. Role of certification authorities
At this time, it would be difficult for small island countries to set up and manage national certification authorities to process digital signatures. There are financial and technical problems associated with the storage of digital signatures and the protection of such databases from viral and other attacks. A certification authority can be a reliable manager of digital signatures if it can eliminate the major risks for using these signatures between the sender and recipient.54 Island states need to put in place national policies and frameworks to address the establishment and management of digital certification agencies.
5. Spam control
Unsolicited commercial information and junk email sent through mass mailing systems are increasingly becoming a regulatory issue even in small island countries. The ability of spammers to relocate their operations to new ISPs or move extraterritorially by including the discrete use of Internet cafes for spamming activities add to the difficulties of control. This problem needs to be tackled in a systematic and effective way due to the additional cost to users of online transaction systems.
52 Mark Heighton, 2002, “Electronic Conveyancing: Moving With the Times”, Electronic Business Law 3(12) 11-12. Phillip H. Kenny, 2002, “Digital Fears”, Conveyancer and Property Lawyer (Jan./Feb.) 4-6. 53 Jacqueline Lipton, 2004, “Information Property: Rights and Responsibilities”, Florida Law Review (56), 135-190. 54 Stephen Mason, 2003, “Practical Problems of Digital Signatures”, Internet Newsletter for Lawyers (Nov./Dec.) 9-10.
74 Overview of the regulatory framework for e-commerce in selected Pacific island countries
6. Resolution of e-disputes
Where transactions are conducted electronically, it is inevitable that disputes can arise similar to conventional transactions. The challenge would be to resolve these disputes electronically, without additional paper-based exchanges. This would add to the efficiency of online transactions.
E. Some challenges to address55
1. Sustained public enlightenment campaigns
There is a need for public enlightenment to create awareness of emerging issues in e-commerce. This would contribute to economic progress. For example, Fiji has taken the lead in establishing and managing a national land information system. It still needs to be fully digitized in order to record and incorporate all parcels of land held in native reserves into its electronic database. The public would need to be enlightened about the implications of online transactions. This may be an economical and cost-effective venture for comparatively larger island countries such as Fiji, Samoa and Vanuatu, but it could be a difficult undertaking for smaller island governments such as Kiribati, Nauru, Niue and Tokelau. However, this perceived problem could be overcome by forming a regional digital information network and perhaps launching a region-wide IT awareness campaign.
2. Development of appropriate infrastructure and workforce
The technology and expertise required to operate e-commerce systems are costly and difficult to procure by small island countries with comparatively limited resources. However, because globalization is putting pressure on developing countries to accede to the World Trade Organization (WTO) and World Intellectual Property Organization (WIPO), these countries really have no time to lag behind.56 Building appropriate technical infrastructure and developing appropriate skills should be handled at two levels, national and regional. It might be the appropriate time for the South Pacific Forum Secretariat to take the lead in this area.
55 Revised discussion from Mohammed L. Ahmadu, “Legal Aspects of Electronic Lands Registries in Small Pacific Island States”, paper presented at the Real Property Teachers Conference, University of Canterbury, Christchurch, New Zealand, 1-3 July 2004. 56 Mohammed L. Ahmadu and Robert Hughes, 2004 (forthcoming), Commercial Law and Practice in the South Pacific, London: Cavendish Publishing.
75 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
3. Institution of an e-readiness programme
It is essential to have an e-readiness programme for the development of appropriate technological capability. Short, medium and long-term goals are required, including (a) capacity-building and training; (b) institution of appropriate information technology curricula at all levels of education; and (c) on the job training to upgrade IT skills of workers, both in the public and private sector. In the absence of a coordinated regional approach, the pace could be determined by the national IT policy goals of each island country.
4. Establishment of complimentary e-government structures
This is a simple and sensible way to inaugurate e-transactions for the general public, especially in relation to online sales and e-conveyances. In island countries, governments are the major employers. This helps to provide training opportunities for a broad range of civil servants. Governments also dominate in the provision of public infrastructure projects and services due to the limited capacity of the private sector. Therefore, the public sector is in the best position to guide the revolutionary changes needed to generally support the establishment of e-business structures.57
E-government would require ministries, departments and statutory boards to provide the following to the general public: e-mail addresses; web sites detailing governmental functions and responsibilities; and the provision of information hubs containing data on environment, health, investment and tourism, land tenure, etc. A more developed version may incorporate e-filing of documents, online permits and electronic tax payments.58 Island countries need to set priorities if they are to provide these services to the public as complimentary activities to the conduct of e-commerce in the private sector.
F. Recommendations
1. Promulgate simple but effective legislation
In the particular case of small island countries, it is worth noting that e-commerce laws that have to be promulgated should be simple in structure, yet
57 United Nations, 2002, Internet Infrastructure and e-Government in Pacific island Countries: A Survey on the Development and Use of the Internet, Paris: UNESCO, March 2002. 58 World Bank, 2002, E-Government Handbook for Developing Countries, Washington, DC: InfoDev- World Bank and Centre for Democracy and Technology, November 2002.
76 Overview of the regulatory framework for e-commerce in selected Pacific island countries
effective and easy to administer. As the practical realities of their economies and legal systems dictate, complex e-commerce legislation would be likely to fail or may prove difficult to administer.
In this context, island countries would need to examine the suitability of some provisions contained in the various e-commerce model laws. They should consider the model laws in relation to their local circumstances. It is important that they align the provisions of these model laws to suit their national policy aspirations, socio-economic situations, environmental considerations and pace of legal development.
2. Give tailor-made professional training
In general, only a very small percentage of lawyers in the region are familiar with e-commerce laws. This is also true for members of the judiciary, staff in ministries of justice and civil servants in relevant departments. It is necessary to institute and maintain sustained training programmes suited to the needs of these categories of professionals.
For example, donor agencies may consider funding continuing legal education modules on e-commerce law and practice for public sector lawyers in the various island countries. The University of the South Pacific has a Community Legal Centre, which is based in the School of Law. That centre could handle such a project, either on a country or region-wide basis. The University of the South Pacific Judicial Training Programme based in the Institute of Justice and Applied Legal Studies, working in conjunction with the School of Law, might also be able to administer similar training modules for judges in the region. These capacity-building initiatives would be necessary to guarantee the future of e-commerce in the region.
According to Prior, “Training is directed towards behaviour change resulting in performance improvement which is readily measurable.”59 Accordingly, he further asserted that learning opportunities should be made available to individuals and groups within the public and private sectors of the economy to equip them with skills and capacities to be more efficient.
59 John Prior (ed.), 1994, Handbook of Training and Development (2nd ed.), Aldershot, UK: Gower, p. 69.
77 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
3. South Pacific E-Commerce Law Programme
ESCAP and other interested donor agencies may consider partial or full funding of specific e-commerce law courses as part of the undergraduate or postgraduate curriculum in law at the University of the South Pacific. This would support the current undergraduate offerings in commercial, corporate, trade and tax laws. At the postgraduate level, it would compliment intellectual property and advanced commercial and securities laws currently being offered by the Law School in Vanuatu. This curriculum could easily be offered to distance students via online delivery.
4. Establishment of a South Pacific ICT centre
It might be timely to consider a regional strategy rather than piecemeal approaches by individual countries for ICT development. An information technology and law centre (ITLC) would need to be established to assist island countries to develop the necessary legal and technological structures to support e-transactions. Three basic legal frameworks can guide the establishment of a proposed regional committee on information and communication who may be tasked with the responsibility of establishing this proposed facility.60
The proposed ITLC might serve as a regional administrative, technical and legal advisory facility for e-transactions by addressing issues of common interest to all countries. Examples include; recognition of external certification agencies and the issuance of digital certificates. The governments of island countries would definitely have some say in matters involving encryption technology and certification procedures due to the potential impact on national security issues.
As a starting point, it might prove helpful to South Pacific island states to become signatories to the WTO Agreement on Government Procurement 1994. Perhaps they might also adapt versions of the UNCITRAL Model Law on Electronic Commerce 1996 and UNCITRAL Model Law on Electronic Signatures 2001 to serve as legal guidelines when drawing up their national e-commerce laws.
Most island countries are becoming increasingly integrated into the global economy through direct participation in the WTO or through regional arrangements such as Pacific Agreement for Closer Economic Cooperation (PACTA), Pacific Island Countries Trade Agreement 2001 (PACER), South Pacific Regional Trade and Economic
60 The WTO Agreement on Government Procurement 1994; the UNCITRAL Model Law on Electronic Commerce 1996; and the UNCITRAL Model on Electronic Signatures 2001.
78 Overview of the regulatory framework for e-commerce in selected Pacific island countries
Cooperation Agreement (SPARTECA), the Melanesian Spearhead Group61 and the Cotonou Convention.62 Countries participating in these arrangements could adopt internationally recognized e-commerce model laws as a way to further assist their effective integration into the global economy.
In particular, the Model Law on Electronic Commerce can serve as a useful legal guide to Pacific island nations willing to formulate their future e-commerce laws. It deals with all areas of interest relevant to electronic commerce. In particular, it applies legal requirements to data messages and covers issues about communication of data messages Ð explicitly giving recognition to the validity of online contracts, among others. Significantly, Part 2 of the Model Law deals with specific electronic commerce transactions such as carriage of goods. National authorities must work within the framework of the Model Law to devise suitable provisions in their proposed e-commerce laws.
For most of the island countries, the technical and legal expertise necessary to accomplish the objective of making new laws is not readily available. Consequently, some form of assistance may be requested from ESCAP or UNCITRAL to help achieve this objective. This would help indicate why it is necessary for small island countries to also consider joining the WTO Agreement on Government Procurement.
The public sector provides a good example. Pacific island governments are generally the largest consumers of goods, construction and services. If existing manual systems of public procurement were transformed into electronic systems, it would enhance efficiency, save costs and speed up decision-making. Overall, this will contribute to national development goals and aspirations. In addition, governments in the region could effectively maximize their e-procurement choices. There are also many potential benefits in the areas of commercialization and privatization of economic activities.
Policy makers in countries of the Pacific island subregion should realize that one of the most important factors for generating personal and national wealth is the optimal utilization of technical knowledge. Traditional factors of production are still useful, but the contribution of knowledge utilization has become a more valuable input. The current revolution in ICT is clearly knowledge-based. Embracing the
61 The Melanesian Spearhead Group is comprised of Fiji, Papua New Guinea, Solomon Islands, Vanuatu and New Caledonia. The group signed a free trade agreement in 1994. 62 This replaced the Lomé IV Convention between the European Union and African-Caribbean-Pacific (ACP) countries which expired in 2000.
79 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
ICT advances would no longer make limitations in size, land mass and material or human resources serve as a hindrance to development.
In the near future, the transition to an e-based society in the Pacific islands would certainly be driven by the public sector in view of the enormous costs involved to set up and operate the technology and ICT systems. A mixture of encouragement and appropriate incentives could help to attract the private sector to play a leading role in ensuring that a solid ICT foundation is created in the region.
5. Regional technical cooperation
Perhaps another possibility for ICT development is for island countries to pool their resources together and create what may be called a circular loop of information highway facility. This facility would link all Pacific island countries into a network for high-speed data and information exchange, as well as a storage and retrieval system, perhaps in the form of a regional information portal or gateway. Such a regional technical arrangement could probably be hosted by one of the countries in the region. At this time, such a proposal has not been actively considered before.
Finally, there is no specific regional body at this time to handle issues affecting ICT. Such a proposed facility might lay the foundation for the establishment of a regional e-commerce regulation and coordination centre. This would be possible only if Pacific island countries would be prepared to embrace ICT as part of their national policy objectives. It is expected that when such a facility is established would be coordinated and integrated on a regional basis.63
63 Fuatai Purcell and Janet Toland, “E-Finance for Development: Global Trends, National Experience and SMEs” at www.is.cityu.edu.hk/research/ejisdc/vol11/v11c6.pdf+%22E-Commerce+in+the+ South+Pacific%22&hl=en (Visited 6 June 2004).
80 The e-ASEAN legal framework and its challenges
V. THE E-ASEAN LEGAL FRAMEWORK AND ITS CHALLENGES
By Rodolfo Noel S. Quimbo
Introduction
The Association of Southeast Asian Nations (ASEAN) was created on 8 August 1967 to promote regional cooperation among its member states. It currently has ten member countries, including the five original member states: Indonesia, Malaysia, Philippines, Singapore, and Thailand. Others joined thereafter, such as Brunei Darussalam in 1984, Viet Nam in 1995, Lao People’s Democratic Republic and Myanmar in 1997 and Cambodia in 1999. The fundamental principles that govern ASEAN member states are found in the Treaty of Amity and Cooperation that was signed on 24 February 1976 during the First ASEAN Summit. These principles include non-interference in the internal affairs of one another; settlement of differences or disputes in a peaceful manner; and mutual respect for the independence, sovereignty, equality, territorial integrity, and national identity of all nations.
In 1995, the ASEAN Heads of State and Government reaffirmed that cooperative peace and shared prosperity shall be the fundamental goals of ASEAN.
A. The emergence of e-ASEAN
With the advent of the Internet and the revolution in information and communication technology (ICT), ASEAN leaders saw the need to promote collective efforts to complement national development strategies in this sector. The ASEAN leaders endorsed the e-ASEAN initiative during their Annual Summit meeting in Manila on 28 November 1999. The aims of e-ASEAN are to develop a broad-based and comprehensive action plan, including physical, legal, logistical, social and economic infrastructure needed to promote an “ASEAN e-space” as part of an ASEAN positioning and branding strategy. The e-ASEAN initiative would establish a region-wide approach to making comprehensive use of information and communication technology in business, society and government.
Although the ASEAN Economic Ministers initiated e-ASEAN in September 1999, the roots of the initiative can be traced back to ASEAN Vision 2020 set forth in 1997. According to ASEAN Vision 2020, the member countries resolved to
81 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs accelerate the development of science and technology, including information technology by establishing a regional information technology network and centres of excellence for dissemination of and easy access to data and information.
At the launching of the Hanoi Plan of Action, several months after ASEAN Vision 2020, it was foreseen that in the year 2020 ASEAN would be “a concert of Southeast Asian Nations, outward looking, living in peace, stability and prosperity, bonded together in partnership in dynamic development and in a community of caring societies.”64
Table 4 presents the main elements of the e-ASEAN framework.
Table 4: Elements of e-ASEAN
ASEAN INFORMATION INFRASTRUCTURE COMMON MARKETPLACE FOR ASEAN ICT (AII) GOODS AND SERVICES 1. Enhance interconnectivity and interoperability of 1. Liberalization of trade in goods national information infrastructures by 2001 2. Accelerate tariff reduction 2. Encourage cooperation 3. Liberalization of trade in services 3. Internet exchanges and gateways 4. Accelerate framework agreement on services 4. Regional caching/mirroring 5. Investment promotion in ICT sector 5. Hubbing 6. Extend incentives 6. Facilitate the development of the AII backbone 7. Facilitation of trade 8. Fast track MRA implementation
E-SOCIETY E-COMMERCE FRIENDLY ENVIRONMENT 1. Foster development of a knowledge-based society 1. Agree on regional standards based on international 2. Narrow the digital divide norms 3. Enhance workforce competitiveness 2. Electronic identification and authentication 4. Facilitate flow of knowledge workers in the region (such as PKI) 5. Use technology to enhance the spirit of ASEAN 3. Secure electronic payments and settlements community 4. Legal recognition of electronic transaction based on UNCITRAL E-GOVERNMENT 5. Code of e-commerce practice (UCC) Use ICT to: 6. Implementation schedules 1. Enhance delivery of services to the people 7. E-commerce code based on UNCITRAL for all countries by 2003 2. Facilitate free flow of goods, data and movement of people within ASEAN 8. For those with e-commerce legal infrastructure: 3. Facilitate linkages between public and private ¥ Encourage mutual recognition and cross sector and promote transparency certification of digital signatures and documents by 2001 4. Enhance inter-governmental cooperation ¥ Facilitate secure regional electronic payments and settlements by 2002 at the latest
64 ASEAN Secretariat, ASEAN Vision 2020, Kuala Lumpur, 15 December 1997. See http:// www.aseansec.org/1814.htm
82 The e-ASEAN legal framework and its challenges
At the Thirty-Third ASEAN Ministerial Meeting in July 2000, the ASEAN Secretary General said, “ASEAN countries must similarly embrace technology, its development and use if it is to remain competitive Ð not even to catch up with the industrialized world but simply to stay in the running. This is a call not for ASEAN necessarily to undertake basic, pioneering scientific research but to adapt, develop and utilize science and technology to strengthen the region’s economies and improve the lives of its people.”65
B. E-ASEAN Framework Agreement
In November 2000, ASEAN entered into the e-ASEAN Framework Agreement in order to facilitate the establishment of the ASEAN Information Infrastructure (AII); the hardware and software systems needed to access, process and share information and promote the growth of electronic commerce in the region. A high-level private-public sector task force formulated the framework. The member countries agree that e-ASEAN would bind them by facilitating interconnectivity and technical interoperability among their telecommunication systems and equipment.
The e-ASEAN Framework Agreement stresses bringing about changes required for e-commerce in the following words:
Member States shall adopt electronic commerce regulatory and legislative frameworks that create trust and confidence for consumers and facilitate the transformation of businesses towards the development of e-ASEAN. To this end, Member States shall:
a. Expeditiously put in place national laws and policies relating to electronic commerce transactions based on international norms; b. Facilitate the establishment of mutual recognition of digital signature frameworks; c. Facilitate secure regional electronic transactions, payments and settlements, through mechanisms such as electronic payment gateways;
65 Rodolfo C. Severino, ASEAN Secretary General, Report to the 33rd ASEAN Ministerial Meeting, Bangkok, 24-25 July 2000.
83 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
d. Adopt measures to protect intellectual property rights arising from e-commerce. Member States should consider adoption of the World Intellectual Property Organization (WIPO) treaties, namely: “WIPO Copyright Treaty 1996” and “WIPO Performances and Phonograms Treaty 1996”; e. Take measures to promote personal data protection and consumer privacy; and f. Encourage the use of alternative dispute resolution (ADR) mechanisms for online transactions.
C. Milestones and accomplishments
The following milestones and accomplishments were included in the joint statement issued by ASEAN at the World Summit on Information Society held last 10 December 2003.
1. Common reference framework for e-commerce legislation
In 2001, e-ASEAN published a Common Reference Framework for ASEAN e-Commerce Legal Infrastructure. The reference framework would be a guide for ASEAN member countries who have not drafted any e-commerce legislation on their own. The framework would also serve to facilitate cross-border e-commerce and the cross-recognition/cross-certification of digital certificates/digital signatures for ASEAN member countries that already have e-commerce laws in place.
2. E-readiness study
In 2001, the e-ASEAN Working Group commissioned an independent e-readiness study. The overall objective of the project was to assess the e-readiness of member countries in order to formulate regional ICT policies and recommendations.
One area for cooperation was identified as the ASEAN Mutual Recognition Arrangements (MRA) for trade liberalization and facilitation. The ASEAN Sectoral MRA on Telecommunications Equipment was launched during the First ASEAN Telecommunications Ministers (TELMIN) Meeting on 13 and 14 July 2001 in Malaysia. The Ministers urged the speedy implementation of the Sectoral MRA for Telecommunications Equipment adopted at the Sixth ASEAN Telecommunication Regulators Council (ATRC) Meeting in October 2000. This would put in place the region-wide acceptance or recognition of conformity assessment procedures for
84 The e-ASEAN legal framework and its challenges
telecommunications equipment, thereby facilitating trade, market access and suppliers in each other’s market.
A Joint Sectoral Committee (JSC) was established under the MRA to oversee the effective functioning and implementation of the Sectoral MRA. To date, two members have announced their readiness to enter into Phase 1 of the MRA, while another will be ready by December 2003.
3. ASEAN digital divide database
When the Second ASEAN TELMIN Meeting was held at Manila in August 2002, the Ministers agreed to the implementation of projects to narrow the digital divide between developed and less-developed ASEAN member countries. They also agreed to facilitate the transformation of ASEAN into a knowledge-based economy through the adoption and usage of ICT products and services. It was envisaged that this could be done through universally accessible networks, and competitive and affordable ICT products and services.66
Since then, ASEAN has taken the first step in bridging the digital divide by measuring the extent to which it is prevalent in ASEAN. Secondly, a publicly accessible digital divide database, ASEANconnect, (www.aseanconnect.gov.my) has been established to serve as a knowledge base for key data, statistics and measurement indicators, analysis of initiatives and information related to the digital divide within ASEAN.
4. Promotion of e-society
Several workshops, dialogues and seminars were conducted to share experiences of the ASEAN Member Countries. They include the SchoolNet seminar and forum to encourage and enable schools and universities to implement distance learning via the Internet; an Asia Incubator Workshop to assisted SMEs and entrepreneur groups; an e-ASEAN Open Source Software (OSS) Working Group to share information and best practices to provide a cost-effective alternative computer software development; a workshop to raise awareness and knowledge as well as optimize opportunities for ICT use by women was held under the auspices of the ITU.
66 Second ASEAN TELMIN, Manila Declaration 2002, 28 August 2002. See www.aseanconnect.gov.my/ resources/Manila_Declaration_2002.pdf
85 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
At the Third ASEAN TELMIN meeting at Singapore in September 2003, an ASEAN youth dialogue was held with telecommunication and IT ministers to highlight the interest and contribution of youth for future ICT development. An ASEAN e-Measurement Forum would develop a comprehensive set of ASEAN ICT indicators to help monitor regional progress in the ICT sector. Several public awareness programmes have been conducted: (a) ICT road shows and technical forums, (b) e-ASEAN Business Forum, (c) e-ASEAN Industry Dialogue, and (d) promotion of e-commerce and e-government.
A number of ICT training programmes were conducted for the less developed ASEAN Member Countries under the Initiative for ASEAN Integration (IAI). This included a Primer on Cyberlaws for senior public officials, which was held at Singapore in November 2002. All ASEAN member countries sent participants to this meeting.
5. Development of regulatory models
ASEAN regulators have agreed to develop non-binding regulatory models on best practices in three key areas, namely: (a) competition management and interconnection; (b) convergence and new services; and (c) cooperation on capacity-building. These models will serve as approaches and guidelines that ASEAN regulators could use as reference materials to develop new legislation and regulatory practices or to establish their respective systems and processes.
D. The e-ASEAN reference framework for e-commerce legal infrastructure
Several task forces and technical working groups have been established to help realize the e-ASEAN goal that emerged from the e-ASEAN initiative. One is the task force on e-commerce, which is in charge of ensuring the facilitation of electronic commerce in the ASEAN region through adoption of laws and policies based on international norms. This would promote trust and confidence of the general population and of those who transact business over the Internet, in particular.
Singapore was assigned to shepherd the task force on e-commerce with the assistance of Malaysia and Brunei Darussalam. Its mandate covers the following areas:
1. E-commerce legal framework, 2. E-commerce legislation on electronic transactions and electronic signatures,
86 The e-ASEAN legal framework and its challenges
3. Consumer protection, 4. Online alternative dispute resolution, 5. Privacy and personal data protection, 6. A regional electronic payments system, 7. Intellectual property rights, 8. Cybercrime legislation and prevention, 9. Development of authentication and security policies, 10. Mutual recognition of digital signature framework, 11. Security policy, and 12. Taxation issues.
As part of its primary mandate, the task force on e-commerce developed an e-commerce reference framework in 2001 based on the e-commerce laws of ASEAN member states, and in consultation with the legal experts from the governments of these member states. The laws included in the e-commerce reference framework are: (a) Electronic Transactions Act (ETA) of Singapore; (b) Digital Signature Act (DSA) of Malaysia, (c) Electronic Commerce Act (ECA) of Philippines, (d) Electronic Transactions Order of Brunei Darussalam and (e) Draft Electronic Transactions Bill (ETB) of Thailand.
These e-commerce laws were based largely on UNCITRAL’s Model Law on Electronic Commerce and Draft Model Law on Electronic Signatures, as well as the e-commerce and electronic signature laws used by some states in the United States (such as Utah and Illinois) and by some countries in Europe (such as Germany).
The reference framework is intended to provide a guide for helping ASEAN member states (especially Cambodia, Lao People’s Democratic Republic, Myanmar and Viet Nam) that do not have any e-commerce laws in place to accelerate the timeline to draft their own. The reference framework will also help ASEAN member states that already have e-commerce laws to facilitate cross-border e-commerce and the cross-recognition/cross-certification of digital certificates/digital signatures.
A key feature of the framework is the outline of general principles for e-commerce laws that Member States must adopt in drafting their own laws. The general principles are:
87 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
1. They should conform to international standards such as UNCITRAL’s Model Law on Electronic Commerce and Draft Model Law on Electronic Signatures to be interoperable with similar laws of other countries; 2. They should be transparent and predictable so that there is no legal ambiguity between transacting parties in an electronic transaction; 3. They should be technology neutral, with no discrimination between different types of technology; 4. They should be media neutral, that is, paper-based commerce and e-commerce are treated equally under the law.
The Framework likewise states the minimum provisions to be contained in Member States’ draft laws. It proposes that e-commerce laws should include the following provisions at a minimum: (1) electronic transactions; (2) normal rules of contracts should apply equally to transactions online; (3) the legal effect of using electronic records and electronic signatures; (4) rules regarding the reliability of electronic records and electronic signatures; (5) duties and regulation of trusted third parties and certification authorities; and (6) the extent of legal liability for service providers.
E. Challenges to the development of an e-ASEAN legal framework
One major challenge facing the development of a common legal framework is the varying levels of e-readiness among ASEAN member states. Such a challenge was confirmed in the 2001 study commissioned by ASEAN. In that study, e-readiness was defined as the degree to which a community is prepared to participate in the digital economy. It measured several factors based on the e-ASEAN framework goals such as infrastructure, e-society (education, home and business users, workforce), e-commerce (taxation, legal framework, payments, etc.) and e-government (penetration, promotion, organization). In that study, it was found that among the ten member states, only one has attained world-class status.
Another challenge concerns the laws already enacted by five of the ten ASEAN member states. A review of these laws has highlighted differences in the following areas: (1) electronic transactions legislation; (2) electronic signatures; (3) licensing of certification authorities; and (4) the liability of service providers.
88 The e-ASEAN legal framework and its challenges
In addition, there is a reference framework for ASEAN, but issues of cross border recognition of electronic transactions and electronic signatures have not been addressed fully.
F. Prospects for future projects
ASEAN lists the following as issues of concern that need to be addressed:
1. Admissibility of evidence in court, 2. Computer misuse/cybercrime, 3. Copyrights/trademarks and intellectual property rights, 4. Data privacy and protection, 5. Consumer protection, and 6. Internet code of practice/advertising code of practice.
G. Conclusion and the need for partnership
In a borderless electronic world, ASEAN cannot confine itself within the region and hope to solve all problems by itself. It is thus important to seek out assistance and learn lessons from both inside and outside. Partnerships with organizations such as United Nations ESCAP, APEC and Australian Agency for International Development (AusAID) will strengthen efforts to realize the goals of e-ASEAN.
These organizations have been willing to lend a helping hand to support ASEAN efforts in this area. For example, ESCAP recently concluded a capacity-building workshop for participants coming from countries in the Greater Mekong Subregion (GMS). Another example of collaboration is an ongoing project between ASEAN and the Australia Development Cooperation Program for a project to develop a legal infrastructure for e-commerce. It was designed to address obstacles to cross border recognition of electronic transactions and signatures arising from differing legal infrastructures for e-commerce in ASEAN member countries.
89 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
References consulted
http://www.ksg.harvard.edu/iip/stp305/Fall2000/paua.PDF
http://www.ecommercetimes.com/story/5491.html
http://www.aseansec.org/7808.htm
http://www.e-asean.info/eread-guide.html
http://www.itu.int/dms_pub/itu-s/md/03/wsis/c/S03-WSIS-C-0004!!MSW-E.doc
90 Current challenges for Viet Nam in developing the legal and regulatory system for e-commerce
PART TWO
91 Current challenges for Viet Nam in developing the legal and regulatory system for e-commerce
I. CURRENT CHALLENGES FOR VIET NAM IN DEVELOPING THE LEGAL AND REGULATORY SYSTEM FOR E-COMMERCE
By Nguyen Ngoc Dien1
Introduction
E-commerce has been developing independently in Viet Nam for some years in line with progress in information technology applications for the economic sector. Until the present, e-commerce has been considered as a special instrument to be used in transactions among trade persons in Viet Nam. It has not yet been developed further for transactions between traders and consumers. However, the initial success of this kind of business for wholesale trade has been encouraging and has created a greater interest among the people of Viet Nam in terms of its potential for broader and deeper economic development.
It has been acknowledged that in material terms Viet Nam is not yet completely ready for the general practice of online commerce. The current economic and technological challenges are mostly the same as in other developing countries.2 However, stable economic development would certainly contribute to more rapid familiarity and acceptance of this form of commercial activity. Such a development would gain popularity with the Vietnamese people as a parallel to the popularity of Internet use in daily life.
Vietnamese lawmakers have quickly found it necessary to place e-commerce on a solid legal base in order to facilitate its implementation. At the beginning of 2000, Viet Nam was officially engaged in the APEC common action programme for the development of non-written commercial transactions. The need to strengthen Vietnamese legislation on e-commerce became more urgent.
1 Docteur en droit and Dean, Faculty of Law, University of Can Tho, Viet Nam. 2 The development of e-commerce presumes facilities exist, such as a developed information industry; a dynamic and diversified commodity economy, sufficient general use of information technology achievements in various economic fields, a trustworthy electronic and/or online payment system and a good encryption system for economic transactions. Most of these requirements are in the process of being formed in Viet Nam.
93 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
To this effect, the government established a special committee in 2000 in order to elaborate an ordinance on e-commerce. Under the direction of this committee, a draft ordinance has been prepared and revised several times. During the process of refining and finalizing the draft e-commerce ordinance, Vietnamese lawmakers were confronting the same problems as their colleagues in other countries. That is, they needed a definition of e-commerce transactions, qualification of electronic signatures, qualification of secured electronic signatures, accreditation of the electronic certification service provider and establish the responsibilities of the net service provider.
In addition, development of the e-commerce legal system in Viet Nam has had unique problems, such as the standardization of the written language to be used in domestic electronic commerce; definition of the object of e-commerce law, choice of a model of the electronic certification service provision and state management of e-commerce.
The government had recently decided to elaborate a law on electronic transactions of all kinds. The e-commerce ordinance project would be included in this new legislative endeavour, which is expected to be finished at the end of 2005 or in early 2006.
This paper contains the author’s reflections on some of the most sensitive issues relating to creating the legal basis for e-commerce development in Viet Nam.
A. Definition of e-commerce
Many difficulties have been encountered when trying to formulate the definition of e-commerce. The following difficulties can be highlighted from the experience of Viet Nam. First, e-commerce is conceived as a special form of commercial activity that is carried out and concluded through the Internet. Therefore, in principle, it must be legally practiced in conformity with commercial law. The problem is that Vietnamese commercial law is now at an embryonic stage. The normal concept of a commercial act, in particular, is still a fragile element in the positive law of Viet Nam.
The current law on commerce tries to formalize a general definition of what is a commercial act on the one hand, while it draws up a limiting list of commercial acts on the other hand. By virtue of article 5 of the Commercial Law of 1997, a commercial act is an act contracted by a person denominated as a trader in the
94 Current challenges for Viet Nam in developing the legal and regulatory system for e-commerce
professional exercise of his commercial activities.3 According to article 15 of the same law, however, an act cannot qualify as commercial if it is not mentioned in a list established by that article. It should be noted that in accordance with the legal enumeration of commercial acts, many activities that traditionally qualify as commercial in most judicial systems, are surprisingly excluded from commercial life by the authors of the said law. Examples include accommodation services, transportation services as well as some industrial activities.
Vietnamese lawmakers have proceeded to revise the law, based on awareness of the weak points in the current commercial law. For the definition of a commercial act, there has been a strong tendency to set the criteria based mostly on what has been established law in most European countries, especially under French law. The law on e-commerce would be drafted in line with this tendency. The problem may nevertheless become rather complicated owing to the fact that the revision of the law on commerce has been entrusted to the Ministry of Commerce, while the Commission of Sciences, Technology and Environment of the National Assembly has been preparing the legal framework for e-commerce activities.
The foundation of the draft law on e-commerce appears to be strongly influenced by the example of European commercial legislation, but the drafters seem more ready to adapt the French notion of commercial act to the Vietnamese legal situation in their conceptions about the revised law on commerce. It does not seem to indicate any attempt to simply adopt the French concepts, rather it is an adaptation. The law on e-commerce would not be expected to regulate all acts qualified as commercial in most systems and in accordance with international practices, while the new law on commerce only concerns a limited number of acts as strictly enumerated by law.
Another difficulty encountered in Viet Nam is that the authors of the law project on e-commerce still hesitate about how to define the scope of application for this law. Reports say that two options have been under consideration. The first option is to have the law on e-commerce regulate all commercial acts acknowledged in commercial law without distinguishing between acts that must be in writing (solemn act) and which may be concluded simply in conformity with the principle of consensus. The second option says that the law on e-commerce concerns all commercial acts, except for the acts that must be concluded in writing.
3 Thus, the possibility is excluded that a commercial act can be concluded by a non-professional trader.
95 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
In the event that the first solution would be adopted, Vietnamese lawmakers would have to cope with a rather delicate problem. As for the acts which must be concluded in writing, a set of conditions must be established for the equivalence between manuscript writing and electronic writing. In reality, this solution was adopted by number of countries.4 Vietnamese lawmakers could refer to the concerned systems for a solution to the problem that is most adaptable to Vietnamese legal practice. Nevertheless, the idea of assimilation of electronic signature to manuscript signature in case the latter is required ad validitatem (as condition of validity), even under certain conditions, seems not suit the Vietnamese way of thinking.
For the time being, there is a strong tendency towards the second solution. The adoption of this solution does not exonerate the lawmaker from establishing conditions for equivalence between manuscript writing and electronic writing. In the hypothetical situation, the problem would be raised only in the field of proof, since the manuscript signature would be required ad probationem (as a condition of proof) and not ad validitatem (as a condition of validity).
It is noted that before the introduction of e-commerce practice in Viet Nam, lawmakers acknowledged that when concluding a sales contract, electronic writing had the same probatory value as writing on paper, as a result of article 49 of the Law on Commerce of 1997. An e-mail thus could be judged as probatory as a traditional letter. Such a solution might lead the way to an astonishing deduction according to which, in the point of view of proof in commerce, the signature is not considered to be a necessary element of a written deed. This conception seems abnormal and not in conformity with traditional juridical thinking. It is probable that the Vietnamese drafters of law on e-commerce would not use this strange conception, considered as a technical mistake in the matter of legislation. Indeed, in all the projects concerning e-commerce, an electronic signature has always been defined as the key element of an electronic document.
B. Electronic signature
The regulation of electronic signature has developed around the basic idea according to which the electronic signature is the signature conceived in the normal sense and put in an electronic document with the aid of electronic means. The electronic signature is essentially different from the manuscript signature for the fact
4 The non-distinction between electronic writing and manuscript writing, upon certain conditions, was approved by most European countries as well as by the United States.
96 Current challenges for Viet Nam in developing the legal and regulatory system for e-commerce
that the latter emanates from the writing gesture of the signer. In this sense, the electronic signature is not really something so original or strange to Vietnamese people.
Traditionally, there are arrangements to permit one person to conclude and execute a legal obligation through another appointed person. For decades, facsimile technology applications have been facilitating the acknowledgement of copied signatures as extrajudicial proof of manuscript signature even in important transactions. It is not so difficult to point out the particularities of an electronic signature. On the one hand, the author of an electronic signature does not really sign, although that is not the case for a facsimiled signature. On the other hand, the affixture of an electronic signature on an electronic document is a personal gesture of the signer, and that is not the case of mandator.
The problem, however, is that, like most systems inspired by French legal culture, the Vietnamese law does not conceive a definition of normal (manuscript) signature.5 It should also be noted that the current Vietnamese civil code does not contain systematic rules of proof of juridical act and that the development of regulations of proof has not been brought into question in the framework of the current revision of the civil code as assumed by the Ministry of Justice.
In summary, a formal definition of a manuscript signature is not included in Viet Nam to be part of written law. Meanwhile, the definition of electronic signature is being refined with care by the drafters of the law on e-commerce. In all drafts of the law on e-commerce, electronic signature is defined in the same manner as in other legal systems.
Since the notion of signature has not been conceived in written law, the definition of functions of signature has likewise been neglected. It is widely admitted in practice, however, that affixing one’s signature into a document implies that the author of the document is also the person whose identity is described in the same document and affixing one’s signature into a document implies the author adheres to the content of the document. Vietnamese law thus seems to tend towards the same conception of function of signature as in the law of most of countries.
5 The definition of signature was formalized in French written law since the adoption of law of 13/03/ 2000: CCF. Art. 1316 to 1316-4. In reality, the legal meaning of a signature acknowledged in Vietnamese law is the same as its general meaning. The signature is indeed the name of a person written with his or her own hand to signify that the writing that precedes accords with his or her wishes or intentions: Merriam-Webster’s Dictionary of Law, 1996.
97 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
That explains why in the project of law on e-commerce, the definition of functions of electronic signature has been profoundly inspired by European law. The electronic signature has become indeed an element assuming two functions Ð identification of the signer and validation of the document. However, owing to the fact that the electronic signature is not the signer’s handwriting, the law must impose certain requirements for e-commerce to meet in order to ensure that the electronic signature is put into the document only by the appropriate personal gesture of the person whose identity is mentioned in the said document. To this effect, Vietnamese lawmakers foresee that it is possible to adapt the institution of secured electronic signature in the Vietnamese legal context, in addition to certification of electronic signatures.
Vietnamese lawmakers appear to be unwilling to follow the French homologue as for the question of certification. The latter imposes certification as one of the conditions for the acknowledgment of the validity of electronic signature. In general, e-commerce is a special form of commercial activity introduced into Viet Nam. It is not an endogenous product of Vietnamese economic development. The Vietnamese law thus has not had its own rules of conduct to be applied in this matter before Vietnamese lawyers started acquiring knowledge about foreign legislation on e-commerce and, more generally, on e-transactions. That explains why in the course of improving the Vietnamese law on e-commerce, the lawmakers did not encounter any conflict between Vietnamese law and foreign laws, as far as the solution of various technical problems are concerned. Most of the time, the lawmakers approve a solution already acknowledged in a foreign system, eventually with certain reserves.
It is sufficient for the lawmakers to refer to other systems for improving the legal regime concerning electronic signatures. However, the real problem is how to avoid having the regulation of electronic signatures becoming better elaborated than regulations on normal (manuscript) signatures, as part of civil law. The revision of the Vietnamese civil code does not include the insertion of rules relating to proof; the manuscript signature thus does not have any chance to appear as a formal legal object of Vietnamese written law.
C. Consumer protection
E-commerce has been practiced in Viet Nam between tradesmen and has not yet been acknowledged as a form of transaction between a tradesman and a consumer. However, it is certain that the development of e-commerce is destined for more general involvement of consumers. Wherever a consumer and a business
98 Current challenges for Viet Nam in developing the legal and regulatory system for e-commerce
person are partners in a transaction, the protection of the consumer is put into question. It seems, however, that Vietnamese lawmakers have not found it necessary to prepare special measures to the effect of consumer protection in the field of e-commerce. With regard to Vietnamese legislation, the protection of consumer participating in e-commerce transactions is ensured normally by the general regulation on consumption. On this point, the position of Vietnamese law is very similar to French law.
D. State management of e-commerce
Viet Nam is a socialist country, which means that governance would be ensured by the socialist political system characterized by the all-sided leadership of the communist party. One of the most remarkable characteristics of a socialist regime is the close state management of economic development.6 E-commerce as a kind of economic activity must be mentioned among the objects of the State policy of economic management.
In addition, it has been said that the socialist regime permanently encounters critics and threats emanating from partisans of opposite ideologies. The socialist leaders find it necessary to proceed with control and supervision of the media in order to impede the diffusion of reactionary or hostile ideas or the communication of reactionary schemes against the socialist government, and more generally to prevent all ideological attacks on the socialist material and/or spiritual interests. The Internet serves as an excellent means of communication and information in modern times, but it must be considered as a main target for this kind of control. State control of the Internet has also been justified in Viet Nam by the protection of the social order and the necessity for the preservation and the development of traditional spiritual values against some so-called pernicious culture. E-commerce as a kind of commercial activity practiced through the Internet must be controlled as a result of the state’s general policy to control and supervise Internet use.
The subjects that come under state control and supervision concerning e-commerce are: (a) use of the Internet for the practice of e-commerce; (b) web administration; (c) providing net service; and (d) providing electronic certification service.
6 Since the end of the 1970s, there has been a strong tendency originating from China, to renovate the socialist economic system. The renovated system is characterized by the application of market rules in economic activities. However, it is said that a modern socialist economic system is an open economy oriented to socialist outcomes. This orientation presupposes the active intervention of the State in the economic planning and development.
99 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
The general idea behind control and supervision of content is that the exploitation of means of electronic communication and more particularly use of the Internet must not be harmful to the national security, the defense of the socialist ideology, the public order and good customs and habits.7 Consequently, the concept of illegal electronic transactions would be wider in Vietnamese law than in other systems. The notion of prohibited web has been conceived with reference to the political, cultural, moral criteria that are very special when compared to occidental law.
There are two categories of control measures. The first category is preventive measures. A measure qualifies as preventive once it is prepared for the purpose of precluding acts considered to be harmful to the protected interests. To this effect, the Vietnamese lawmakers plan to formalize a number of rules. The most noteworthy are the following: (a) provision of net service is subject to prior authorization of the government; (b) the same prior authorization is required for the creation of a web site, whether it is accessible by the public for free or not; (c) it is prohibited for the web administrator to put reactionary or pernicious information on a web site or to create direct or indirect linkage with the web sites containing information of this kind; (d) Internet users are obliged to not use or access prohibited web sites and not to help in the propagation of unfavourable information kept by a web site.8
The second category is suppressive measures, which are applied in cases of violation of rules concerning the State management of e-commerce. The measures may take the form of administrative sanctions or penal sanctions. It is thus expected that the administrative law and the penal law would have to be completed with corresponding rules.
E. Control of electronic certification service
The electronic certification service is used to the guarantee identification of the signer of an electronic document as well as the integrity of the document. State
7 It is prohibited to deal with anti-communist art works. 8 Since March 2004, users at Internet stores are obliged to show their identity card to the store manager, in accordance with a decision promulgated by the Ministry of Public Security. The net service provider must cooperate with the public authorities in prevention and detection of acts harmful to the national security and the public order. More particularly, the net service provider must create a firewall to block the penetration of dangerous information. In addition, the net service provider is obliged to cooperate with the competent authority to reveal use of the Internet for actions considered to be dangerous to the national security and the public order. The Internet store must also save information on the user’s identity and web sites visited by users for at least 30 days in the interests of public control.
100 Current challenges for Viet Nam in developing the legal and regulatory system for e-commerce
management of the electronic certification service can take the form of one of three different models.
Under the first model, all electronic certification service providers are subject to the public authorities’ accreditation. A few countries have adopted this model. Under the second model, only providers planning to be engaged in the electronic certification service relating to important transactions or transactions concluded in such specific fields as public purchases, stocks and capital are subject to accreditation by public authorities. This is the most popular model.
Under the third model, development of electronic certification services are provided in a free market and depend only on the demand of society as well as the general rules of the market. The United States has this model and lawmakers give no attention to the regulation of certification. It is said that in accordance with the need of the society, the certification service would be reasonably offered and as a service it is also subject to the rules of competition like any other kind of business.
It seems that Vietnamese lawmakers do not prefer the third model, which is said to be antagonistic to the Vietnamese social and economic management system. Instead, the preference is for a combination of the first and the second models. Accreditation is thus held to be one of the conditions for becoming an electronic certification service provider. All electronic certification service providers must be accredited and the providers who intend to provide the service for partners engaged in important or specific transactions are subject to special accreditation. In any case, it is certain that accreditation would be obligatory for the provision of electronic certification services. Any non-accredited service would be considered illegal and subject to administrative or penal sanctions.
In addition, the electronic certification service provision would be placed under the permanent control assumed by a competent State organ. The objective of the control consists of two elements: efficiency of service and safety of service. To be efficient, the certification service must ensure the authenticity of the electronic signature; to be safe, it must ensure the integrity of the document validated by the certified signature. These qualities of the certification service cannot be attained if a service provider was not sufficiently equipped. The electronic certification provider must ensure that it does not grant certification to an illegal document.
101 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
F. Conclusion
The leaders in Viet Nam desire that e-commerce would develop rapidly, but with conditions. That is, measures should be in place to ensure that all-sided state control of Internet use, the general control of access and exploitation of media. In practical terms, it might not be so easy to satisfy this desire. Active state control and supervision of commerce, and more particularly of e-commerce, would not be very helpful for speeding up transactions. More precisely, the administrative control and supervision measures would take more time for an electronic transaction in Viet Nam when compared to another country. The national security could be ensured, but economic development in Viet Nam risks a slowdown.
102 National e-commerce legislation in Asia and the Pacific: the case of Singapore
II. NATIONAL E-COMMERCE LEGISLATION IN ASIA AND THE PACIFIC: THE CASE OF SINGAPORE
By Goh Seow Hiong9
A. Overview
The e-commerce legal framework of a nation can play an important role in enabling and facilitating e-commerce transactions within the country and across its borders. Such legislation creates the much-needed sense of certainty that for traditional paper-based physical business transactions that are paper-based canto be carried out in the electronic realm.
The foundation behind the formation of electronic contracts and the issues relating to disputes over such transactions need to be examined in order to understand the legal framework for e-commerce in Singapore. This requires a discussion about the present legal framework that provides the rules upon which electronic contracts are formed. There are also evidentiary issues to be discussed in relation to matters of proof when it comes to disputes over electronic transactions. Finally, the question of what is ahead for e-commerce laws in Singapore is considered.
B. Foundation for electronic contracts
Under general contract law, there are well-established principles and rules that deal with how a legally binding contract is created. There must be an intention to create legal relations between the parties concerned, and each party must have the capacity to enter into the contract. There should be an offer made by one party and an acceptance of the offer by the other party, and there should generally be consideration10 between the parties of the contract. The principle of privity of contract says that only a party to a contract can enforce the contract, even if the contract was for the benefit of a third party. There are, however, exceptions to this
9 Director, Software Policy for Asia, Business Software Alliance
103 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs principle.11 Finally, the contract must not be contrary to public policy. The application of these rules and principles together determine whether a contract is valid and binding.
In addition, some other concepts apply for electronic contracts. The main legislation in Singapore governing electronic contracts is the Electronic Transactions Act (ETA).12 While the law of contracts continues to apply broadly to both the physical and electronic world, the ETA fills the gaps where rules governing contracts in the physical world need to be supplemented to deal with the environment enabled by new technologies. The intention is for the ETA to be considered as consistent with commercially reasonable circumstances.13 The ETA also provides additional legal support for new technologies to assist the court in recognizing electronic evidence.
The ETA was passed in 1998 as enabling legislation to remove uncertainty about the legality of contracts formed electronically, to recognize electronic signatures and to clarify the liability of network service providers who only carry electronic traffic. The ETA sets out the voluntary licensing of certification authorities (CAs)14 as trusted third parties in the online world to provide the basis for establishing other trust relations.
The Electronic Transactions (Certification Authority) Regulations15 stipulate the requirements for a CA to obtain a licence in Singapore. The accompanying Security Guidelines for Certification Authorities16 stipulate the technical security requirements that must be met. The ETA also has provisions that enable Government agencies to implement electronic systems easily in order to transact with the public without the need to amend their own governing acts. The ETA provides for the acceptance of applications and issuance of digital licences, with the ability to send and receive electronic documents in a reliable manner.
11 Contract (Rights of Third Parties) Act (Singapore), Rev. Ed. 2002, Chapter 53B. 12 Electronic Transactions Act (Singapore), Rev. Ed. 1999, Chapter 88 http://www.cca.gov.sg (Cited hereafter as ETA.) 13 Section 3, ETA. 14 Technological solutions are available, if used, to prove to third parties the identity of the sender of an electronic message and to protect the integrity of such messages. 15 Electronic Transactions (Certification Authority) Regulations (Singapore), Rev. Ed. 2001, Regulation 1
104 National e-commerce legislation in Asia and the Pacific: the case of Singapore
C. Electronic records, signatures and contracts
Some specific ETA provisions related to electronic records, signatures and contracts as well as their secure counterparts should be examined in further detail. The ETA gives electronic documents and records the same legal standing as physical documents by declaring that the validity or enforceability of such electronic versions cannot be denied their legal effect on the basis of being electronic.17 The ETA makes it clear that where a rule of law requires information to be in writing, an electronic record containing that information will also satisfy the requirement, as long as the information can be accessed for subsequent use.18 Similarly, where a rule of law requires a signature, an electronic signature will also satisfy the rule of law.19 The ETA provides that an electronic signature can be proven in any manner.20
Where there are legal rules governing the retention of documents and records, the ETA sets out the circumstances and requirements for satisfying such rules by storing the information in electronic form.21 However, where the rule of law already expressly requires electronic records to be retained, or where a government agency or organ of state has stipulated additional requirements, such requirements must be followed.22 In addition, where the notice provision in a contract specifies the means (such as post or facsimile) to notify another party in writing, if e-mail or other electronic means are not explicitly listed as authorized means of notification, then electronic means may not be accepted as a valid method of giving notice.
The ETA expressly states that contracts can be formed electronically, unless the parties have agreed otherwise.23 Any offer and acceptance for a contract can be made in the form of electronic records or messages. The intention of the parties when entering into a contract conveyed in electronic form is of equal standing as that conveyed through traditional means.24 Attribution refers to how the identity of the originator and the addressee of an electronic record will be determined, and the ETA
17 Section 6, ETA. 18 Section 7, ETA. 19 Section 8(1), ETA. 20 Section 8(2), ETA. 21 Section 9, ETA. 22 Section 9(4), ETA. 23 Section 11, ETA. 24 Section 12, ETA.
105 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs has provisions governing this matter.25 The parties can also agree on an acknowledgement of receipt for electronic records to be sent by the recipient. The ETA provides that the receipt of the electronic record can be conditional upon the receipt of the related acknowledgement.26 Receipt of such an acknowledgement can only be used to presume that the related electronic record was received, but not that the content of the sent record corresponds to the content that was received.27
The ETA also deals with other important elements in the formation of contracts. These include the time and place of despatch and receipt of the electronic records relating to the contract. There may be explicit agreement between the parties, or in some circumstances, may be prescribed through regulations. In the absence of such stated or explicit circumstances, the despatch of a record occurs when it enters a system outside the control of the originator.28 In practical terms, if a party is using a personal computer in the course of forming an electronic contract by e-mail, despatch occurs when the message sent by that party leaves his computer and enters another machine outside his control (for example, the Internet service provider).
On the receiving side, the timing for receipt depends on whether the recipient has designated a particular system to receive such records. If there is a designated system, the time of receipt is when the record enters that designated system. The time of receipt for a record sent to any other non-designated system is when the record is retrieved by the recipient from the non-designated system.29 If no system is designated, then the time of receipt is when the record enters a system of the addressee. It is therefore advantageous for an addressee to designate the information system to which such electronic records are to be sent. The addressee will need to check the designated information system with diligence for new records (similar to the need to check for incoming facsimiles). However, records sent to any other non-designated system would be deemed received only when the addressee retrieves the records from such a system.
In the electronic environment, despatch and receipt can take place almost anywhere geographically with a suitable telecommunications link. Hence, the ETA seeks to avoid ambiguity and has deemed the place of business of the originator and
25 Section 13, ETA. 26 Section 14, ETA. 27 Section 14(5), ETA. 28 Section 15(1), ETA. 29 Section 15(2), ETA.
106 National e-commerce legislation in Asia and the Pacific: the case of Singapore
the addressee to be the place of despatch and receipt, irrespective of where the record was actually despatched or received.30 In cases where there is no such place of business, it will be deemed as the usual place of residence.31
The ETA has also allowed parties in a transaction to vary any of the above general rules on electronic contracting by agreement.32 However, the ETA provides for exceptions when the general rules on electronic contracting mentioned above would not apply.33 The exceptions include: (a) the creation or execution of a will; (b) negotiable instruments; (c) the creation, performance or enforcement of an indenture, declaration of trust or power of attorney with the exception of constructive and resulting trusts; (d) any contract for the sale or other disposition of immovable property, or any interest in such property; (e) the conveyance of immovable property or the transfer of any interest in immovable property; and (f) documents of title. However, these exceptions may be modified by a ministerial order.
D. Electronic signatures and digital signatures, secure electronic records and signatures
The ETA defines an electronic signature as any letters, characters, numbers or other symbols in a digital form attached to or logically associated with an electronic record, and executed or adopted with the intention of authenticating or approving the electronic record.34 This wide definition includes digital watermarking, scanned images of handwritten signatures, digital signatures and biometric signatures as possible forms of electronic signature. Each type of electronic signature has a different level of security afforded to it.
The ETA further defines a digital signature as an electronic signature that can transform an electronic record by using an asymmetric cryptosystem and a hash function. The signature is such that a person who has the initial untransformed electronic record and the signer’s public key can accurately determine (a) whether the transformation was created using the private key that corresponds to the signer’s public key and (b) whether the initial electronic record has been altered since the transformation was made.35
30 Section 15(4), ETA. 31 Section 15(5), ETA. 32 Section 5, ETA. 33 Section 4, ETA. 34 Section 2, ETA. 35 Section 2, ETA.
107 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Tools such as digital signatures allow for a signature (consisting of a string of numbers) to be attached to a document and provide two essential properties if the signature is successfully verified. First, it confirms that a document has not been tampered with since the time the signature was fixed, and second, it identifies the person who fixed the signature. These features of authentication and non-repudiation are not readily available with handwritten signatures. One means to create and verify digital signatures is through “public key encryption” or “asymmetric key encryption” technology. This involves the use of two distinct keys. They are mathematically related and randomly generated from prime numbers. The first key is known as a “private key”. It is held and kept as a secret by the individual making the signature. The second key is a “public key”, which can be known to the world-at-large. A public key infrastructure facilitates the use of digital signatures. Under this infrastructure, a Certification Authority (CA) certifies (in the form of a digital certificate) that a given public key is associated with a specific individual. A CA may verify with the individual face-to-face before such a certification is given. The digital certificate can subsequently be used to confirm the public key of an individual and verify the signature generated by the individual. It is essential for the verifier of a signature to know that he is using the correct public key of the individual for verification. It is envisioned that the digital signature would be one of several technologies that could be implemented to secure an electronic signature. The ETA allows for other forms of electronic signatures to be recognized as well.
The ETA further provides for secure electronic records and secure electronic signatures, and the presumptions accorded to such secure forms. A secure electronic record is one that applies a prescribed security procedure or a commercially reasonable security procedure (agreed to by the parties involved) with the capability to verify that the electronic record has not been altered since a specific point in time.36 If a prescribed security procedure or a commercially reasonable security procedure agreed to by the parties involved is applied, an electronic signature can be deemed secure. The security procedure should be able to verify that at the time the signature was made, it was (a) unique to the person using it; (b) capable of identifying such person; (c) created in a manner or using a means under the sole control of the person using it; and (d) linked in such a manner to the related electronic record that if the record were changed, then the electronic signature would be invalidated.37
36 Section 16, ETA. 37 Section 17, ETA.
108 National e-commerce legislation in Asia and the Pacific: the case of Singapore
One important feature of the ETA provides for several presumptions related to secure electronic records and secure electronic signatures that are appropriately verified.38 The following presumptions are provided, but they can be rebutted: (a) the secure electronic record has not been altered since the specific point in time to which the secure status relates; (b) the secure electronic signature is that of the person to whom it correlates; and (c) the secure electronic signature was affixed by that person with the intention of signing or approving the electronic record.
The ETA further provides for the effect of digital signatures. It specifies how a digital signature will be treated as a secure electronic signature39 and how an electronic record signed with such a digital signature will be treated as a secure electronic signature.40 Likewise, the evidentiary presumptions described above will apply in those instances where the associated CA is licensed.41 In addition, the ETA describes the general duties relating to digital signatures, duties of CAs, duties of subscribers, and the regulation of CAs.42
Since there is no prior face-to-face contact between the parties, the services of a CA are useful in relation to e-commerce transactions, because the transactions will be legally binding. Such technology is especially useful when online transactions are of high value or where the identity of the customer is of primary concern. The CA also bears some liability in the event that the CA does not correctly identify the customer.
E. Evidentiary issues of electronic transactions
One basic feature of information systems from which legal issues arise is the alterability of the documents and records. Systems built on e-commerce solutions are no exception. This feature makes the nature of the information and documents stored electronically fundamentally different from their physical counterparts. Unlike physical documents, changes made to electronic documents, if not protected by additional measures, are virtually undetectable. Inevitably, in the event of a dispute
38 Section 18, ETA. 39 Section 20, ETA. 40 Section 19, ETA. 41 Licensing of CAs under the ETA is voluntary. 42 Sections 23-26, ETA for digital signatures; Section 27-35 for duties of CAs; Section 36-40 for duties of subscribers; and Section 41-46 for regulation of CAs.
109 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs where such electronic documents need to be produced in court proceedings, challenges would be raised about the reliability and admissibility of the documents.
In Singapore, the Evidence Act (EA)43 was amended in 1995 to deal with the general admissibility of computer output as evidence. The Evidence (Computer Output) Regulations44 were promulgated in 1996 to establish the criteria for certifying imaging systems that can archive documents in an electronic form to be recognized under the EA. The amendments provide for the admissibility and weight of computer output to be used as evidence in criminal and civil proceedings, and allow for the accurate reproduction of documents by electronic or other technical processes to be admissible as secondary evidence.
There are three ways to admit computer evidence. The first is by express agreement between the parties in the proceedings that the authenticity and accuracy of the contents are not disputed.45 This method requires both parties in the proceedings to agree that the computer output should be admitted as it is. This agreement can occur at any time, either before or during the proceedings. The second way is by showing that an approved process was used to produce the computer output.46 A process is approved when it has been audited and certified by an agency that has been appointed by the Ministry of Law to be a Certifying Authority.47 The Certifying Authority will audit the process in accordance with the published compliance criteria in order to certify it. Once the process is certified and approved, the presumption under the law is that the computer output produced by the approved process is accurate, unless it is proven otherwise.
The regulations on compliance criteria for imaging systems were published as the First Schedule of the 1996 Regulations. The criteria in the regulations establish how businesses can seek certification and approval for their imaging systems so that they can be used to transform physical documents into electronic form, discard the physical copies and rely on the electronic copies.48
43 Evidence Act (Singapore), Rev. Ed. 1997, Chapter 97. 44 Evidence (Computer Output) Regulations (Singapore), Rev. Ed. 1997, Regulation 1. 45 Section 35(1)(a), EA. 46 Section 35(1)(b), EA. 47 To be distinguished from a Certification Authority under the ETA. 48 The Auditor-General was appointed as a Certifying Authority under the 1996 Regulations, primarily for the purposes of auditing government systems. In addition, the Ministry of Law, through the Appointment of Certification Authorities notification (Appointment of Certification Authorities (Singapore), Rev. Ed. 1997, S 273/2001), also appointed several other commercial organizations as Certifying Authorities for the private sector. These appointments are renewable for fixed terms.
110 National e-commerce legislation in Asia and the Pacific: the case of Singapore
The third way is by showing that the computer output was generated by a computer that was at all material times operating properly.49 The party tendering the output will have to prove the accuracy of the computer output to the court. The system operator, manager or other experts may tender evidence to certify that the computer producing the output was operating properly and the computer output is correct and reliable. There should be no reasonable ground to believe that the electronic record is inaccurate, untruthful or unreliable. If there was any malfunction in the system, it should be shown that the malfunction was immaterial. The accuracy of the output cannot be presumed, but needs to be proven, and this is unlike the situation for the approved process.
Additional provisions supplement and support the three methods enumerated above. The EA provides that if the court is not satisfied with the evidence given according to the three methods mentioned, then it may call for further evidence.50 This provision allows the court to satisfy itself about the accuracy of the output from (a) a person responsible for the operation or management of the Certifying Authority; (b) a person responsible for the operation of the computer; (c) a person who had control or access to any relevant records and facts relating to the production of the computer output; or (d) an expert appointed or accepted by the court.
In ascertaining the legal weight given to the computer output that is to be admitted, the court will consider the following factors:51 (a) the circumstances from which any inference can be reasonably drawn as to the accuracy of the output; (b) whether the information in the electronic record was recorded contemporaneously with the facts dealt with in that information; and (c) whether any persons involved had any incentive or motive to conceal or misrepresent the information in question.
With the first method of express agreement, in practice, if a dispute has arisen and the point of contention concerns the accuracy of the records, agreement is unlikely to be reached. As such, it is useful to have a prior agreement before the dispute arises (for example, at the time of making the contract) that the computer output will be accepted.
49 Section 35(1)(c), EA. 50 Section 36(1), EA. 51 Section 36(4), EA.
111 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Approved process is the second method, which has the advantage in that once a system owner has the system certified and approved, system records stored and produced as computer output in that system will be presumed accurate. The burden would be on the disputing party to prove otherwise. This gives a strong advantage to the system owner and it can be a great burden for the other party without access or knowledge of the system in question to challenge the presumption.
Fallback provision is the third method, where in the absence of any agreement or the use of an approved process, it is left to the parties to prove the reliability of the output. Once proven, the electronic document may then be admitted as evidence.
For e-commerce systems, the EA and ETA offer two avenues through which the records of e-commerce transactions can be proven in court in the event of a dispute. The appropriate framework to be adopted for any specific system depends on the particular characteristics of the technical system in use and the nature and the manner in which the transaction is conducted. The two approaches offer flexibility for the parties to choose an approach solution that best meets the business and legal requirements while balancing the security and usability requirements of the transaction.
F. Looking ahead
The Singapore Government has called for a public consultation to review the country’s cyber legislation. The scope of the review includes the ETA and the Electronic Transactions (Certification Authority) Regulations. The objective of the review is to update and fine tune the legislation and regulations to address the changing environment and international developments since the original enactment was made about five years ago. It is expected that changes to the law would be made by the first quarter of 2005.
There are three stages to the public consultation, which is done through consultation papers issued by the Infocomm Development Authority of Singapore and the Attorney-General’s Chambers.52 The first stage would deal with electronic contracting issues. The second stage would deal with areas of exclusions under the legislation, and the third stage would deal with electronic signatures and certification authorities. Consultation papers on the first two stages of the consultation have been released so far.
52 Available at http://www.ida.gov.sg and http://www.agc.gov.sg
112 National e-commerce legislation in Asia and the Pacific: the case of Singapore
In the first part of the consultation dealing with issues of electronic contracting in the ETA, feedback was sought on six broad areas. The first area is in relation to party autonomy. The issues under consideration are whether the law should compel parties to accept offers and acceptances in electronic form and whether there should be certain mandatory requirements in electronic contracting that are not open to variation by the parties.
The second area is about the recognition of electronic signatures. The issue being considered is whether the UNCITRAL requirements in relation to function and reliability are consistent with the current provisions under the law. The third area is about the formation of contracts. The issues under consideration include whether there should be a provision relating to when the offer and acceptance made in the electronic world should take effect, and whether a proposal to enter into an electronic contract made to the world-at-large should be considered an invitation to make an offer.
The fourth area concerns the rules on time and place of despatch and receipt. The issue under review is whether the present rules should be amended to be consistent with UNCITRAL relating to the control over the electronic message and the capability to retrieve messages rather than the information system being used.
The fifth area is in relation to automated systems. The issue involves consideration of the status of electronic contracts resulting from the interaction with automated systems, as well as issues relating to errors made by a person in communication with an automated system.
The sixth area focuses on miscellaneous issues, such as the validity of incorporating terms and conditions by reference in electronic communication, the manner in which the originality of an electronic document is to be addressed, and whether legislation relating to the sale of goods in the physical world applies to electronic goods.
The second part of the consultation on the exclusions under Section 4 of the ETA considers the rationale behind the exclusions. Feedback has been sought on whether the exclusions should be retained or modified. The recommendations in the consultation paper are that no changes be made with respect to wills, negotiable instruments and documents of title. In addition, the following instruments are considered:
113 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
(1) For indentures, it is recommended that secure electronic signatures may be allowed to satisfy the requirements of sealing a deed. (2) For trusts, the proposal is to limit the exclusion only to testamentary trusts and trusts relating to land. (3) For power of attorney, the consultation paper observed that there are benefits to removing the exclusion, although some jurisdictions limit the exclusion to certain types of powers of attorney. (4) For transfer of immovable property, instead of a wide exclusion, consideration is being given to whether certain classes of people or types of land transactions should be allowed. (5) For carriage of goods (including documents of title and negotiable instruments), feedback is sought on whether it should be permitted in a manner consistent with the UNCITRAL Model Law on Electronic Commerce.
The consultation process would also welcome any other feedback on additions or amendments to the exclusions presently provided under Section 4 of the ETA. The consultation period for the first stage has already concluded and the second stage was scheduled to close in August-September 2004.
114 Current issues and developments of privacy protection in the Republic of Korea
III. CURRENT ISSUES AND DEVELOPMENTS OF PRIVACY PROTECTION IN THE REPUBLIC OF KOREA
By Jongchan Park53
Introduction
The Government of the Republic of Korea formulated its Basic Informatization Promotion Plan in 1996 to elevate the country into the “IT Power-eKorea”. In December 2000, the Republic of Korea had succeeded in building a broadband Internet network covering 144 regions around the country. As a result, broadband Internet access is now being enjoyed by more than 10.4 million households, that is, more than 70 per cent of all households in the country.
Thanks to this well established broadband network, most of the people in the country can enjoy Internet banking and shopping, e-mail service and so on. However, the information age has brought many unexpected negative effects such as privacy infringement. Many organizations and people express their concerns about privacy protection and request effective measures to solve these problems. According to these growing mounting requests, the government of the Republic of Korea has enacted information protection laws.
This paper briefly summarizes the history of information protection in the Republic of Korea and then considers information protection in the private and public sector. In writing this paper, I am indebted to Dr. Chang Bum Lee, Secretariat of Personal Information Dispute Mediation Committee, Korea Information Security Agency (KISA).54
53 Professor, Korea University, Republic of Korea. 54 Most of the contents in this paper came from his paper “Personal Information Protection in Korea”, published in November 2002 by KISA.
115 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
A. History of information protection in the Republic of Korea
The Constitution of the Republic of Korea provides for the protection of the information and the liberty of the individual’s personal life. Article 17 states that all citizens shall enjoy the inviolable right to privacy. It purports to ensure every citizen the right to control and determine his or her own personal information.
In line with the Constitution, a variety of statutes provide for personal information, including: the Protection of Communications Secrets Act (1993), the Telecommunications Business Act (1991), the Medical Service Act (1973), and the Act on the Protection of Personal Information Maintained by Public Agencies (1994). In addition, there are other statutes, such as the Use and Protection of Credit Information Act (1995), the Framework Act on Electronic Commerce (1999), the Digital Signature Act (1999), the Act on Promotion of Information and Communications Network Utilization and Information Protection (1999), and the Act on Protection of Consumers in Electronic Commerce (2002), among others. Each act contains provisions on information protection.
In 1999, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (referred to hereafter as the Information Protection Act) was enacted to provide guidelines for personal information protection in the private sector. This Information Protection Act went into effect in 2000 and adopted eight principles recommended by the OECD Privacy Guidelines of 1980. These principles include: information protection, the rights of data subjects, the responsibilities of service providers, and possible remedies following personal information infringements.
The Act on the Protection of Personal Information Maintained by Public Agencies has comprehensive provisions for protecting personal information managed by computers of public agencies.
B. Information protection in the private sector
1. The scope of application
In the scope of the Information Protection Act, the data subject is the user who utilizes the information and communications services rendered by the providers of information and communications services. The purpose of the Information Protection Act is to protect personal information of users.
116 Current issues and developments of privacy protection in the Republic of Korea
The main subjects of the Act are providers of information and communications services (referred to hereafter as the Service Provider). Other subjects are persons who seek profit by either providing information or serving as intermediary in the provision of information, while utilizing the telecommunications services. Specific offline companies, such as travel agencies, airlines, hotels and educational institutions are also covered by the Act.
The term personal information means that information pertaining to any living individual, which contains the code, letter, voice, sound and image, etc. that make it possible to identify such an individual by name and resident registration number, etc. (This includes information which, if not by itself, makes it possible to identify any specific individual if combined with other information).
2. Rights of users
(a) Controlling authority of users (data subject)
User consent is necessary when the service provider intends to collect the user’s personal information and provide it to third parties beyond the guidelines prescribed in the Act or specified in the service contract. The user is entitled to control his or her own information, and the service provider must first seek permission to divulge personal information to third parties.
Under the Act, at any time the user may also withdraw his or her consent given to the provider. Upon receiving a withdrawal of the consent, the provider must promptly take necessary measures such as disposing of personal information gathered or suspending the out-of-purpose use. Other Acts and subordinate statutes may require the preservation of such personal information, but it is not the case with this Act.
Each user is entitled to examine his or her personal information. If that information is erroneous, the user is entitled to request corrections.
Without the consent of a user, the provider cannot gather sensitive information about a user, including ideology, faith and medical history, which are likely to infringe excessively on the rights, interests and privacy of a user.
117 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
(b) Information protection for children
The service provider must obtain consent from a child’s legal representative when intending to gather personal information from users under 14 years of age, to utilize such information or to convey the information to any third party. In certain cases, the provider may ask for the minimum information necessary, including the name, etc. of the legal representative without his/her prior consent, for an agreement of the legal representative.
(c) Right to refuse unsolicited advertising e-mail
Sending unsolicited advertising e-mail (spam mail) after the addressee explicitly refuses such mail is prohibited.
Unsolicited advertising by e-mail should contain the following:
(i) the subject line of each message must contain the words (Advertisement) or (Adult) and indicative words about its contents; and (ii) contents should include opt-out instructions written in both Korean and English with contact information such as the sender’s name, telephone number, e-mail address and address.
(d) Claims for damages from personal information infringement
In the event that a user suffers damage from the service provider because the provider violated the information protection provisions, the user may claim the compensation from the provider. In this case, the provider would be held responsible if it fails to prove non-existence of his/her intention or negligence of such violations.
3. Responsibilities of information communication service providers
(a) Responsibility to minimize personal information collected
The service provider is required to collect the least amount of personal information within the ambit of its indicated purposes. The provider cannot refuse to provide services to a user who gives only the minimum required information.
No sensitive information regarding political opinions, religious or philosophical beliefs or history of past health problems can be gathered for any purpose, except when the user willingly provides it or other laws require such information.
118 Current issues and developments of privacy protection in the Republic of Korea
(b) Responsibility of notification and specification
The service provider is required to notify and explicitly inform its users of how personal information is processed by the Information Protection Act to ensure the full authority of the users. In so doing, the users can allow or refuse collection and use their own personal information.
(c) Prohibition against out-of-purpose use, etc.
The service provider may utilize or convey to the third parties personal information beyond the purposes indicated at the time of collection only with the consent of the data subject.
However, in cases where information collection is necessary to calculate the charges for information and communication services, or to conduct statistical work, academic research or market surveys without exposing any particular individual details, and where other laws demand the disclosure of personal information, the provider may utilize or convey such information to the third party without the user’s consent.
(d) Responsibility to allow access and correction
The service provider must promptly take the necessary measures when users request access to or correction of their own personal information. In this case, the provider must cease to utilize or convey such false information until the necessary corrections are made.
(e) Destruction and deletion of personal information
If a user has withdrawn consent to utilize and convey personal information, the service provider must promptly delete such information insofar as there is no valid reason to maintain it. Notwithstanding a request to delete, the provider may maintain the information only if other laws demand its maintenance or if there is a need to settle past due service bills.
(f) Safety measures for personal information
The service provider must make the necessary technological and managerial safeguards to secure the information lest it be lost, stolen, leaked out, altered or damaged.
119 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
(g) Nomination of personal information manager
The service provider should appoint a personal information manager who will safeguard information and deal with complaints from users.
(h) Cross-border transfer of personal information
The Information Protection Act prevents the service provider from entering into an international contract that might violate the information protection provisions.
4. Information protection authorities and remedies
(a) Ministry of Information and Communication
The Ministry of Information and Communication is in charge of establishing information protection policies and implementing the Information Protection Act. The Ministry is also responsible for information and communication networks, as well as the maintenance and supervision of telecommunications, postal services and related financing.
(b) Korea Information Security Agency
The Korea Information Security Agency (KISA) was established as a government-sponsored public interest agency in April 1996. The agency’s main duty is to protect information in a systematic way.
In particular, KISA has operated the Personal Information Protection Centre since April 2000. The purpose of this centre is to handle complaints regarding personal information infringements, to conduct surveys and monitor of market practices, and to give counsel on personal information protection inquiries.
(c) Personal Information Dispute Mediation Committee
The Personal Information Dispute Mediation Committee was established in December 2001 to facilitate prompt, convenient and appropriate settlement of disputes that could arise from the use of personal information.
Dispute mediation proceedings are initiated by either a data subject or a service provider, and settled free of charge. When an application for mediation is
120 Current issues and developments of privacy protection in the Republic of Korea
filed with the committee, it commences an informal investigation and recommends a settlement prior to the formal mediation.
If both parties fail to agree upon a settlement, the committee starts the mediation proceedings. After hearings, fact-finding and examination by experts, the committee suggests a mediation proposal for agreement by the parties within 60 days from the filing of the application.
Within 15 days of the mediation proposal, the involved parties may agree to execute that proposal. Otherwise, each party may file a civil lawsuit with the court, and the committee may assist the data subject in the court proceedings. The parties may also go directly to the court without filing an application for mediation with the committee.
(d) Police and prosecution
Investigation by both police and prosecution occurs if there is any hint of criminal activity linked to the violation of information protection provisions. The indictment by the prosecutor shall be ruled upon by the court in order to punish the violator.
5. Self-regulatory initiatives in the private sector
(a) Privacy mark labeling
The Korea Association of Information and Telecommunication (KAIT) awards the Privacy Mark to Internet sites and online businesses, which satisfy stringent criteria in information protection.
(b) Other information protection activities in the private sector
The following associations and NGOs are also engaged in protection of information:
Association for the Improvement of e-Mail Environment
Korea Association of Contents Businesses (This association promotes self-regulation of SMS messages.)
Real Name Use of Internet Protocol (IP)
121 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
NGO Activities (such as Citizens’ Action Network, etc.)
NGOs provide advisory consulting to individuals as well as businesses, and conduct surveillance and monitoring of market practices. The NGOs also give policy or legislative suggestions to the government, and actively stage campaigns to enhance awareness of information protection issues.
C. Information protection in the public sector
1. The scope of application
The purpose of the Act on the Protection of Personal Information Maintained by Public Agencies is to secure personal information managed by computers of public agencies. Public Institution includes any national administrative agency, local government, or other public agencies provided by the Presidential Decree. Other public agencies established by the Presidential Decree include schools, government-invested institutions, special juristic persons and so forth.
2. Rights of users
(a) Inspection of personal information
A data subject may make a request in writing to inspect managed information, to the extent of what has already been recorded on the personal information file register. The request should be made to the head of the agency in possession (including the accepted copies of the document). When the head of the agency in possession receives an inspection request, if there is no justifiable cause, he shall allow the applicant to inspect the managed information within fifteen days from the date of receipt of the official request.
(b) Correction of managed information
A data subject who was able to inspect the managed information about himself/ herself may make a written request to the head of the agency to make any correction of the managed information concerned.
(c) Request for appeal
In matters pertaining to a request for inspection and correction, an individual whose rights and benefits may have been infringed by act or omission by the head of
122 Current issues and developments of privacy protection in the Republic of Korea
a public agency may request an administrative appeal under the Administrative Appeals Act.
3. Responsibilities of public agencies
(a) Collection of personal information and extent of possession
Any public agency may possess as many personal information files as necessary in order to properly execute jurisdictional operations. The head of a public agency shall not collect personal information that may noticeably infringe upon the fundamental personal rights of a person, such as an individual’s ideas and beliefs.
(b) Advanced notification and public announcement
When the head of a public institution needs to possess personal information files, the head of the central administrative agency must notify the Minister of Government Administration and Home Affairs. Other heads of public agencies (schools, government-invested institutions, special juristic persons, etc.) must notify the head of related central administrative agencies.
(c) Securing safety of personal information
The head of a public agency shall devise measures to secure personal information for safety against loss, theft, leakage, forgery or any other impairment while managing the personal information.
(d) Restrictions on use and transfer of managed information
The head of an agency shall not use or transfer managed information in his/ her possession to another agency for purposes other than those covering the original possession of the personal information.
(e) Responsibility of the personal information manager
Any employee or former employee charged with the duty to manage personal information, or a person consigned by a public agency with responsibility for the operations of managed information may not leak, manage or transfer the managed information for use by any other person or for improper purposes.
123 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
4. Authorities and remedies
(a) Authorities
If deemed necessary for enforcement of the Act, the Minister of Government Administration and Home Affairs may request the submission of data related to the management of personal information to the head of a public agency, and order public officials under his control to make an investigation into actual conditions.
In order to attain the purpose of the Act, the Minister of Government Administration and Home Affairs may present advice or recommendations to the head of the public agency on matters pertaining to the protection of personal information, if deemed necessary.
When necessary for the protection of personal information managed by computer, the head of the central administrative agency concerned may present advice or guidance and inspections in matters pertaining to the protection of personal information to national administrative agencies, local governments, and other public agencies.
(b) Deliberation Committee on the Protection of Personal Information
The Deliberation Committee on the Protection of Personal Information (hereinafter referred to as the Committee) was established for deliberation on matters pertaining to the protection of personal information managed by computer of a public agency under the command of the Prime Minister.
(c) Remedies
In matters pertaining to a request for inspection and correction of managed information, when there has been an infringement of rights and benefits by act or omission by the head of a public agency, a data subject may request an administrative appeal under the Administrative Appeals Act.
Despite the enactment of various regulatory policies and laws to protect privacy, there have been reports of increasing numbers of privacy infringements cases in the Republic of Korea. Therefore, the best way to protect privacy in the digital age should be the sound morality among citizens in general to protect the privacy of others.
124 Electronic contracting: legal problem or legal solution?
IV. ELECTRONIC CONTRACTING: LEGAL PROBLEM OR LEGAL SOLUTION?
By Amelia H. Boss55
Introduction
It has been about ten years since the Internet arrived on the scene to attract businesses and consumers with the promises of new markets and new opportunities. Decades before, however, in the early stages when electronic data interchange and not electronic commerce was the catch phrase, there were questions about the legitimacy of electronic contracting. In the business and legal world, people asked whether electronic contracts were real and could transactions formed by electronic messages in an electronic or Internet environment be enforceable. In matters of law, people asked whether these paperless contracts could be introduced into evidence in the event of dispute.
Those questions have been satisfactorily resolved, to a great extent, both on a national and international basis. A key factor in that resolution was the work of the United Nations Commission on International Trade Law (UNCITRAL) and the adoption of the United Nations Model Law on Electronic Commerce in 1996.56
As early as 1985, UNCITRAL had called upon all national governments to review the legal barriers to electronic commerce found in writing and signature requirements of legal systems.57 Concluding that paper-based requirements combined with the lack of harmonization in the rules applicable to electronic commerce constituted a barrier to international trade, UNCITRAL undertook the preparation of legal rules on the subject in 1992. Its Model Law on Electronic Commerce could be viewed as the first stage in accommodating the law to the demands of electronic commerce. Drafted to facilitate electronic commerce by removing existing legal barriers, and to
55 Professor, Beasley School of Law, Temple University, Philadelphia, PA. 56 Report of the United Nations Commission on International Trade Law on the Work of its Twenty-Ninth Session, United Nations General Assembly, 51st Session, Supplement No. 17, at United Nations Document A/51/17 Annex I (1996), reprinted in 36 I.L.M. 200 (1997). The Model Law and the Guide to Enactment of the UNCITRAL Model Law on Electronic Commerce is on the web site
125 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs do so in a technology neutral, non-regulatory manner, the provisions of the model law, and its companion, the United Nations Model Law on Electronic Signatures, provide the basic framework for the validity and enforcement of electronic contracts.
A. Current issues in electronic contracting
Electronic contracting is now in the second phase, where newer, or some would say older, issues have surfaced. These issues are not necessarily unique to electronic commerce, but are critically important in the evolution of electronic market places. These issues concern a few key areas. The first issue is about assent, although it is clear that one can validly assent electronically. However, it is still not clear what substantive rules of assent govern. In particular, the question relates to what rules apply to the typical modes of contract formation in an electronic environment (shrink wrap, click wrap, and browse wrap). In that context, an important issue is to what extent would there be policing of the terms of the resulting agreement.
A second set of related issues concern what degree of consumer protection exists in an electronic environment. The third set of issues focus on the occurrence of error in the contracting process. The fourth set of issues are concerned with how does the law accommodate negotiable transfer documents that are paperless.
1. Types of transactions
There are three main types of transactions in the world of electronic contracting. First is a shrink wrap contract (when purchasing off-the-shelf software, for example) when the purchased product is received, it comes with additional terms and conditions in the packaging or in the accompanying documentation. Second is a click-wrap agreement, made at or before the time of purchase on a web site. The purchaser is required to click “I agree” before the transaction will continue, the installation will proceed or the user will gain access to the web site. In the third type, the browse wrap transaction, the user will visit the pages of a web site. Somewhere on the web site, terms and conditions are posted that purport to bind anyone who uses the web site or its services. Although the first type of transaction (the shrink wrap) has been around for some time and actually exists in a paper environment, the other two types of transactions (click wrap and browse wrap) are unique to electronic commerce.
All three types have raised fundamental questions, especially about assent, at least under the law in the United States. The question is about what types of conduct constitute assent to terms and conditions. The question is also concerned with
126 Electronic contracting: legal problem or legal solution?
timing. There are issues about how to treat terms that are not proposed or disclosed until after the user has already agreed to go forward with the transaction and has tendered the required consideration. There are also questions related to disclosure about whether there was assent, when was it manifested, is it only for terms about which the user had knowledge or awareness, or does it extend to terms and conditions which the user had not read or understood.
There are no international cases addressing these important issues. Rather, there is a series of conflicting cases often at variance in different jurisdictions with inconsistent regulatory overlay. That often makes it difficult for businesses to determine with certainty at the outset of the transaction whether the particular terms in any of these types of agreements would be enforceable. This is particularly the case in the United States, as shown in table 5 with regard to such terms as dispute resolution clauses, forum selection clauses, disclaimers of warranty and prohibitions on use of data. Some countries address these types of issues under the category of consumer protection. Directives in the European Union, for example, govern what terms will be recognized in standard form contracts.58 Other countries, such as the United States have originally addressed these types of issues under the notion of manifestation of assent, so that the result is great uncertainty.
In the United States, the court that heard appeals of a leading case on shrink wrap, ProCD Inc. v. Zeidenberg59, upheld the use of shrink wrap as a means of binding a purchaser to contractual terms. The user had purchased software and the vendor argued that the purchase was subject to license terms found in the software box and presented on the screen at the time of use, which required the user to indicate his assent. Rejecting the user’s argument that the contract was formed at the time of purchase, and adopting what has now been dubbed a “rolling contract” theory, the court held the consumer was bound by the terms of the license, even though he had not seen them at the time of paying for the product.
58 See Unfair Terms in Consumer Contracts and an Appropriate Method of Control, Resolution (76) 47 of the Comm. of Ministers, Council of Europe, 262nd Meeting (1977); Unfair Terms Directive, Council Directive 93/13/EEC, 1993 O.J. (L. 95) 29. See also James R. Maxeiner, 2003. “Standard-terms contracting in the global electronic age: European alternatives”, 28 Yale Journal of International Law 28, 109; Larry Bates, 2002. “Administrative regulation of terms in form contracts: a comparative analysis of consumer protection”, Emory International Law Review 16, 1. 59 ProCD, Inc. v. Zeidenberg, 86 F.3d 1447, 1449 (United States, 7th Circuit Court, 1996).
127 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Table 5: The variety of legal decisions by type of electronic contract issued in the United States of America
Type of issue Legal citations Dispute resolution clauses Comb v. PayPal, Inc., 218 F. Supp. 2d 1165 (N.D. Cal. 2002); Forrest v. Verizon Communications, Inc., 805 A.2d 1007 (D.C. 2002); Hill v. Gateway 2000, Inc., 105 F.3d 1147 (7th Cir. 1997); In re RealNetworks, Inc., No. 00 C 1366, 2000 WL 631341 (N.D. Ill. May 8, 2000); Klocek v. Gateway, Inc., 104 F. Supp. 2d 1332 (D. Kan. 2000); Licitra v. Gateway, Inc., 734 N.Y.S.2d 389 (Civ. Ct. 2001); Lieschke v. RealNetworks, Inc., Nos. 99 C 7274, 99 C 7380, 2000 WL 198424 (N.D. Ill. Feb. 11, 2000); Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir. 2002) Forum selection clauses Am. Eyewear, Inc. v. Peeper’s Sunglasses & Accessories, Inc., 106 F. Supp. 2d 895 (N.D. Texas 2000); Am. Online, Inc. v. Superior Court (In re Mendoza), 108 Cal. Rptr. 2d 699 (Ct. App. 2001); Barnett v. Network Solutions, 38 S.W.3d 200 (Tex. Ct. App. 2001); Forrest v. Verizon Communications, Inc., 805 A.2d 1007 (D.C. 2002); Kilgallen v. Network Solutions, Inc., 99 F. Supp. 2d. 125 (D. Mass 2000); Rudder v. Microsoft Corp., No. 97-CT-046534CP, [1999] 2 C.P.R. (4th) 474, 1999 CarswellOnt 3195 (WL) (Ont. Super. Ct. Justice Oct. 8, 1999); Net2Phone v. Superior Court of Los Angeles County, 135 Cal. Rptr. 2d 149 (Ct. App. 2003) Disclaimers of warranty Scott v. Bell Atlantic Corp., 726 N.Y.S.2d 60 (App. Div. 2001); limitations of liability, I. Lan Systems, Inc. v. Netscout Serv. Level Corp., 183 F. Supp. 2d 328 (D. Mass. 2002); Peerless Wall & Window Coverings, Inc. v. Synchronics, Inc., 85 F. Supp. 2d 519 (W.D. Pa. 2000) (upholding limitation of remedies). Prohibitions on use of data Ticketmaster Corp. v. Tickets.com, Inc., 54 U.S.P.Q. 2d 1344 (C.D. Cal. Mar. 27, 2000); Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D.N.Y. 2000); American Airlines v. Farechase, Inc., No. 067-194022-02, (Tarrant County Ct., Tex., Mar. 8, 2003), available at http:// www.eff.org/Cases/AA_v_Farechase/ 20030310_prelim_inj.pdf.
128 Electronic contracting: legal problem or legal solution?
The court rationalized that although the buyer had paid the purchase price, he had not completed acceptance of a contract until indicating assent to the license. The inability of the buyer to see the terms of the license before paying, although not before accepting, did not trouble the court because consumers often cannot examine the contents of purchases in advance.60 The ruling of ProCD has found favour in some United States’ courts and in some draft legislation that has not received widespread enactment.61 However, other courts have refused to follow the reasoning in this case.62 Academic literature on legal matters has been extremely critical of the decision and its reasoning.63 The difficulty with the typical shrink wrap contracts is that the terms are not made available to the purchaser until after payment is made.
Another method of obtaining assent for sales over the Internet is click wrap. After selecting a product to purchase, the Internet user sees the contract terms on the computer screen and cannot complete the purchase without clicking a box on the screen to indicate assent. Several courts have upheld the use of click wrap agreements. For example, the case of In re RealNetworks, Inc. Privacy Litigation,64 the court held that Internet users had agreed to a license agreement requiring arbitration. Similarly, in Hotmail Corp. v. Van $ Money Pie, Inc., a court upheld the validity of restrictions on the use of free e-mail accounts for sending advertisements.65 It
60 The court explained, “Terms of use are no less a part of the ‘the product’ than are the size of the database and the speed with which the software compiles listings. Competition among vendors, not judicial revision of the package’s contents, is how consumers are protected in a market economy.” Ibid., p. 453. 61 The Uniform Computer Information Transactions Act embodies the approach of ProCD, but has been enacted in only two states. 62 See Klocek v. Gateway, Inc., 104 F. Supp. 2d 1332 (D. Kan. 2000). Although the manufacturer had included terms in the box with the computer, the manufacturer “did not communicate to plaintiff any unwillingness to proceed without plaintiff’s agreement to the” license terms, thus terms not part of contract unless purchaser agreed. See Step-Saver Data Systems, Inc. v. Wyse Technology, 939 F. 2d 91, 104 (United States, 3rd Circuit Court, 1991); Vault Corporation v. Quaid Software Ltd., 655 F. Supp. 750, 761-63 (E.D. La. 1987), aff’d 847 F.2d 255 (United States, 5th Circuit Court, 1988); Foresight Resources Corporation v. Pfortmiller, 719 F. Supp. 1006. 1010 (D. Kan. 1989); Arizona Retail Systems, Inc. v. Software Link, Inc., 831 F. Supp. 759 764-66 (D. Ariz. 1993). 63 A sampling of articles critical of ProCD, includes: Roger C. Bern, 2004. “‘Terms later’ contracting: bad economics, bad morals, and a bad idea for a uniform law, Judge Easterbrook notwithstanding, Journal of Law and Policy 12, 641. Jean Braucher, 2000. “Delayed disclosure in consumer E-commerce as an unfair and deceptive practice”, Wayne Law Review, 46, 1805. Michael H. Dessent, 2002. “Digital handshakes in cyberspace under E-sign: ‘there’s a new sheriff in town!’”, University of Richmond Law Review 35, 943. Shubha Ghosh, 2000. “Where’s the sense in Hill v. Gateway 2000: reflections on the visible hand of norm creation”, Touro Law Review, 16, 1125-1143. 64 In re RealNetworks, Inc. Privacy Litigation, 2000 WL 631341, *4 (N.D. Ill.). 65 1998 WL 388389, *6 (N.D. Cal.). See also Groff v. America Online, 1998 WL 307001, *5 (R.I. Super.).
129 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs should not be surprising that these click wrap agreements are less controversial than the shrink wrap agreement involved in ProCD. Where the clicking occurs online before or during the consummation of the transaction, rather than after payment as was the case in ProCD, the purchaser has arguably had the opportunity to see the terms of the contract before assenting and before parting with any money. This feature greatly diminishes the possibility of disappointed expectations. Nonetheless, there remains the challenge of assuring that the user clearly and expressly manifests assent to the stated terms. A task force of the American Bar Association has released a set of fifteen strategies in five areas: opportunity to review terms; display of terms; acceptance or rejection of terms; opportunity to correct errors; and keeping records to prove assent.66 The strategies are presented and briefly discussed in the annex.
The last type of agreement is the browse wrap agreement.67 When using this method, an Internet vendor gives the user the opportunity to look at the terms of the sale, but does not require the user to click on anything to indicate assent to these terms before paying for the product. For example, the web site may contain a button saying “click here for legal terms,” which the purchaser may click or ignore.
Courts in the United States have once again split on the enforceability of browse wrap agreements and whether adequate assent is given. In Specht v. Netscape Communications Corp.,68 a computer user downloaded software from a web site that contained a message saying, “Please review and agree to the terms of the Netscape Smart Download software license agreement before downloading and using the software,”69 but did not otherwise require the user to review or click agreement to the terms of the agreement. The court held that this scheme did not suffice to create a contract. There was no manifestation of assent on the user’s part, as the only act (downloading the software) was not an unambiguous indication of assent.70 The
66 Christina L. Kunz, Maureen F. Del Duca, Heather Thayer and Jennifer Debrow, 2001. “Click-through agreements: strategies for avoiding disputes on validity of assent”, Business Law, 57, 401. 67 See Pollstar v. Gigmania, Ltd., 2000 WL 33266437, *6 (E.D.Cal. 2000); Specht v. Netscape Communications Corp., 150 F. Supp.2d 585, 593-94 (S.D.N.Y. 2001). 68 Specht v. Netscape Communications Corp., 150 F. Supp.2d 585, 593-94 (S.D.N.Y. 2001), aff’d 306 F.3d 17 (2d Cir. 2002). 69 Id. at 23. 70 “The primary purpose of downloading is to obtain a product, not to assent to an agreement. In contrast, clicking on an icon stating “I assent” has no meaning or purpose other than to indicate such assent. Netscape’s failure to require users of Smart Download to indicate assent to its license as a precondition to downloading and using its software is fatal to its argument that a contract has been formed.” Id.
130 Electronic contracting: legal problem or legal solution?
court pointed out that the case was neither like ProCD (where, according to the court, the purchaser “was confronted with conspicuous, mandatory license terms every time he ran the software on his computer”) nor like typical click-wrap cases (where “there was much clearer notice than in the present case that a user’s act would manifest assent to contract terms.”)71
A case that serves as a contrast is Pollstar v. Gigmania Ltd.,72 a web site containing concert information, which also stated terms to restrict copying the information. Although users could see the license, they did not have to click on any permission or agreement in order to see the concert information. When the proprietor of the web site sued a user for breaching the license, the user sought to dismiss on grounds that the user had not assented to it. The court refused to dismiss the case, however. The court concluded that the browse wrap “agreement may be arguably valid and enforceable”. Further, whether there were sufficient facts to show that the browse wrap license on the web site was sufficiently conspicuous to alert users of its presence presented fact questions that could not be resolved on a motion to dismiss the provider’s common law action.73
Businesses engaged in electronic commerce want assurance that terms important to their transactions are indeed binding and enforceable between the parties. That means assurance about knowing that assent has been given to the terms.74 A group within the American Bar Association75 has come up with an analysis for insuring valid assent in such transactions, and suggests that a user validly and reliably assents to a browse-wrap agreement if four conditions are satisfied: (a) The user is provided
71 Id. at 33. 72 Pollstar v. Gigmania, Ltd., 170 F.2d 974 (E.D.Cal. 2000). 73 The court’s description of the facts is instructive. “This license agreement is not set forth on the homepage but is on a different web page that is linked to the homepage. However, the visitor is alerted to the fact that “use is subject to license agreement” because of the notice in small gray print on gray background. Since the text is not underlined, a common Internet practice to show an active link, many users presumably are not aware that the license agreement is linked to the homepage. In addition, the homepage also has small blue text which when clicked on, does not link to another page. This may confuse visitors who may then think that all colored small text, regardless of color, do not link the homepage to a different web page.” Id. at 981. 74 Any term might become the subject of disagreement between the vendor and the user, but the terms most commonly providing the impetus to challenge the validity of electronic standard form agreements are dispute resolution clauses, forum selection clauses, disclaimers of warranty, and prohibitions on the commercial use of the data or software available on the site. 75 Christina L. Kunz, John E. Ottaviani, Elaine D. Ziff, Juliet M. Moringiello, Kathleen M. Porter, Jennifer C. Debrow, 2003. “Browse-wrap agreements: validity of implied assent in electronic form agreements”, Business Law 59, 279.
131 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs with adequate notice of the existence of the proposed terms; (b) The user has a meaningful opportunity to review the terms; (c) The user is provided with adequate notice that taking a specified action (which may be use of the web site) manifests assent to the terms; (d) The user takes the action specified in the latter notice.
2. Consumer protection guidelines
The success of electronic commerce depends on building an environment that is attractive to users, as well as safe. That in turn requires a set of alliances: between private interests and governmental interests, as well as between business people, computer technology specialists, and lawyers. This is especially true in the area of consumer protection. As the APEC ministers have stated, “One essential element for creating the right environment for trust and confidence in e-commerce is consumer protection. The online environment . . .raise[s] consumer concerns about the merchant’s identity, use of technology in completing transactions, and their ability to seek redress across borders. It can also make it easier for wrongdoers to defraud consumers or misuse personal information. These issues represent new and difficult challenges for businesses, governments and consumers seeking to apply traditional consumer protection methods to the online environment.”76
The APEC ministers recommended voluntary guidelines for consumer protection. The guidelines include: (a) transparent and effective consumer protection to at least the same level afforded in other forms of commerce; (b) international cooperation among economies, businesses and consumer representatives to establish the confidence and trust in e-commerce; (c) education of businesses and consumers about the risks and benefits when conducting transactions online.
The guidelines also recommend private sector leadership that includes the participation of consumer representatives to develop transparent and effective self-regulatory mechanisms containing specific, substantive rules for dispute resolution, and compliance mechanisms. Private sector leadership would also be needed to develop technology as a tool to protect and empower consumers.
The APEC guidelines on consumer protection made several recommendations to business. Businesses engaged in e-commerce should not make any representation or omission or engage in any practice that is likely to be deceptive, misleading, fraudulent or unfair to consumers, and would be encouraged to join transparent and
76 APEC Ecommerce Steering Group, Voluntary Online Consumer Protection Guidelines.
132 Electronic contracting: legal problem or legal solution?
effective self-regulatory schemes that promote fair and ethical business practices. Businesses should give consumers sufficient information to identify the business and to enable prompt and effective consumer communication with the business. Businesses should provide accurate, clear and easily accessible information about the goods or services they offer and information about terms, conditions, and costs relevant to the transaction sufficient to enable consumers to make an informed decision; and should make available information in all appropriate languages.
In their relations with customers, businesses should provide consumers with measures that provide an opportunity for review before entering into a transaction. Businesses should provide consumers with fair and timely means to settle disputes and obtain redress without undue cost or burden. Dispute resolution mechanisms should include internal mechanisms to address consumer complaints and participation by the business in third party dispute resolution programmes.
Consumers’ personal information should be private, and businesses should take reasonable steps to ensure the security of consumer information. Consumers should be provided with easy-to-use, secure payment mechanisms and information on the level of security such mechanisms afford. The final element in the guidelines states that electronic commerce transactions are subject to the existing legal frameworks in APEC economies respecting choice of law and jurisdiction. The guidelines should consider economies’ domestic frameworks regarding choice of law and jurisdiction when sharing information about consumer protection in the future.
3. Electronic commerce and consumer protection
Businesses have taken action in response to the challenges of providing consumer confidence in electronic commerce. One example is the Electronic Commerce and Consumer Protection Group (E-Commerce Group), which is composed of leading companies in the Internet, online, and electronic commerce industries.77 In June 2000, the E-Commerce Group issued guidelines for merchant-to-consumer transactions. The following issues addressed in their guidelines are worth noting:
(a) Accuracy and accessibility of information. All information for which the Guidelines require disclosure should be clear, accurate, and easily accessible online, posted on or accessible through a hyperlink that sufficiently describes the information being linked from the merchant’s
77 The group is composed of America Online, AT&T, Dell Computer Corporation, IBM, Microsoft, Network Solutions, Time Warner, Inc., Visa U.S.A. Inc. http://www.ecommercegroup.org/guidelines.htm
133 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
homepage or entry point of the online site and at a place where the transaction is offered. (b) Merchant contact information. Consumers should have a prompt, easy, and effective means of contacting the merchant. The merchant should disclose its legal name; the name under which it conducts business; the principal physical address or an address of an agent for service of process for the Merchant; mail, e-mail or telephone contact information; and a point of contact within the merchant’s organization that is responsible for inquiries from consumers. (c) Marketing practices. Merchants should not make any representation or material omission or engage in any practice that is deceptive, misleading or fraudulent. (d) Disclosure. Merchants should clearly disclose the following: (i) Basic features of the goods or services (ii) Terms and conditions applicable to the transactions (iii) Price, type of current, expected costs (iv) Shipping and payment terms (v) Cancellation/return/refund policies (vi) Customer support available (vii) Warranty (scope, duration, means of exercising) (e) Opportunity to review. Merchants should provide consumers an opportunity to review and not proceed with the transaction prior to its becoming a binding obligation. Merchants should disclose to consumers at what point the transaction will be final. (f) Language. Appropriate language should be used. (g) Record of the transaction. Merchants should make it possible for consumers to access and maintain an adequate record about their transactions. (h) Security. Merchants should make reasonable efforts to ensure the security of a consumer’s transaction, using security protections consistent with current industry standards. (i) Privacy. Merchants should adopt privacy policies that are consistent with existing industry standards and existing legal requirements.
134 Electronic contracting: legal problem or legal solution?
(j) Self-regulatory programmes. Merchants should disclose and provide contact information for any self-regulatory programmes in which they participate and applicable dispute resolution processes. (k) Dispute Resolution. Merchants should provide consumers with fair, timely, and affordable means to settle disputes and obtain redress, including internal mechanisms and reputable, independent third-party dispute resolution programmes. (l) Effective enforcement. Merchants should participate in effective self-regulatory enforcement programmes to provide validation that merchants adhere to these or equivalent guidelines. Validation that a merchant adheres to some industry self-regulation can be demonstrated in a number of ways, including the use of a seal or other recognizable symbol.
4. Case of electronic commerce: e-contracting with eBay
An example of protections given to consumers under the category of contract can be found on the web site of eBay.78 Initially, eBay built its web site protections around the notion of user “feedback”. Buyers and sellers would rate one another at the conclusion of a transaction, and that feedback would available to other users. A high rating would be a good indication of the trustworthiness of the party. That system has evolved and is now subject to a detailed system of rules, including the recognition of “power sellers” who are high volume, with a 98 per cent high rating, and a high level of service for their customers. The system has been improved further by a detailed set of rules and policies that offer greater protection to eBay users. The protections include, among others:
(a) Fraud insurance for the buyer (up to US$ 200 per purchase with a US$ 25 deductible);79 (b) Escrow service (offered through a third party) allowing buyers to examine items before payment to the seller;80
78 www.ebay.com 79 http://pages.ebay.com/help/confidence/isgw-fraud-protection.html. Additional protection is available if the buyer uses PayPal or a credit card. 80 http://www.ebay.com/help/confidence/payment-escrow.html
135 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
(c) Identification verification service, permitting sellers (and buyers) to carry logos that their identities have been identified by a third party;81 (d) “Seal” programme for sellers to show commitment to high standards;82 (e) Third party services in order to authenticate or appraise an item;83 (f) “VeRO” or verified rights owner programme84 allowing intellectual property owners to report infringement listings (thus protecting potential buyers); (g) Detailed outage policy covering what happens if service goes down for any period of time;85 (h) Policy of “non-paying bidder” that permits a final value fee credit to the seller;86 (i) Independent dispute resolution and mediation service, available at no or minimal cost;87 (j) A third party programme that protects sellers against credit card charge backs based on unauthorized use.88
Buyers and sellers who are members of the eBay community thus have a wide range of protection.89 To a great extent, the protections are contact based, and can be viewed as a set of system rules that govern the internal operations of the eBay system. Of course, eBay lacks its own enforcement powers, and may well have to rely on the enforcement powers of others to combat the possibility of more egregious fraud.90
81 http://pages.ebay.com/help/policies/identity-idverify.html 82 http://pages.ebay.com/help/buy/st-seal.html 83 http://pages.ebay.com/help/community/auth-overview.html 84 http://pages.ebay.com/help/confidence/vero-rights-owner.html 85 http://pages.ebay.com/help/policies/everyone-outage.html 86 http://pages.ebay.com/help/sell/bidders_overview.html 87 http://pages.ebay.com/help/confidence/problems-dispute-resolution.html 88 That benefit is offered if the seller participates in PayPal. http://pages.ebay.com/help/pay/paypal.html 89 eBay, like may web sites, likes to think of itself as a community with community values. Indeed, it lists five community values to which it is committed, and which it believes all members should honor. http://pages.ebay.com/community/people/values.html 90 See Troy Wolverton, Fraud Lingers Despite eBay Efforts, http://news.com.com/Fraud+lingers+ despite+eBay+efforts/2100-1017_3-940427.html?tag=nl
136 Electronic contracting: legal problem or legal solution?
A. Solutions for errors
One reality of electronic communications is that people in a hurry frequently push the “send” button before they may actually intend, as anyone who subscribes to a listserve has probably observed. Many of us have undoubtedly been in the position of inadvertently entering information into online forms that is incorrect in everything from spelling to quantity to item. Application of the common law of mistake to such situations is problematic. First, it would be a factual problem to determine who committed the error: the sender, the recipient or an intermediary. In addition, the common law gives only limited relief in what are known as instances of unilateral mistake.91 Rescission92 is permitted only if the other party knew or had reason to know of the error or mistake.93 When dealing with an individual, it may be possible to prove that the other party “knew or should have known” of a mistake. With an automated information processing system designed to automatically process transmissions without review by any human being, the question is how does a party prove what the other side “knew or should have known” when the mistake occurs while in electronic communication.
1. Approaches taken in the United States
The increased possibility of error in an electronic environment has led to attempts in the United States to address such issues of error or mistake in new statutory language. Both the Uniform Electronic Transactions Act (UETA) and the Uniform Computer Information Transactions Act (UCITA) have adopted provisions that would allow some relief under the circumstances. The relief goes beyond that generally recognized by the common law, although each act differs in its formulation.94
91 Anthony T. Kronman, 1978. “Mistake, Disclosure, Information and the Law of Contracts”, 7 Journal of Legal Studies 1, 7. Andrew Kull, 1992, “Unilateral Mistake: The Baseball Card Case”, Washington University Law Quarterly, 57, 70. 92 Rescission generally means the act of rescinding; the cancellation of a contract and the return of the parties to the positions they would have had if the contract had not been made; rescission may be brought about by decree or by mutual consent. 93 “One cannot snap up an offer or bid knowing it was made in mistake.” Tyra v. Cheney, 152 N.W. 835, 835 (Minn. 1915). Under the RESTATEMENT (FIRST) OF CONTRACTS, ¤ 503, a unilateral mistake was no grounds for voiding a contract, although if the other party knew of the mistake there may be grounds for avoidance under the notion of failure to disclose. Id. ¤ 472 The Restatement (Second) liberalized this rule, recognizing the trend to give more protection in the case of unilateral mistake. First, it expands protection to cases where the non-mistaken party had reason to know of the mistake (in addition to cases where the non-mistaken party knew of the mistake). In addition, it allows for avoidance if the effect of the mistake would make enforcement unconscionable. RESTATEMENT (SECOND) 222 153(a). 94 UETA ¤ 10; UCITA ¤ 214.
137 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Comments made about UCITA observe that such an approach avoids the complexity and uncertainty of relying solely on common law principles about mistakes in an automated world. Both statutes follow a similar format and say that if an error has occurred in an electronic message, the aggrieved party (consumer or individual) may avoid the error if he or she promptly notifies the other person and takes reasonable measures to return the consideration received. The aggrieved party cannot take advantage of this right if there was a security system for protection of error in place, or if the aggrieved party benefited from (or used) the consideration supplied.
Under both UETA and UCITA, the error correction procedures apply only if the individual or consumer is engaged in an automated transaction; that is, where the transmissions are not reviewed by an individual at the other end in the ordinary course in forming a contract, performing under an existing contract or fulfilling an obligation required by the transaction.95 Thus, it focuses on individuals interacting with electronic agents, and not individuals interacting with individuals. The limitation is explained as follows, “In a transaction between individuals there is a greater ability to correct the error before parties have acted on it. However, when an individual makes an error while dealing with the electronic agent of the other party, it may not be possible to correct the error before the other party has shipped or taken other action in reliance on the erroneous record.”96
Assuming that the party is a covered party in a covered transaction with a covered error, there is no automatic right to avoid the error. If an electronic error occurs, both acts give the consumer or individual the ability to avoid the error only if certain requirements are met: First, the consumer or individual, promptly on learning of the error, must notify the other party of the error. In addition, the consumer must turn over to the other party or its designee, or destroy, all copies or consideration it has received. Moreover, if the customer has already used or received the benefit of the information, this provision cannot be invoked. In sum, the consumer must act promptly in a manner that returns the other party to the position that would have
95 UETA ¤ 2(2) (defining an automated transaction as “a transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract, or fulfilling an obligation required by the transaction”); UCITA ¤ 102(a)(7) (“a transaction in which a contract is formed in whole or part by electronic actions of one or both parties which are not previously reviewed by an individual in the ordinary course). 96 UETA ¤ 10, comment 4.
138 Electronic contracting: legal problem or legal solution?
been true if the error had not occurred.97 The effect of this procedure is to prevent a party from unwinding a transaction after the delivery of value and consideration which cannot be returned or destroyed.98 Restitution is normally required in order to undo a mistaken transaction. This defense builds on equity principles that permit a party to avoid the consequences of an error if that error causes no detrimental effect to another party and does not give a benefit to the person making the mistake. Upon return of the consideration, the other party is made whole again, and retains control over the consideration sent in error.
2. Impact of security procedures
The error correction provisions do not apply (and there is no electronic error) if the electronic system with which the consumer is working provided a reasonable opportunity or method to correct or avoid the error. For example, the electronic agent may be programmed to provide a confirmation screen to the individual setting forth all the information the individual initially approved. In theory, this rule provides an incentive to establish error-correction procedures in automated contracting systems by eliminating any possibility of an electronic error defense or claim.99
3. International developments
In the latest rounds of negotiations at UNCITRAL on a new electronic contracting convention, proposals similar to those described above were made in order to deal with error.100 An argument has been made, however, that to the extent
97 Compare with the European Union’s Distance Contract Directive, where there is no rescission right for a consumer if software is not returned unopened. 98 According to UCITA: “Since there may be unavoidable detrimental effects on the party who received an erroneous message (e.g., costs of filling erroneous orders), courts must apply this rule with care. The basic assumption is that the defense works when there is no detrimental effect on the person who did not make the error, but that assumption is particularly suspect in cases where the nature of the information product makes for high costs to the provider or risk of fraud worked by the consumer.” 99 A reasonable procedure for correcting errors depends on the commercial context, including the extent to which the transaction entails immediate reactions. For example, in a transaction that occurs over several days, it may be reasonable to require verification of a bid or order before it is placed. During an online, real time auction, reconfirmation may not be possible. A reasonable procedure could require two separate confirmations that the bid should be entered or where the formatting allows correction, request that the consumer check and correct the bid before the “Bid Now” button is pressed. As elsewhere, the idea of a reasonable procedure here does not require use of the most effective procedure, special detection software or even the most reasonable. It requires that, all things taken into account, the procedure is commercially reasonable. 100 Report of the Working Group on Electronic Commerce on the work of its forty-third session, A/CN.9/548 (April 2004).
139 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs the provision deals with substantive matters of contract, it should be deleted. Such an argument fails to recognize that as electronic contracting evolves, the issues it raises will cease being unique to an electronic environment, but will have to be addressed to accommodate modern market practices.
The approach to error outlined above is consistent with international contract norms. Under the UNIDROIT Principles of International Commercial Contracts, a party may avoid a contract for a unilateral mistake if “the other party had not at the time of avoidance acted in reliance on the contract.”101 There is no limitation to individuals or consumers or to instances of electronic error or even to the use or non-use of security procedures. However, this issue along with the issues of shrink/ click/browse wrap and consumer protection may demonstrate how the so-called new issues affecting transactional activities on the Internet are in fact the same issues that have existed all along, but with a greater need for definitive resolution.
The absence of tangible documents or writing that give evidence of contract rights needs to be considered. An important part of contract law is the law of assignment, and the ability of a party to a contract to assign or transfer rights under that contract to a third party. Often, the presence of a written paper or a tangible document as evidence of the rights to be transferred is a critical factor in determining what law applies to the transfer. The law provides special rules governing transfer where a right to be repaid money under a contract is embodied in a negotiable note or the right to goods held by a third party under a contract of carriage (or a contract of storage) is embodied in a negotiable document. Granting the transferee in possession of the written evidence of those rights often gives even greater rights than the transferor had. Indeed, in the United States, as elsewhere, negotiable instruments and negotiable documents are considered valuable commercial specialties allowing for the free transferability and alienability of rights in the commercial marketplace.
However, the advent of electronic technologies puts pressure on these concepts. In an electronic environment where paper is lacking, the question becomes how can one possess something that is intangible and subject to copying. A further question is how a transferee in an electronic environment can achieve the same level of legal
101 UNIDROIT Principles of International Commercial Contracts, Article 3.5(1). There are certain limitations. The mistake must be of “such importance that a reasonable person in the same situation as the party in error would only have concluded the contract on materially different terms…”; the party in error must not have been grossly negligent in making the mistake; and the risk of the mistake must not have been assumed by the party in error.
140 Electronic contracting: legal problem or legal solution?
protection granted in a paper environment. This is one area where legislative changes in the United States, in both the UETA and E-Sign, went beyond merely facilitating electronic commerce by validating use of electronic technologies.
Legislation attempted to create substantive new rules governing these electronic equivalents of traditional paper-based commercial specialties. It was necessary to draft special rules about what constitutes the electronic equivalent of the negotiable paper promissory note or the negotiable paper document of title in order to create parity between electronic messages and their paper counterparts. The law also needed to provide a framework outlining the circumstances under which transferees might claim the same protections afforded their counterparts in a paper world.
The Uniform Electronic Transactions Act (UETA) met these needs under the concept of the transferable record.102 The act granted the person in control of that transferable record in an electronic environment the same special rights given to a holder in due course of the traditional negotiable note (or negotiable instrument), or the purchaser in good faith of a traditional negotiable document of title.103 A full discussion of transferable records is beyond the scope of this paper.104 However, the essence is that the UETA addresses the reams of paper falling into the category of negotiable instruments by providing legal support for the creation, transferability and enforceability of electronic equivalents of notes and documents against the issuer or obligor. The electronic equivalents of the paper notes or documents105 are transferable records and may be controlled by the holder, who in turn, may receive the legal benefits of a holder in due course and good faith purchaser status.
102 UETA ¤ 16(a); ESIGN, 15 U.S.C. ¤ 7021(a)(1). 103 The concept was developed further in Revised Article 9 of the Uniform Commercial Code, which created a similar framework for the electronic equivalent of traditional (paper) chattel paper. Uniform Commercial Code ¤ 9-102(a)(11), (65) (2003). 104 More on the concept of transferable records and implementation in the United States can be found at the Working Group on Transferable Records of the Cyberspace Committee of the American Bar Association, 2003. “Emulating documentary tokens in an electronic environment: practical models for control and priority in interests in transferable records and electronic chattel paper”, Business Law 59, 379. Jane K. Winn, 2001. “What is a transferable record and who cares?”, Boston University Journal of Science & Technology Law 7, 2. R. David Whitaker, 1999. “Rules under the Uniform Electronic Transactions Act for an electronic equivalent to a negotiable promissory note”, Business Law 55, 437. Jane K. Winn, 1999. “Electronic chattel paper under revised Article 9: updating the concept of embodied rights for electronic commerce”, Chicago Kent Law Review 74, 1055. 105 UETA creates the concept of “transferable records” for promissory notes and paper documents of title, not for checks.
141 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
At the outset, a transferable record must contain an express agreement by the issuer or obligor that the electronic record will serve as a transferable record.106 A person who gains control of an electronic transferable record107 can thus be treated as the holder of the electronic instrument. A person has control under the following conditions:
(a) a single authoritative copy exists which is unique, identifiable and unalterable, (b) the authoritative copy identifies the person asserting control as the payee or, if the record indicates a transfer, the most recent transferee, (c) the copy is maintained by the person asserting control or its custodian, (d) copies or revisions that add or change an identified assignee can be made only with the consent of the person asserting control, (e) each copy of the authoritative copy and any copy of a copy is readily identifiable as a non-authoritative copy, and (f) any revision of the authoritative copy is readily identifiable as authorized or unauthorized.108
These six requirements address the difficulties of creating an electronic instrument that has the same qualities as an original of a paper instrument.
Several critical points deserve attention. The focus of efforts in the United States109 has been to establish the electronic equivalent of a paper promissory note (or document of title). In fact, that has been accomplished when the defining characteristics of negotiability for an electronic record were adapted, as well as the
106 This means that transferable records cannot be created retroactively from paper documents Ð they must be created contemporaneously with issuance of the record by the issuer or obligor. 107 The concept of control is addresses in UETA ¤ 16. 108 Id. ¤ 16(c). 109 Attempts in the United States to deal with electronic negotiability are not unique. The pioneering international work, the Model Law on Electronic Commerce, contained Part Two (Electronic Commerce in Specific Areas) that has special rules on contracts for the carriage of goods and transport documents. This represented the first international effort in the law of electronic negotiable documents. UNCITRAL Model Law on Electronic Commerce, Article 16 and 17. UNCITRAL has recognized the need for further work in the field of negotiability and transferability of rights in an electronic environment. See UNCITRAL Working Group on Electronic Commerce, Possible Future Work on Electronic Commerce: Transfer of Rights in Tangible Goods and Other Rights: Note by the Secretariat, A/CN.9/WG.IV/WP.90. UNCITRAL has not yet undertaken any project in the field.
142 Electronic contracting: legal problem or legal solution?
rules for negotiation and transfer, by changing the rigid rules of negotiability that have developed over the centuries. In that regard, the changes brought about by electronic commerce could be seen as an assault on the citadel of formalism and negotiability.110
On a broader scale, however, the growth of electronic commerce and the demand for new methods of protecting transferees’ rights online raise questions about the continued relevance of a body of law based on the out-dated technology of paper. As new payment systems have evolved, negotiable instruments as a payment device have become a rarity.111 Indeed, many have argued that negotiability is a concept that has outlived its usefulness.112 “[T]he decline in importance of paper-based embodied rights systems, such as those governing negotiable instruments, and the rise of account-based systems . . . is widely interpreted to mean that embodied-rights systems are simply anachronistic.”113
110 Grant Gilmore, 1979. “Formalism and the law of negotiable instruments”, 13 Creighton Law Review 13, 441, 446-48. 111 Ronald J. Mann, 1997. “Searching for negotiability in payment and credit systems, 44 U.C.L.A. Law Review, 44, 951, 953. (“whatever role negotiability once might have played in the commercial-paper market, the same pressures that have limited the use of negotiability for bonds are pushing commercial paper inevitably to the same end result Ð an electronic transfer system in which any document is a mere vestige of former practices that have become obsolete in the face of the pressures of increasing volume and new technology. 112 Ibid. See also James S. Rogers, The Irrelevance of Negotiable Instruments Concepts in the Law of the Check-Based Payment System, 65 Texas Law Review, 929, 930( 1987). 113 Jane K. Winn, 1999. “Electronic chattel paper under Revised Article 9: updating the concept of embodied rights for electronic commerce”, op. cit.
143 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
ANNEX
Click-through Agreements: Strategies for Avoiding Disputes on Validity of Assent Working Group on Electronic Contracting Practices Electronic-Commerce Subcommittee, Cyberspace Law Committee Business Law Section, American Bar Association114
Introduction
The meaning of click-through agreement: Sometimes referred to as a click-wrap agreement, a click-through agreement is a proposed electronic form agreement set up by one party so that the other contracting party, (the User), can assent to the terms by clicking various icons or buttons or by typing specified words or phrases. These proposed agreements are most common on web sites, but they also appear on CDs and other electronic media. The typical User may read the terms on a screen and use a keyboard, mouse, or similar device to scroll through or otherwise navigate the terms and make choices related to the contracting process. A “click-through” agreement is not the same as a “click-free” agreement, in which assent is implied or there is no bright unambiguous expression of assent.
Purpose: These Strategies are intended to assist business lawyers in developing click-through agreements in which the User clearly and expressly manifests assent to stated terms, thereby establishing one of the elements of contract formation. The principles in these strategies apply regardless of whether the User is the offeror or the offeree. Case law, statutes, and commentary on click-through agreements are still sparse. They have sufficiently evolved, however, to allow development of these Strategies for writing and formatting click-through agreements. Under these Strategies, the parties will more reliably mutually assent to the agreement, and courts will more likely conclude that their manifestations of assent constitute sufficient evidence of mutual assent between the parties in many, if not all, jurisdictions.
114 Christina L. Kunz, Maureen F. Del Duca, Heather Thayer and Jennifer Debrow, 2001. “Click-through Agreements: Strategies for Avoiding Disputes on Validity of Assent”, Business Law, 57, 401.
144 Electronic contracting: legal problem or legal solution?
Please note that valid assent may occur without adherence to these Strategies. Moreover, the Strategies should not be read to imply that the law ought to impose greater or lesser burdens on electronic contracting than it does on paper-based contracting.
Limitations on Scope: These Strategies are not the only way to accomplish mutual assent in a click-through agreement; each setting poses its own unique set of factual and equitable considerations, and the validity of assent will depend on the facts of each case. These Strategies do not address other doctrines related to contract formation such as unconscionability, consideration, mistake, fraud, and capacity. Nor do these Strategies resolve the issue of attribution (i.e., whether the assent is attributable to the User) or whether the use of an electronic agreement is effective under state laws that require certain types of agreements to be a particular medium or format.
Furthermore, in an online setting, contract formation may not be the only means of imposing rules, terms, and conditions; these Strategies do not address the validity of other options, e.g., notice or disclosure, property-based rights, etc. Finally, these Strategies do not necessarily apply to wireless application protocol devices, which may pose unique problems and require unique solutions for validly obtaining the assent of the User to contractual terms.
Intended audience: These Strategies are intended for attorneys advising clients and for other parties who are setting up proposed click-through agreements or are considering entering into click-through agreements.
Strategies
Opportunity to Review Terms
1. Viewing of Terms Before Assent: The User should not have the option of manifesting assent without having been presented with the terms of the proposed agreement, which should either appear automatically or appear when the User clicks on an icon or hyperlink that is clearly labeled and easily found. Place the means of assent at the end of the agreement terms, requiring the User at least to navigate past the terms before assenting. 2. Assent Before Access to Governed Item: The User should not be able to gain access to or rights in the web site, software, information, property,
145 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
or services governed by the proposed agreement without first assenting to the terms of the agreement. 3. Ease of Viewing Terms: The programme operating the click-through agreement should give the User sufficient opportunity to review the proposed agreement terms before proceeding. The User should be able to read the terms at his or her own pace; if the terms occupy more than one computer screen, the User should be able to navigate forwards and backwards within the terms by scrolling or changing pages. 4. Continued Ability to View Terms: Once the User views the terms, the User should be able to review the terms at later stages of the assent process.
Display of Terms
5. Format and Content: The format and content of the terms must comply with applicable laws as to notice, disclosure language, conspicuousness, and other format requirements. The terms should be clear and readable, in legible font. If the law requires specific assent to a particular type of term, the format of the assent process should comply with that requirement. 6. Consistency with Information Elsewhere: Information provided to the User elsewhere should not contradict the agreement terms or render the agreement ambiguous.
Acceptance or Rejection of Terms
7. Choice Between Assent and Rejection: The User should be given a clear choice between assenting to the terms or rejecting them. That choice should occur at the end of the process when the User’s assent is requested. 8. Clear Words of Assent or Rejection: The User’s words of assent or rejection should be clear and unambiguous. (a) Examples of clear words of assent include “Yes” (in response to a question about User’s assent), “I agree,” “I accept,” “I consent,” or “I assent.” Do not use vague or ambiguous phrases such as “Process my order,” “Continue,” “Next page,” “Submit,” or “Enter.”
146 Electronic contracting: legal problem or legal solution?
(b) Examples of clear words of rejection include “No” (in response to question about User’s assent), “I disagree,” “I do not agree,” “Not agreed,” or “I decline.” 9. Clear Method of Assent or Rejection: The User’s method of signifying assent or rejection should be clear and unambiguous. Examples include clicking a button or icon containing the words of assent or rejection, or typing in the specified words of assent or rejection. 10. Consequences of Assent or Rejection: If the User rejects the proposed agreement terms, that action should have the consequence of preventing the User from getting whatever the click-through agreement is granting the User. The User should not be able to complete the transaction without agreeing to the terms. For example, if the click-through agreement would grant the User use of a web site, software, or particular data, the consequence of the User’s rejection of the proposed terms should be to bar the User from that use. Likewise, if the click-through agreement would give the User rights to goods or services, the consequence of the User’s rejection of the proposed terms should be to eject the User out of the ordering process. On the other hand, if the User assents to the proposed agreement terms, the User should be granted access to whatever is promised in the agreement without having to assent to additional terms (aside from those that the User specifies in the ordering process). 11. Notice of Consequences of Assent or Rejection: Immediately preceding the place where the User signifies assent or rejection, a statement should draw the User’s attention to the consequences of assent and rejection. Examples of notice of assent consequences include: “By clicking ‘Yes’ below you acknowledge that you have read, understand, and agree to be bound by the terms above” or “These terms are a legal contract that will bind both of us as soon as you click the following assent button.” Examples of notice of rejection consequences include: “If you reject the proposed terms above, you will be denied access to the [Web site, software, product, services] that we are offering to you.”
Opportunity to Correct Errors
12. Correction Process: The assent process should provide a reasonable method to avoid, or to detect and correct, errors likely to be made by the User in the assent process. A summary of an online order preceding assent is one such means.
147 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Keeping Records to Prove Assent
13. Accurate Records: Maintain accurate records of the content and format of the electronic agreement process, documenting what steps the User had to take in order to gain access to particular items and what version of the agreement was in effect at the time. If necessary, for proof of performance, link the User’s identity to his or her assent by maintaining accurate records of the User’s identifying information, the User’s electronic assent to the terms, and the version of the terms to which the User assented. Be sure to comply with applicable privacy laws. 14. Retention and Enforceability: To meet any legal requirement that a record of the agreement be provided, sent, or delivered, the sender must ensure that any electronic record is capable of retention by the recipient. In addition, for an electronic record to be enforceable against the recipient, the sender cannot inhibit the recipient’s ability to print or store the electronic record. 15. Accuracy and Accessibility after the Assent Process: If applicable law requires retention of a record of information relating to the transaction, ensure that the electronic record accurately reflects the information and, if required, remains accessible to all persons entitled to access by rule of law for the period required by the rule of law in a form capable of accurate reproduction for later reference.
148 Current challenges of developing a legal infrastructure for securing e-commerce
V. CURRENT CHALLENGES OF DEVELOPING A LEGAL INFRASTRUCTURE FOR SECURING E-COMMERCE115
By Harry SK Tan116
A. Background: the cybercrime threat to e-commerce
In the relatively short time since the introduction of user-friendly web technologies, the Internet has succeeded in altering the way people live, study, teach, communicate, spend money and carry on business in many positive ways. There is a growing reliance on these online products and services by users and as a result, businesses are going online in response to the market demand. However, even as businesses identify new opportunities, criminals have also recognized the potential for crime through the new electronic medium. This growth in the incidence of cybercrimes and security incidents fundamentally undermines the trust needed for commerce to grow on the Internet.117
As captioned in Peter Steiner’s famous cartoon in The New Yorker in July 1993, “On the Internet, nobody knows you are a dog”. He succeeded in identifying the core cause of a multitude of problems that e-commerce faces today. The new communications technologies allow almost anyone, especially a criminal to pass himself off deceitfully as someone trustworthy and reliable for the purpose of personal gain.
Conversely, without specific technologies such as public key infrastructure and digital signatures, proving one’s identity to strangers online is a near fruitless exercise. While such security technologies are able to resolve identity issues, it has proven both difficult and expensive to implement them successfully.118
115 The information provided in this article is not intended to be nor is it a substitute for formal legal advice, but is only intended as a general guide and discussion of the issues involved and is non-exhaustive. Readers should consult qualified legal professionals for advice in relation to their e-commerce issues. 116 Director of the Centre for Asia Pacific Technology Law and Policy, Senior Fellow at the Intellectual Property Academy and Associate Professor of Law at the Nanyang Business School, Nanyang Technological University, Singapore. 117 The Carnegie Mellon CERT Coordination Centre reported that there were 82,094 security incidents in 2002 and 137,529 cases in 2003, an increase of 67 per cent. 118 John Leyden, 2000. “PKI: the key to e-success?” VUNET.com, 9 August. It is estimated that a pilot PKI implementation will cost from US$ 80,000 to $120,000.
149 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Another dimension of the problem in making e-commerce secure is the openness of the technology that continues to be evolving. Reports continue to be made of new and ingenious ways in which cybercriminals or hackers gain access to servers and computer networks with ease through poorly configured and un-patched operating software and applications.
The growth of business online with the increasing sophistication of technology coupled with the general low level of user understanding and knowledge of electronic security provides an ideal environment for the commission of cybercrimes.
In general, criminals commit crimes for all kinds of reasons or motives. Their continued involvement in criminal activity is probably due to their belief that they will be able to get away without being suspected, apprehended or even identified. While criminals may have their reasons for being deluded about their abilities to commit crimes in real space, many have found that crimes are much harder to prevent or detect when committed in cyber-space or the virtual world. Cybercrimes allow the perpetrator to be in a location some distance away from the act itself, which makes it difficult to conclusively identify and apprehend the perpetrator.
Fortunately, businesses have since realized that it is necessary to be in step with new technologies being developed for the prevention of online crime. This includes providing consumers with basic safeguards such as passwords, system firewalls, Secure Sockets Layer (SSL) sessions and payment systems that provide a generally high level of security, but at a low cost to the consumer. Many of these new technologies are efficient in performing for their designed function, such as directly securing the information and transactions exchanged. Unfortunately, they are not able to provide a guarantee to the unwary merchant or customer against being defrauded by astute cybercriminals. In view of such security concerns and the increasing reports about the number of cybercrimes and cases of fraud, consumers generally hesitate to disclose personal and credit card data on the Internet.
When the cybercriminals hack directly into systems and networks that have not been secured, businesses face loss of proprietary data, intellectual property, and online access to customers and suppliers due to breaches and service interruptions.
In order that the Internet can contribute to economic growth and human development, it must be trustworthy and secure. Lack of trust and security jeopardizes development goals that could be supported by a widely accessible and widely trusted Internet.
150 Current challenges of developing a legal infrastructure for securing e-commerce
B. Factors contributing to the growth of cybercrime
The growth of cybercrime can be attributed generally to the following main factors.
1. Technology: The easy availability of new technologies with high operational speeds, capacity and connectivity makes it easier for unlawful activities to escape detection. Conversely, the majority of cybercrime victims are not sophisticated technologically or well equipped to prevent, detect or deal with computer crime. 2. Low Levels of Awareness: Lack of awareness about how to maintain a minimum level of security with regard to personal information or electronic property presents an opportunity and identifies targets for the cybercriminals. 3. Fear of adverse publicity: In some cases when a crime is detected, businesses have been reluctant to report criminal activity because of concern about the adverse publicity, which can cause embarrassment, loss of public confidence, loss of investors or economic repercussions. 4. Outdated laws and regulation: Criminal laws in some jurisdictions have not kept up with the challenge of new technologies. While some countries may have addressed the threat, some laws already need to be amended to address new kinds of cybercrimes. Only a few countries have attempted to address the issue of prosecuting cybercrimes committed by criminals from another jurisdiction. 5. Law enforcement agencies: Many law enforcement agencies lack the technical expertise as well as sufficient regulatory powers or equipment to investigate and prosecute cybercrimes.
C. Types of cybercrime
Cybercrime or computer-related crime is a collective description covering a myriad of online offences.119 A sample listing of crimes commonly committed include:
1. Web site defacement or vandalism, 2. Denial of service attacks on web sites and online services,
119 See http://www.ftc.gov.
151 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
3. Theft of customer data, 4. Theft of electronic intellectual property, 5. Theft of Internet and telephone services, 6. Sabotage of data or networks, 7. Financial and online securities fraud, 8. Forgery, illegal interception and identity theft, 9. Payment card fraud and e-funds transfer fraud, 10. Pornography, including child pornography and cyber-stalking, 11. Online gaming and betting, 12. Commercial and corporate espionage, 13. Extortion and criminal conspiracy communications, and 14. Disruption of essential or critical network services.
Not all of these cybercrimes require illegal access to computers, however. One example is online fraud, which is a more elegant crime in that it usually does not require the criminal to attack the security system, but to work around it. Similarly, a deception perpetrated by using computer or electronic communications in the course of an online transaction would be an online fraud. Online fraud can be committed within Internet relay chat rooms, via electronic mail, message boards or on web sites.
D. Who are the cybercriminals?
Cybercriminals are people capable of illegally gaining access to computers and servers to commit these crimes and they are commonly called hackers and crackers. They are considered as skilled individuals who are capable of the more technical cybercrimes. However, this type of cybercriminal is longer the norm. While most still work independently, there are growing concerns about organized crime using the new technologies to commit cybercrimes.120 Cybercriminals can now be categorized into three groups according to their motivation:
120 “Organized Crime and Cybercrime: Synergies, Trends, and Responses” Global Issues, August 2001 United States Department of State Electronic Journals. http://usinfo.state.gov/journals/itgic/0801/ijge/ gj07.htm
152 Current challenges of developing a legal infrastructure for securing e-commerce
(1) Cybercriminals wanting recognition are (a) hobby hackers, (b) IT professionals, (c) politically motivated hackers and (d) terrorist organizations. (2) Cybercriminals who do not want recognition are (a) financially motivated hackers (corporate espionage), (b) state-sponsored hacking (espionage and/or sabotage) and (c) criminals belonging to organized crime groups. (3) Insider Cybercriminals can be (a) disgruntled or former employees seeking revenge and (b) employees used by competing companies to gain economic advantage through damage and/or theft.
E. Requirements for effective legal infrastructure to secure e-commerce
A regime or programme to create an effective infrastructure for securing e-commerce requires concerted and comprehensive development of several elements, including laws, policies, industry self-regulation, technical standards and law enforcement.121 Together these elements can provide a positive environment and infrastructure to support the legal growth of e-commerce with a reduced threat from criminals.
1. Empowering and equipping law enforcement
To meet the threat of electronic crime, law enforcement agencies all over the world are developing highly trained and well-equipped law enforcement officers to handle the increasing sophistication and international reach of cybercrime and fraud on the Internet. Officers on such teams would be trained about the latest technologies and know-how in computer forensics. Specifically, they are given appropriate training in the investigation, collection of electronic evidence and prosecution of electronic crimes. The training would be on a regular basis to counter the rapidly evolving nature of computer technologies.
Due to the technical complexities and the grave legal issues raised by such crimes, each jurisdiction is developing the necessary teams of experts who are able
121 One recent effort was the draft action plan on cybercrime and information security for the Asia-Pacific region adopted at the Asia-Pacific Conference on Cybercrime and Information Security, held from 11 to 13 November 2002, Seoul, Republic of Korea.
153 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs to dedicate themselves to the investigation and prosecution of cybercrime.122 The online customer could patronize any virtual shop on the Internet at all hours of the day, which means that enforcement agencies should have investigation experts available 24 hours and seven days a week.
In addition to domestic training, agencies also receive international exposure at internationally conferences or training sessions that cover the latest innovations and technologies or criminal investigation techniques. Coordinated training sessions between nations would be of great benefit to ensure that new information and methods are being shared quickly among neighbouring countries.
2. Public education, training and cybercrime reporting
Consumer education is considered as more effective than any law enforcement action to prevent cybercrime or fraud through the Internet. Consumers need to be empowered through education about how to enjoy safely transacting on the Internet. The effort to provide consumers with the necessary education should be increased through the combined efforts of government, business, and consumer groups. There should be organized programmes for teachers and parents to supervise and guide children in the responsible use of the Internet as a tool for studies and entertainment.
Various technological and non-technological tools can be used to protect children from the risks of cybercrime. These tools include blocking and filtering software and following safety tips when using the Internet. Several web sites give parents tips and guidelines to promote safer Internet experiences for their children.123
The Internet can be used to disseminate information to the public on fraud, privacy and technology-related issues. This is an important tool because the information can also reach potential fraudulent persons and businesses, thus serving as deterrence. The Internet as a forum for such messages is also a low-cost effective way to reach a consumer base that is large and more or less unlimited.
122 One example is the Federal Trade Commission (FTC) which formed an Internet Rapid Response Team; or the Singapore Criminal Investigation Department’s Technology Crimes Branch. 123 www.getwise.org, www.cyberangels.org, www.parentech.org, www.safekids.com
154 Current challenges of developing a legal infrastructure for securing e-commerce
Continuing education programmes for public and private sector workers who use computers can teach the current best practices as well as how to comply with their organizations’ security policies. The education programme should also include how each person can be empowered to report known cybercrimes to employers or directly to the correct law enforcement agency when personal computers are affected.
F. International standards and best practices to secure computers and networks
It is unfortunate that the law alone cannot make networks and computers more secure. Even when strong and effective laws are enacted and enforced, the physical security and the management of security must be in place to prevent security breaches. While businesses may demand software houses, solution providers and manufacturers to provide more secure products, security inevitably involves a continuous process within each organization. Governments also have to consider their internal network security management as a process that requires constant care and attention.
Countries have begun to review and investigate what needs to be done to address the problem in both the public and private sector.124 The governments of member countries in the Organization for Economic Cooperation and Development (OECD) drew up “Guidelines for the Security of Information Systems and Networks”.125 The guidelines were designed to develop a culture of security for government, business and private users in an environment where communications networks are expanding worldwide, interconnectivity across national borders is increasing, technologies are converging and personal computers are become more powerful.
One important and widely accepted standard for information security is ISO 17799, “Information technology Ð Code of practice for information security management”.126 Such internationally recognized standards are useful because there is a certification process in order to maintain the high standards needed to keep networks safe from harm. In addition, they provide assurance to clients and customers that the organization has established the best information security practices.
124 “eEurope 2005: Action Plan”
155 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
G. Effective cybercrime legislation
As part of the global efforts to promote e-commerce trust and confidence, every nation should have basic criminal laws against activities that attack the confidentiality, integrity or availability of computer data, computer systems and electronic networks. In order to fight cybercrime, there is a need to clarify what constitutes an offence or a crime, especially in a global context when prosecution of transnational illegal activities would be expected. Governments should agree on the definitions of certain crimes committed in the Internet environment. Laws would need to be enacted to criminalize hacking, illegal interception, interference with the availability of computers and networks and unlawful access to systems.
An attempt to address the international nature of cybercrime and develop a common standard for cybercrime law was made by the Council of Europe (COE) in the Convention on Cybercrime that was publicized in its final form in June 2001.127 The Commonwealth also published a Model Law on Computer and Computer Related Crimes that was published in October 2002. The model law was developed by an expert group while reviewing the details of the provisions in the Convention on Cybercrime.
The main intent of the COE Convention is to pursue a common criminal policy aimed at the protection of society against cybercrime, by adopting appropriate legislation and fostering international cooperation, among other activities. The Convention includes a list of crimes and requires that certain activities be criminalized. These include such activities as hacking (including production, sale or distribution of hacking tools); offences relating to child pornography and expanded criminal liability for intellectual property violations. It also requires each signatory state to implement certain procedural mechanisms within their laws.128 There are provisions for government surveillance powers as well as the duty of governments to help each other gather evidence and enforce laws.
Finally, the Convention requires signatory states to provide international cooperation to the widest extent possible for investigations and proceedings concerning criminal offences related to computer systems and data or for collecting evidence in
127 The Convention can be found at
156 Current challenges of developing a legal infrastructure for securing e-commerce
electronic form of a criminal offence. Law enforcement agencies will have to assist police from other participating countries to cooperate with their requests for assistance in the pursuit of criminals across national borders, something that is common in Internet crime.129
H. International cooperation of law enforcement agencies
For the growth of online commerce to continue, genuine businesses and consumers alike must feel confident that the Internet is safe from cybercrime. The Internet gives criminals the ability to appear suddenly, commit the crime quickly, then disappear without revealing their true identity or location. These criminals are often located in a foreign jurisdiction. Thus, law enforcement officers must move just as quickly to stop them and cooperation is often required from a spectrum of organizations representing government, businesses and consumer groups in the various countries. Greater cooperation and communication among international law enforcement agencies is required in order to apprehend international cybercriminals,. Any collaboration among international agencies would also include the establishment of databases, joint law enforcement and joint projects.
It is unfortunate that many countries do not have the laws or the necessary skilled law enforcement personnel to deal with computer-related crime. This undercuts efforts to battle a growing threat. It is important to ask what would be the best strategy to protect businesses and consumers from the proliferation of cybercrime in its myriad forms. Coordination between countries in the enforcement of laws against illegal conduct on the Internet is certainly laudable. However, this is likely to be rather difficult to achieve in practice. From an Internet user’s perspective, geographical and national borders are almost non-existent. With the new technologies, cybercriminals do not have to be in the same country as the victim of the fraud in order to commit it.
The victim and the criminal might be located in two different jurisdictions, and this means that governments need to review the traditional methods used to investigate conventional fraud offences. A formal mechanism should be in place for people to seek assistance and prosecution by enforcement agencies in different jurisdictions rather than leaving it to the vague practice of professional courtesy. Furthermore, if there is no formal arrangement for mutual legal assistance in such investigations, cases might be given a lower priority if a victim lives outside the
129 The Convention has had its detractors, however. See
157 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs jurisdiction. Accordingly, it would be ideal for a central cybercrime body to be set up to coordinate the efforts of all the agencies and eliminate the duplication of efforts.
I. Conclusions
If criminals are willing to invest in technologies and adapt them to commit crimes in new and unfamiliar ways, it is inevitable that the law will take some time to catch up. While it is not possible to completely eradicate cybercrime, it is possible to dramatically reduce it. This can be done through vigilant public education, industry leadership in standards development and compliance and using effective security technologies as well as having law enforcement agents equal in technical skill to the cybercriminals. However, one of the most critical elements in the scheme of cybercrime management is the establishment of a balanced common standard for countries to cooperate on cybercrime law and prosecution.
158 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
PART THREE
159 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
I. CAPACITY-BUILDING FOR HARMONIZED DEVELOPMENT OF E-COMMERCE LEGAL SYSTEMS IN ASIA AND THE PACIFIC
by Roland Amoussou-Guenou and Yann Duval
Introduction
E-commerce and ICT are now widely acknowledged by the international community as important instruments for economic development. E-commerce offers an important vehicle for local businesses to access international markets and reduce transaction costs, thus facilitating trade for developing and least developed countries (LDCs).1 As large companies begin to require their partners to communicate business information via electronic means, enterprises in countries that do not have these capabilities would be at a competitive disadvantage. A major obstacle to the development of ICT solutions has been the lack of a legislative foundation.
Various organizations have already developed model laws on e-commerce in response to increasing concerns that inappropriate legal and regulatory systems might constitute a serious impediment to e-commerce. Examples include the 1996 UNCITRAL Model Law on E-commerce and guidelines such as the OECD Guidelines on E-commerce. While many countries in Asia have used these model laws or guidelines as references when they design e-commerce legislation, the national e-commerce legal and regulatory systems throughout the region remain strikingly different.2 Such differences in development and application of e-commerce laws and regulations across the region could increase uncertainties and risks associated with electronic trading and commerce systems, thereby slowing their adoption, particularly by small and medium-sized enterprises (SMEs).
1 Regional Conference on Digital GMS organized by the Greater Mekong Subregion Academic and Research Network and ASEAN Foundation, 26-28 February 2003, Asian Institute of Technology. UNCTAD, 2002, E-commerce and Development Report 2002, New York and Geneva: United Nations. (UNCTAD/ SDTE/ECB/2.) http://www.unctad.org/ecommerce 2 In spite of existing regional initiatives such as the E-ASEAN Task Force, LDCs in Asia have not yet adopted laws on e-commerce. In addition, different concepts, scope and objectives in existing laws on this issue among countries present serious obstacles to harmonization and e-trade facilitation.
161 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
In order to identify the capacity-building needs for the harmonized development of e-commerce legal systems in the region, selected participants to the Regional Expert Conference on Harmonized Development of E-commerce Legal Systems in Asia-Pacific, were invited to submit short papers on the status of e-commerce legislation in their country and related capacity-building needs. This paper presents a summary of the information collected for the conference.
A. Capacity-building needs for developing the e-commerce legal system: highlights of country papers
More than fifteen papers were received from participants of countries in the region. As shown in table 6, most countries in the region still lack a basic legal framework for e-commerce. A country-by-country summary is presented in this section and focuses on capacity-building needs.
Table 6: Status of e-commerce legislation in selected Asian and Pacific countries
Status of E-commerce Legislation Armeniaa Draft Law on Electronic Commerce Draft Law on Electronic Documents Bangladeshb Draft Electronic Transaction Act Bhutan b Draft Information Communication and Media Act India Information Technology Act (2000) Indonesia a Draft Bill on Electronic Information and Transactions Kazakhstan a Law on “Informatization” (2003) Law Electronic Document and Digital Signature (2003) Malaysia b E-Signature Act (1997) Draft Electronic Commerce Act Maldives b Draft E-commerce Law Mongolia a Draft Law on Electronic Signature Draft Law on Electronic Transaction Myanmar b Electronic Transactions Law (2004) Nepal a Electronic Transaction and Digital Signature Act (approved by cabinet but not yet ratified by parliament as of July 2004) Lao People’s Democratic Republic Drafting of E-commerce law (early stage as of July 2004) Pakistan b Electronic Transaction Ordinance (2002) Philippines a Law on E-commerce (2000) Sri Lanka b Draft E-commerce law (preliminary stages as of July 2004) Timor-Leste a No E-commerce Law or Draft Viet Nam a Draft Electronic Transactions Law Note: a Civil law system b Common law system
162 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
1. Armenia
The drafting of e-commerce related laws to enable e-transaction is acknowledged as a necessity to promote e-commerce, as is the need to complement the legislative work with training programmes for the legal professionals. In that respect, e-commerce and e-signature laws are under way, on the basis of the related EU directives.
According to Aram Mailian, Head of Department of Information Technology Development, Ministry of Trade and Economic Development, the lack of legal framework and vague provisions on online transaction is a serious impediment for development of e-commerce in Armenia. In September 2001, the Ministry of Trade and Economic Development introduced a draft Law on Electronic Commerce and a draft Law on Electronic Document with the basic principles laid down in Directive 1999/93/EC of the European Parliament and of the Council on Community Framework of Electronic Signature. Although Armenia is not fully integrated in the structure of the EU, in accordance with the Partnership and Cooperation Agreement (PCA) between Armenia and EU Member States, Armenia has an obligation to approximate its legislation to that of the EU Law in certain fields. While the issue of e-commerce was not explicitly mentioned in Article 43.1 of the PCA, the provision on business rules in the article suggests the necessity to harmonize Armenian Legislation on E-commerce with that of the EU.
Armenia thus faces the challenge of harmonization with the EU legal system as well as with the laws and regulations of countries in Asia and the Pacific. Training programmes for legal professionals in Armenia should take into account the need for harmonization with EU directives.
2. Bangladesh
As reported by Md. Sirajul Islam, Additional Secretary, Ministry of Commerce, an absence of e-commerce legal instruments has been acknowledged, leading to uncertainties for business and slow development of e-commerce. However, an Electronic Transaction Act has already been drafted and is expected to be enacted soon.
Key legal issues in this area in Bangladesh may be summarized as follows:
(a) electronic documents/communications not legally accepted as official, (b) no law against cyber crime,
163 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
(c) no law for electronic authentication, (d) no electronic certification authority.
While legal instruments are totally absent, technological infrastructure is in place. However, without creating a legal framework for electronic transaction in the country, real online transaction is impossible.
It was further argued that e-commerce and e-governance cannot be addressed separately because various government and private organizations are involved in business operations (such as customs clearance). This may need to be reflected in the design of the capacity-building programmes for legal professionals.
3. Bhutan
Even though e-commerce and e-payment have been described as non-existent, a Bhutan Information Communication and Media Act has been drafted which addresses e-commerce, e-signatures, online privacy, and information security issues. The law was expected to be passed in the next Session of the National Assembly. However, the need for human resource capacity development is reportedly great, especially for policy makers and regulators.
According to Cheda, Legal Officer, Ministry of Information and Communications, at present the number of IT professionals is negligible, about 225 people. There is only one lawyer in the Ministry of Information and Communication and no lawyers in the Bhutan Communications Authority and the Department of Information Technology. Hence, there is an acute shortage of trained manpower. There is an urgent need for the human resources development in the government, prior to the start of e-commerce. People need to be trained and made aware of all legal, regulatory and other implications of e-commerce.
4. India
Justice Vikramajit Sen, High Court of Delhi, reported that while efforts to achieve international legislative agreements are extremely time consuming, once a legal dispute is ventilated in a court of law it has to be decided by the presiding judge, regardless of whether a statute or an international convention or regulation is available for application. Experience has shown that usually a plethora of precedents has already evolved well before legislative action comes to fruition. Although absolute and rigid uniformity in judicial decisions is neither attainable nor desirable since it
164 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
would leave no room for change, it seems to be imperative that judges from every ESCAP member country should be involved and kept abreast of developments in this new but fast expanding field of law.
India is among the leading countries in e-commerce legal system development in South Asia. E-commerce related laws exist and have been implemented. According to Justice Sen, the focus should be on the training of judges to keep them abreast of developments in e-commerce, and not necessarily on the development of new laws. In fact, Justice Sen argued that one can decide cases even if no comprehensive e-commerce laws exist, if necessary based on court cases and jurisprudence from other countries. Given the regional influence of India as well as the rapid growth in e-transactions in this country, training of legal professionals with this view may be key to harmonized development of e-commerce legal systems in the region. It should be noted that this view is applicable in a common law system in which judges have broader powers, but may not work in a civil law system where judges are required to apply the law with few exceptions concerning the power of interpretation. Thus, common law judges seem better equipped to address the expanding e-commerce related legal cases in the absence of appropriate legal provisions.
5. Indonesia
The national ICT Strategy of the government of Indonesia includes the establishment of a legal infrastructure to create an enabling, secure and predictable environment for e-commerce. Indeed, the paper presented by Cahyana Ahmadjayadi, Deputy Minister for ICT Infrastructure, Ministry of Communication and Information, acknowledges that the current regulations and legal infrastructure were drafted and designed well before electronic transactions and e-commerce techniques became feasible. Hence an effective, clear, transparent, reliable, equitable and predictable set of legal and regulatory solutions is needed in order to provide the level of confidence necessary for current e-commerce practices. It needs to be understandable by the judiciary, legal practitioners, the business community and citizens alike. All must be confident that the laws will be fairly upheld and administered and that redress is swiftly and equitably available.
While the paper did not explicitly refer to capacity-building of the legal professionals, there was some emphasis on the need for every stakeholder, including the general public to be aware and understand the laws and regulations, as one of the key objectives of the legal infrastructure on e-commerce was to raise public confidence, trust and security. This suggests that the issue of raising awareness of the public on
165 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs e-commerce laws and regulations may needs to be addressed in the training programmes for policy makers and regulators.
6. Kazakhstan
The paper contrasts the relatively abundant access to technology with the lack of professional and insufficient number of specialists on e-commerce. Andrew P. Beklemishev, Independent E-commerce Consultant, reported in his paper that access to technology in Kazakhstan is abundant, although there is a lack of professionals to use information technology. The number of legal and technical e-commerce (and ICT) specialists with international experience and foreign language skills is insufficient, both at the national and regional levels. This undermines Kazakhstan’s ability to learn and apply international best practices Ð both in the areas of policy making and technology. There is also a sharp need in e-commerce awareness raising campaigns Ð both for the government employees and common citizens.
The paper suggested that the legislative base for e-commerce needs to be created in conjunction with the training of the legal professionals based on international standards and best practices. The issue of Kazakhstan’s future accession to the World Trade Organization and the possible implications on e-commerce laws and regulations were also given attention. These implications may need to be addressed in capacity-building programmes for legal professionals.
7. Lao People’s Democratic Republic
Lao People’s Democratic Republic is committed to develop its e-commerce legislation by the end of the year 2005. It requested technical assistance from ESCAP and other relevant organizations to draft e-commerce related laws in early 2004. Mr. Somlouay Kittignavong, Deputy Director General, Department of Science and Technology, Science Technology and Environment Agency (STEA), explained that e-commerce legal and regulatory systems are important elements to create and facilitate the growth of e-commerce in the country.
Mr. Kittignavong further suggested that regional capacity-building activities are of particular interest to the Lao People’s Democratic Republic and other least developed countries. Such activities allow for interactions with participants and government officials from other countries in which the e-commerce legal systems are more developed.
166 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
8. Malaysia
The development of the ICT legal infrastructure started with the signature of the Malaysian Digital Signature Act in 1997 and its adoption in 1998. Currently, an e-commerce Act which purpose is to fulfill the legal requirements and to enable and facilitate commercial transactions by electronic means is underway. The paper presented by Seong Gnoh Chan, Senior Federal Counsel, the Advisory Division, Attorney General’s Chambers, noted the importance to develop a common understanding of the subject matter. He observed that the understanding of the e-commerce laws and the provisions of the model laws are based on the individual’s understanding and interpretation of the laws and the discussions and knowledge sharing among the lawmakers.
Lawmakers are aware of the acute need to have a common understanding of the subject matter and the regulatory systems involved among the legal professionals, be it within and across the sovereign borders, in order to provide certainty and confidence to contracting parties.
The paper acknowledges wide variations in levels of understanding of IT and e-commerce laws among the lawyers. Some are up-to-date with current legal issues in e-commerce while others are not prepared to accept the fact that the e-commerce activities have brought about new legal issues with which they need to keep abreast. The Malaysian Bar Council and the local bar committees have taken some initiatives to better equip the lawyers to face the challenges of the ICT environment and the impact it has on the legal profession.
In order to increase the knowledge of the legal framework of e-commerce and to achieve a harmonized understanding of the laws, it is recommended that intensive and comprehensive discussions on the salient provisions of e-commerce laws, in particular the UNCITRAL model law and the common issues and challenges involved, be organized by ESCAP. This can be done through short term courses or conferences. Due to limited resources which allow only a limited number of participants per country, the country’s participants should be encouraged to disseminate any knowledge gained at the discussions to other legal professionals in the country. This could be done by sponsoring local conferences or discussions on the knowledge gained. It is also recommended that the capacity-building programme for the judges should range from the most basic elements of e-commerce laws to the discussions of issues and challenges. It is recommended that any programme for the law-makers and judges
167 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs be discussed with Institut Latihan Kehakiman dan Perundangan (ILKAP) as it is the institution charged with the responsibility of training the judicial and legal officers.
Given the relatively advanced stage of Malaysia e-commerce legal system, regional or subregional training programmes for legal professionals may be organized by ESCAP in cooperation with the government of Malaysia and ILKAP.
9. Maldives
Some forms of e-commerce take place in Maldives, but no legal instruments on e-commerce currently exist. In order to create and promote e-commerce in a friendly environment, new regulations were being drafted under the responsibility of the Ministry of Communication Science and Technology (MSCT) and the National Centre for Information Technology (NCIT), in cooperation with the business community. A draft e-commerce law was reported to be under review. However, e-commerce remains a very new concept for the most legal professionals in the Maldives.
According to information reported by Mohamed Shareef, Systems Administrator/ Head of Networks, National Centre for Information Technology, Republic of Maldives, all parties involved (including judges and other legal personnel) need to be trained to become familiar with the concepts of e-commerce. This is of great importance given the fact that the majority of judges have been locally trained and those trained abroad were trained when e-commerce was not as well known. The current set up for refresher courses and programmes for presiding judges does not include new concepts such as e-commerce.
Solutions could include (a) training the trainers and conduct training locally in Dhivehi, (b) translating and incorporating necessary material into the syllabus of training institutions and (c) having programmes to upgrade English language skills of lawyers and judges. Institutions of legal training institutions are relatively new and they require expert training personnel, teaching materials, reading/reference material (library) and technical assistance in preparing syllabuses. Members of these institutions also need an introduction to the concepts of e-commerce and related legal, policy and implementation issues, as well as information on best practices from regional and international experiences.
The paper by Mr. Shareef suggested that the legal training programmes be targeted at all levels of the legal infrastructure, including judges, lawyers and NGOs. In addition, the programmes would have to take into account the fact that the Maldives
168 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
legal systems are based on Islamic law on the one hand and common law on the other hand.
10. Mongolia
The adoption of an ICT Strategy 2010 by the Government of Mongolia indicates the importance of ICT issues and e-commerce. The Telecommunication Law adopted in 2001 has been the only ICT law currently available in the country. However, Mongolia was currently in the process of drafting e-commerce laws and regulations.
As reported by P. Gansukh, Deputy Director, Multilateral Cooperation Department, Ministry of Foreign Affairs of Mongolia, the Policy and Coordination Department for ICT of the Ministry of Infrastructure is the key government body that regulates in the ICT sector. The department is responsible for policy formulation, strategic planning and supervising implementation. The Policy and Coordination Department has been working on e-commerce legal issues in close cooperation with the relevant ministries, private sector and NGOs.
Legal expertise, consultancy and technical assistance from international and regional organizations, including ESCAP, would provide important assistance in elaborating and enacting appropriate legislation on e-commerce since it is a relatively new sector for Mongolia. Serious attention is required for capacity-building needs for judges and lawyers in Mongolia. When relevant laws on e-commerce are enacted in the future they would need to understand the basic principles of e-commerce, acquire the basic knowledge for dealing with e-commerce-related claims in order to advise, consult with and defend their clients.
11. Myanmar
The cyberlaw programme launched in 2002 suggests strong political will to promote e-commerce and harmonize the related legal system with other ASEAN member countries.
Mr. Minn Minn, Assistant Director, Ministry of Commerce of Myanmar reported that a comprehensive cyberlaw would have three main components: (a) Electronic Transaction Law, (b) Telecommunications Law and (c) Science and Technology Law to cover elements such as digital signature, payment gateway, certification authority, intellectual property rights, cyber-security and crime. Drafting these laws has already been accomplished and the Cabinet approved and began implementation in April 2004.
169 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Local legal experts have been working with foreign experts to organize workshops and training programmes to support the drafting process. The training has been conducted with the cooperation of organizations such as the e-ASEAN Task Force, JICA and Multimedia Development Corporation of Malaysia.
The Myanmar Electronic Transaction Law is based mainly on the current nature of electronic transactions and prevailing circumstances in Myanmar. The law provides for the creation of organs like the Central Body and Certification Authority for regulation of electronic transactions.
Some legal training appears to have taken place during the drafting process of the cyberlaws. Therefore, future capacity-building programmes proposed by ESCAP should take into account training already received. It might be worthwhile to target legal professionals who may not have benefited from earlier training, including judges and lawyers rather than regulators or drafters of laws.
12. Nepal
Two papers about the e-commerce and ICT situation in Nepal placed great emphasis on the need to develop adequate basic and ICT infrastructures. As evidence of the gap, only about twenty per cent of people in Nepal had access to electricity. It was also necessary to establish a legal basis for e-commerce.
As observed in the paper by Govind Prasad Kusum, Joint Secretary, Ministry of Industry, Commerce and Supplies, despite the potential, the biggest hurdle in e-commerce has been the complete lack of cyberlaw in Nepal. Four years after the IT Policy 2000 Declaration, Nepal still has not been able to introduce legal acts regarding e-commerce and the use of information technology. However, the cyber act in the form of the Electronic Transaction and Digital Signature Act has already been approved by cabinet decision. It still has not been transformed into law due to the prevailing political situation and the need for ratification by the parliament. In order for e-commerce to flourish along with the enactment of the proposed cyberlaw, relevant banking laws must also be amended to accommodate payment through credit/debit cards for both domestic and international e-commerce.
In the second country paper, it was noted that in addition to setting up a basic legislative framework for e-commerce, the importance to develop both the technical and legal capacity of government officials was highlighted by Uddhab Kumar Adhikari, Director of the Department of Industries, Ministry of Industry, Commerce and Supplies.
170 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
Indeed, some basic technical knowledge of e-commerce would be necessary to understand the possible legal issues and solutions. Therefore, capacity-building programmes for the development of the e-commerce legal system might need to start with overviews of relevant e-commerce related technologies and systems.
13. Pakistan
Pakistan probably has one of the best legislative foundations for e-commerce in the region. As early as 2002, an electronic transaction ordinance (ETO) was promulgated to promote confidence in the use of information technology in private and public affairs. The provisions of the ETO addressed transactional as well as non-transactional and criminal issues related to the information society. However, according to Mansour Ahmad Bajwa, Deputy Secretary, Ministry of Commerce, the ETO will not be enough to fully support e-commerce unless the special needs of the banking sector are acknowledged. The legal issues relating to banks are identified in the areas of inter-bank payment systems; consumer e-banking; Internet banking; digital cash; confidentiality and data protection; and evidence and security. There is also a need to have a deeper look into the relations between financial institutions, traders and service establishments and the consumer.
It was concluded that for the government to sustain and succeed in its commitment to develop e-commerce, it is essential to have trained manpower in all of the highly technical and specialized areas in general and especially on the regulatory and legal side to put into place effective laws to help provide a secure online transaction system. Pakistan would benefit immensely from capacity-building and specialized training for all stakeholders comprising of the different branches of the legal community vis-à-vis representatives from the legislature, the prosecution side, lawyers and the judiciary in its endeavors to promote e-commerce in the country.
ESCAP capacity-building programmes might need to take into account the advanced stage of development of the legislation in both India and Pakistan. This could help in examining how the development of e-commerce legal systems could be harmonized in a manner consistent with both countries’ existing legislation.
14. Philippines
According to Kathleen G. Heceta, Deputy Commissioner, National Telecommunications Commission, the passage of the law on e-commerce on 14 June 2000 provided the enabling environment, legal and regulatory framework
171 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs governing commercial as well as non-commercial transactions through the Internet. By accelerating the promotion and implementation of e-commerce in the country, there would be greater opportunities to accelerate and open vast opportunities for global trade and economic growth. However, no specific capacity-building needs were mentioned in the paper.
15. Sri Lanka
The paper by K.T. Chitrasiri, High Court Judge, Commercial High Court, Colombo suggested that existing laws did not provide an adequate legal framework for e-commerce activities. The government of Sri Lanka was in the process of introducing a new set of laws in line with the UNCITRAL model law on electronic commerce. The government was also in the process of introducing an enactment to prevent computer crimes as well as a new data protection law. These efforts were still in the preliminary stages, however.
While acknowledging the importance of developing a sound legal basis for e-commerce, the other area that should be the focus of attention is the promotion of education among groups such as lawyers, judges and the business community. At present, the subject of e-commerce was not included as a subject either in the Faculty of Law or the Law College, the two main institutions responsible for teaching law in Sri Lanka. Therefore, it would be best that the subject of e-commerce be introduced to the syllabi of those institutions. This type of education could also be promoted by introducing a new course at a higher level, such as a diploma for legal practitioners. Although about 500 people were enrolled as lawyers annually in Sri Lanka, the number of lawyers who were engaged in the dispute resolution mechanism in the field of commercial law was very small. Under these circumstances, the people in need of legal services from lawyers knowledgeable in commercial law could not afford their services because of financial constraints.
The paper acknowledged that e-commerce legal training should be provided to lawyers and judges involved in the area of commercial law. It also recommended that the training be extended to other stakeholders, including enforcement agencies such as the police and the customs department.
16. Timor-Leste
The country became sovereign only recently and is now developing its basic legal system. According to Gaspar De Araujo, IT Manager, Ministry of Justice,
172 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
Timor-Leste is developing the basic legal system with support from the United Nations and several of its agencies. An initiative to regulate e-commerce or other Internet-related issues has not yet been established, but undoubtedly the government would have to deal with this subject in the near future. At this point, the government of Timor-Leste may need to consider developing awareness of the issue at the government level, and provide with possible examples of how it can be handled.
17. Viet Nam
The authorities began drafting an e-commerce ordinance in 2002. However, after taking into account the latest developments in the field of e-commerce and e-government, they expanded the draft e-commerce ordinance into an e-transactions law project. At the same time, Viet Nam had also reformed its criminal code in order to respond to growing concerns about cyber-criminality in the country. Efforts to enhance the legislation were making progress.
As reported by Vu Dinh Thanh, Senior Legal Officer on E-commerce, E-commerce Department, Ministry of Trade, the legal courts in Viet Nam knew little about IT-related practices and were thus very unfamiliar with online crimes. Since the law is now under construction, electronic messages were not yet recognized in courts. As a result, lawyers in Viet Nam had little knowledge on IT related legal issues.
Along with changes in the legislative system, judges and lawyers in Viet Nam need educating. The e-commerce related issues should be presented and included in training for judges from the highest-rank to the local levels. Students in general and law schools should have courses on various legal aspects of e-commerce, such as laws on telecommunications and IT infrastructure, laws on recognition of electronic transactions and electronic signatures, laws to encourage adoption of e-commerce in different industries, laws on intellectual property protection in the IT field and online, as well as laws covering consumer protection online.
B. Implications and recommendations
The analysis of the country papers was supplemented by information collected during field missions to selected countries of South-East Asia. The combined information confirmed that countries in the region are at very different stages of development in their e-commerce legal systems. The overviews of e-commerce legal systems in different subregions (Part One) also indicated that significant differences
173 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs exist between e-commerce laws and regulations already in force in various countries of the region.
Many countries were still in the process of drafting basic e-commerce related legislation. Hence, there may be an opportunity to promote harmonization of e-commerce legislation in those countries, most likely through regional or subregional capacity-building programmes targeted at government officials responsible for the drafting of these laws. These trainings could also be beneficial in countries where these laws already exists, as these countries may well consider making amendments to rapidly aging laws, given the pace of technological progress and changes in e-commerce practices. For example, Singapore had conducted a full review of its e-commerce laws.
However, while harmonization of e-commerce related laws would be an important long term objective, experience has shown that it often takes years for appropriate legislation to be enacted, that the legislation may need to be updated even by the time it is enacted, and that it may still be open for interpretation by the legal profession. This view is reflected in many of the papers received and is supported by the fact that many countries in which e-commerce is taking place have yet to enact legislation.
Many papers emphasized the need for training of legal professionals and other stakeholders as awareness of e-commerce and related legal issues seemed to be lacking. A more effective approach to harmonized development of e-commerce legal systems in the region would ensure that, regardless of the development stage of high-level legislation on e-commerce in the different countries. Legal professionals across the region develop a common understanding of the e-commerce legal and regulatory issues to ensure a more harmonized and consistent development of regulations and decisions on e-commerce related cases across the subregions.
Information collected suggests that legal professionals to be targeted for capacity-building should primarily include (1) policymakers and regulators in charge of drafting and implementing e-commerce related laws, (2) the lawyers and legal practitioners who will use these laws to defend cases, and (3) the judges and other member of the judiciary who will have to issue rulings based on these laws. However, relevant law enforcement officers, the business community and other stakeholders may also be included in the training programmes.
174 Capacity-building for harmonized development of e-commerce legal systems in Asia and the Pacific
Figure 1: Overview of regional capacity-building proposal
Activity II.1: Four-day subregional Activity II.2: One-week Activity II.3: One-week training workshops for law makers on subregional training-of- subregional training-of- drafting subregional guidelines for trainer (ToT) trainer (ToT) programmes harmonized development of e-commerce programmes for judges for lawyers legal systems
Result II.1: Law makers have increased Result II.2: ToT participants have acquired the ability to draft e-commerce legal guidelines skills and knowledge necessary to train peers for subregional and regional harmonization (judges and lawyers)
Activity III.1: Provide technical Activity III.2: Organize Activity III.3: Organize assistance (TA) to individual countries national training for national training for and subregions on building consensus for judges in each country lawyers in each country adoption of e-commerce legal guidelines that participated in that participated in at the subregional/regional level activity II.2 activity II.3
Result III.I: The process of Result III.2: Participating judges and lawyers have increased harmonization of e-commerce capacity to deal with the legal and regulatory challenges of legal instruments for trade e-commerce and/or increased capacity to deal with cases facilitation has begun involving e-commerce for international trade
Outcome (immediate objective): Trained law makers, judges, and lawyers understand the legal and regulatory challenges related to e-commerce and take into account the need for harmonization and trade facilitation to develop e-commerce legal frameworks, and use common legal standards to resolve e-commerce cases
Project Goal (long-term objective): Harmonized development and consistent application of e-commerce laws by the legal profession and governments across participating countries for regional trade facilitation
In order to promote harmonization through development of a common understanding of the e-commerce legal and regulatory issues at the regional level, capacity-building programmes should be implemented preferably at the regional level, or at least subregional level, followed by national follow-up programmes through specialized national legal training institutions (e.g., ILKAP in Malaysia). Therefore, as shown in figure 1, it is recommended that regional or subregional
175 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs training-of-trainers programmes for regulators/legal drafters, judges, and lawyers be organized to build a pool of qualified trainers, which could then be tapped to deliver consistent trainings at the national level through existing national training institutions.3
3 A detailed proposal for regional capacity building and draft training programmes had been developed for discussion during the roundtable on capacity building needs for e-commerce legal and regulatory systems development held in July 2004. These documents are available on the ESCAP web site at www.unescap.org/tid/projects/ecom.asp
176 Conclusions and recommendations of the round table on capacity-building needs
II. CONCLUSIONS AND RECOMMENDATIONS OF THE ROUND TABLE ON CAPACITY-BUILDING NEEDS4
The Round Table on Capacity-building Needs for E-commerce Legal and Regulatory Systems Development in Asia and the Pacific, meeting in Bangkok on 9 July 2004,
Acknowledges the importance of training and capacity building for e-commerce legal professionals (lawmakers, regulators, lawyers and judges);
Recalls the Geneva 2003 Declaration of Principle5 of the World Summit on the Information Society (WSIS), according to which:
Ð An enabling environment at national and international levels is essential for the information society. ICTs should be used as an important tool for good governance. Ð The rule of law, accompanied by a supportive, transparent, pro-competitive, technology-neutral and predictable policy and regulatory framework reflecting national realities, is essential for building a people-centred information society. Ð Standardization is one of the essential building blocs of the information society. Ð Regional integration contributes to the development of the global information society. Ð Regional dialogue should contribute to national capacity-building.
Refers to the WSIS Plan of Action on Capacity-building (C4, a to p)6 and the Declaration on E-commerce for Development;7
4 This roundtable was held on 9 July 2004 and chaired by H.E. Sok Siphana, Secretary of State, Ministry of Commerce, Cambodia. Over 50 experts and senior government officials attended from throughout the region, as well as representatives from relevant international organizations. The list of participants and the regional capacity building plan as part of the conclusions and recommendations are at http://www.unescap.org/tid/projects/ecom04_conf.asp. 5 See Document WSIS-03/Geneva/Doc/4-E, 12 December 2003. 6 Ibid. 7 Joint UNCTAD-ESCAP Asia-Pacific Regional Conference, E-Commerce Strategies for Development, 20-22 November 2002 (http://r0.unctad.org/ecommerce/event_docs/bangkok_about.htm#documents).
177 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Recognizes that regardless of the uneven stages in the development of the legal and regulatory framework of e-commerce in the Asia-Pacific region, training and capacity-building of the legal professional constitute a realistic and effective means to achieving a common understanding of e-commerce legal and regulatory issues for harmonization and trade facilitation;
Endorses the Technical Assistance Project for Regional Capacity-building as summarized in figure 2;
Recommends that ESCAP, as the regional arm of the United Nations, coordinate with other relevant capacity-building organizations, particularly UNCITRAL, ITC UNCTAD/WTO, UNCTAD, ITU, WIPO and the World Bank, to implement the regional capacity-building activities on a regional or subregional basis;
Further recommends that donor countries, as well as the regional and international development finance institutions, including ADB, provide the necessary financial and technical support for implementation of the technical assistance project at the regional or subregional level;
Requests that ESCAP incorporate the findings and recommendations of the roundtable subcommittees 1 to 3, as well as the key elements of the Report of the Cooperating Agencies,8 in the implementation plan of the regional capacity-building framework so as to insure its coherence.
8 See annex to part three entitled “Report of the Cooperating Agencies: Round Table Discussion on Capacity-building Needs for E-commerce Legal and Regulatory System Development, 9 July 2004”.
178 Conclusions and recommendations of the round table on capacity-building needs
Figure 2: Technical assistance project overview
PHASE I (2004) Activity I.1: Conduct and Activity I.2: Hold a regional Activity I.3: Develop detailed disseminate a study on the conference on Harmonized capacity building training needs and solutions for development of Legal and programmes for the legal harmonized development of Regulatory Systems in Asia-Pacific: profession based on the e-commerce legal systems Current Challenges and Capacity outcome of the Conference for regional trade facilitation building Needs
Result I.1: Regional Result I.2: Capacity building needs Result I.3: Phase II awareness of key legal and for harmonized development of training programmes are regulatory e-commerce e-commerce legal systems for trade ready to be implemented issues has increased facilitation are identified
PHASE II (2005) Activity II.1: Three-day subregional Activity II.2: Four-day Activity II.3: Four-day training workshops for lawmakers and subregional training-of- subregional training-of- regulators on developing a regional trainer (ToT) programmes trainer (ToT) programmes approach for harmonized e-commerce for judges for lawyers legal systems
Result II.1: Lawmakers and regulators Result II.2: ToT participants have acquired the skills have increased ability to contribute to and knowledge necessary to train peers (judges and subregional and regional harmonization lawyers)
PHASE III (2006) Activity III.1: Provide technical Activity III.2: Organize Activity III.3: Organize assistance (TA) to individual national training for national training for lawyers in countries and subregions on building judges in each country each country which participated consensus for harmonization which participated in in activity II.3 activity II.2
Result III.I: The process Result III.2: Participating judges and lawyers have increased of harmonization of capacity to deal with the legal and regulatory challenges of e-commerce legal instruments e-commerce and/or increased capacity to deal with cases involving for trade has begun e-commerce for international trade
Outcome (immediate objective) Trained lawmakers, judges, and lawyers understand the legal and regulatory challenges related to e-commerce and take into account the need for harmonization and trade facilitation to develop e-commerce legal frameworks, and use common legal standards to resolve e-commerce cases
Project Goal (long-term objective): Harmonized development and consistent application of e-commerce laws by the legal profession and governments across participating countries for regional trade facilitation
179 Training-of-trainers programmes for policy makers, regulators, judges and lawyers
III. TRAINING-OF-TRAINERS PROGRAMMES FOR POLICY MAKERS, REGULATORS, JUDGES AND LAWYERS9
Introduction
Participants at the Expert Round Table on Capacity-building Needs for E-Commerce Legal and Regulatory System Development held on 9 July 2004 were divided into three subcommittees: (1) lawmakers/regulators, (2) lawyers and (3) judges. The subcommittees provided inputs for the development of a regional capacity-building framework. Each group was given the task of providing inputs on draft training-of-trainer (ToT) programmes that were then submitted to expert participants for their consideration.
The ToT programmes outlined below were based on the various suggestions received from participants at the roundtable.
A. Subregional ToT programmes for lawmakers and regulators
1. Background
The subcommittee that reviewed the proposed programme for lawmakers and regulators was composed mainly of government representatives from participating countries. Mr. Mansour Ahmad Bajwa, Secretary, Ministry of Commerce, Government of Pakistan chaired the subcommittee.
The working group acknowledged the challenge for governments in the region to harmonize their e-commerce legal infrastructure by means of legislation alone. Lawmakers had the responsibility to establish an appropriate and effective legal framework to regulate, as well as to facilitate e-commerce in the region. The main challenge for lawmakers and policy makers would be the different legal systems, the varying levels of e-commerce readiness and the uneven level of development of e-commerce in the region.
The subcommittee reached an agreement that it would be more useful to provide technical training and networking opportunities to existing national legal
9 This chapter was prepared by Dr. Roland Amoussou-Guenou, Regional Expert on Legal Cooperation in ASEAN, Embassy of France in Thailand, in collaboration with the Trade and Investment Division of ESCAP.
181 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs training institutions, rather than training on how to draft regional guidelines, as originally proposed. This would help build consensus for harmonization based on existing models and guidelines, primarily the UNCITRAL Model Law and the future UNCITRAL Convention on electronic transactions.
2. Proposed syllabus
Target audience: National trainers of policy makers and lawmakers of Asia and the Pacific, or lawmakers and regulators with training skills.
Rationale: Lawmakers refers not only to members of parliament or national assemblies. It also refers to people who are concerned legal advisers to prime ministers, ICT, trade and finance ministries and agencies that draft and issue decrees or sub-regulations for the effective implementation of legislations.
Venue: To be determined, but preferably hosted by a specialized legal training institution in one of the participating countries.
Objectives:
By the end of the workshop, the participants should be able to:
Ð raise their awareness on the challenges of harmonized development of e-commerce laws and regulations for trade facilitation in Asia and the Pacific; Ð identify the different stakeholders for ICT and e-commerce development; Ð have a comprehensive view of the international and regional legal frameworks of e-commerce; Ð have a practical comparative approach about different e-commerce laws already enacted in the Asian and Pacific region; Ð identify the key provisions of e-commerce laws and regulations; and Ð draft effective e-commerce laws, regulations and guidelines.
Methodology: Prospective participants would be professional adults. Training would focus on their needs and be based on characteristics of adult learning such as autonomy, self direction, previous experience, immediate application of knowledge, problem solving and efficiency. Emphasis would be on skills rather than knowledge or information alone.
182 Training-of-trainers programmes for policy makers, regulators, judges and lawyers
Day one: Introduction to legal drafting with a special focus on e-commerce laws and regulations 1.1) Introduction to e-commerce related technology for law and policy makers 1.2) Self-assessment in legal drafting and discussions on objectives 1.3) Principles of separation of power and enactment of e-commerce laws and regulations 1.4) Key concepts and definition of e-commerce and related activities (e-commerce, e-transactions, e-trade, data messages, EDI, e-signature, digital signature, secure electronic signature, electronic record, e-contract, offer and acceptance, encryption, consumer protection, e-payment, certification, public key infrastructure, digital certificate, third party authority, ISP and so forth) 1.5) Discussions about the legal validity of data messages and signatures 1.6) Scope of ICT laws (e-commerce, e-transaction, information infrastructure, data protection, computer crime, electronic funds transfer)
Day two: Current sources of e-commerce laws and general principles
2.1) Hard law (enactments) versus soft law (usages, customs, Lex Mercatoria Electronica, charters) 2.2) Overview of international legal instruments related to e-commerce (UNCITRAL E-Commerce Model Law, UNCITRAL Draft Convention on E-Transactions, the EU Directive on E-Commerce and the e-ASEAN guideline) 2.3) Comparative study of e-commerce laws and best practices in Asian countries (Brunei Darussalam, the Philippines, Singapore and Thailand) 2.4) Overview and analysis of basic e-commerce legal issues (domain names, cybersquatting, contracting on the Internet, intellectual property protection, cybercrimes, liability of ISP, duties and responsibilities of certification authorities, online dispute resolution and so forth)
183 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Day three: Drafting skills and methodology and implementation issues
3.1) Drafting key provisions of ICT laws (e-commerce, e-transaction, information infrastructure, data protection, computer crime, electronic funds transfer) 3.2) Drafting of sub-legal instruments (decrees and regulations, ministerial notes) 3.3) Drafting of e-procurement provisions (to be confirmed) 3.4) Implementation of e-commerce laws and regulations (e-Gazette, e-publication, dissemination to the public)
B. Subregional ToT programme for judges
1. Background
The subcommittee that reviewed the proposed programme for judges was composed mainly of members of the judiciary from participant countries. A few Lawyers and Policy Makers also participated in the debate in order to reach a balanced outcome for all the legal professionals. Justice Vikramajit Sen, High Court of India, chaired the subcommittee. They acknowledged the key role of judges in the process of harmonized development of e-commerce laws in the region.
Judges had the responsibility, on prejudice of justice being denied, to decide e-commerce cases and whether or not a specific law was available in their country. It was noted that the challenge for judges was even greater when the cases involved different jurisdictions. In addition to substantive knowledge of e-commerce legal issues, judges needed to be prepared to work on a comparative law basis.
Above all, solid basic knowledge of e-commerce related to technology and their legal implications was a prerequisite for judges to perform their jobs in this specific area is to have. As an example, it seems impossible for a Judge to make a sound decision in an e-commerce case if he is unable to understand how an evidence can be established electronically instead of through paper documents. Possibility should be given to Judges in the region to share experiences, information and jurisprudence via a dedicated web site. In addition, the subcommittee point out that the workshops should effectively contribute to institutional training capacity at the national level. The following proposed programme was revised accordingly.
184 Training-of-trainers programmes for policy makers, regulators, judges and lawyers
2. Proposed syllabus
Target audience: National trainers of members of the judiciary in participating countries, judges and former judges with proven training and computer skills.
Rationale: Judges have to decide e-commerce cases by applying domestic laws, international instruments or in common law countries by creating precedents. In many situations e-commerce laws are inexistent or not adapted but justice has to be adjudicated somehow. This requires from the Judges, professional capacities and technical abilities to adapt to the rapid mutations of the new environment. In many LDCs the judicial personnel is not sufficient to specialize Judges in every areas of Law, not to say in ICT laws. Therefore, generalist Judges are likely to be trained. Where there is a possibility of specialization, this need should be taken into consideration. In the long run it is necessary to create specialized jurisdictions for e-commerce cases, especially in matters concerning cybercrimes.
Objectives: By the end of the workshop, the participants should be able to:
Ð fully understand the challenges of harmonized development of e-commerce laws and regulations for trade facilitation in Asia and the Pacific Ð increase their knowledge and skills in e-commerce related technology for Judges Ð recognize the different e-business players (ICT industry, ISPs, e-merchants, e-retailers, buyers, customers, intermediaries and state agencies) Ð raise their awareness of the need for harmonization of e-commerce case laws for trade facilitation Ð apply good governance to ICT cases Ð decide cases in ordinary proceedings at different levels of the judicial organization Ð decide cases in ODR proceedings
Methodology: Prospective participants are professional adults. The training would thus focus on their needs and would be based on characteristics of adult learning such as autonomy, self direction, previous experience, immediate application of knowledge, problem solving and efficiency. Emphasis would be on skills rather than knowledge and information alone.
185 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Day one: General introduction to e-commerce principles and concepts
1.1) Introduction to e-commerce related technology for judges 1.2) Self-assessment in jurisdiction and applicable law determination in e-commerce cases and discussions on objectives 1.3) The rule of law and e-commerce 1.4) Key concepts and definition of e-commerce and related activities (e-commerce, e-transaction, e-trade, data messages, EDI, e-signature, digital signature, secure electronic signature, electronic record, e-contract, offer and acceptance, encryption, consumer protection, e-payment, certification, public key infrastructure, digital certificate, third party authority, ISP, etc.) 1.5) Discussions on the legal validity of data messages and signatures 1.6) Overview of different categories of ICT laws (e-commerce, e-transaction, information infrastructure, data protection, computer crime, electronic funds transfer)
Day two: Current sources of e-commerce laws and general principles
2.1) Hard law (enactments) versus soft law (usages, customs, Lex Mercatoria Electronica, characters, ICC Electronic Commerce Terms) 2.2) Civil law (codification) versus case law (precedents) 2.3) Overview of international legal instruments related to e-commerce (the UNCITRAL E-Commerce Model Law, the UNCITRAL Draft Convention on E-Transactions, the EU Directive on E-Commerce, the e-ASEAN Guideline) 2.4) Comparative study of e-commerce law best practices in Asian countries (Brunei Darussalam, the Philippines, Singapore and Thailand) 2.5) Overview and analysis of basic e-commerce legal issues (contracting on the Internet, privacy protection, intellectual property, domain names, cybersquatting, cybercrimes, liability of ISP, duties and responsibilities of Internet players, online dispute resolution, etc.)
186 Training-of-trainers programmes for policy makers, regulators, judges and lawyers
Day three: Managing and conducting e-commerce legal proceedings
3.1) Nature and form of e-commerce claims and submissions 3.2) Evidence and witnesses in e-commerce civil and commercial cases 3.3) Evidence and witnesses in e-commerce criminal cases 3.4) The use of ICT in legal proceedings 3.5) Role of the register in e-commerce cases 3.6) Determination of jurisdiction and applicable law 3.7) Time limitation in e-commerce 3.8) Due process in e-commerce litigations 3.9) Hearings and pleadings
Day four: Decision and ruling in e-commerce cases
4.1) Fundamental principles of litigation in civil law and common law (adversary procedure versus inquisitorial procedure) 4.2) Determination of fairness and good faith in e-commerce 4.3) Reasoning in e-commerce decisions and rulings 4.4) Deliberation 4.5) Final decision drafting 4.6) Notification and enforcement
C. Subregional ToT programme for lawyers
1. Background
The subcommittee that reviewed the proposed programme for lawyers was composed mostly of lawyers, a few magistrates, an ICT expert, officials from international institutions and representatives from the private sector. The subcommittee was chaired by Dr. Roland Amoussou-Guenou, Regional Legal Expert, Embassy of France in Thailand. The group acknowledged the importance of lawyers as potential catalysts for harmonized development of e-commerce laws in the region.
187 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Lawyers had a more multidimensional and comprehensive responsibility than law-makers and judges since they would be at the crossroad of all e-commerce related activities. They were expected to develop substantive knowledge as well as technical skills in order to address e-commerce legal issues. There was a consensus that a strong understanding of technical aspects of ICT would be necessary for lawyers to perform their jobs in e-commerce matters. For example, a lawyer should be equipped to deal with issues related to security, data protection, evidence and cybercrimes.
The ability to work on a comparative law basis was also important to establish a basis for a convergent approach to e-commerce related legal issues among lawyers. Lawyers should be given the possibility to benefit from the experiences, information and best practice of their colleagues via a regional network, especially for those from LDCs in the region. The proposed programme was designed accordingly.
2. Proposed syllabus
Target audience: Trainers of lawyers in Asia and the Pacific, qualified lawyers with training experience.
Rationale: Among others, lawyers have to provide services for consultancy and legal defense, for e-business activities at the national, regional and global levels. They are at the intersection and crossroad of lawmakers, the e-business sector, judges and enforcement agencies. Among all legal professions around the world, lawyers have demonstrated a strong capacity to adapt to the legal challenges and environment of e-commerce. In many Asian LDCs, the legal profession is poorly organized, equipped or trained. Most countries that report on capacity-building needs express concern about the acute shortage of human resource in the field of information technology (Bhutan). Other countries (Philippines, Cambodia, Lao People’s Democratic Republic and Viet Nam) have identified training needs in an area such as electronic commerce, especially for young lawyers.
Venue: To be determined.
Objectives: By the end of the workshop, the participants should be able to:
Ð fully understand the challenges of harmonization of e-commerce laws and regulations for trade facilitation in Asia and the Pacific
188 Training-of-trainers programmes for policy makers, regulators, judges and lawyers
Ð identify the structure of different e-commerce business models (B2B/ B2C/C2C/G2C and M-Commerce) Ð recognize the different e-business players (ICT industry, ISPs, e-merchants, e-retailers, buyers, customers, intermediaries and state agencies). Ð make e-commerce legal risk analysis Ð make e-commerce legal due diligence Ð give written consultation on e-commerce legal issues in Asia and the Pacific Ð Present e-commerce related cases for claimants and defendants before national courts Ð seek redress in e-commerce related cases for claimants and defendants in ODR proceedings
Methodology: Prospective participants were professional adults. The training would focus on their needs and be based on characteristics of adult learning such as autonomy, self direction, previous experience, immediate application of knowledge, problem solving and efficiency. Emphasis would be on skills rather than knowledge and information.
Day one: Introduction to e-commerce principles and concepts
1.1) Introduction to ICT for lawyers 1.2) Self-assessment in legal consultation in information society services and discussions on objectives 1.3) Key concepts and definition of e-commerce and related activities (e-commerce, e-transaction, e-trade, data messages, EDI, e-signature, digital signature, secure electronic signature, electronic record, e-contract, offer and acceptance, encryption, consumer protection, e-payment, certification, public key infrastructure, digital certificate, third party authority, ISP, etc.) 1.4) Discussions on the Legal validity on data messages and signatures 1.5) Different categories of ICT laws (e-commerce, e-transaction, information infrastructure, data protection, computer crime and electronic funds transfer)
189 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
Day two: Current sources of e-commerce law and general principles
2.1) Hard law (enactments) versus Soft Law (usages, customs, Lex Mercatoria Electronica, charters, ICC electronic commerce terms) 2.2) Civil law (codification) versus case law (precedents) 2.3) Overview of international legal instruments related to e-commerce (the UNCITRAL e-commerce Model Law, the UNCITRAL Draft convention on e-transactions, the EU Directive on e-commerce and the e-ASEAN Guideline) 2.4) Comparative study of e-commerce laws best practices in Asian countries (Brunei Darussalam, the Philippines, Singapore and Thailand) 2.5) Overview and analysis of basic e-commerce legal issues (domain names, cybersquatting, contracting on the Internet, intellectual property protection, cybercrimes, liability of the ISP, duties and responsibilities of certification authorities, online dispute resolution, etc.)
Day three: Provision of e-commerce legal services
3.1) E-commerce and legal risks analysis 3.2) E-commerce and legal due diligence 3.3) Negotiation of e-commerce transactions 3.4) Drafting of e-commerce contracts 3.5) Difficulties of e-commerce contracts implementation 3.6) Consulting and advising on e-commerce legal issues
Day four: E-commerce and legal proceedings
4.1) Fundamental principles of litigation in civil law and common law (adversary procedure versus inquisitorial procedure) 4.2) Securing evidence in e-commerce civil and commercial cases 4.3) Securing evidence in e-commerce criminal cases 4.4) Preparing and presenting cases before national courts and jurisdiction issues
190 Training-of-trainers programmes for policy makers, regulators, judges and lawyers
4.5) Preparing and presenting cases before national courts and applicable law issues 4.6) Preparing and presenting ODR cases
D. Conclusion
There was no consensus on which subregion should have priority to benefit from the proposed training programmes. Most experts and participants indicated that at least some countries in their subregions would greatly benefit from programme implementation. It would be important that training takes place in more than one subregion at a time and on a relatively tight schedule to take advantage of synergies and insure consistency of training programmes offered in the region, as harmonized development at regional and global levels for trade facilitation are long-term goals of the proposed capacity-building programme. In addition, it was deemed important that the three proposed training programmes be organized in parallel fashion within each subregion, so that all members of the legal profession (lawmakers, lawyers and judges) develop a common understanding about the key e-commerce legal issues and solutions for trade facilitation.
Levels of the training may need to be adapted slightly across subregions, but it is important that the philosophy of the training remains the same throughout implementation. In that regard, close cooperation among different agencies involved in implementing related training programmes would be required. The recommendations included in the Report of the Cooperating Agencies, (as contained in the following annex), endorsed as part of the expert round table recommendations, should be followed to the extent possible by implementing agencies.
191 Harmonized development of legal and regulatory systems for e-commerce in Asia and the Pacific: current challenges and capacity-building needs
ANNEX
REPORT OF THE COOPERATING AGENCIES: ROUND-TABLE DISCUSSION ON CAPACITY-BUILDING NEEDS FOR E-COMMERCE LEGAL AND REGULATORY SYSTEM DEVELOPMENT, 9 JULY 2004
The meeting recognized that ESCAP is best positioned in the Asia and Pacific region to coordinate and facilitate regional cooperation and to follow up on the Regional Expert Conference on “Harmonized development of legal and regulatory systems for electronic commerce in Asia and the Pacific: current challenges and capacity-building needs”.
All international organizations represented in the meeting agreed that the most effective and efficient way to move forward in the field of harmonized development of e-commerce legal systems would be to leverage existing synergies and work together pro-actively on the follow up after the conference. The organizations agreed that the regional capacity-building framework as included in the documentation at this roundtable would be a good basis for doing so.
Specifically, phases II and III could be implemented using the UNCTAD course on legal aspects of e-commerce and a version of the ITC e-commerce legal kit could be adapted to the Asian and Pacific setting (the ITC legal kit would provide a good basis for activity II.3 for lawyers). UNCITRAL could also provide substantive support to phases II and III. It was recognized that the training material for activity II.2 for judges might need to be developed further as existing materials might not be adequate. The meeting further agreed that collaboration in the field of legal aspects of e-commerce could extend beyond the scope the activities specified above.
The research commissioned by the World Bank, which benchmarked 23 countries in the region in terms of e-commerce legal systems would be officially released soon. In addition, the World Summit on the Information Society had identified many of the issues related to harmonized development of e-commerce legal systems in its Principles and Action Plan. It was agreed that follow up activities by the World Bank and the WSIS could provide important opportunities for constructive collaboration through physical and substantial linkages between these workshops
192 Training-of-trainers programmes for policy makers, regulators, judges and lawyers
and the follow up of the Regional Expert Conference on “Harmonized development of legal and regulatory systems for electronic commerce in Asia and the Pacific: current challenges and capacity-building needs”.
During the conference, many experts expressed views that both the EU and the Asian and Pacific region could benefit from active participation in the ongoing capacity-building efforts of the Asian and Pacific region. The EU continued to provide important input in this process through the sharing of lessons learned and best practices from the European region.
It was noted that many law faculties and lawyers would be willing to participate pro bono in capacity-building activities to implement the capacity-building framework. Organizations recognized that this initiative along with the involvement of national trainers might serve as an important resource for delivery of the activities described in phases 2 and 3 of the technical assistance overview. The international organizations expressed their appreciation of this initiative and expressed encouragement to utilize this resource for follow up after the conference.
Finally, the international organizations noted that this meeting was a significant step towards harmonized development of legal and regulatory systems for electronic commerce in the region and expressed their overall willingness to contribute where possible and appropriate in a collaborative and cooperative manner.
Representatives participating from international organizations: UNCITRAL Secretariat UNCTAD ITC ESCAP EU
Observer: Mr. Rajesh Sreenivasan, Consultant, World Bank.
Report acknowledged by: ITU
193 30. Market Prospects for Pulses in South Asia: International and Domestic Trade (ST/ESCAP/ 1825) 31. Electronic Commerce Initiatives of ESCAP: Business Facilitation Needs (ST/ESCAP/1854) 32. Assistance to Economies in Transition in Export Promotion (ST/ESCAP/1808) 33. Implications of the APEC Process for Intraregional Trade and Investment Flows (ST/ESCAP/ 1886) 34. Enhancement of Trade and Investment Cooperation in South-East Asia: Opportunities and Challenges Toward ASEAN-10 and Beyond (ST/ESCAP/1882) 35. Trade and Investment Complementarities among the South-western Member Countries of ESCAP (ST/ESCAP/1932) 36. Trade and Investment Scenarios and Liberalization Agenda for Asia and the Pacific (ST/ESCAP/1965) 37. Implications of General Agreement on Trade in Services (GATS) for Asia-Pacific Economies (ST/ESCAP/1926) 38. Electronic Commerce Initiatives of ESCAP Ð Alignment of the Trade Documents of Cambodia, Myanmar and Viet Nam (ST/ESCAP/1892) 39. Electronic Commerce Initiatives of ESCAP Ð International Trade Transaction (ITT) Models as an Aid to the Process of Harmonization (India, Malaysia, Philippines and Sri Lanka (ST/ESCAP/1963) 40. Non-tariff Measures with Potentially Restrictive Market Access Implications Emerging in a Post-Uruguay Round Context (ST/ESCAP/2024) 41. The Future WTO Agenda and Developing Countries (ST/ESCAP/2047) 42. Private Sector Perspectives in the Greater Mekong Subregion (ST/ESCAP/2065) 43. Interregional Cooperation in Trade and Investment: Asia-Latin America (ST/ESCP/2069) 44. Enhancing Export Opportunities through Environmentally Sound Business Development (ST/ESCAP/2120) 45. Export Promotion for Economies in Transition (ST/ESCAP/2107) 46. Export Competitiveness and Sustained Economic Recovery (ST/ESCAP/2150) 47. Regional Perspectives on the WTO Agenda: Concerns and Common Interests (ST/ESCAP/ 2161) 48. Accession to the World Trade Organization: Issues and Recommendations for Central Asian and Caucasian Economies in Transitions (ST/ESCAP/2160) 49. Facilitating the Accession of ESCAP Developing Countries to WTO through Regional Cooperation (ST/ESCAP/2215) 50. Foreign Direct Investment in Central Asian and Caucasian Economies: Policies and Issues (ST/ESCAP/2255) 51. The Doha Development Agenda: Perspectives from the ESCAP Region (ST/ESCAP/2278) 52. Trade and Investment Policies for the Development of the Information and Communication Technology Sector of the Greater Mekong Subregion (ST/ESCAP/2336) 53. Perspectives from the ESCAP Region after the Fifth WTO Ministerial Meeting: Ideas and Actions following Cancun (ST/ESCAP/2338)
For more information, please contact:
Director Trade and Investment Division Economic and Social Commission for Asia and the Pacific (ESCAP) United Nations Building Rajadamnern Nok Avenue Bangkok 10200, Thailand Tel.: +662 288-1234 Fax: +662 288-1026, 288-1027 E-mail: [email protected]