Technological, Security and Legal Issues in Ecommerce

Technological IssuesAvailability of telecom infrastructure Interoperability

The ability of systems running in different operating environments to communicate and work together E.g., clients running Windows XP can access Web pages from servers running

Linux. For the interoperability to work, the same set of rules (protocols) must

be followedConnectivity to existing systems (backward compatibility)

Web-based front-end systems must be able to connect with back-end legacy systems that tend to be large, complex, and poorly documented

Must use “middleware” to translate data from one system to another Internet “pipeline” capacity to support efficient transmission of

possibly large-sized contents (music, videos, high-resolution graphics/photos)

Security IssuesThreats to systemsThree types of security threats

Denial of Service, Unauthorized access, and Theft and Fraud

Denial of Service (DOS)Two primary types of DOS attacks: spamming and viruses

Spamming Sending unsolicited commercial emails to individuals

Smurfing or DDOS (distributed denial of service attacks) hackers placing software agents onto a number of third-party

systems and setting them off to simultaneously send requests to an intended target

Security IssuesViruses: self-replicating computer programs

designed to perform unwanted eventsWorms: special viruses that spread using

direct Internet connectionsTrojan Horses: disguised as legitimate

software and trick users into running the program

Security Systems(Unauthorized access)Illegal access to systems, applications or data

Passive unauthorized access –listening to communications channel for finding secrets

May use content for damaging purposesActive unauthorized access

Modifying system or dataMessage stream modificationChanges intent of messages, eg., to abort or

delay a negotiation on a contract

Security SystemsMasquerading or Spoofing –sending a

message that appears to be from someone elseImpersonating another user at the

“name”(changing the “From”field) or IP levels (changing the source and/or destination IP address of packets in the network)

Sniffers–software that illegally access data traversing across the network

Security Systems (Theft & Fraud)Data theftFraud occurs when the stolen data is used or

modifiedTheft of software via illegal copying from

company’s serversTheft of hardware, like laptops

PrivacyThreats to data

Data collection Faster and easier data collection thru online technology

Cross-referencing (aggregation) Consumer data with online purchasing habits collected with or

without their knowledgeUsage tracking

Patterns of online activity lead to inferences about the user’s product preferences for providing customized pop-up ads and referring sites

Spyware - type of program that watches what users do with their computer and then sends that information over the Internet to the spyware’s author

Major info. Gathering toolsCookies

Track individuals at siteSpyware

Record keyboard activitySearch engine behavioural targeting

Uses prior search history,demographic, etc interests to target advertising

Shopping cartsCollect detailed payments & purchase info

FormsSite transaction logs

Collect & analyze detailed info on page content viewed

Privacy(Phishing Techniques)Misspelled URLs or the use of subdomains,

e.g., http://www.yourbank.com.example.comUse of JavaScript commands to alter the

address bar by placing a picture of the legitimate URL over the fake one, or by closing the fake URL and opening a new one containing the legitimate URL

Perceptual Issue: TrustOne of the most important barriers to the use of e-businessHosmer(1995): “the expectation that the other party will behave in

accordance with commitments, negotiate honestly, and not take advantage, even when the opportunity arises.”

Trust lies somewhere between total trust or complete lack of trustLevel of trust may change over time as one becomes more familiar

with the other party through experience or other knowledgeCharacteristics of e-business transactions that make trust

important Distance Technology e.g., buyers must trust a merchant to be knowledgeable

enough to make use of IT to implement some security measure to protect their credit card numbers

Perceptual Issue: Trust(Components of Trust)Predictability

Establishing clear expectations –e.g., consistently sending email notifications of order confirmation, and of order shipment

ReliabilityProviding follow through (do according to what merchants’

promise)Technical competence

Ability to carry out responsibilities (and show this clearly to potential users)

Fiduciary responsibilityAct on behalf of the customer’s interests (e.g., on-line travel

agencies)

Societal issuesTelecommunications Infrastructure

Differences in cost of connecting and (cost/income)Access Inequalities

Digital Divide and access to equipmentInformation Technology Skills Shortage

Workforce shortage (large number of unfilled IT positions)

Global movement of IT workers (“brain drain”) from developing countries to developed ones for higher salaries

Retaining IT workers in the field (jobs rotations, providing training)

Intellectual Property IssuesProtection

Copyrights –software, arts (literature, artwork, music)Patents –inventionsTrademarks –name brands and logos

Global uniformity of laws –different countries may enforce software copyright laws differently

Link liability–linking to other sites that publish materials belonging to other people without permission

Domain names (who owns “lakers.com”?)team or some individual

Patenting business processesAmazon’s “1-Click” vs Barnes & Noble’s “Express Lane”Priceline’s name-your-price vs Expedia’s price matching system

Ethical IssuesResponsibility

Accountability

Liability

UNCITRAL(United Nations Commission on International Trade And Law )Established by the United Nations General

Assembly in 1966 "to promote the progressive harmonization and unification of international trade law”

Represent different legal, economic and social systems, and geographic regions of the world

 Entrusts Secretary-General with the role of designating an "appointing authority" upon request of a party

Model law on ecommerceEnable & facilitate commerce conducted using

electronic means with a set of internationally acceptable rules aimed at removing legal obstacles and increasing legal predictability for electronic commerce

Intended to overcome obstacles arising from statutory provisions that may not be varied contractually by providing equal treatment to paper-based and electronic information. Such equal treatment is essential for enabling the use of paperless communication, thus fostering efficiency in international trade

Principle of non-discrimination ensures that a document would not be denied legal effect, validity or enforceability solely on the grounds that it is in electronic form

Principle of technological neutrality mandates the adoption of provisions that are neutral with respect to technology used

Functional equivalence principle lays out criteria under which electronic communications may be considered equivalent to paper-based communications

Model Law has two partsPart I covers E-commerce in general Part II covers E-commerce in specific areas

 

UN ‘Model Interchange agreement’ for EDIThe Programme emphasizes legal issues

which can be readily defined and aims at developing guidance on those legal issues, and recommending appropriate solutions in the form of legal instruments or tools or changes in commercial practices

These agreements generally apply only to the interchange of data and not to the underlying commercial contracts between the parties

An interchange agreement is made between trading partners setting out the rules they will adopt for using Electronic Data Interchange (EDI)

The agreement also details the individual roles and legal responsibilities of the trading partners for transmitting, receiving and storing electronic messages

GOI Act 2000Provide legal recognition for transactions carried

out by means of EDI & other means of electronic communication, commonly referred to as "electronic commerce”

Involves the use of alternatives to paper-based methods of communication and storage of information

Facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934

IT Act 2000 addressed the following issues:Legal Recognition of Electronic DocumentsLegal Recognition of Digital SignaturesOffenses and ContraventionsJustice Dispensation Systems for Cybercrimes

Legal issues for internet-based ecommerceDrafting electronic contracts, addressing privacy issues and

attending to distinctive intellectual property concernsTaxation of Internet sales, purchases, and transactionsIntellectual property filings to protect a website, including

copyright registration and trademark registration for protectable aspects of the website

Online copyright and trademark infringementSales, leases and disputes involving domain namesDeveloping website agreements and disputes involving:

Website developmentCustom software development and licensingTechnology joint venturesSoftware consultingPurchase, sale or license of proprietary technology

Legal issues for internet-based ecommerceDeveloping legal disclaimers for websites, including terms

and conditions, privacy policies and online sale or license agreements

Legal aspects of online marketingCompliance with the SPAM ActPay-per-click advertising, unfair Internet business practices

and Internet scams such as domain name high-jackingOnline defamationLocating the most advantageous countries and/or states for

hosting your e-commerce website International issues and disputes

International issues and dispute

Global Information Infrastructure(GII)Governments, businesses, communities, and individuals

can work together to create a global information infrastructure which links "the world's telecommunication and computer networks together" and would enable the transmission of "every conceivable information and communication application."

Internet is the default global information infrastructure Developing communications framework intended to

eventually connect all telecommunications and computer networks world-wide

Sometimes called a network of networks, the GII would eventually make all electronically stored or transmitted information accessible from anywhere on the planet

National Information Infrastructure (NII) Proposed, advanced, seamless web of public and

private communications networks, interactive services, interoperable computer hardware and software, computers, databases, and consumer electronics to put vast amounts of information at users' fingertips

Analyzing how national-level policy initiatives address the challenge of information technology, interactive content, and new applications, as well as the "information superhighway."

These contributions examine the interplay of issues in different sectors, including telecommunications, broadcasting, publishing, and information technology