Compliance with Information and Communication Technology-related Multilateral Frameworks: Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion

ECONOMIC AND SOCIAL COMMISSION FOR ASIA AND THE PACIFIC

COMPLIANCE WITH INFORMATION AND

MULTILATERAL FRAMEWORKS COMMUNICATION TECHNOLOGY-RELATED

INFORMATION TECHNOLOGY ENABLING LEGAL FRAMEWORK FOR THE GREATER

MEKONG SUBREGION

UNITED NATIONS New York, 2004

STlESCAPl2329 3 I UNITED NATIONS PUBLICATION I

I I Sales No. E.04.II.F.39

I Copyright 0 United Nations 2004 1 I ISBN: 92-1-120396-1 I

The designations employed and the presentation of the material in this publication do not imply the expression of any opinion whatsoever on the part of the Secretariat of the United Nations concerning the legal status of any country, territory, city or area, or of its authorities, or concerning the delimitation of its frontiers or boundaries.

Mention of firm names and commercial products does not imply the endorsement of the United Nations.

This publication has been issued without formal editing.

.. 11

CONTENTS Page

PREFACE ................................................................................ vii

ABBREVIATIONS ................................................................. ix

PART ONE

TOWARDS A LEGAL FRAMEWORK FOR

PROVINCE), THE L A 0 PEOPLE’S DEMOCRATIC REPUBLIC, MYANMAR, THAILAND AND VIET NAM

E-BUSINESS IN CAMBODIA, CHINA (YUNNAN

I.

11.

111.

IV.

V.

VI .

INTRODUCTION ...................................................................

OVERVIEW OF INFORMATION TECHNOLOGY AND ELECTRONIC BUSINESS AS AN EMERGING WORLDWIDE MEDIUM OF

INFORMATION AND COMMERCE ...........................................

ELECTRONIC COMMERCE AND ELECTRONIC BUSINESS ..........

E-BUSINESS IN ASIA-PACIFIC .............................................

ICT DEVELOPMENT AND E-COMMERCE IN THE GMS .........

A. Cambodia ................................................................. B. China (Yunnan Province) ........................................ C. Lao People’s Democratic Republic ......................... D. Myanmar .................................................................. E. Thailand .................................................................... E Viet Nam ...................................................................

LEGAL AND REGULATORY ISSUES: THE CHALLENGE TO

E-BUSINESS .......................................................................

3

4

6

12

14

14

15

17

18

20

20

21

... 111

CONTENTS (continued)

VII. MODEL LAWS AND “BEST PRACTICES” .................................

VIII. TOWARDS A LEGAL FRAMEWORK ........................................

IX. RECOMMENDATIONS ...........................................................

PART TWO

HARMONIZATION OF CYBERLAWS IN THE GREATER MEKONG SUBREGION

INTRODUCTION .............................................................................

CHAPTERI. A REVIEW OF THE LESSONS OF THE CYBERLAWS HARMONIZATION INITIATIVE AROUND THE WORLD . . .

CHAPTER 11. THE SPECIFIC LEGAL AND REGULATORY ENVIRONMENT OF E-COMMERCE AND THE

GMS COUNTRIES ...................................................

CONCLUSION ................................................................................

PART THREE

E-BUSINESS PRIMER

I.

11.

111.

IV.

v.

E-BUSINESS OVERVIEW ......................................................

LEGAL AND REGULATORY ISSUES ........................................

BARRIERS TO E-BUSINESS ..................................................

EMERGING CONSENSUS ......................................................

CURRENT STATE OF THINGS - INDIVIDUAL COUNTRY EXPERIENCE .......................................................................

Page

23

37

61

67

68

77

86

91

108

125

141

150

i V

CONTENTS (continued) Page

PART FOUR

REPORTS OF REGIONAL SEMINAR AND REGIONAL TRAINING WORKSHOP

I. REPORT OF THE REGIONAL SEMINAR ON INFORMATION TECHNOLOGY ENABLING LEGAL FRAMEWORKS FOR THE

GREATER MEKONG SUBREGION, BANGKOK, 29 SEPTEMBER - 1 OCTOBER 2003 169 ...........................................................

ANNEX A

A.l. List of participants .......................................................... 187

A.2. Programme ...................................................................... 191

11. SUMMARY REPORT OF THE REGIONAL TRAINING WORKSHOP ON INFORMATION TECHNOLOGY ENABLING LEGAL FRAMEWORKS FOR THE GREATER MEKONG SUBREGION, BANGKOK, 9-12 FEBRUARY 2004 ................... 194

ANNEX B

B.l. List of participants .......................................................... 205

B .2. Programme ...................................................................... 210

V

This page intentionally left blank

PREFACE

This study was undertaken in fulfillment of one of the central requirements under the Indo-China phase VII project on an IT programme for private sector development in the Greater Mekong Subregion (e Hi-Fi), which is to strengthen the capacity and effectiveness of the legal and regulatory frameworks in the GMS to address issues on digital signatures, public key infrastructures and electronic transactions and documents, in order to enhance the growth of electronic business in the subregion.

In preparing for the study, a regional seminar on information technology enabling legal frameworks for the Greater Mekong Subregion was held at Bangkok in September 2003, while a follow-up regional training workshop on information technology enabling legal frameworks for the Greater Mekong Subregion was held in Bangkok in February 2004. These events allowed for the participating countries to provide inputs on the existing legal frameworks for conducting e-business there while at the same time serving as timely opportunities to develop and use an e-business primer to gain a holistic perspective on the different aspects of cyberlaw and their harmonization in the subregion. We are grateful to the participating countries: Cambodia, China (Yunnan Province), Lao People’s Democratic Republic, My anmar, Thailand and Viet Nam for their excellent cooperation and assistance in clarifying and delineating the objectives and sharpening the focus of the study. A special word of thanks is also due to the representatives of France, Asia-Pacific Telecommunity, and the International Telecommunication Union for their inputs to this process.

It has been observed that relentless developments in technology and the rapid acceptance of electronic business and electronic commerce have, to a certain extent, outstripped the laws governing conventional business and commerce. The activities of organizations and individuals have created a need for legal as well as policy solutions to some of the complex issues that arise. That regulations and laws need to be modified or created to accommodate new and changing technology is not disputed. However, the process of enacting new laws or legislation is generally

vii

a long and slow process. The increased use of electronic means of communication, such as EDI, e-mail and the Internet, has raised concerns about their legal effect, validity and enforceability. Outstanding issues range from security, to protection of creative efforts, to sovereignty of states. In the new environment presented by such innovations as the Internet and electronic commerce, old views of these issues need to be revised and new attitudes developed. However, as things stand now, the current legal frameworks are, in the main, inadequate to govern e-transactions in the GMS countries. Except in Thailand, which had adopted an E-Transactions Act in 2001, issues such as the legal validity of electronic contracts, the acceptability of electronic documents in transactions, digital signatures, data and privacy protection, copyright and intellectual property protection as well as cyber-crimes are absent in the legal and regulatory environment of most of the GMS countries. To meet the challenges of current situation, it may be noted that UNCITRAL has produced a Model Law which is minimalist in approach, represents an international consensus, is adaptable to countries with different legal traditions, and may offer a way to the “soft harmonization” of cyberlaws among the GMS countries. The Model Law represents a balance between public policy on security and freedom of parties to decide how to authenticate.

It is hoped that the present study, taking into account the subregion’s varying levels of socio-economic and technological development, including the legal and regulatory frameworks in place, will offer a pragmatic way to assist the GMS countries to define and determine their requirements for shaping e-business legislation and address such complex issues as: contract validity and enforceability, jurisdiction, privacy, consumer protection, security of transactions, intellectual property, and online fraud.

It is vitally important to recognize that the continued economic and social development of the GMS countries must hinge on the efficient and effective utilization of ICT alongside other technologies. To this end, more intensive efforts need to be undertaken to promote subregional and regional cooperation. The secretariat wishes to gratefully acknowledge the generous support given by the Government of Japan to the project, which has made the printing of this publication possible.

viii

ADB

ADR

AIT

ASEAN

B2B

B2C

DVDs

ECA

EDI

ETA

FBI

GMS

gTLDs

HTML

ICANN

ICT

INCOTERMS

ISPS

NIDA

NSI

Asian Development Bank

Alternative Dispute Resolution

Asian Institute of Technology

Association of Southeast Asian Nations

bushes s - to- bu sines s

business- to-consumer

digital versatile discs

Electronic Commerce Act

electronic data interchange

Electronic Transactions Act

the United States of America Federal Bureau of Investigation

Greater Mekong Subregion

generic Top Level Domains

hypertext markup language

Internet Corporation for Assigned Names and Numbers

information and communication technologies

international commercial terms

internet service providers

National Information Development Authority

Network Solutions Inc.

ix

NTC

OECD

OHADA

PC

PIN

PKI

PO

PPM

SMEs

UNCITRAL

UNCTAD

UNESCAP

WCT

WIPO

WPPT

National Telecommunication Commission

Organization for Economic Cooperation and Development

Organization for Harmonization of Business Law in Africa

personal computer

personal identification number

public key infrastructure

purchase order

programmer’s package manager

Small and Medium Enterprises

United Nations Commission on International Trade Law

United Nations Conference on Trade Development

United Nations Economic Commission for Asia and Pacific

WIPO Copyright Treaty

World Intellectual Property Organization

WIPO Performances and Phonograrns Treaty

www World Wide Web

X

PART ONE

TOWARDS A LEGAL FRAMEWORK FOR

(YUNNAN PROVINCE), THE L A 0 PEOPLE’S DEMOCRATIC REPUBLIC, MYANMAR,

THAILAND AND VIET NAM

E-BUSINESS IN CAMBODIA, CHINA

1


I. INTRODUCTION

In the rapidly emerging and evolving global online marketplace, e-business is increasingly becoming an integral part of how business is to be conducted or transacted. The assimilation of information and communications technology in business has narrowed distinctions between the brick-and-mortar market and the electronic marketplace.

The rapid development of e-business as a mainstream reality, however, has been such that it became difficult for some territories to catch up. Thus, while e-business continues to grow worldwide, countries such as those in the Greater Mekong Subregion (GMS) like Cambodia, China (Yunnan Province), Laa People’s Democratic Republic, Myanmar, Thailand, and Viet Nam are still finding the methods, means and approaches of adopting e-business as a mainstream activity.

Common barriers or impediments inhibiting the introduction and integration e-business in the GMS include the lack of human resources possessed of technical skills in both technology and business models, and insufficient infrastructure like computers and networks. The absence of a legal framework is a major deficiency that effectively denies the market itself in taking the initiative in adopting e-business as a regular activity.

This study aims to help Cambodia, China (Yunnan Province), Lao People’s Democratic Republic, My anmar, Thailand, and Viet Nam define and determine their requirements for shaping appropriate e-business legislation that would address such complex issues as contract validity and enforceability, jurisdiction, privacy, consumer protection, security of transactions, intellectual property, and online fraud.

3

11. OVERVIEW OF INFORMATION TECHNOLOGY AND ELECTRONIC BUSINESS

AS AN EMERGING WORLDWIDE MEDIUM OF INFORMATION AND COMMERCE

A. Information Technology

Information is data or fact that can be stored, retrieved and manipulated. Technology is the application of scientific knowledge to design, produce and use products and services for the purpose of extending the human potential to improve and control the natural and human made environment. Information Technology is thus defined as a set of tools, systems, techniques and knowledge developed to solve problems involving and utilizing information.

B. The Computer and the Information Age

It was not until the development of the computer that information began to take on a value-added. No longer was information simply transmitted from one source to another, but now it could also be organized, manipulated and repurposed to meet the users’ specific needs. It was this application of information that gave birth to the information age.

Early versions of the computer were centred on scientific, military or research oriented high-end systems and applications. Systems were large and cumbersome. Retrieving and manipulating data were still complex processes often requiring the skills of mathematicians and scientists. With the invention of the microprocessor, however, computing began to come into the mainstream.

In the mid- 1970s the first personal computer was introduced. While it amazed many people, its full potential was yet recognized. It didn’t take long, however, for the personal computer to develop to what it is now and to infiltrate offices and universities, and within a matter of years, into our offices and homes. This can be attributed to

~~~

http://www.jura.uni-muenster.de/eclip/

4

faster and more powerful hardware, a growth and abundance of user friendly software, a dramatic decrease in price, and the mainstreaming of the computer into every facet of day to day life.

C. The Internet

Twelve years ago there was practically no Internet, as we know it. There were only about 200-300 computers connected through what was then called the ARPAnet, a high end system connecting research and government computers for the purpose of sharing information and research, and which was then designed exclusively for the use of the academe, researchers, and the defense establishment.

Today, the Internet has transformed itself from what it was then - a databank of text based materials - into a multimedia and multi-application database. Each and every day, the Internet and the World Wide Web grow exponentially. New sites (pages) and information are being added and modified constantly and simultaneously by users around the globe.

The estimated total number of persons online now range from 580 million (NielsedNetRatings) to 649 million (Global ReacMTU). By 2004, it is projected that some 709 million (eMarker) to 945 million (Computer Industry Almanac) people will be online.

D. The Benefits of Information Technology

Without doubt, Information Technology is changing the world and the way we live. Information has become a commodity that can be acquired almost instantaneously. Physical, geographical or demographical boundaries no longer hinder the flow, dissemination and sharing of information.

The rapid progress in Information Technology is such that its presence in our everyday life could no longer be ignored. It has revolutionized delivery of data and information and made electronic commerce possible. From the paper-based and brick and mortar milieu we were all familiar with, we now are well on the way to a paperless and borderless online world.

5

With the Internet and the other new advances in information technology, we have seen and will continue to see changes in the way we work, play, learn and.. .do business.

This phenomenon has given birth to a new and borderless global economy - the Internet Economy where we can be able to buy or sell goods from and to an individual or company thousands of miles away.

E. The Internet Economy

The Internet Economy is the sum total of all economic activities using electronic networks as a medium of commerce, as well as those activities involved in building the networks linked to the Internet and the purchase of application services such as the enabling hardware, software and network equipment for web-based or online retail and shopping malls.

This new global economy is causing a fundamental shift in business focus, creating new ways of providing customer value. Labels such as e-commerce and e-business are now common among media and business people. The emerging new economic climate is dictating change in industry and commerce; introducing a sharper competitive edge to the business world.

111. ELECTRONIC COMMERCE AND ELECTRONIC BUSINESS

In the rapidly emerging and evolving global online economy, electronic commerce and electronic business are increasingly becoming necessary components of business strategy. The integration of information technology in business has revolutionized the way goods are offered and sold, services tendered and rendered, and clients sought and serviced.

6

A. Electronic Commerce

Electronic commerce or e-commerce refers to the wide range of online business activity for products and services.2 It is usually associated with buying and selling over the Internet, or conducting any transaction involving the transfer of ownership or rights to use goods or services through a computer-mediated n e t ~ o r k . ~

B. Electronic Business

Electronic Business or e-business is the complex integration and/ or transformation of existing infrastructure, business processes, enterprise applications, and organizational structure into a high performance business model using electronic and information technology to facilitate the bu~iness .~

In simpler terms, e-business is the use of information technology to enhance business on the Internet, including not only the buying and selling of goods and services, but also the servicing of customers and collaboration with business partners.

E-business is increasingly becoming an integral part of how business is to be conducted or transacted. And as e-business continues to take hold, more and more merchants are realizing that they must fully integrate Internet technology along with traditional Information Technology into their day-to-day operations.

In e-business, the following processes are enhanced?

1. Production processes, which include procurement, ordering and replenishment of payments, electronic links with suppliers, and production control processes, among others;

Anita Rosen, The E-commerce Question and Answer Book (USA: American

Thomas L. Mesenbourg, Measuring Electronic Business: Definitions, Underlying

http://www.ravens-nest.com/eBusiness/index.htm Lallana, Quimbo, Andam, ePrimer: An Introduction to eCommerce (Philippines:

Management Association, 2000), 5.

Concepts, and Measurement Plans.

DAI-AGILE, 2002), 2.

7

2. Customer-focused processes, which include promotional and marketing efforts, selling over the Internet, processing of customers’ purchase orders and payments, and customer support, among others;

Internet management processes, which include employee services, training, information-sharing, video-conferencing, and recruiting.

3.

Essentially, e-business works on two levels: First, it liberates staff from workday chores and enables management to redirect people toward more productive areas of activity. Second, it changes the way companies interact with outside parties, like suppliers and customers and facilitates conditions for corporate alliances!

C. The Impact of E-business on Business

E-business enables companies to reach wider markets and allows smaller firms to compete with larger corporations through Internet use. It also allows companies to build closer relationships with consumers via two-way communication channel. Customers can feedback queries and comments while companies can tag a product with various inducements through adding something extra to the purchase; for example, access to a comprehensive online reference manual.

From a microeconomic perspective, e-business can give a company competitive advantage. A sound e-business approach consolidates a company’s position in the market, opens up new business opportunities, and lowers overhead and operating costs, which may all lead to increased revenues and profit margins.

Some of the many benefits of e-business are:7

1. costs:

Lower transaction expenses. Labour costs associated with administration can be reduced.

http://www.enterprise-ireland.com/ebusiness/guides_basics.asp http://www.jura.uni-muenster.de/eclip

8

Reduced supply costs. More Internet based information affords firms a wider choice of suppliers and by extension, more competitive prices.

Publication and distribution fees fall. Publishing a brochure online enables a vast number of people to access it, while also allowing the company to update and then add to the contents.

The role of the Middleman becomes less important as companies can sell direct to the customer.

2. Marketing:

It helps build brand awareness offering new avenues of promotion.

Customer loyalty deepens because web-based purchasing affords customers the opportunity to communicate with the company.

Conversely, a web site also allows the firm to offer better service to consumers.

3. Competitiveness:

E-business offers a reliable, cost effective and involuntary means of doing business. Routine tasks are automated and customers, if they wish, can avail of a 24-hour sales service.

In the end, e-business also benefits the consumers. The information made available to customers allows them to make more informed choices and because competition is intense, more and better product offerings are marketed to them at cheaper prices.

Forrester Research predicts that by 2004, online commerce will reach US$ 8.6 trillion. This amount comprises Forrester’s projection for both business-to-business (B2B) and business-to-consumer (B2C) transactions online. Forrester projects that while the United States and North America currently preside over the majority of online transactions, that will shift in the coming years as sellers and buyers in Asian and European nations become more active.

9

Worldwide E-commerce Growth

Asia-Pacific

Japan

Australia

Republic of Korea

~

Total ($ B)

$53.7 $ 117.2 $286.6 $724.2 $ 1,649.8 8.0 $31.9 $ 64.4 $ 146.8 $ 363.6 $ 880.3 8.4 $5.6 $ 14.0 $ 36.9 $ 96.7 $ 207.6 16.4 $5.6 $ 14.1 $ 39.3 $ 100.5 $ 205.7 16.4

North America

United States

Canada

Mexico

~

$657.0 I$ 1,233.6 I $ 2,231.2 1 $ 3,979.7

~~ ~~

$488.7 E864.1 I $ 1,411.3 I $ 2,187.2 $ 17.4 $ 38.0 $ 68.0 $ 109.6

$ 3.2 $6.6 $ 15.9 $42.3

% of total

in 2004 I I

-$ 6,789.8 I 8.6 I $ 3,456.4 I :::: I $ 3,189.0

D. Barriers to E-business

The number of online users determines the success of e-business. The greater the number of people online, the greater will be the opportunities for electronic transactions.

Successful and effective e-business therefore requires a number of factors. Some of the major barriers to the growth of e-business in a number of regions such as in some parts of Africa and Asia are: low personal computer penetration, inadequate infrastructure, government policies, economic considerations, personal preferences, and market malleability.

10

1. Pe rs o n a 1 c o mp u t e r pen e t ra t io n . Per s on a1 c o m p u t er penetration is arguably the prime indicator of readiness for e-business as there is a direct relationship between computer penetration and e-commerce. Since it is related to and dependent on disposable income, owning a computer is a major consideration in most developing countries. While a low-end PC in China may cost only US$450, that amount - while considered cheap in North America - represents more than what average income earners in developing countries like those in parts of Africa and Asia can afford.

2. Infrastructure. Inadequate infrastructure plays a key role in inhibiting e-business globally. Even as the cost of personal computers has declined, access to Internet connection eludes most people in developing countries. Issues such as access to Internet services, including the hardware and software, as well as the communications infrastructures, remain serious obstacles to e-business in many developing countries. In much of Africa, for example, the infrastructure is so poorly developed that it will likely take years for the average citizen to benefit from the advances in information technology.

3. Government policies. Government policies can also severely hinder e-business. In some countries, long distance telephone and Internet connections pass through a government monopoly or corporations owned or controlled by the government. The lack of competition and most of the time, funding, invariably results in higher fees, poor service and zero or minimal innovation. In addition, many telephone systems charge a toll per unit of usage. The combination of connection charges and use charges tend to inhibit the usage of the Internet in many countries and by extension reduces e-commerce activity.

4. Economic considerations. It is a sad reality that information technology still commands a high price tag. Since “third world” countries would rather devote their limited funds to service and provide for the basic needs of the people, direct government financial intervention is pittance.

11

5. Personal preferences/lack of education and awareness. That much of the consumer world still pays by cash, rather than credit, is a fact - more so in developing countries. The lack of ability or interest to execute credit transactions is an enormous barrier to e-commerce. Also, issues of security of transactions and privacy protection over the Internet are of concern to many consumers.

6 . Market concerns. Tariffs, fluctuating currency exchange rates, customs regulations, language, and return rates on international shipments are also impediments to a successful e-business climate. For instance, a large number of United S tates-based online merchants, particularly those selling computer hardware, do not take foreign orders. In a Forrester Research survey, forty-six per cent of the interviewees indicated they turn away international orders because they do not have processes in place to handle them. Address verification may be difficult, which increases the risk of fraud in non-credit card transactions. It is also quite difficult to estimate changes in demand by customers and to determine the amount of inventory in the channels of distribution. *

IV. E-BUSINESS IN ASIA-PACIFIC

As the region with probably the most potential for e-business, Asia also represents significant challenges. The economic and cultural diversity within the region present unique problems, but the opportunities of a large population, increasing connectivity, and the potential for rapid growth in incomes, also beckon.

The Asian online profile is one of great diversity. The Asian “Tigers” of Taiwan Province of China, Singapore, Republic of Korea, and Hong Kong, China lead the region in connectivity and e-business.

C. Patrick Fleenor, Peter Raven, Barriers to EfSective E-Business in Developing Countries.

12

The Philippines, Malaysia, China, Thailand, India, and Viet Nam, on the other hand, are regarded as emerging e-market~.~

A relatively high percentage of the population in the so-called Asian Tiger economies has Internet access, some approaching the level of the United States and Western Europe, but e-commerce still considerably lags the United States. For example, 41 per cent of Republic of Koreans are connected, 34 per cent in Hong Kong, China, 32 per cent in Singapore, and 29 per cent in Taiwan Province of China.” However, even in the technology-obsessed cities of Singapore and Hong Kong, China, Internet retailing has not taken off? Shoppers may window shop online, but prefer to buy in stores. Culturally, shopping appears to be an enjoyable pastime, having both entertainment and social value. Only eight per cent of Internet surfers in Hong Kong, China purchased online in December 2000 and five per cent in Singapore. l2

The majority of Asian firms is just beginning to take the steps necessary toward purchasing online and is still further from selling their products 0n1ine.l~ Indeed, many Asian firms still have non-interactive web sites simply offering static product information.

Republic of Korea is one of the more electronically advanced countries, with Internet connectivity at forty per cent of households and broadband rates higher than in the United Stated4 These rates are much greater than the twelve per cent Internet connection level in Japan.” The Singapore government has invested more than US$ 1.5

C. Patrick Fleenor, Peter Raven, Barriers to Effective E-Business in Developing

Rabe, Jens 2001, “The Digital Divide -focus on Asia, ” Deutsche Bank Research,

McKinsey, Kitty, “Asians Miss The E-Biz Mark, ” Far Eastern Economic Review,

McKinsey, Kitty, “Shoppers Lost In Cyberspace,” Far Eastern Economic Review,

Countries. I0

No. 17, August 15, 2001.

March 15,2001.

February 22,200 1. l3 ibid. l4

20, 2001. l5

E-Competition, ” Deutsche Bank Research, May 22, 2000.

Dodgson, Charles, “Why Republic of Korea?” Communications International, June

Kruck, Ursula and Klaus Papenbrock, “Regional Starting Positions in Global

13

billion in the development of an e-government to provide citizens with more than 200 government services online? Even Malaysia has set up a Multimedia Supercorridor (MSC) to improve competitiveness.

V. ICT DEVELOPMENT AND E-COMMERCE IN THE GMS

A. CAMBODIA17

Internet was introduced to Cambodia in 1997 with the assistance of the International Development Research of Canada (IDRC). Two international gateways connect Cambodia to the international communication backbone.

The current internet penetration is still very low and the prices are high compared to the neighbouring countries - due mainly to the high telecommunication costs. At present, Cambodia has five (5) Internet Service Providers (ISPs). Two (2) cable television operators in Phnom Penh expect to provide cable Internet connection service available in the capital city by early 2004.

There are, however, relatively many “Internet cafe’s” in Cambodia especially in Phnom Penh providing Internet access to thousands of students and professionals.

As Cambodia is still at the very early stage of ICT development, e-business and e-commerce marketplaces and activities are very limited, and the very few that exist remain largely unknown to the public.

Cambodia has many barriers to the potential benefits of e-applications including: poor infrastructure, weak institutions, and low levels of literacy, ICT awareness, and poverty. Nevertheless

l6 http://www.gov.sg l7 Seng Ho Diep, CEO and Managing Director, Computer Plus - OA Group Co., Ltd., ZT/e-business Status and Challenges, Country Paper Presentation for Cambodia, Regional Seminar on Information Technology Enabling Legal Frameworks for the GMS, 29 September - 1 October 2003, Bangkok, Thailand, Thay Bunthon, Officer of ASEAN and International Department, Ministry of Communications, Cambodia, The Asia e-Commerce Incubator Project Workshop, September 16- 17,2002, Bangkok, Thailand.

14

the government is paying attention to the e-application by creating a government promotional unit called NIDA (National Information Development Authority).

The NIDA established in 2001 to implement the country’s 5-year plan (2001-2005), which consists of the following projects:

SchoolNet project;

Data communication;

Broadband wireless access to provide high speed leased lines;

Telecommunication infrastructure, optical fiber cable transmission backbone.

Activities in those projects that have been implemented include:

Government Administration Information System (GAIS), consisting of National IT infrastructure; e-government: Electronic Approval System and National home page; Computing centre at NIDA and PPM; LAN implementation at 27 ministries, districts and communities;

Administration Information System focusing on residence, real estate, and vehicle registration;

Created SchoolNet in two provinces for training students in the rural areas.

While the government should take a leading and much larger role in e-business and e-commerce, such effort itself creates the greater challenge of sourcing and providing the necessary funding. Currently, most of the funding for IT development comes from international organizations such as the ADB, UNCTAD and ICT.

But the first and greatest challenge for Cambodia is the enactment The state of legal and regulatory of an electronic commerce law.

cyberlaw regime in Cambodia is very much behind its neighbours.

15

B. CHINA (YUNNAN PROVINCE)

E-commerce or e-business in Yunnan Province of China is only starting and is of low or inferior standard compared with other developed areas of China.

The difficulties and shortcomings of China in the development e-commerce included:

Lack of awareness on part of the public in e-commerce development ;

Failure of basic information facilities in fully meeting the needs of e-commerce development;

Existing goods flow distribution system of China seriously restricting its e-commerce development;

Lack of the financial and commercial credit systems in meeting the needs of e-commerce;

Failure in guaranteeing the security of e-commerce and online transactions;

Lack of laws or law clauses relevant to e-commerce;

Lack of advanced information management capability.

It was expected in future that e-commerce in China would ultimately gain tremendous popularity. Basic information facilities would be gradually enhanced and the goods-flow distribution system would be continuously upgraded. The supporting environment for e-commerce will also be gradually standardized and developed in depth. Taking into account the situation with respect to Yunnan Province of China and the rest of China, the following suggestions were given for hastening e-commerce development in the country:

Expediting the establishment of basic e-commerce facilities;

Upgrading the goods-flow distribution system;

Improving, in a gradual manner, the financial system and credit mechanism;

Resolving e-commerce security issues and promoting e-commerce development;

16

C.

Establishing standardized e-commerce legal frameworks and aiming for e-commerce’s transparency, openness, rationalization and compliance to legal provisions;

Creating and strengthening e-commerce related human resources development;

Enhancing government’s support for e-commerce and promoting international cooperation.

L A 0 PEOPLE’S DEMOCRATIC REPUBLIC1’

While the telecommunication sector of Lao People’s Democratic Republic has undergone rapid changes in the last ten (10) years, ICT development in the country is still in the infancy stage with most of the development and changes occurring in its four (4) to five (5) biggest cities.

Although Internet use is slowly increasing in the country, there are still many barriers facing Internet accessibility and usage in the Lao People’s Democratic Republic. The six (6) ISPs in the country are still faced with paying expensive monthly rates for international bandwidth, which costs eventually get passed on to consumers. Digital Subscriber Line (DSL) connectivity has been introduced but remains prohibitive at US$500 per month, excluding setup and other installation charges. On the other hand, some two hundred (200) Internet cafes have been set up offering prices ranging from US$ 0.18 to US$ 0.36 per minute.

The main barriers for the growth of Internet in the country may be summed up as follows:

1. Rates for dial-up Internet connections range are still expensive at US$ 20 to US$ 30 per month for a connection with a net speed rate of less than 10 kilobits per second (kpbs).

l8 Thanongsinh Kanlagna, Country Paper: Lao People’s Democratic Republic - Information Technology (IT)/Electronic-Business Status and Challenge, Regional Seminar on Information Technology Enabling Legal Frameworks for the GMS, 29 September - 1 October 2003, Bangkok, Thailand.

17

2. Personal computer ownership or penetration remains minimal due to high prices brought about by the high import taxes imposed on IT equipment.

Electricity has not reached all the eighteen (1 8) provinces of the country.

3.

The low number of Internet users, lack of credit card provisions, general infrastructure inadequacy and the absence of necessary legal and regulatory framework are among the major inhibitors of e-business and e-commerce in the country.

The Ministry of Justice has, however, proposed the appropriate laws that will govern electronic signatures, electronic documents and computer crime.

D. MYANMARl’

Myanmar is ranked relatively low in many areas such as, overall level of e-readinesde-commerce readiness, telephone density, Internet user per 100 inhabitants, and Internet access cost.

Major challenges confronting My anmar in improving e-commerce readiness level are basic infrastructure and socio-economic issues which consist of the following five areas:

1.

2.

3.

Infrastructure. Infrastructure development though improving is still not sufficient due to costs.

Legal environment. No legislation or regulation present to promote or support e-commerce yet. The e-National Task Force is expected to finish the first draft by the end of 2003.

Payment system. The establishment of Certification Authority and PKI system has been initiated but no similar effort has been made for the creation of an authentication mechanism. Ensuring confidentiality remains a major problem, and payment facilities (credit card and smart card) are still very weak.

l9 Thein 00, President, Myanmar Computer Federation, Myanmar, The Asia e-Commerce Zncubator Project Workshop, September 16- 17,2002, Bangkok, Thailand.

18

4. Socio-economic and cultural environment. Low incomes greatly limit the progression of ICT and e-commerce. The population is still “cash” oriented.

5. Distribution and delivery system. Current distribution and delivery system are not adequate. Road transport is improving, but other modes of transportation need to be developed considerably. An automated warehouse and tracking system is still lacking.

Myanmar formed the e-National Task Force in the year 2000 in order to complement the contents of the e-ASEAN framework agreement signed by the leaders of ASEAN during the ASEAN Summit 2000 in Singapore.

There were seven working committees in the e-National Task Force, namely:

(a) e-Legal Infrastructure; (b) Information Infrastructure; (c) ICT Education; (d) e-Application; (e) ICT Standardization; (f) Liberalization; and (g) e-Measurement.

The e-Legal Infrastructure Committee, chaired by the Vice- Attorney General had drafted the cyberlaw which consisted of three major modules: (a) Myanmar computer science development law; (b) Myanmar telecommunications law; and (c) Myanmar electronic transaction law.

The first draft of Myanmar cyberlaw was reviewed by the Prime Minister on 27 September 2003 and had to be submitted to the Cabinet for approval before the end of 2003.

It was mentioned that to prosper from e-commerce in the GMS countries, the harmonization of cyberlaws was one of the important issues for enabling cross-border transactions along with online security. Organizations like ESCAP could play a vital role in assisting GMS countries to implement harmonized policies for e-commerce and in the setting-up of a forum on security matters, such as the PKI forum to discuss technical interoperability issues.

19

E. THAILAND2’

Thailand has enacted its Electronic Transaction Legislation in 200 1 which provides the legal framework for electronic transactions and gives legal recognition to electronic signatures. Laws for data protection, computer crime, electronic fund transfers, and universal access are, however, still to be passed.

The main challenges or inhibitors to e-business and e-commerce in the country are the uncertain regulatory situation and the delay in the passage of e-commerce related laws. Also, legal restrictions limit telephone operators and ISPs to being no more than “resellers”.

Two state-owned operators have assumed de facto regulation of the telephone and the Internet markets. As a result, the market has remained frozen pending the establishment of the National Telecommunications Committee as the new regulatory authority, which process has taken longer than expected.

The delay in the enactment of the other e-businede-commerce laws, on the other hand, has lowered the confidence of business to take full advantage of IT opportunities.

F. VIET NAM

The IT and related media industries of Viet Nam was a growing industry in that in 2002, $ 500 M was realized. This augured well for high growth, presenting great potential. In the software industry it was estimated that by the end of 2003, 600 companies would be involved. Despite a fast growth rate, the proportion of applied software in the IT market remained low. Exports in software amounted only to about $15 M.

Piracy of software was severe (94 per cent), thus making the target of $ 500 M in software revenue difficult to achieve. While Viet Nam had achieved the highest growth rate in telecommunications

2o Vasoontra Chatikavanji, Country Paper: Thailand, Regional Seminar on Information Technology Enabling Legal Frameworks for the GMS, September 29 - October 1, 2003, Bangkok, Thailand.

20

during the years 1995-2003, it still had the lowest telephone and Internet subscription ratio.

While the V e t Nam government share of IT purchases amounted to 30 per cent of the entire nation and legislation had been enacted regarding rules on Internet use and other IT-related regulations, there was, as of yet, no e-commerce or e-business laws that recognized the validity of electronic documents or data messages, or electronic or digital signatures-except for inter-bank electronic payments.

Few companies had started going into the initial stages of e-commerce or e-business by developing a web presence, and they could be categorized into three types: trade web sites, online study, and electronic press.

Despite the fast growth in IT-related investments, it was not yet adequate to propel domestic e-commerce or e-business to take off. Cost for telecommunications and Internet service remained relatively high, the country was import-dependent in terms of IT products, the buying power of the population was weak, the legal environment was under the process of formation, the cultural demands of doing business using cash and doing it face-to-face was difficult to overcome, vocational training was weak, and media tilted towards providing entertainment rather than education.

VI. LEGAL AND REGULATORY ISSUES: THE CHALLENGE TO E-BUSINESS

Because e-commerce and e-business transcend national boundaries, time zones and geographical locations, it is vital that people who use it are given ample protection against those who seek to exploit the situation. Sadly though, while technology has grown leaps and bounds, our laws, which can offer protection and give security online, are now antiquated and have not been completely amended to become responsive to the changing times.

Thus, an even larger challenge looms in managing and implementing changes and advancement brought about by the increasing

21

use of technology and the Internet in the way we do business from the point of law.

The lack of legal framework has been identified as significant barrier to the rapid growth of e-commerce and, consequently, e-business. For one, this is because laws on contracts and other legal instruments were developed in a paper based-world. They require written, signed or original documents. Such is not the case in e-business transactions where electronic data or documents or digitally signed contracts may make up the whole transaction.

The rapid development of e-business as a mainstream reality has been such that it is difficult for the law to catch up. Inevitably, the exponential rise in Internet usage and trading has not been met with the adoption of legal regulations over how to trade in the borderless World Wide Web. The legal framework for trading online can therefore be a little unclear.

Some of the major legal issues confronting e-business from the point of view of entrepreneurs are:

Concluding contracts online. One of the primary concerns of organizations trading online is whether or not transactions concluded over the Internet will be legally binding. To this end, guidance can be taken from existing contract law, taking and using appropriate procedures and the emerging body of e-business legislation. To this end, countries would have to rapidly adopt e-commerce or e-business legislations with a view to providing legal validity for contracts concluded online.

Getting paid. One of the biggest obstacles facing online traders is the lack of confidence that consumers and customers have in the online medium. For example, many consumers are reluctant to give their credit card details over the Internet and traders are reluctant to divulge high-value information by way of e-mail. The use of appropriate encryption technology and other security measures can allay these fears but regard should be had to the implications of any breaches of such measures.

22

Consumer protection. A key component in building trust in online transactions is to ensure that rights of the consumers in their day to day transactions will be protected. This would require, among others, a legal framework which would address the aspects of business-to-consumer relations and provide legal protection available to consumers in traditional commerce.

Privacy. An indispensable adjunct to the acceptability of online transactions is that the privacy of personal information or data must be respected. Personal information must be acquired and used only in ways that would respect the privacy of an individual.

Intellectual property. Trade mark and copyright protection and Internet piracy are major legal issues in the online environment. For example, while a company in the Americas may own a trademark which gives the exclusive right to use a particular brand or logo, it may well be that a similar legally protected mark exists in another country. Businesses must be assured that whatever intellectual creation they may own and develop would, for the large part, be acknowledged.

Cybercrime and fraud. Business online can only be as acceptable and successful as the means and methods used to secure it from illegal activities commonly known as cyber-crimes or Intemet frauds. Young as the Intemet is, the freedom and accessibility it provide has already spawned a wide array of criminal conduct.21

VII. MODEL LAWS AND “BEST PRACTICES

The most difficult part in discussing, nay, enacting a law that is sought to govern the many aspects of cyberspace and e-business is the fact that technology always develops ahead of the law. Law is merely developed as a reaction to a change that has already occurred. And that by the time a particular law is enacted by many jurisdictions, another change in technology, has already occurred, that may again

21 http://www.enterprise-ireland.com/ebusiness/legal-pages.asp

23

need reacting to. That being said, governments try their hardest to make sense of regulatory or legal infrastructure in place, hoping that what is there will suffice.

But not to have a legal infrastructure - in spite of its seeming imperfections - in place that would regulate conduct in this recent phenomenon of cyberspace, e-business or e-commerce may be more risky for governments as well as to those in the private sector. It was said about four or so years ago that, “significant barrier to the growth of e-commerce in the Philippines is an inadequate legal framework. Laws, specifically on the formation and validity of contracts, needs to be revised to engender greater trust among users and sellers in electronic networks. This is so because laws on trade were enacted in a paper-based world. They, by and large, require written, signed, or original documents in the paper sense. Such is not the case in e-business or e-commerce transactions where electronic data or documents, or digitally signed contracts may make up the whole transaction.’)’22 Business and consumer confidence can best be assured if we have in place rules that are clear, transparent, consistent, and predictable.

A. The UNCITRAL Model Law on E-commerce

1. Principles

The UNCITRAL Model Law operates on the following principles:

(a) That electronic communication shall be the functional equivalent of paper-based documents - and thus electronic documents may be given the same weight as paper documents;

(b) An e-business law does not apply to the substantive terms and conditions of the transaction, only to the contractual stipulations expressed in the form of electronic documents;

(c) The use of communications is neither mandatory nor compulsory - it must be voluntary on the part of the parties to a transaction;

22 Lallana, Quimbo, and Salazar, Business @Philippines.com, 1998.

24

(d) The law does not intend to change the requirements for a contract to be valid and enforceable - in re notarization, and the like;

(e) The law is applicable to the form, rather than the substantive terms of the contract - elements to contract, e.g., consent freely given, object certain, valid cause or consideration-shall continue to be governed by existing laws; and

(f) Consumer protection rules, regulations, or laws may take precedence over the provisions of the Model Law or whatever e-business rules or regulations may be enacted within your own countries.

2. Scope and Coverage, Definitions and Autonomy of Parties

The Model Law is designed to apply to any kind of information in the form of a data message used in the context of commercial activities or transactions. Commercial transactions must be given wide interpretation so as to cover all matters arising from all relationships of a commercial nature.

The phrase “commercial transactions” is not also to be interpreted as encouraging enacting States to limit its applicability to international cases. This has become even more important given that present-day increases in trade transaction involve increases in electronic data messages for such activities - international or domestic.

The Model provides definitions as well as to what data messages are: they refer to information generated, sent, received or stored by optical or similar means.23 The phrase “similar means” is meant not only to refer to existing technologies but also to provide flexibility in allowing to be encompassed in the definition the coming of future technologies.

The Model Law respects the freedom of parties to a transaction in deciding what mode to use in their communication. Therefore, as between two parties involved in generating, sending, receiving, storing or otherwise processing data messages, e.g., formation and validity of contracts, recognition by parties of data messages, attribution of data

23 Article 2, UNCITRAL Model Law on E-commerce.

25

messages, acknowledgment of receipts, time and place of dispatch, and receipt of data messages - these may be varied by agreement.24

3. Legal Recognition of Data Messages, Writing, Signatures

(a) Data Messages. Article 5 of the Model Law embodies the fundamental principle that data messages should not be discriminated upon. Information, it is said, shall not be denied legal effect, validity, or enforceability solely on the ground that it is in the form of a data message. This meant that there should not be, under correct and proper circumstances, a disparity between paper and a data message. It also indicates that the form in which certain information is presented or retained cannot be used as the only means for which the information would be denied legal effectiveness, validity or enforceability. In addition, two years after the Model was adopted (or in 1998), UNCITRAL Article 5 bis, which included in that to be recognized, aside from the electronic message, also those electronic messages that are merely referred to by reference.

(b) Writing. Another very important provision is Article 6, which provides that when a law requires information to be in writing, that requirement is met by a data message if the information contained therein is accessible for subsequent reference. This is intended to provide the basic standard to be met by a data message in order to be said as meeting the requirement that information be retained or presented “in writing” or that the information be contained in a “document” or other paper-based instrument. This “functional approach” takes into account the role of paper in a traditional world, which are: presence or existence of a tangible intent of parties to bind themselves; it helps parties become aware of the consequences of their entering into a contract; provides legibility to all; to provide that a document remain unalterable over time and provide a permanent memorial of a transaction; allow for the reproduction of the document so that all parties may have a copy of the same data; to allow the authentication of a document by means of a signature; to provide acceptability to courts and other authorities; to finalize the intent of the author; to allow for easy storage; to allow for records for taxation purposes, and other regulatory purposes; and to bring about into existence legal rights and duties. 24 Article 4, ibid.

26

(c) Signature. The Model also provides another important provision that will increase confidence and trust among those who decide to use this fairly recent way of doing business. When a law requires a signature of a person, that requirement is met in relation to a data message if: (i) a method is used to identify that person and indicate that person’s approval of the information contained in the data message; and, (ii) that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement^.^^ Article 7 focuses on two basic functions of a signature: to identify the author, and to confirm that the author approved the content of the document.

(d) Original. The Model says that when the law requires an information to be presented or retained in the original form, that requirement is met by the data message i f (i) there exists a reasonable assurance as to the integrity; (ii) that the information is capable of being displayed to the person to whom it is to be presented. This provision is important where the notion of uniqueness of an original is primarily relevant, like trade or negotiable documents, and other documents that transfer rights. And as long as the contents of the data message remain complete and unaltered, necessary additions to the data message would not affect its “originality.”

(e) Admissibility and evidential weight in courts. In any legal proceedings, nothing in the application of rules of evidence shall apply so as to deny the admissibility of data messages in evidence on the sole ground that it is in the form of a data message, or if it is the best evidence that person introducing it could reasonably be expected to obtain, on the grounds that it is not in its original form. And with regards how much weight should be given to such type of evidence, the data messages should be assessed depending on whether they were generated, stored, or communicated in a reliable manner.

(f) Retention of data messages. Where the law requires that certain documents be stored or retained, that requirement is met by retaining data messages, providing the following conditions are

25 Article 7 , ibid.

27

satisfied: (i) the information is accessible; (ii) it is retained in a format that represent accurately the information generated; and, (iii) that such information, if any, is retained as enables the identification of the origin and destination of a data message and the date and time when it was sent or received.

4. Formation and Validity of Contracts

The question of whether a contract entered into electronically is valid and enforceable has bedeviled many a prospective business arrangements. The Model provides in Article 11 that, an offer and the acceptance of an offer may be expressed by means of data messages, and that such contract shall not be denied validity or enforceability on the sole ground that a data message was used for the purpose. This is an important provision, and made even more important that it does not seek to override national rules on contract formation. There are certain jurisdictions that require more than mere agreement in order for a contract to be valid or enforceable or that certain formalities are met: notarization, presence of witness requirements, and the like. While the Model allows for making exceptions to this rule, there appears to be nothing wrong with entering into contracts electronically as long as the other national requirements are complied with. Millions of contracts are already being entered into today, for example, at e-Bay or Amazon.com or even local sites in Asia, even in spite of the paucity of a firm legal infrastructure in place. Imagine the increase in trade or business volume that could result from the establishment of a legal system on these matters - creating certainty and confidence - can engender.

5. Attributioaon-Repudiation

This part of the Model answers the question, from whom does the message come from? For example, if A sends a message to B, the law will presume that A indeed sent it i f (a) the originator himself sent the message; or (b) the message was sent by another person authorized to act on behalf of A; and, (c) the message was sent by an information system programmed by, or on behalf, of the originator to operate automatically, e.g. e-Bay. Under the three situations mentioned, it would be utterly unfair on the receiver of the message who had relied

28

on the communication and acted on it, if A later is allowed to repudiate and say that the message was not his. No confidence will be developed if every originator is allowed to whimsically disclaim or repudiate a message sent by or for him under those three circumstances. Be that as it may, Article 13, in this situation, is not designed to assign responsibility but only with the attribution of data messages by establishing a presumption that under certain circumstances a data message would that be of the originator, but at the same time goes on to qualify that presumption in case the receiver (in this case, B) knew, or should have known was not of the originator’s.

6. Carriage of Goods

Without derogating from the previous provisions, the latter part of the Model Law also applies to any action connected to, or in the pursuit of contracts of carriage of goods, (sea, land or, air), including issuing of receipts for goods, confirmations of receipt, claiming, authorizing release, or giving notice of loss of goods.

The final provision of the states that where the law requires that any action, regarding carriage of goods, be carried out in writing or using a paper document, that requirement is met if the action is carried out by using one or more data messages. Also, rights or obligations that must be conveyed by one person to another through the transfer, or use of, a paper document, that requirement is met if the right or obligation is conveyed by using one or more data messages, provided a reliable method was used to render such messages unique (bills of lading). This rule is derived in the context of transport documents, where it is necessary to establish not only functional equivalents of written information about the actions referred to in the previous article, but also functional equivalents of the performance of such actions through the use of paper documents, particularly the transfer of rights and obligations by transfer of written documents. The provision also ensures that a right can be conveyed to one person only, and that it would not be possible for more than one person at any time to lay claim to it. The effect, thus, is to introduce a requirement, which may be referred to as the “guarantee of singularity,” which must necessarily be one of the essential features of electronic procedures.

26 Article 17, ibid.

29

B. Other Countries’ Legislation: Singapore, Thailand and the Philippines

1. Principles and Goals

The Singapore Electronic Transactions Act is enacted to give effect to the following purposes: facilitation of electronic communications by means of reliable electronic records, elimination of barriers to electronic commerce resulting from uncertainties over writing and signature requirements, facilitation of electronic filing, minimization of forgery ad fraud in e-business, and the promotion of public confidence in the integrity and reliability of electronic records, etc.

In the Electronic Transactions Act of Thailand, the reason for such promulgation is to make an adjustment from paper-based requirements required by previous laws, in order that legal recognition is provided to data messages by treating them the same as the messages made or evidenced in writing, also that the sending and receiving of data messages is recognized as well as the use of electronic signatures, including the evidential admissibility of data messages - all aiming to promote the reliability of electronic transactions to enable them to have the same legal effect as that given to transactions made by traditional means.

In the Philippines, Republic Act 8792 also known as the Electronic Commerce Act, recognizing the important role that ICT plays in the development of a nation’s economy, aims to facilitate domestic and international dealings, transactions, arrangements, agreements and contracts through the utilization of electronic, optical or similar means; it also provides recognition of the authenticity and reliability of electronic data messages or electronic documents related to such activities, and also promote the universal use of electronic transactions in government and by the general public.

2. Scope and Coverage, Definitions and Autonomy of Parties

The Singapore Act deals rather extensively with electronic contracts.27 It also provides rules on electronic records and signatures,

27 Part IV, Sections 11-15, Singapore Electronic Transactions Act.

30

liability of network service providers, secure electronic records and signatures, duties of certification authorities and its subscribers, and government use of electronic records and signatures. The law provides for certain areas though not to be covered by the law: creation and execution of wills, negotiable instruments, indentures, trusts, and powers of attorney, sale or disposition or conveyance of immovable property, and documents of title.

The law includes in it a host of definitions from “asymmetric cryptosystems” to “verify a digital signature;” but it does not define electronic commerce or e-business. The same prevails in Thailand and Philippine laws - various definitions are provided but there is no definition of e-commerce or e-business.

Thailand makes its law applicable to all civil and commercial transactions performed by using a data message, except those that may be prescribed by Royal Decree, provided too that the law shall not override laws and regulations intended for consumer protection. The law applies as well to transactions in connection with the carrying out of the affairs of the State.28

In the Philippines, the law is made to apply to any kind of electronic data message and electronic document used in the context of commercial and non-commercial activities to include domestic and international dealings, transactions, arrangements, agreements, contracts, and exchanges and storage of inf~rmation.~’ The law likewise mandates that government functions, e.g., filing of documents, creation or retention of documents, issuance of permits, licenses, or certificates of registration, acceptance of payments and issuance of receipts, etc. be done through the use of electronic means.

3. Legal Recognition of Data Messages, Writing, Signatures

(a) Data Messages: Singapore declares that (f) or the avoidance of doubt, it is declared that information shall not be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record. (Section 6, ETA).

28

29 Section 3, Electronic Transactions Act of Thailand. Section 4, Electronic Commerce Act of the Philippines.

31

The same rule practically prevails in Thailand as well when Section 7 of its ETA provides that “information shall not be denied legal effect and enforceability solely on the ground that it is in the form of a data message.”

RA 8792 of the Philippines provides for practically the same application of the UNCITRAL - inspired provision. It states that information shall not be denied validity or enforceability or validity solely on the ground that it is in the form of an electronic data message purporting to give rise to such legal effect, or that it is merely incorporated by reference in that electronic data message. The last phrase is taken from the 1998 addition to the 1996 document that is the Model Law. It is aimed at facilitating the use of electronic means in business and as to how it might deal with the situation where certain terms and conditions, although not stated in full but merely referred to in a data message might need to be recognized as having the same degree of legal effectiveness as if they had been fully stated in the text of that data message. The expression “incorporation by reference” is often used as a concise means of describing situations where a document refers generically to provisions which are detailed elsewhere, rather than reproducing them in full. Examples would be terms of agreement when you become a member of an online book seller, or by reference to a URL or a hyperlink towards a thing which you want to sell or buy, rather than attaching or incorporating the picture or contents of a book which might result in too heavy (in terms of bits) a communication.

(b) Writing: And where a law requires information to be written, in writing, to be presented in writing or provides for certain consequences if it is not, an electronic record satisfies that rule of law if the information contained therein is accessible as to be usable for subsequent reference. (Section 7, Singapore ETA).

Put differently and more expansively, the Thai law provides, in case where the law requires any transaction to be made in writing, to be evidenced in writing or supported by a document which must be produced, if the information is generated in the form of a data message which is accessible and usable for subsequent reference without its meaning being altered, it shall be deemed that such information is made in writing, is evidenced in writing, or is supported by a document.

32

Section 7 of the Philippine law also provides for legal recognition of electronic documents. It says, “Electronic documents shall have the legal effect, validity or enforceability as any other document”. It requires, however, that the document or writing must maintain its integrity and reliability and can be authenticated as to be usable for subsequent reference in that the document remains complete and unaltered.

As shown, the three jurisdictions recognize the validity and enforceability of electronic forms serving as writing. It is important however, to put certain elements of certainty and security in the document for it to be regarded as a functional equivalent of “writing”. For example, the requirements of inalterability, integrity, and the capacity of the document to be authenticated. Such a requirement could be viewed as putting additional barriers to the acceptance of electronic data messages. Greater trust and confidence, however, can be engendered in business if there is present a modicum of security in the document.

(c) Signature: Singapore recognizes electronic signatures in Section 8 of its law. It provides, where a rule of law requires a signature, or provides for certain consequences if a document is not signed, an electronic signature satisfies that rule of law. An electronic signature may be proved in any manner, including by showing that a procedure existed by which it is necessary for a party, in order to proceed further with a transaction, to have executed a symbol or security procedure for the purpose of verifying that an electronic record is that of such party. Singapore also recognizes two types of signature: electronic signature described above, and a digital signature defined as a “means of an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer’s public key can accurately determine whether a transformation was created using the private key and whether the initial record has been altered. Needless to say, a digital signature, as they now are used, is more secure than a mere electronic signature.

Thailand likewise recognizes an electronic signature if a criteria is followed: reliability of the method used to assure integrity of the

33

message and capacity for the information to be displayed for subsequent reference.

Philippine law recognizes electronic signatures as well - it declares an electronic signature to be the equivalent of a manual signature. It follows a criteria - based method for recognition in that the electronic signatures nay be rendered valid if: there is a showing of identity of the party who signed as well as his access and consent to what he signed, the reliability of method used, that the signature was necessary in order to move forward with the transaction, and that the other party is authorized and enabled to verify the electronic signature.

While under present technology a digital signature, using the PKI system, might be more secure; such is not meant to say that the electronic signature is of weaker specie. The disadvantage of putting into law the requirement for a system that may change tomorrow may not be desirable especially in a system where legislation is a long and tedious process. It could be more desirable if a criterion, that is technologically neutral, as instead is put forth. In that way, the adjustment to new technologies is made less difficult from a law-making point of view. As long as the facts of identity and consent of parties to a transaction, and the integrity and inalterability of the message are preserved, then we are okay.

(d) Original: Where was it said that when business comes, dispute is soon to follow? In court disputes, it is always important to present as part of your evidence the original of a certain document sought to prove a case. In many jurisdictions copies are not allowed to be presented except under very stringent circumstances. The presence of electronic documents does present some problems in this situation. The ease and facility of mass copying of data makes almost impossible, cyber forensics notwithstanding, concrete determination of what was or is the original document.

Thailand and the Philippines have in their respective laws similar provisions with regards “original documents. They say that where the law requires that a document be presented or retained in its original form, that requirement is met i f there exists a reliable assurance as to the integrity of the document from the time it was generated to its final

34

form and that the document is capable of being displayed to the person to whom it is to be presented. (Section 10, ETA; Section 6(c) and 10, ECA).

(e) Admissibility and Evidential Weight in Courts: The recognition of the legal validity of electronic data messages, documents, and signatures undoubtedly will create a situation where courts, in cases of disputes, will admit and give to them its proper weight when presented as evidence.

However, Thailand and the Philippines have made explicit provisions regarding this. Section 7 of the ECA says that for evidentiary purposes, an electronic document shall be the functional equivalent of a written document under existing laws. The ETA says, the admissibility of a data message as an evidence in legal proceedings shall not be denied solely on the grounds that it is a data message. (Section 11, ETA; Section 12, ECA).

These provisions, it is hoped, will provide greater confidence in that in cases of disputes, the parties who enter into a contract or transaction electronically, are assured that no court will automatically reject a piece of evidence on the mere ground that it is electronic in form.

(f) Retention of data messages: Those who are in business know how it is to deal with governments or regulatory agencies. There are many government regulations that require business to retain certain documents. In the Philippines, businesses are required, by the Bureau of Internal Revenue, to retain in their possession receipts of transactions like sales, purchases and the like for up to three years for audit purposes.

If the provision of that Philippines law is to be followed, there is no reason why the retention of electronic documents regarding business activities cannot be allowed. This is just to cite one example.

All of the three countries’ laws on electronic transactions allow the retention of electronic documents. In the ECA laws Singapore and Thailand, a similar provision is present - “where a rule of law requires that certain documents, records, or information be retained, that requirement is satisfied by retaining them in the form of electronic

35

records.” (Section 9, ETA Singapore; Section 12, ETA Thailand; Sections 13 and 27, ECA).

(g) Formation and Validity of Contracts: One of the many fears business people had before the enactment of electronic transaction legislation was whether contracts they would enter into, through the use of electronic means, would be considered as having been perfected. If the answer is or was in the negative, then fewer people would willingly enter into such arrangements, deterring the formation of business relations or transactions.

Singapore’s law is unambiguous when it provides, “For the avoidance of doubt, it is declared that in the context of the formation of contracts, unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of electronic records. (Section 11, ETA Singapore). Similar provisions appear in Section 13 of the Thailand Electronic Transactions Act and in Section 16 of the Electronic Commerce Act of the Philippines.

C. Attributionon-Repudiation

Where does the message come from? Who sent this message? These are questions that must be answered satisfactorily if we are to create an even more desirable e-business climate. The nature of e-business is that many, if not most of the transactions occur without the parties meeting face-to-face or without even hearing each other’s voice. Many in business do not feel comfortable dealing with someone they have not seen nor heard. For all we know, the entity at the other remote side of the communication system maybe a cat, or even a dog.

Without a system in place where attribution is established or where the situation is lessened for another party repudiating, whimsically, his own data message, no one will dare get into e-business.

In that sense the provisions in all three laws on attribution, or what I will call non-repudiation, is useful, if not helpful. It is said that “whoever sent a data message by whatever means, it shall be deemed that the data message belongs to such person. As between the originator and the addressee, a data message is deemed to be that of the originator if it is sent by: a person who is authorized to act on behalf of the

36

originator, in respect of that data message; or by an information system programmed to operate automatically in advance, by the originator or a person authorized to act on behalf of the originator.” (Section 15, ETA Thailand).

Similar provisions also appear in Section 18 of the ECA and Section 13 of the Singapore ETA.

VIII. TOWARDS A LEGAL FRAMEWORK

Legal policies, processes and systems must be developed, implemented, maintained and updated to ensure that this medium of information and commerce will continue to grow and achieve mainstream acceptability.

In response to the challenge brought about by increasing online transactions and relationships, the UNCITRAL Model Law on E-commerce is a valuable guide for governments (when they draft their own laws on e-commerce) in avoiding inconsistency of commercial codes among countries and in the harmonization of laws related to electronic commerce. The model law would help steer e-commerce, and in the process also e-business, to wider acceptability by creating a legal framework wherein online business transactions can transpire under a regime of trust and security.

A. Legal Recognition and Enforceability of Online Business Transactions

Any legislation concerning electronic commerce or electronic business must ensure that electronic transactions are legally recognized and that a course of action, if necessary, is available and may be taken to enforce such transactions entered into electronically.

Under the UNITRAL Model Law and the E-commerce laws of the Philippines, Singapore and Thailand, parties to electronic transactions now have an option to seal a contract using the traditional ink on paper or using an electronic document signed by a digital signature.

A key component, therefore, in any e-commerce legislation is the giving of legal recognition and protection to electronic documents

37

and electronic signatures, in a manner and in the way which would be the same as that in paper-based contracts. For then, courts of law will be duty-bound to accept electronic documents as evidence, once satisfied that the documents have met the requirements established by law for acceptability, and to rule on any dispute.

The phrase “functional equivalent” recognizes that electronic documents can never be the same as paper-based ones, as they are essentially different. But legislation must allow electronic documents to achieve the purposes or functions of paper-based documents; to provide that a document would be legible to all; to provide that a document would remain unaltered over time; to allow for the reproduction of a document so that each party would hold a copy of the same data; to allow for the authentication of data by means of a signature; and to provide that a document would be in a form acceptable to public authorities and courts.

In addition, since electronic documents are considered equivalents of paper documents, the law should perforce allow the storage of electronic files.

B. Jurisdiction and Conflicts of Law

According to an article by lawyer Doug Isenberg: “For several years, some of the most difficult legal issues on the Internet have involved one of the medium’s greatest assets: its lack of boundaries. Although the free-flowing, borderless nature of cyberspace has revolutionized communication and commerce, it also has led to many lawsuits. And, as if resolving those lawsuits weren’t difficult enough, it’s often just as tough to determine where they should take place”.30

While not a new legal issue or something peculiar to the online economy, courts continue to grapple with the application of the legal concept of jurisdiction to a growing number of transactions concluded online. Complicated as jurisdiction and conflicts of law situations are in the offline world, e-commerce legislations should be crafted with these legal problem areas in mind.

30 Doug Isenberg, http://www.cnet.com. Source incomplete.

38

In the United States, their courts have found ways or legal bases to acquire personal jurisdiction for web-based activities:

1. Gotcha. Where the court obtains jurisdiction over an out-of- State defendant, provided that when he visits the State, that person is served with a summons and a complaint (documents that provide the person notice of the lawsuit). This was applied to the case of the Russian programmer sued by the publishers of e-book (Adobe). While attending a convention in Nevada, he was served with a notice and was subsequently arrested .

2. Causing an Injury within the State. An Internet business can also be subject to jurisdiction for purposefully causing an injury in another state. This principle derives from a series of cases where courts of another State acquired jurisdiction over non-residents who entered the state, caused an accident and left. If someone uses the Internet to cause an injury in one state, the person causing the damage may be hauled into court in the state where the injury occurred. In cases where the connection between the activity and the injury is not completely clear, courts also look for evidence that the activity was “purposefully directed” at the resident of the forum state or that the person causing the injury had contacts with the state.31

3. Minimum Contacts. A business or person with sufficient contacts with a particular state can be hauled to court even if he does not live, or base their business, in that State. Usually, the basis is the regularity of solicitation of business, derivation of substantial income from goods or services sold in that other state, or engaging in some other persistent course of conduct there. For example, passive Internet sites, which merely advertises but do not really offer to sell goods or services, may be said not to have achieved the required minimum contacts for courts to acquire jurisdiction. But those which actively offer to sell and then subsequently takes

31 EDIAS Software Intern. V. BAGIS Intern., Ltd., 947 E Supp. 412 (D. Ariz. 1996)

39

orders from that site, can mean that the minimum contacts have been satisfied for purposes of acquiring jurisdiction.

4. Eflects. When one’s conduct in cyberspace even though emanating from another State creates or results in an injury in another, courts in the state from where the act has resulted injury can acquire jurisdiction over the offender. To illustrate: A case was filed by the DVD Copy Control Association against the creator of DeCCS32, a software that decrypts the copy-protection system in Digital Versatile Discs (DVDs) thereby allowing ordinary CD-ROM drives to play or read DVDs. An issue in the case was whether the courts of California had jurisdiction over the person even though he was a student in Indiana, when the suit was filed, and later on to Texas where he transferred. The court said that the courts in California had jurisdiction, citing a 17-year old United States Supreme Court case involving defamation, because California movie and computing industry was affected by the “effects” of the defendant’s Indiana conduct. This decision of the California court signals an expansion of personal jurisdiction in cyberspace. If other courts chart their course by California standards, any web publisher could be hauled to court wherever its site has an effect. In Minnesota, USA, its attorney general has made a statement of caution: “Warning to all Internet Users and Providers: Persons outside of Minnesota who transmit information via the Internet knowing that information will be disseminated in Minnesota are subject to jurisdiction in Minnesota courts for violations of State criminal and civil laws. ’’

As we have seen, due to the global nature of the Internet, it is important to establish which law governs a contract formed and concluded online. Without an express choice of governing law, complex issues can arise. For the time being, it may be prudent for businessmen to determine the existing legislation and regulations and ensure they are well versed with the local laws of the areas where they wish to

32

No. CV 786804 (Superior Court of the State of California, County of Santa Clara). DVD Copy Control Association, Inc. v. Andrew Thomas McLaughlin et al., Case

40

Three Approaches to Electronic Authentication

Digital signature approach

~~ ~

Two-prong approach

Minimalist approach

Technical variant

Legal variant

Organiza- tional variant

Techn.- neutral

-

-

Techn.- specific

+

+

+

Examples

Germany

Utah, Italy

Japan, Netherlands

UNCITRAL (e-sig), EU, Singapore

UNCITRAL (e-commerce), Victoria (Australia)

Definition

Setting digital signature as technical standard (no explicit legal consequences)

Legal recognition of digital signature under certain conditions

Requirements for Certification Authorities

Legal recognition of (secure) electronic signatures under certain conditions Equation of electronic signatures with hand- written signatures

set up a web site. This is to avoid unexpected liabilities that may arise as well as the unenforceability of contracts they enter into.

C. Electronic Authentication

Classifying the existing legislation with respect to electronic authentication is not an easy task on account of the many differences that exist. It is, however, possible to sketch the main approaches at a national and international level. Three approaches can be identified: 1) The digital signature approach; 2) The two-prong approach; and, 3) The minimalist approach.33

33 http://rechten.uvt.nl/simone/Ds-art4.htm#~Toc468692769

41

1. Digital signature approach

The digital signature approach is characterized by its focus on the digital signature technique. Legislation under this category is truly digital signature legislation because it regulates (on the basis of) digital signatures. Legislation under the digital signature approach is solely concerned with the (evidentiary) status of the digital signature and has three variations:

(a) Technical Variant. The technical approach amounts to setting the digital signature technique as a technical standard by means of a legal instrument. The technical approach does not deal with legal consequences, although such consequences may implicitly follow from the use of digital signatures in accordance with the law concerned.

(b) Legal Variant. The legal variant of the digital-signature approach is found in legislation, which specifically regulates digital signatures in order to provide this technique with a legal status similar to that of the hand-written signature. The general purpose of these laws is to provide legal security for the use of digital signatures. Often legislation of this kind also includes the implementation and regulation of a Public Key Infrastructure (PKI).

(c) Organizational Variant. The organizational variant of the digital signature approach, neither sets the digital signature as a technical standard nor provides for explicit legal recognition of the digital signature, but addresses the organization of Certification Authorities (CA's) and the use of digital certificates in connection with digital signature applications. The aim is to promote trust and reliability in electronic transactions by ensuring that CA's are reliable and

2. Two-prong approach

The second approach is called the two-prong approach, because of its hybrid way of dealing with electronic authentication. In this approach, legislators aim at making their legislation more time-resistant by addressing certain technological requirements in their legislation and by leaving room for new technological developments. With this

34 http://rechten.uvt.nVsimone/Ds-art4.htm#~Toc468692770

42

approach, legislation sets requirements for electronic authentication methods, which will receive a certain minimum legal status (minimum prong) and assigns greater legal effect to certain electronic-authentication techniques (maximum prong). The technologies assigned with this higher legal status are referred to as secure electronic signature^.^^

3. Minimalist approach

The minimalist approach is a minimal way of regulating electronic authentication methods. This kind of legislation does not address specific techniques and, therefore, intends to be technology-neutral. In this approach, legislation relates to the functions, which signatures may have to fulfil in trade, and the different levels of reliability with respect to the purposes, signatures are used for. Because this approach’s main focus is on the relevant functions of signatures and the ways in which these functions may be translated into technological applications, it is also called the functionalist approach. Within the minimalist approach, the focus on functions of signatures (and writings) can be more or less explicit. 36

Important assumptions on which we can base our conclusions are that the market is constantly on the move and we do not know what lies ahead as far as technological and e-commerce developments are concerned. Thus, it might be unwise to issue detailed regulations and to determine specific business models, such as the PKI model, when it is by no means clear, whether they turn out to be viable models.

Viewed in this light, the digital signature approach is seriously flawed. Although, the legislators and regulators under the digital signature approach may have done so for all the right reasons (legal certainty, trustworthiness with respect to legal matters), the approach as such is not recommendable.

The same is true, but to a lesser extent, for the two-prong approach. The two-prong approach attempts to skirt around these problems by presenting an opening for new technologies besides setting

35 http://rechten.uvt.nl/simone/Ds-art4.htm#~Toc46869277 1 36 http://rechten.uvt.nl/simone/Ds-art4.htm#~Toc468692773

43

criteria for certain advanced electronic signatures, which at present most notably cover digital signatures. The approach is understandable in the sense that there seems to be a strong inclination to look for clear and trustworthy solutions, while at the same time, there is a need to leave room for new solutions. Still, within the two-prong approach legislation often deals with issues and situations (e.g., CA's, liability, qualities that focus mainly on certain techniques) which have not yet been determined and thus, may well need adjustment once they have. Finally, both the digital signature approach and the two-prong approach are in many instances focused too narrowly on signatures as such and not on formal requirements as a whole.

Thus, we are back to our starting point with the minimalist approach taken in the UNCITRAL Model Law still offering the most sensible solution to legislators wanting to tackle the problem of formal requirements in their legislation. Under this approach, legal requirements of form are generally dealt with in their entirety. Moreover, the minimalist approach allows for different functions which techniques have to fulfil under national legal systems, while creating room for new techniques and adventitious developments. Recent legislative initiatives recognise the advantages of the minimalist approach and have explicitly taken the UNCITRAL Model Law on Electronic Commerce as an example.37

D. Consumer Protection and Privacy

The need to protect the rights of the online consumer is perhaps of greater necessity than in the traditional marketplace for the opportunity for mischief is masked by obscurity. Thus, a law which has for its purpose the protection of the rights and privacy of the consumer in electronic transactions must be such as would provide transparent and effective consumer protection that is not less than the level of protection afforded in other forms of commerce.

In December 1999, the OECD issued the Guidelines for Consumer Protection in the Context of Electronic Commerce to help ensure protection for consumers when shopping online and thereby encourage:

37 http://rechten.uvt.nl/simone/Ds-art4.htm#~Toc468692774

44

help:

0

Ll

0

(a>

fair business, advertising and marketing practices; clear information about an online business’s identity, the goods or services it offers and the terms and conditions of any transaction; a transparent process for the confirmation of transactions; secure payment mechanisms; fair, timely and affordable dispute resolution and redress; privacy protection; and consumer and business education.38

The Guidelines are designed to be a technology neutral tool to help governments, business and consumer representatives by providing practical guidance to help build and maintain consumer confidence in electronic commerce. The Guidelines address the principle aspects of business-to-consumer electronic commerce and reflect existing legal protections available to consumers in more traditional forms of commerce. They stress the importance of transparency and information disclosure and the need for cooperation among governments, businesses and consumers at both the national and international level.

The Guidelines are intended to provide a set of principles to

Governments - as they review, and (if it is necessary) adapt, formulate and implement consumer policies and initiatives for electronic commerce.

Businesses, consumer groups and self-regulatory bodies - by providing guidance on the core characteristics of consumer protection that should be considered in the development and implementation self-regulatory schemes.

Individual businesses and consumers - by outlining the basic information disclosures and fair business practices they should provide and expect online.

1. OECD Guidelines on Consumer Protection

Transparent and effective protection. Consumers who participate in electronic commerce should be afforded transparent and effective consumer protection that is not less than the level of protection afforded in other forms of commerce.

38 http://www 1 .oecd.org/publications/e-book/9300023E.PDF

45

(b) Fair business, advertising and marketing practices. Businesses engaged in electronic commerce should pay due regard to the interests of consumers and act in accordance with fair business, advertising and marketing practices.

(c) Online disclosures:

(i) Information about the business. Businesses engaged in electronic commerce with consumers should provide accurate, clear and easily accessible information about themselves sufficient to allow, at a minimum.

(ii) Information about the goods or services. Businesses engaged in electronic commerce with consumers should provide accurate and easily accessible information describing the goods or services offered; sufficient to enable consumers to make an informed decision about whether to enter into the transaction and in a manner that makes it possible for consumers to maintain an adequate record of such information.

(iii) Information about the transaction. Businesses engaged in electronic commerce should provide sufficient information about the terms, conditions and costs associated with a transaction to enable consumers to make an informed decision about whether to enter into the transaction.

(iv) Confirmation process. To avoid ambiguity concerning the consumer’s intent to make a purchase, the consumer should be able, before concluding the purchase, to identify precisely the goods or services he or she wishes to purchase; identify and correct any errors or modify the order; express an informed and deliberate consent to the purchase; and retain a complete and accurate record of the transaction.

(v) Payment. Consumers should be provided with easy- to-use, secure payment mechanisms and information on the level of security such mechanisms afford.

46

(d) Dispute resolution and redress. Consumers should be provided meaningful access to fair and timely alternative dispute resolution and redress without undue cost or burden.

(e) Privacy. Business-to-consumer electronic commerce should be conducted in accordance with the recognized privacy principles set out in the OECD Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data (1980), and taking into account the OECD Ministerial Declaration on the Protection of Privacy on Global Networks (1 998), to provide appropriate and effective protection for consumers.

(0 Education and awareness. Governments, business and consumer representatives should work together to educate consumers about electronic commerce, to foster informed decision-making by consumers participating in electronic commerce, and to increase business and consumer awareness of the consumer protection framework that applies to their online activitie~.~’

Legislation must also ensure that any information or data provided or transmitted online is insulated from improper use. The following OECD guidelines may be considered fundamental requirements for any legislation on the use of information online:

Information Privacy. Personal information be acquired, disclosed, and used only in ways that respect an individual’s privacy.

Information Integrity Principle. Personal information should not be improperly altered or destroyed.

Information Qualig. Information should be accurate, timely, complete and relevant for the purpose for which it is provided or used.

Collection Limitation. Limits must be placed to the collection of personal data, obtained by lawful and fair means, and where appropriate, with the knowledge and consent of the data object.

39 http://www.oecd.org/EN/docurnent/O, EN-document-44- 1-no-24-320-0,00.html

47

Purpose Specification. The purposes for which data are collected must be specified or disclosed at the time of collection.

Security Safeguards. Personal data should be protected by reasonable safeguards against risks like loss or unauthorized access, destruction, use, modification or disclosure of data.

Openness. There should be a policy of openness about developments, practices and policies with respect to personal data.

Accountability. The responsibility of a data controller to comply with data protection and privacy measures should be complemented by accountability for any breach.

E. Encryption and Security in Online Transactions

Security in online transactions is of high importance because in an open network, such as the Internet, information that flows is open to all who have access to the system. For example, when one sends his or her credit card number to a merchant to pay for an online purchase, that credit card number may be viewed by third party who may use it for hidher own purchases in the future.

The OECD Guidelines for Security of Information Systems are both informative and instructive:

1. Accountability. Making explicit the responsibilities and accountability of owners, providers and users of information systems and other parties concerned with the security of information systems.

2. Awareness. Providing users appropriate knowledge of the existence and general extent of measures for the security of information systems.

Ethics. Recognizing and respecting the rights and legitimate interests of others.

3.

4. Multidisciplinary. Taking into account and addressing all relevant considerations and viewpoints.

48

5 .

6.

7.

8.

9.

Proportionality. Providing appropriate and proportionate security measures to the value and degree of reliance on the information systems and the severity, probability and extent of potential harm.

Integration. Coordinating and integrating all security measures, practices and procedures to create a coherent system of security.

Timeliness. Acting in a timely and coordinated manner to prevent and to respond to breaches of security of information systems.

Reassessment. Periodic review of the security of information systems, as information systems and the requirements for their security vary over time.

Democracy. Ensuring the compatibility of security of information systems with the legitimate use and flow of data and information in a democratic society.

F. Intellectual Property

The borderless character and nature of the Internet, particularly electronic commerce, had inevitably raised questions regarding the continued applicability of traditional legal systems in the enforcement of intellectual property laws. As previously discussed, traditional legal systems are based on notions of sovereignty and territoriality. The Internet, in contrast, largely ignores distinctions based on territorial borders. Thus, the Internet has been described as “the world’s biggest copy machine”.

Given the capabilities and characteristics of digital network technologies, electronic commerce can have a tremendous impact on the system of copyright and related rights, and the scope of copyright and related rights in turn can have an effect on how electronic commerce will evolve. If legal rules are not set and applied appropriately, digital technology has the potential to undermine the basic tenets of copyright and related rights. On the Internet, one can make an unlimited number of copies of programmes, music, art, books and movies virtually instantaneously, and without perceptible degradation in quality. And these copies can be transmitted to locations around the world in

49

a matter of minutes. The result could be the disruption of traditional markets for such works.

Another inherent characteristic of the digital copy is that there is no difference between the original and the copy.

The World Intellectual Property Organization (WIPO), through its 179 member States, has assumed the responsibility for the formulation of a legal and policy framework at the international level to encourage creation and the protection of intellectual property. Its ultimate goal is to achieve an appropriate balance in the law, providing strong and effective rights, but within reasonable limits and with fair exceptions. Since trade in copyrighted works, performances and phonograms has become a major element of global electronic commerce, rights holders should be legally secured in their ability to sell and license their property over the Internet subject to appropriate limitations and exceptions to safeguard public interest uses.

WIPO administers 23 international treaties dealing with different aspects of intellectual property protection.

Issues of enforcement and licensing are not new, but take on added dimensions and urgency when works are exploited on digital networks. In order for legal protection to become meaningful, rights holders must be able to detect and stop the dissemination of unauthorized digital copies, accomplished at levels of speed, accuracy, volume and distance that in the past were unimaginable. And for electronic commerce to develop to its full potential, workable systems of online licensing must evolve, in which consumers can have confidence.

Issues of enforcement and licensing are not new, but take on added dimensions and urgency when works are exploited on digital networks. In order for legal protection to become meaningful, rights holders must be able to detect and stop the dissemination of unauthorized digital copies, accomplished at levels of speed, accuracy, volume and distance that in the past were unimaginable. And for electronic commerce to develop to its full potential, workable systems of online licensing must evolve, in which consumers can have confidence.

50

Under the most important international copyright convention, the Berne Convention, copyright protection covers all “literary and artistic works”. This term encompasses diverse forms of creativity, such as writings, both fiction and non-fiction, including scientific and technical texts and computer programmes; databases that are original due to the selection or arrangement of their contents; musical works; audiovisual works; works of fine art, including drawings and paintings; and photographs. Related rights protect the contributions of others who add value in the presentation of literary and artistic works to the public: performing artists, such as actors, dancers, singers and musicians; the producers of phonograms, including CDs; and broadcasting organizations.

Likewise, in 1996, two treaties were concluded at WIPO: the WIPO Copyright Treaty (WCT) and the WIPO Performances and Phonograms Treaty (WPPT), commonly referred to as the “Internet treaties”. These treaties seek to address the issues of the definition and scope of rights in the digital environment, and some of the challenges of online enforcement and licensing. These treaties came into effect in March & May 2002 respectively.

The WCT and the WPPT also clarify the extent of rightholders’ control when works, performances and phonograms are made available to the public for downloading or access on the Internet. This type of transmission differs from broadcasting, in that the material is not selected and delivered by an active transmitter like a broadcaster to a group of passive recipients. Rather, it is transmitted interactively, that is, on demand from the individual users, at a time and place of their choosing. The treaties require that an exclusive right be granted to control such acts of “making available”, while leaving it to individual countries to decide how to categorize this right under national law.

In order for the treaties to be truly effective in cyberspace, they must become widely adopted in countries around the world. WIPO is therefore devoting substantial resources to promoting the treaties and to offering advice to governments on their implementation and ratification. In the interim, however, it should be noted that the provisions of both treaties were adopted by consensus by more than 100 countries, and thus represent broad international agreement as to

51

the appropriate approach to copyright in the digital environment. They, therefore, are already useful today as a guide and as a model for national legislation.

G. Fraud

Laws that recognize and give legal validity to electronic documents, signatures, and those contracts entered into electronically contribute to the creation of an atmosphere of business confidence. However, while the provisions of the previously discussed laws and models do apply to both business and the consuming public, the consumers at large need also to be protected from unscrupulous persons who take advantage of cyberspace in order to perpetrate fraud upon the innocents.

Consider the following: the development of the Internet and improvements in telecommunications technologies have brought significant benefits to consumers in terms of price and choice and facilitated the globalization of markets through cross-border transactions; unfortunately, the improvements have also provided unprecedented opportunities for businesses and individuals engaged in fraudulent and deceptive commercial practices to harm consumers from different countries and to evade enforcement authorities; those committing cross-border fraudulent and deceptive commercial practices against consumers can quickly target large numbers of consumers and quickly cause substantial harm; catching the perpetrators who may be located outside the borders of a particular jurisdiction has become difficult, if not impossible for most enforcement agencies, this is coupled by the ability of the perpetrators to rapidly move their operations from one place to another; most existing laws and enforcement systems designed to protect the consumers against fraudulent and deceptive commercial practices were developed at a time when such practices were predominantly domestic; such practices - fraud and deception-undermine the integrity of both domestic and global markets to the detriment of all businesses and consumers, thus undermining confidence in the markets.

52

The OECD, realizing the problem of fraudulent practices ongoing in cyberspace, decided to come up with a document that would address the predicament before them.

The Guidelines identify fraud and deception in business and commerce as those that cause actual harm to consumers, or those that pose an imminent threat of such harm if not prevented, such as:

misrepresentations as to material fact, or factual misrepresentations that cause significant detriment to the economic interests of the misled consumer;

failure to deliver goods, products, or services to consumers after they have been charged;

charging or debiting consumers’ financial, telephone, or other accounts without authorization.

To combat the practice the OECD urges its members to provide a domestic framework against fraud and deceptive practices that will include:

measures that will deter businesses and individuals from engaging in deceptive and fraudulent practices;

mechanisms to adequately investigate, preserve, obtain and share relevant information and evidence relating to occurrences of fraud and deception;

mechanisms to stop businesses and individuals engaged in fraud and deception; and

redress mechanisms for consumer victims.

The Guidelines also seek the strengthening of enforcement agencies, the development of mechanisms for cooperation and information sharing between and among enforcement agencies, removal of domestic barriers to the proper interdiction of said deleterious practices, education of consumers about these practices, and the cross-border usage of evidence, judgment and enforceable orders obtained in one State for use in another. The Guidelines also urge cooperation between government and private sector groups, such as financial institutions, domain name registrars, business and industry

53

groups and consumer groups in order to halt the practice of fraudulent and deceptive commercial practices across borders.

Most important for many of us is also the suggestion that effective cross border mechanisms for redress on behalf of defrauded consumers be developed.

The borderless nature of cyberspace business and trade has granted invaluable benefits to the consuming public. But the same advantages of speed and immediacy of communications has also given birth to even greater numbers of avenues for malefactors. These evil perpetrators cannot be stopped unless all of us who derive benefit from this new way of doing business do not cooperate. Governments, business groups, and individuals must contribute towards preserving this medium so that it remains viable as a tool for the creation of good - for the benefit of all.

H. Cyber-crimes

The Internet has the potential to be one of mankind’s greatest achievements. Telecommunications, banking systems, public utilities, and emergency systems do - and in our region, could rely on the network. But there are those who use it to inflict harm on others. In the short life of the Internet, we have already seen a wide array of criminal conduct. Although it is often difficult to determine the motives of these digital outlaws, the result of their conduct threatens the promise that the Internet offers by reducing public confidence and consumer trust in the whole system.40

The threat of growing criminal conduct in the Internet is such that the United States Federal Bureau of Investigation (FBI) has taken the unprecedented step of making the fight against cyber-crime and cyber terrorism the bureau’s No. 3 priority, behind counter-terrorism and counterintelligence. In addition to making cyber-crime and cyber terrorism one of the bureau’s top three priorities, FBI director Robert Mueller said that the FBI has changed its hiring practices to focus on

40 Janet Reno, 5 April; 2000.

54

recruiting a new type of agent that can bring a bedrock of experience from the world of IT.41

Without meaning to belabour the point, the difficulty in combating cyber-crimes and criminals stems not only from the lightning speed and stealth used but also from the fact that this phenomenon respects neither boundaries nor physical limitations. It was said that before the advent of computer networks, the ability to steal information or damage property was to some extent determined by physical limitations. A robber could break only so many windows or doors and burglarize only so many homes in a given week. This same example applies to those who may seek to destroy property. During each intrusion, the robber can carry away only so many items. This is not to make his act seem trivial but only to emphasize the physical limits imposed upon the traditional robber. In the Information Age, these limits no longer apply. A criminal seeking information stored in a networked computer with dial-in or dial-up access can acquire that information from virtually anywhere in the world. The quantity of information stolen or the amount of damage caused by the malicious programming code may be limited only by the speed of the network and the power of the criminal’s computer equipment. Moreover, such conduct can easily occur across state and national b o u n d a r i e ~ . ~ ~

What compounds the problem for law enforcement is that crimes in cyberspace do not respect geographical boundaries or national jurisdictions. If left unchecked or unpunished, these cyber-criminals will adversely affect the growth of e-commerce. There is no need to underscore the importance of the Internet but while the benefits of this technology are immense, so too is the possibility of crimes committed using this technology. In addition, there is the rapid migration of real-world crimes such as child pornography, fraud, forgery, falsification, and intellectual property theft, theft of information and money, as well as grave threats from the real world into the virtual world.

~ ~~~

41 http://www.computerworld.com/securitytopics/securitylcyber crimeslstoryl 0,10801,75532,00.htm1 42 Legislative Analysis, Computer Crime and Intellectual Property Section, Department of Justice.

Gartner/G2 statistics reveal that 1 in 6 consumers has been a victim of Internet fraud and that 1 in 12 has been hit by identity theft. The Internet Fraud Watch, on the other hand, has found that the average per person loss from Internet fraud rose from US$427 in 2000 to US$518 in 2001.

Online credit card fraud rates are three to four times higher than retail-related fraud in general. The average credit card fraud rate is 7 cents per US$ 100 charged, compared with the average online rate of 25 per cent to 28 per cent. Consumers also believe that their credit card is 12 times more likely to be defrauded online than offline.

Meridien Research projects that without technological investment in anti-fraud software, worldwide Internet payment fraud will represent a cost of US$60 billion in 2005.

There is a need to review the provisions of our laws on theft or stealing. In many jurisdictions, or in the real-world sense, stealing or theft could mean the taking of a thing or depriving the victim of ownership thereof. What happens when a person accesses without authorization another person’s file and then proceeds to copy it? In this sense, there may no theft because the thing has not been taken, but only copied. Making things even less clear is a case in the United States where it was held that the law pertaining to inter-State transportation of stolen property refers only to corporeal things and does not apply to intangible property.43

“Computer crime” or cyber-crime could refer to an abundance of misdeeds, which in many instances simply refer to the fact that a computer was used in the commission of the offense. Cyber-crimes can be divided into three major categories: cyber-crimes against persons, property and government.

Cyber-crimes against persons include transmission of child- pornography, harassment of anyone with the use of a computer such as e-mail, and cyber-stalking.

43 US v. Brown, 925 F.2”d 1301, 1308, loth Circ. 1991.

56

Cyber-crimes against property include unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programmes, and unauthorized possession of computerized information. Hacking and cracking are among the gravest such cyber-crimes known to date. The creation and dissemination of harmful computer programmes or viruses to computer systems is another kind of cyber-crime against property. Software piracy is also a distinct kind of cyber-crime against property, perpetuated by many people online who distribute illegal and unauthorized pirated copies of software.

A distinct example of cyber-crimes against government is cyber terrorism. Cyberspace is being used by individuals and groups to threaten governments and to terrorize the citizens of a country. This crime may take the form of individuals “cracking” into a government or military maintained web site.44

Examples of common misdemeanors are:

1.

2.

3.

4.

5 .

6.

7.

Mail bombing - which involves the sending of messages to a target recipient repeatedly. The mailboxes of the recipients then becomes flooded with junk mail;

Spamming - often used as a tool for trade or promotion. It targets multiple recipients and floods selected mail boxes with messages;

List linking - which involves enrolling a target in dozens- sometimes hundreds- of e-mail listings;

Spoofing - or the faking of the e-mail sender’s identity and tricking the target recipient into believing that the e-mail originated from the supposed mail sender;

Linking/Framing - which involves displaying one’s site content on another’s web page, without permission;

Denial of Service (DOS) - an explicit attempt by attackers to prevent legitimate users of a service from using that service;

Cracking - the act pf gaining unauthorized access to a system and subsequently destroying or causing damage thereto;

44 http://www.cyberlawindia.com/cyberindia/cyber crimes.htm1

57

8. Cyber-stalking - the “victim” is repeatedly flooded with messages of a threatening nature.

The United States Department of Justice has identified the challenges to the international or state prosecution of cyber-crimes as falling into three categories:

Technological challenges- while tracing an electronic trail is not impossible, the task has become very difficult what with the greater skill and technology that allow near-absolute anonymity for the cyber-culprit;

Legal challenges - the laws and other legal tools to combat crime lag behind the rapid changes afforded by technology;

Resource challenges - refer to the problem of lack of sufficient experts, or the lack of an adequate budget for new technologies, as well as for the training of personnel.

The Unites States has also passed several legislative measures in order to combat this problem: Computer Fraud and Abuse Act (18 USC 1030); 18 USC 2701 which punishes unlawful access to stored communications; 18 USC 2702 which prohibits divulging to any person the contents of a communication while in electronic storage; and 18 USC 2703 which allows government disclosure of the contents of electronic communications but only upon valid order of a court pursuant to a warrant.

After the terrorist attacks of September 11, 2001, the United States Congress enacted the USA Patriot Act. This is a comprehensive legislation aimed specifically at countering the threat of terrorism, including cyber terrorism. The new law gave sweeping powers to both domestic law enforcement agencies of the United States Government and United States international intelligence agencies to help thwart terrorist attacks. The Patriot Act expanded all four traditional tools of surveillance - wiretaps, search warrants, pedtrap orders and subpoenas - to make it easier for United States law enforcement and intelligence agencies to combat terrorism. For instance, the United States government may now spy on web surfing of Americans by merely telling a judge that the spying could lead to information that is “relevant” to an ongoing criminal investigation. The law likewise made two

58

changes on how much information the government may obtain about users from their ISPs. First, Section 212 of the law allows ISPs to voluntarily hand over all “non-content” information to law enforcement with no need for any court order or subpoena. Second, Sections 210 and 21 1 of the law expands the records that the government may seek with a simple subpoena to include records of session times and durations, temporarily assigned network addresses, means and sources of payments, including credit card or bank account numbers.45

On the other hand, the 41-nation Council of Europe also approved a convention on cyber-crime. The treaty provides for the coordinated criminalization of the following:

Offenses against the confidentiality, integrity, and availability of computer data and systems - like illegal access, illegal interception, data or system interference, and illegal devices;

Computer-related offenses - like computer-related forgery, computer-related fraud;

Content-related offenses - like child pornography; and

Copyright-related offenses.

Further, the Treaty urges its members to enter into cooperative efforts, through mutual assistance, extradition agreements and other measures in order to combat this problem. The call for international cooperation is of extreme importance given the nature of these crimes that respect no State, sovereign or national borders.

Similarly, the Asia-Pacific Economic Cooperation (APEC) has endorsed the following action items to combat the growing threat of cyber-crime:

immediate enactment of substantive, procedural and mutual assistance laws relating to cyber security;

make cyber-crime laws as comprehensive as those proposed in the Council of Europe Cyber-Crime Convention;

45 http://eff.org/Privacy/Surveillance/Terrorism~militias/2OOllO3 1-eff-usa- analysis .html

59

assistance between and among the economies in developing threat and vulnerability assessment capabilities;

develop security and technical guidelines that can be used by governments and corporations in their fight against cyber-crime; and

conduct outreach programmes to economies and consumers regarding cyber security and cyber ethics.

On the other hand, the member-countries of the Association of Southeast Asian Nations (ASEAN) have agreed to the creation of an ASEAN Network Security Coordination Center that will help combat cyber-crimes and cyber terrorism. Computer emergency response teams (CERTs) would also be established in each ASEAN country to serve as early warning systems against viruses. The ASEAN nations will also be focusing on strengthening their respective ICT infrastructure to attract more investors.

In the Philippines, the E-commerce Act also penalizes hacking or cracking, as well as the introduction of viruses. Malaysia’s Computer Crimes Act of 1997 penalizes unauthorized access to computer material, unauthorized access with intent to commit an offense, unauthorized modification of the contents of a computer, and wrongful communication. Likewise, the Computer Misuse Act of Singapore criminalizes unauthorized access to computer material, access with intent to commit or facilitate an offense, unauthorized modification of computer material, unauthorized use or interception of computer service, unauthorized obstruction of use of computers, and unauthorized disclosure of access code. In India, the Information Technology Act of 2000 prohibits tampering with computer source documents and hacking.

But beyond legislation, there must be adequate resources provided to law enforcement agencies so that these agencies possess the necessary tools, equipment, and know-how necessary for the successful defense of their country’s network systems from cyber-attacks. For what good are the laws that may be enacted to combat cyber-crimes if law enforcement agencies do not even have the education and training necessary to operate a computer, much less analyze the bits and bytes that are in it? Likewise, our judges must be trained.

60

Also, the need for consultation, coordination and cooperation between and among governments and the private sector is important, in order to harmonize as completely as possible measures, practices, and procedures that will be utilized in combating this problem. Harmonization of laws at the international, regional and national levels may be necessary to meet the challenges of a worldwide technology and its accompanying problems.

Security and privacy are not the responsibility of governments alone. There is a need for private sector efforts as well to implement user-friendly, self-regulatory privacy. In the meantime, governments will have to work with industry and other cyber-crime advocates to develop appropriate solutions to cyber-crime concerns that may not be addressed adequately by private sector.

An overarching task that needs to be done is to increase awareness at every level of society - in government, in the private sector, in civil society, and even among individuals - of-the necessity for, and the goals of security, privacy and cyber-crime prevention and control, as well as the promotion of awareness of the crimes that are committed in cyberspace and the availability of possible measures against them. Finally, and perhaps most important, it is vital that we develop a social consensus about the proper and ethical use of computers and information systems.

IX. RECOMMENDATIONS

A. Legal and Legislation

1. Harmonized e-commerce laws should, at the earliest possible time, be enacted in the GMS to address issues and problems concerning: ( 1) legal recognition of electronic data, messages, and signatures as functional equivalents of their traditional counterparts, and (2) cyber-crimes. The laws should reflect the spirit and tenor of the UNCITRAL Model Laws on E-Commerce and Digital Signatures and the e- ASEAN Frame work.

61

2.

3.

4.

Judges, lawyers and other members of the legal profession should be made to undergo capacity building and training programmes to raise the level of expertise or competence in handling e-commerce-related cases.

Consumers seeking redress should be guaranteed ready and available access to the justice system.

The formulation and development of applicable culture- specific alternative modes of online dispute resolutions must be encouraged to lessen resort to the more expensive court proceedings. Recourse to the courts must be made last in the menu of dispute settlement modes.

B. Bridging the Digital Divide

E-commerce and consequently, e-business, will not grow nor its full potential be met if the existing digital divide in the GMS would not be successfully addressed. Thus,

1. Universal access to the Internet and other forms or media of electronic communications should be developed and promoted on the principle that “greater access equals greater opportunities for trade and business.”

The development of the telecommunications infrastructure should be decisively pushed, as well as the construction of roads, bridges, and sea and air ports.

Tariffs on telecommunication services should be lowered.

2.

3.

4. Cost of telecommunication equipment should be made affordable.

5 . Language barriers should be eliminated or minimized through the development of machine translation.

C. Human Resources Development

1. Efforts towards creating and establishing a large pool of people trained to deal and handle e-commerce and related laws should be intensified and expanded.

62

2.

3.

1.

2.

3.

1.

2.

3.

For the development of domestic legal frameworks on e-commerce, the training of individuals who have the ability and aptitude to pass on the training to others should be commenced at the soonest possible time.

Legislators, judges, lawyers and court personnel should be trained in both the civil and criminal aspects of e-commerce law.

D. Raising Awareness

Seminars for awareness creation must be conducted continuously and in a sustained manner.

The need for education and awareness of the public and business, as well as the legal community on e-commerce issues must be addressed. Those who are most likely to enjoy the benefits of e-commerce and e-business must exercise responsibility in the use of the new medium.

The general public, business and technology experts must be educated as to the proper use or ethical practices in the utilization of computers, the Internet and other wealth-generating technologies that arrive in the future.

E. Government Role

Governments must establish and consistently apply rules that are clear, transparent, predictable, and

Government officials, particularly those responsible for the enactment and enforcement of e-commerce regulations should be encouraged to participate in trainings and seminars on e-commerce.

GMS Governments, with the participation of business and other stakeholders should designate a National ICT Legal Task Force to monitor and develop legal frameworks for e-commerce, when appropriate, and in line with the pace of regional development.

63


PART TWO

HARMONIZATION OF CYBERLAWS IN THE GREATER MEKONG SUBREGION46

46 The paper is an extract of a background research prepared for the French cooperation/ ESCAP/TID project on “Harmonized Development of Legal and Regulatory Systems for Electronic Commerce in Asia and Capacity building Needs” by Dr. Roland Amoussou-Guenou, Regional Expert on the Legal Cooperation in the ASEAN (The Embassy of France in Thailand), Visiting-Lecturer at the Asian Institute of Technology (AIT)

65


INTRODUCTION

At the early days of the Information Age in the 1990’s, many Internet pioneers claimed that law and lawyers stay out of the cyberspace. One decade later, law has made a strong come back as a building bloc for the Internet-based global business.47

The so-called Information and Communication Technologies (ICT) Revolution has generated a correlated “Legal Revolution” by raising new legal issues. Among these, the harmonization of “Cyberlaws” is probably one of the most challenging of the moment.

Indeed, there is a growing need for harmonization of national laws to support the convergence of ICT applications which are by nature beyond national jurisdictions especially in Electronic Commerce.

Harmonization of laws in the real world is not a new issue. It was driven by the necessity to provide the international community with a “consensual”, user-friendly and effective legal framework. The main reason is that historically, the organization of the international society is based on a border and sovereignty legacy. The expansion of the global business combined with ongoing regional integrations has encouraged harmonization of law initiatives around the world.

Now in the Information Age, lawyers are forced to rethink traditional concepts of distance, time and jurisdiction. The borderless cyberspace has generated new expectations among players, users and consumers and specific legal issues. These are being addressed through harmonization in order to mitigate the gap between different national legal systems or to overcome legal obstacles of trans-national business.

The purpose of the present paper is to discuss the challenges of harmonization of “Cyberlaws” in the Greater Mekong Subregion (GMS) and to outline strategies for its achievement.

47

Geneva, 2002, http://www.unctad.org/ecommerce,doc.UNCTAD/SDTE~CB/2 See E-commerce and development report 2002, United Nations, New York and

67

To this end it would be useful to review the lessons of cyberlaws harmonization initiatives around the world (Chapter I), before considering the specific issues of harmonization of cyberlaws in the GMS countries (Chapter 11).

CHAPTER I: A REVIEW OF THE LESSONS OF THE CYBERLAWS HARMONIZATION

INITIATIVE AROUND THE WORLD

Harmonization of laws is a process which fuelled many academic debates of conceptual and technical nature which need to be summarized (Section I) in order to have a good understanding of the difficulties raised by the harmonization of Cyberlaws (Section 11).

Section I: A Summary of the Conceptual and Fundamental Issues of the Harmonization of Laws

In a narrow or traditional sense, harmonization of laws is the process by which member states of a federation or a region make changes in their national laws, in accordance with federal or community legislation, to produce uniformity, particularly relating to commercial matters of common interest.48 The key expressions here are “uniformity of laws” and “uniformization”.

Based on this definition, harmonization of laws is not an easy task because not all subject matters can be h a r m ~ n i z e d . ~ ~ The first step before undertaking any harmonization is to identify a “neutral” topic such as trade, commerce or business transactions.

Once the “neutral” subject matter is identified, harmonization remains a complex combination of factors such as:

48 See Oxford Dictionary of Law, Third Edition, 1994, v0 “Harmonization of laws”, p. 182. 49 In matter where cultural (including religious) values are important, harmonization faces strong resistance. For example it would be impossible to harmonize the marriage and divorce laws in the ASEAN countries. The differences between Catholic countries (the Philippines) on the one hand, and Moslem countries (Indonesia, Malaysia) and Bouddhist nations (Thailand) on the other hand is impossible to overcome.

68

the statement of government political wills and commitments,

the existence of federal5’ or regional institutions entrusted with the mandate of carrying out harmonization objectives,

the adoption of legal instruments for harmonization purposes and,

the creation of administrative or judicial bodies to monitor the process.

A detailed analysis of this process falls beyond the scope of the present paper? It would be sufficient here to make an approach to Regional (A.) and Universal (B.) harmonization of laws issues.

A. An approach to Regional Harmonization of Laws Issues

The regional harmonization of laws is used to be achieved at three different levels.

Level one which is the highest on the scale of harmonization is called “unification of laws”. It consists in an aggressive or pro-active legislative process of legal drafting based on principles such as “direct application” or “superiority on national laws”. In this process, Treaties, Laws and Regulations are adopted under the umbrella of a single supranational regional institution. The outcome is the direct application without any modification in the member states. Unification of laws is used to achieve in-depth regional legal and integration and a community law.52 The European Union and the Organization for Harmonization of

50 See The Uniform Law Conference of Canada established to secure uniformity of legislation throughout Canada, especially for the purpose of facilitating commercial activity, http://www.ulcc.ca 51 For further analysis see: Jarrod Wiener (1999), Globalization and Harmonization of laws, Cassell Academic; Lawrence, Robert Z . (1996), Regionalism, Multilateralism and Deeper Integration, Washington DC: Brookings. 52 The in-depth legal integration may be the only objective (see OHADA), or part of a myriad of objectives for political, economical, social and monetary integration (see European Union).

69

Business Law in Africa (OHADA) are two illustrations of this approach.

Level two is the average level of the scale in that the initiative of law is also taken by a supranational regional organization in the form of directives. The difference is that national countries are strongly invited to change or to make a transposition in their laws, in a certain time-frame, according to the regional model and under the supervision of a regional monitoring body. The European Union also offers this option with the Directives of the Commission or with decisions of the European Court of Justice.

Finally, level three consists in the “approximation” of laws. It is the process by which member-states change their national laws to enable a free market zone to function properly. This approach can also be based on regional recommendations, decisions, guidelines or Models. It is likely to be considered more as a legal cooperation than a harmonization process. The EU Principles of Contract Law54 is a good illustration of this type of harmonization.

As we can see from these examples, regional harmonization of laws is usually promoted by regional institutions under the umbrella of a founding treaty or convention.

In ASEAN, where the level of integration is quite low, effort for harmonization has not been very successful so far, despite awareness raising seminars of development agencies such as the ADB ?

53 Project Study of Dr. Roland Amoussou-Guenou on “The Challenges of the Harmonization of Electronic Commerce Legal and Regulatory Framework for Trade Facilitation in the Asia-Pacific Region”. 54 See Ole Lando and Hugh Beale (2000), Principles of European Contract Law Parts I and I1 Combined and Revised, Prepared by the Commission of European Contract Law, Kluwer Law International. 55 See, ADB Seminar on Legal Aspects of Regional Cooperation, Monday, 29 April 1996, Manila, Philippines, http://www.adb.org/Docunents/Conference/Seminar- Cooperation

70

Clearly, harmonization of laws generally seems not to be in the Agenda of the ASEAN56, as opposed to the trend in other regions of the world such as Europe and Africa.

B. An Approach to Universal Harmonization of Laws Issues

Universal harmonization of laws is realized by a variety of means which are also beyond the scope of the present paper. To simplify, they can be grouped into two mains categories usually identified by the legal academia as “hard” law (a) and/or “soft” law57 (b).

a) The “Hard Law” Universal Harmonization

The “Hard Law” Universal Harmonization refers to formal sources of international law such as Treaties, Conventions and Agreements which are promoted by governments or international organizations in order to facilitate international cooperation in specific areas of law.

They are the result of lengthy processes of negotiation, signature ratification or adhesion. But at the end, they are compulsory and superior to national laws in the hierarchy of norms. The following are some examples of areas of international business where Treaties and Conventions establish a “Hard Law” Universal Harmonization.

i) International Contract of Sales Law (see the UN Convention on Contracts for the International Sales, better known as the Vienna Sales Convention, 1980).

ii) Applicable Law (see the Applicable Law to International Sales of Goods Contracts, the Hague, 1986).

56 ASEAN was established on 8 August 1967 to promote regional cooperation. The fundamental principles that govern the ASEAN are non-interference in the international affairs of one another, settlement of differences and disputes by peaceful manner, and mutual respect for the independence, sovereignty, equality, territorial integrity, and national identity of all nations. 57 See Dr. Loukas A. Mistelis, Regulatory Aspects: Globalization, Harmonization, Legal Transplants, and Law Reform - Some Fundamental Observations, 34 International Lawyer (2000) 1055- 1069, http//www.cisg.law.pace.edu/cisg/biblio/mistelis.html

71

iii)

iv)

v)

vi)

b)

International Contract of Transport (see the Convention on the Unification of certain rules related to the Air Transport, Varsaw, 1929).

International Payments (see the Unidroit Convention on Factoring, Ottawa, 1988).

International Protection of Intellectual Property Rights (See the WIPO Convention on International Property Protection, Geneva, 1996).

International Commercial Arbitration (See, the Convention on the Recognition and Enforcement of Foreign Awards, New York, 1958).

The “Soft Law” Universal Harmonization

The “Soft Law” harmonization is achieved by various methods. The main feature is that they are non-compulsory in principle and result from a non-formal process. In practical, “Soft Law” provisions play a very important role in international business. The two main categories of “Soft Law” Harmonization are of professional (i) and of institutional origins (ii).

i) The “Soft Law” Universal Harmonization of Professional Origin

This category is a sui generis creation of the business sector itself. It consists in Customs, Practices, Usages and Models of Contracts under the aegis of professional association^^^ such as the International Chamber of Commerce, the International Law Association, the International Bar Association, the Fkderation des Inghieurs Conseils (FIDIC) and so forth.

The INCOTERMS (International Commercial Terms)59, the Uniform Customs and Practice for Documentary Credits, which are used by banks all over the world to finance international trade, Electronic

58

59

See Dr. Loukas A. Mistelis, op. cit. See the ICC INCOTERMS 2000, ICC Publishing, Paris, 2000.

72

Model Contracts6’, Arbitration Model Clauses61 are some good examples of “Soft Law” harmonization of professional origin.

ii) The “Soft Law” Universal Harmonization of Institutional Origin

This category is also known as “International Instruments”. They consist in different provisions adopted under the auspices of international organizations.62 Their main purpose is to propose to the international community legal tools such as Principles, Model-laws, Provisions, Guidelines etc., for international business facilitation. They aim at creating “convergent” understanding of fundamental legal concepts, as well as “convergent solutions’’ of issues of transnational nature.

The following are some examples: the World Trade Organization the UNIDROIT Principles of International Contract Law64,

the 1996 UNCITRAL Model Law on International Commercial A r b i t r a t i ~ n ~ ~ , the UNCITRAL Model Law on Electronic Commerce.66

As Members of the international society, GMS countries can participate directly or indirectly to this form of “Soft Law” universal harmonization of laws.

Section 11: Issues Raised by the Global Harmonization of Cyberlaws

Given the global nature of the topic, it is not surprising that many of the activities in the field of cyberlaws have been launched by international organizations.

6o

61

62

63

64

65

http://www.uncitral.org 66

See ICC Paction - The Online model sales contract application. See ICC Court of International Arbitration Model Clauses. E.g.; United Nations, UNIDROIT, OECD. See the WTO at http://www.wto.org See UNIDROIT Principles of International Contract Law at http://unidroit.org See UNCITRAL Model Law on International Commercial Arbitration, 1986,

See UNCITRAL Model Law on Electronic Commerce, 1996, http:Nwww.uncitral.org

73

Also, the necessity to bridge the digital gap between Developed and Least Developed countries has encouraged initiatives for the global “harmonization of cyberlaws”. Landmark mark steps in this respect can be traced to 1996 (publication of the UNCITRAL Model Law) and 1998 (the starting of the UNCTAD global campaigns to promote e-commerce especially in developing countries).

Various studies revealed increasing concerns that inappropriate legal and regulatory issues might constitute a serious impediment to e-commerce. 67

Key elements have been identified for an enabling environment for e-commerce. For example, among seven building blocs referred to by the UNCTAD68, the Legal and Regulatory issues come in the third position.

In order to address the issue of global harmonization of cyberlaws, it was necessary to specify the nature of the legal issues raised by e-commerce (A.). Thus, the understanding of the true essence of contracting on the net (B.) and the formulation of appropriate solutions in the form of specific principles (C.) will be considered.

A. The Nature of the Legal Issues Raised by E-commerce

E-Commerce raises questions of transactional and non-transactional nature. They range from the clarification of the legal definition of e-commerce6’, to contracting online, data protection, privacy protection, consumer protection, the legal status of electronic, the legal status of writing and original, security and authentication,

67 “E-commerce and Development Reports”. (See E-commerce and development report 2002, United Nations, New York and Geneva, 2002, http://www.unctad.org/ ecommerce, doc. UNCTAD/SDTE/ECB/2).

These elements are: Awareness building - training and education - Access and infrastructure - Legal and regulatory issues - Support for the enterprise sector - Sector - pecific policies - E-government. See, Basic Elements of an Enabling Environment for E-Commerce: Doc. TD/B/COM/.3EM. 15/2 3, May 2002. 69 See Dr. Roland A ~ O U S S O U - G U ~ ~ O U ’ S article on “The Definition of Electronic commerce: a quest for the “Homo-Electronicus’”’, AIT Newsletter, Vol. 2 No. 13, August 1,2003; Vol. 2 No. 11, June 27,2003; Vol. 2, No. 9, May 30,2003.

74

intellectual property rights, liability of ISPs, payment systems, online dispute resolutions, and cyber-crimes.

For the purpose of the present paper, the focus will only be on transactional issues i.e., contracting on the Internet, which makes e-commerce legally possible.

Indeed, after the uncertainties of the previous days, it is now widely accepted that many of these legal issues can find a solution within the traditional legal framework (civil law, commercial law, criminal law). Yet, new remedies to many unprecedented questions still have to be re-invented.

B. The True Essence of Contracting on the Net

In e-commerce, the essence of contract as a legally binding agreement has not changed.

Nevertheless, data-based transactions have deeply affected the process of contracting. In paper-based transactions, and in terms of rights and obligations of the parties, the contract is analyzed as an “acte juridique” (French Law). It is an achievement, i.e. the result of a matching of two valid contractual wills after satisfaction of the classical pre-requisites for the validity of contract^.^'

On the other hand, in electronic-based transactions the contract is analyzed as the process of a series of operations online supported by ITC infrastructures. The completion of contractual operation online involves third parties (at least for the payment and the certification) other than the contractual parties alone. Thus, the mechanisms by which offer and acceptance meet to create a valid contract (relation between message originator and addressee) is one of the main issues.71

70 See, Christian Dadomo and Susan Farran (1997) French Substantive Law Key Elements, London Sweet and Maxwell. Prerequisites for contracts are: capacity, object and cause (under civil law) and, capacity object and consideration (under common law). 71 Ian Lloyd, On-line contracting - a common law perspective, in Les premibres journdes internationales du droit du commerce dlectronique, Actes du Colloque de Nice des 23,24 et 25 Octobre 2000 (EDHEC), pp. 185-209.

75

C. The International Principles which govern E-commerce Legal Issues

The purpose of contract law in all legal systems is to create trust by means of legal validity and security of transactions and to secure evidence. The issues of the admissibility and evidential value of electronic messages in judicial and administrative proceedings play a central role in the development of electronic commerce. While the rules governing the admissibility of evidence in certain jurisdictions are rather flexible, there are legal systems that adopt a relatively strict approach to the subject and exclude electronic messages as acceptable evidence.

In addition, the dematerialization brought about by electronic transactions raises new issues affecting transactional activities such as the validity, legal effect, and enforceability of contracts conducted through electronic means in a legal environment traditionally based on paper.

The requirement of written documents and signature, the negotiability of trade documents, confidentiality, the protection of consumers and taxation are among other important issues.

We can identify the following six principles of the UNCITRAL Model Law, to govern transactions on the Internet. They are:

1) The technological neutrality (applies to all situations where information is generated stored or communicated, irrespective of the medium on which such information may be based).72

2) The functional equivalence (it is based on the purposes and functions of the traditional paper-based requirement with a view to determining how those purposes or functions could be fulfilled through e-commerce technique^).^^

3) The legal validity of data messages (data messages should not be discriminated against paper document^).^^

72 See Article 1. 73

be considered as a writing if its content can be consulted afterwards. 74 See Article 5.

See Article 6 and 8. According to Article 6 of the Model Law, a data message shall

76

The legal admissibility of digital signature (the function of a signature in a paper based environment is: to identify a person; to provide certainty as to the personal involvement of that person in the act of signing; to associate that person with the content of a document. The digital signature should perform the same function).75

Original (original is defined as a medium on which information was fixed for the first time. This approach does not work for data messages. Thus, various technical means are available to certify the originality of a data message).76

Admissibility and evidential weight of date messages (the purpose of this principle is to establish both the admissibility of data messages as evidence in legal proceedings and their evidential value).77

CHAPTER 11: THE SPECIFIC LEGAL AND REGULATORY ENVIRONMENT OF

E-COMMERCE AND THE GMS COUNTRIES

Harmonization of cyberlaws in the GMS countries is an interesting case-study as well as a serious challenge (Section I). The need for harmonization of cyberlaws in this subregions (Section II), suggests to consider the best possible strategies to overcome the difficulties and to achieve an effective harmonization of cyberlaws (Section 111).

Section I: The Challenges of the Harmonization of Cyberlaws in the GMS Countries

The challenge is of institutional (A.) as well as context (B.) nature mainly because of the absence of a formal legal status of the GMS combined with the different levels of achievement of e-commerce legal and regulatory framework in this subregion.

75 See Article 7. 76 See Article 8. 77 See Article 9.

77

A. A Challenge of Institutional Nature

The GMS can be defined as a mere subregional economic forum organized alongside the Mekong River. Thus, from the strict legal and institutional perspective, the GMS is not yet a regional organization with an established international legal status.

It has no mandate to enact any kind of harmonized legislations or regulations directly applicable to member countries, on the model of the EU Directives or regulation^^^, or the OHADA uniform

The inexistence of a founding treaty legitimating a regional institution with a clear mandate to harmonize the laws (including cyberlaws) of the subregion may be considered a serious obstacle.

B. A Challenge of Context Nature

On a country to country basis, the GMS member states have different levels of achievement of IT strategies as well as e-commerce legal and regulatory framework. Except Thailand where an “Electronic- transaction Act” was adopted in 2001, and Viet Nam which is in the active process of drafting its Electronic commerce ordinance, the other member-countries have no legislation on e-commerce at all.

Nevertheless, in various GMS countries (except Myanmar and the Yunnan) the adoption of e-commerce law is part of the priorities of IT national policies and projects. Number of bilateral cooperation programmes as well as regional development organizations are committed to support the development of enabling e-commerce infrastructures in the GMS countries. Such regional commitments

78 See “Legal issues of EU, ASEAN and OHADA (Organization for the Harmonization of Business Law in Africa) Regional Integration”, Research study under the supervision of Dr. Roland Amoussou-Guenou, Regional Expert on Legal Cooperation in the ASEAN and Visiting Lecturer at the School of Management (SOM), AIT (Asian Institute of Technology), Pathumthani, Thailand, 2003, unpublished. 79 See The Organization for harmonization of Business Law in Africa (OHADA), was created by a Treaty signed in Mauricius in 1993 with the objective of harmonization business Laws. The common OHADA Laws are known as “Uniform Acts”. See http:// www.ohada.com

can be found in the ADB regional ITC strategyg0, the ASEM declarations" the e- ASEAN framework agreement.82

The combination of national action plans with bilateral assistance programmes and regional integration initiatives for the building of a harmonized e-commerce legal infrastructure in the GMS will not be an easy task.

Section 11: Justifications of the Need for Harmonization of Cyberlaws in the GMS Countries

In spite of the above-mentioned difficulties, the need for harmonization of cyberlaws in the GMS cannot be denied. This need is justified by many factors including the importance of legal infrastructure for improving the market efficiency for e-commerce in the region and beyond.

The current legal framework is clearly inadequate to govern e-transactions in the GMS countries. As a matter of fact issues such as acceptance of recognition of data messages, validity of electronic documents, digital signatures, data and privacy protection, copyright and intellectual property protection are absent in the legal and regulatory environment.

Moreover, harmonization of e-commerce legal and regulatory systems is consistent with ADB Strategic Approach for Information and Communication Technology. This convergence of interest is important, given that ADB is the key player in the GMS construction.

Finally, the need for e-commerce legal frameworks and their harmonization is acknowledged by official statements such as the Declaration on Electronic Commerce for Development, Joint UNCTAD-

8o See Asian Development Bank, Towards E-development in Asia and the Pacific: A strategic Approach for Information and Communication Technology, June 2001. 81 See ASEM Senior Officials Meeting on Trade and Investment (SOMTI €9, 17 July 2002, Bali, Indonesia, http://europa.eu.int/external relation/asem/min other meeting/ somti8.htm 82 See E-ASEAN Reference Framework for Electronic Commerce Legal infrastructure, ASEAN Secretariat, 2001, http://www.asean.org; ASEAN Task Force, http://www.fit- ed. org/asean/index. htm

79

ESCAP Asia-Pacific Regional Conference on: “E-Commerce Strategies for Development” held in Bangkok on 20-22 November 2002.

For all these reasons it is timely to consider the best strategies to undertake and achieve an effective harmonization of cyberlaws in the GMS.

Section 111: The Best Possible Strategies to achieve an effective Harmonization of Cyberlaws

Given the specific context of the GMS, solutions for harmonization of cyberlaws will consist in adopting the “soft harmonization” approach based on international Guidelines and General Principles of e-commerce (A.). Besides, the promotion of legal capacity building would be a necessary complement to make this “soft harmonization” effective (B.).

A. The “Soft” Harmonization of Cyberlaws in the GMS: Adopting International Guidelines and Principles

Legal principles of e-commerce are provided by the 1996 UNCITRAL Model Law on e-commerce (a) and Guidelines are released under the auspices of regional organizations such as the ASEAN (b).

a) The 1996 UNCITRAL Model Law on E-commerce

As far as electronic commerce is concerned, the United Nations Commission for International Trade Law (UNCITRAL) is the most popular. In 1996, based on a mandate received from the General Assembly of the United Nations, the UNCITRAL has proposed to the international community a “Model Law on Electronic Commerce”.

This model is now universally recognized and used as a reference. It serves as a source of inspiration for many countries around the world to draft e-commerce laws. To date, the only GMS country who has adopted a law based on the UNCITRAL Model Law is Thailand.83

83

2544. See Thailand Electronic Transaction Act 2001, given on the 2nd December B.E.

80

The UNCITRAL Model Law does not give any legal definition of “Electronic commerce”. But it provides some useful clarifications about the meaning of “commercial”, which is related to the term 66commerce’?4

Key provisions of the UNCITRAL Model have already been presented above.

b) The e-ASEAN Legal Guidelines on E-commerce

Five among the six member states of the GMS are also party to the ASEAN.85 Therefore, initiatives taken under the ASEAN would apply directly to the GMS.

In this respect, it is important to mention the e-ASEAN initiative which was launched by the ASEAN Secretariat, with the mandate to promote e-commerce and prompt appropriate legal environment to facilitate e-trade in the member countries.86

As a result of this initiative, the e-ASEAN task force has published “E-ASEAN Reference Framework for Electronic Commerce Legal Infrastructure” in 2001 which is an important a ~ h i e v e m e n t . ~ ~

84 See Article 2 of the UNCITRAL Model Law. According to this Instrument, the word “commercial” should be given a wide interpretation so as to cover matters arising from all relationships of commercial nature, whether contractual or not. Relationships of commercial nature include, but are not limited to, the following transactions: any trade transaction for the supply or exchange of goods or services; distributing agreement; commercial representation or agency; factoring; leasing; construction of works; consulting; engineering; licensing; investment; financing; banking; insurance; exploitation agreement or concession; joint venture and other forms of industrial or business cooperation; carriage of goods or passengers by aic sea, rail or road” 85 Cambodia, Lao People’s Democratic Republic, Viet Nam, Myanmar and Thailand the two hats of being member of the ASEAN and part the GMS process. 86 See E-ASEAN Reference Framework For Electronic Commerce Legal Infrastructure, ASEAN Secretariat, 2001, http://www.asean.org Adde, e-ASEAN task force, http:// www.fit-ed.org/easean/index. htm *’ See, Dr. Roland Amoussou-Guenou “The Legal and Regulatory Challenges of the Digital Divide”, paper presented at the Regional Conference of Digital GMS, organized by the Asian Institute of Technology, the Greater Mekong Sub-region Academic Research Network and ASEAN Foundation, 26-28 February 2003.

81

Interestingly, the e-ASEAN initiative is the first regional initiative worldwide, before the e-europe that emerged in the digital space. The ASEAN leaders endorsed the e-ASEAN initiative during their Annual Summit meeting in Manila on November 28, 1999, barely two weeks earlier than their European counterparts which was launched on December 8, 1999.

E-ASEAN aims to develop a broad-based and comprehensive action plan, including physical, legal, logistical, social and economic infrastructure needed to promote an “ASEAN e-space”.88

The purpose of the framework is two fold. On the one hand it intends to help ASEAN member states that do not have e-commerce laws in place to accelerate the drafting of their own. On the other hand, its objective is to help Member-States that already have e-commerce laws in place to make it effective in facilitating cross border e-trade.

Interestingly, the authors of the reference framework recall that the work was developed on existing e-commerce laws of ASEAN Member States in consultation with experts from the concerned government^.^' Reference is also made to the UNCITRAL Model Law on Electronic Commerce and Draft Model Law on Electronic Signature. The proponents of the framework also give credit to United States e-commerce and e-signature laws.

The framework features basic concepts and definitions (i) and General principles (ii). The scope and legal effect of e-commerce laws and other the core provisions are also provided for (iii).

** See Fiona J.M. PAUA (Fall 2000) e-Asean and e-Europe: Regional Initiatives in a Borderless World. 89 The laws concerned are Electronic Transaction Act (ETA) of Singapore; the Digital Signature Act (DSA) of Malaysia; the Electronic Commerce Act (ECA) of the Philippines; the Electronic Transaction Order (ETO) of Brunei Darussalam; and the then Draft Electronic Transactions Bill (ETB) of Thailand.

82

i) The Basic Concepts and Definitions of the e-ASEAN Framework

The basic concepts and definitions cover various terms like “E-commerce7’, “Electronic contracting”, “Electronic record”, “Electronic Signature/Digital Signature”, “Public Key Infrastructure” (PKI), and “Digital Certification Authority”. There are not fundamentally different from the e-commerce legal instruments released by the UNCITRAL Model Law.

The conceptual approach to the definition of e-commerce is interesting to underline here. Indeed, the reference framework has opted for the “Transactional” aspect of e-commerce. To this end, it refers to e-commerce as “Electronic transaction” on the Internet or any other networks.

Accordingly, two categories of transaction are identified, those that involve sale of physical goods and services on the one hand and those that involve the direct online transfer of information and digital goods and services (e.g. software, music-on-demand, video-on-demand).

The “transactional approach” of e-commerce which has been adopted by Asian countries including Thailand seems too narrow and limited in the scope of e-commerce covers transactional as well as non-transactional (including civil acts and government) activities on the Internet.

This orientation bears the risk to create two distinct categories of countries in Asia, those with legislations on “Electronic Transaction” and those with legislations on “Electronic commerce”. This is an additional justification for the harmonization of cyberlaws in the GMS countries.

ii) General Principles of the e-ASEAN Framework

There are not yet identified General Principles of e-commerce laws specific to ASEAN countries. As a result, the e-ASEAN framework recalls that e-commerce laws should conform to international standards such as the UNCITRAL Model documents in this matter. Special consideration should be give to principles such as transparency, predictability, neutrality and non-discrimination.

83

iii) The Scope, the Legal Effect of e-commerce Laws and Other the Core Provisions of the e-ASEAN Framework

The main purpose of e-commerce laws as suggested by the framework is “to provide predictability and certainty in areas where existing laws fall short”. The trade facilitation expectations are underlined with the provisions according to which “E-commerce laws are meant to encourage business and consumer confidence in e-commerce as well as provide legal recognition of electronic transaction, electronic records and electronic signatures”.

What is meant by legal effect is the validity under the law of an electronic contract, an electronic record, an electronic writing, an electronic signature and an electronic data in general. But it is admissible that some e-commerce laws specifically exclude from their provisions some types of contracts related to immovable property, Powers of Attorney, Wills, Negotiable Instruments, and Documents of Title.

As far as the provisions of e-commerce laws are concerned, the reference framework insists that e-commerce laws should at least include three categories of provisions related to Electronic transaction, Trusted Third PartiesKertification Authorities and Service Providers.

In focusing on these three categories only the e-ASEAN framework tends to restrict e-commerce to transactional, or contractual operation around three key players who are:

The business partners (for the transaction)

The trust providers (Certification Authorities), and

The communication enabler (Service Providers)

Therefore, what’s about other e-commerce non transactional modes related to transformation, manufacturing, trading and services as indicated in the UNCITRAL Model Law on electronic commerce?

By all means legislations as well as principles and guidelines alone will not be insufficient to assure harmonization of electronic

84

commerce laws for trade facilitation in the GMS. The legal capacity building is critical.

B. The Legal Capacity Building in the GMS Countries

a) The Rationale for Capacity Building

In e-commerce, business opportunities delayed is development denied. Indeed, while e-commerce business opportunities cannot be delayed, it often takes years for appropriate legislation to be enacted. In addition, legislations in e-commerce are subject to rapid obsolescence90 by the time it is adopted and applied by the legal profession or interpreted by the judges.

Hence harmonization of e-commerce related laws is an important medium term or long term objective. The most immediate objective is to assure that regardless of the different stages of development of the legal infrastructures of the countries, the legal profession in the GMS subregion will develop a common understanding of the e-commerce legal issues that will facilitate a soft and flexible and in the same time, efficient harmonization in the short run across the subregion.

b) The Setting up a Specific GMS Training Programme Project

A successful outcome of a GMS capacity-building project will require the sustained involvement and support of a wide range of International organizations, government agencies, industry associations and other constituencies.

The project may be achieved over a period of two to three years. It may be carried out under the auspices of the ESCAP with the funding of donor agencies such as the ADB, and the partnership of interested national entities, international organizations and private sector.

Detailed training programme will be developed based on preliminary fact findings and recommendations. Training material and supporting material such as e-commerce guidelines for lawyers and

See example of Republic of Korea who is a leading Asian country in e-commerce infrastructures has carried out in 2002 a reform of its 1996 e-commerce Act.

85

benchbooks for judges, will be developed and disseminated to promote convergent approaches to legal problems and soft regional harmonization.

E-commerce legal capacity building programmes will be targeted at three distinct targets within the legal profession: law makers, judges, lawyers and legal counsel to ministries and government agencies.

The programme should include a training of trainers (TOT) component so that the trained participants at the subregional level will be able to train their national peers.

CONCLUSION

The current legal framework is inadequate to govern e-transactions in the GMS countries. Issues such as acceptance of recognition of data messages, validity of electronic documents, digital signatures, data and privacy protection copyright and intellectual property protection are absent in the legal and regulatory environment.

Yet, from the perspective of the classical harmonization of laws process, the harmonization of cyberlaws in the GMS countries is still a big challenge.

Classical harmonization requires a combination of factors such as, the statement of government political wills, the existence of regional institutions entrusted with the mandate of carrying out harmonization objectives, the adoption of legal instruments for harmonization purposes and the creation of administrative or judicial bodies to monitor the process.

These pre-requisites are presently inexistent in the GMS. The lack of a formal international legal status of the GMS combined with different levels of economic development and achievement of e-commerce legal and regulatory framework in this subregion make it impossible to consider a “hard” harmonization of cyberlaws on a regional integration basis.

86

The solution resides in a “soft harmonization of laws” approach on the basis of international principles of the UNCITRAL Model Law and regional Guidelines such as the e-ASEAN Framework.

These initiatives need to be complemented by a capacity building programmes for specific target audiences such as of law-makers, lawyers and judges of the GMS countries.

A successful outcome of such a GMS capacity - building project will require the sustained involvement and support of a wide range of regional international organizations, donor agencies, governments, business associations and other constituencies.

87


PART THREE

E-BUSINESS PRIMER

89


I. E-BUSINESS OVERVIEW

What is e-business?

Electronic Business or e-business, also known as electronic commerce and e-commerce, refers to the use of computers and electronic communications networks to do business. It refers to every type of business transaction or interaction in which the participants prepare or conduct business electronically. This covers a wide range of activities, ranging from the use of electronic mail (e-mail) and Electronic Funds Transfer at Point of Sale (EFTPOS), through Internet based sales and transactions and web-based marketing. E-business is a business issue rather than a technology issue.

What are the 2 main types of e-commerce?

There are 2 types of e-commerce applications: (1) business-to- business (B2B); and (2) business-to-consumer (B2C).

(1) B2B applications:

a. Supply Management. Electronic applications in this area aid in expediting business partnerships through the reduction of purchase order (PO) processing costs and cycle times, and by maximizing the number of Pos processed with fewer people.

b. Inventory Management. Electronic applications make the order-ship-bill cycle shorter. For instance, if most of a business’s partners are linked electronically, any information sent by mail can be transmitted instantly. Businesses can easily keep track of their documents to make sure that they were received. Such a system improves auditing capabilities, and helps reduce inventory turns, and eliminate out-of-stock occurrences.

c. Distribution Management. Electronic-based applications make the transmission of shipping documents a lot easier and faster. E-commerce also enables more efficient

91

resource management by certifying that documents contain more accurate data.

d. Channel Management. E-commerce allows for speedier dissemination of information regarding changes in operational conditions of trading partners. Technical, product, and pricing information can be posted with much ease on electronic bulletin boards.

e. Payment Management. An electronic payment system allows for a more efficient payment management system by minimizing clerical errors, increasing the speed of computing invoices, and reducing transaction fees and costs.

(2) B2C applications involve customers gathering information, purchasing, and receiving products over an electronic network. It may be used in the following transactions:

a. Purchasing products and information. Electronic applications make it possible for consumers to look up online information about existing and new products/ services.

b. Personal finance management. In this field, electronic applications (e.g. Quicken) aid the consumers in managing investments and personal finances through the use of online banking tools.

What are the benefits of e-business?

E-business improves the way business is undertaken: with customers, other businesses and government. Business involvement in e-business can take a number of forms, with varying levels of cost and complexity, depending on business need.

costs:

Lower transaction expenses. Labour costs associated with administration can be slashed.

Reduced supply costs. More Internet based information affords firms a wider choice of suppliers and by extension, more competitive prices.

92

Publication and distribution fees fall. Publishing a brochure online enables a vast number of people to access it, while also allowing the company to update and then add to the contents.

The role of the Middleman becomes less important as companies can sell direct to the customer.

Marketing:

It helps build brand awareness offering new avenues of promotion.

Customer loyalty deepens because web-based purchasing affords customers the opportunity to communicate with the company.

Conversely, a web site also allows the firm to offer better service to consumers.

Competitiveness:

E-business offers a reliable, cost effective and involuntary means of doing business. Routine tasks are automated and customers, if they wish, can avail of a 24-hour sales service.

More players will enter the market as technology enables firms to penetrate overseas.

Companies need to be aware of market changes.

In the end, e-business also benefits the consumers: The information made available to customers allows them to make more informed choices and because competition is intense, more and better product offerings are marketed to them.

The assimilation of information and communications technology in business has narrowed distinctions between the brick-and-mortar market and the electronic marketplace.

Forrester Research predicts that by 2004, online commerce will reach US$ 8.6 trillion. This huge amount comprises Forrester’s projection for both business-to-business and business-to-consumer transactions online. Forrester projects that while the United States and

93

North America currently preside over the majority of online transactions, that will shift in the coming years as Asia and European nations become more active.

What are the different aspects of e-business infrastructure?

There are four aspects of e-commerce or e-business infrastructure: The information infrastructure, multimedia content and network publishing, messaging and information distribution, and common business services infrastructure.

The information infrastructure is composed of many types of transport systems. It is a synthesis of various forms of high-speed transport systems - land-based telephones, wireless, modem-based PC, or satellite based. For example, an e-mail sent from a desktop in Lao People’s Democratic Republic to a laptop in Singapore may travel through several types of transport networks which are interconnected before it reaches its destination. This infrastructure is the transportation foundation that provides the means for content transmission.

The players in this industry are called the information transport providers. These include:

Telecommunications companies, which supply the phone lines;

Cable TV systems, which set-up coaxial cables and direct broadcast satellite networks;

Wireless companies, which provide the mobile radio and satellite networks;

Computer networks, which include both private networks (e.g. AOL) and public networks (e.g. Internet).

The second aspect of the e-business infrastructure is multimedia content and network publishing. At present, the most common architecture for network is the World Wide Web (WWW). The web allows companies to create product information (content) and provides them with the means to publish it in a distribution centre (i.e. a network server).

94

The third aspect of the infrastructure is messaging and information distribution. How exactly is this done? To begin with, we know that information content transported over the network is made up of text, numbers, pictures, audio and video. All content is digital - that is, in combinations of ones and zeroes. The moment content is created and stored on a server; it is carried across the network through vehicles, or messaging and information distribution methods. This messaging vehicle is called the middleware software, which is positioned between the web servers and the end-user applications. Messaging and information distribution systems also have translators which interpret and transform data formats.

Common business services infrastructure makes up the fourth aspect of e-commerce infrastructure. This includes methods which facilitate online buying and selling processes. The purchaser transmits an electronic payment (say, a form of electronic check or digital cash) together with some remittance information to the seller. There is settlement from the moment the seller accepts and validates the payment and remittance information.

Is the Internet part of the e-business infrastructure?

The Internet has become the primary network in doing e-business. It is a “network of networks” which provides a link between and among computers worldwide. It is short for “internetwork”. In its physical form, it is made up of wires, routers and communication links similar to a telephone system. The primary medium for conveying information is leased lines from telephone companies, which connect to computers called routers. These routers direct coded data to their destination.

Why is the Internet important to e-business?

The Internet allows people from all over the world to get connected inexpensively and reliably. It is an enabler for e-business as it allows businesses to showcase and sell their products and services online and gives potential customers, prospects and business partners access to information about these businesses and their products and services that would lead to purchase.

95

Before the Internet was utilized for commercial purposes, companies used private networks - such as the EDI or Electronic Data Interchange - to transact business with each other. That was the early form of e-business. However, installing and maintaining private networks was very expensive. With the Internet, e-business spread rapidly because of the lower costs involved.

How many people are using the Internet worldwide?

1nternetworldstats.com places the number of Internet users at 677,027,074 or roughly 10.7 per cent of the world population. That’s the number of potential customers any online business can hope to sell to.

What about Internet penetration in the GMS?

Internet penetration for some of the countries in the GMS reveals the following:

Lao People’s Democratic Republic (15,000 Internet users as of Dec/2002, 0.3 per cent penetration, per ITU.)

Viet Nam (1,500,000 Internet users as of Dec/2002, 1.8 per cent penetration, per ITU.)

Thailand (4,800,000 Internet users as of Ded2002, 7.6 per cent penetration, per ITU.)

Myanmar (10,000 Internet users as of Dec/2001, 0.02 per cent penetration, per ITU.)

What is the extent of Internet usage among SMEs in developing countries?

Currently the Internet is most commonly used by SME firms in developing countries for communication and research; the Internet is least used for e-commerce. E-mail is considered an important means of communication. However, the extent of use is limited by the SMEs’ recognition of the importance of face- to-face interaction with their buyers and suppliers. The level of confidence of using e-mail for communication with both suppliers and buyers increases only after an

96

initial face-to-face interaction. E-mail, therefore, becomes a means for maintaining a business relationship. It is typically the first step in e-business, as it allows a firm to access information and maintain communications with its suppliers and buyers. This can lead to more advanced e-business activities.

Usage patterns also reveal a progression from the use of Internet for communication to use of Internet for research and information search, to the development of web sites with static information about a firm’s goods or services, and finally to the use of Internet for e-business.

Many firms use the Internet to communicate with suppliers and customers only as a channel for maintaining business relationships. Once firms develop a certain level of confidence on the benefits of e-mail in the conduct of business transactions and the potential of creating sales from its use, they usually consider the option of developing their own web site.

Studies commissioned by the Asia Foundation on the extent of Internet use among SMEs in the Philippines, Thailand and Indonesia, show common use patterns, such as:

1. wide use of the Internet for e-mail because of the recognized cost and efficiency benefits;

use of web sites more for promotion than for online sales or e-business, indicating that SMEs in these countries are still in early stages of e-commerce;

common use of the Internet for basic research; and

2.

3.

4. inclination to engage more in offline transactions than in e-commerce because of security concerns.

SMEs go through different stages in adopting e-business. They start with creating a web site primarily to advertise and promote the company and its products and services. When these firms begin generating traffic, inquiries and, eventually, sales through their web sites, they are likely to engage in e-business.

97

How does the Internet operate?

IP numbers

The Internet relies for its operation on a numbering scheme called “IP numbers”. IP numbers are somewhat like telephone numbers. They identify devices attached to the Internet. Any device connected to the Internet can establish a connection to any other device connected to the Internet by “dialing” its IP number.

Data Packets

Communications sent over the Internet (e.g. software) are divided into “packets” for their journey over networks from point A to point B. The following diagram shows a typical data packet sent over an IP network.

Figure 1. Data Packet

What about the web or “web sites?

The web

The World Wide Web (WWW) or web is what makes the Internet It has become the standard for navigating, easy and fun to use.

98

publishing information, and executing transactions across the Internet. It all started in 1986 with a set of simple protocols and formats. Now, it is a venue for various sophisticated multimedia, publishing, and retrieval concepts.

Most of us are commonly acquainted with the web as a collection of distributed documents called “pages” posted on computers (or servers) all over the world. These servers store HTML files and respond to requests. With a browser, PC users are able to find and view server-based documents.

Current estimates reveal that there are now over 4 billion pages of Internet materials, growing by about 8 million pages a day. It is difficult to imagine e-business growing rapidly without the web.

Web sites

Web sites are computer programmes residing on computers (known as servers) which are connected to the Internet. They possess IP numbers enabling them to be contacted by other computers (known as clients), normally using specialized protocols enabling sophisticated and, for financial transactions, secure two way communication between the client (say a prospective customer), and the server (say an Internet business).

Only a small part of the overall development cost of a web site is represented by computer hardware. The most valuable constituent elements of a commercial web site are software, data and goodwill. It is not difficult to remotely programme a web site, or to change the location of the computer where it is hosted. In addition, a web site which from a business perspective is logically integrated may physically be dispersed across a range of computer servers, possibly in different countries.

What important business functions do web sites perform?

A web site - which may in business terms, is thought of as Internet sales or distribution centre - may fulfil1 a variety of important business functions, including:

on-line registration of customers;

99

24 hours, 7 day a week operation without corresponding labour costs;

reducing dependency on, (and high costs of), conventional production distribution methods, by enabling products for sale to be ordered and in some case shipped electronically, with contracts for sale automatically generated by customers’ use of Hypertext Markup Language (HTML) forms;

showcasing products for sale;

reducing costs through automation of functions such as ordering and payment processing and through reduced rent, utilities bills and the like;

through ‘just in time’ business operations, reducing the need for large stock inventories and other capital intensive requirements of conventional business;

reducing support costs by providing automated help, product updates, etc. This is done both asynchronously, using protocols such as file transfer and e-mail, and synchronously, with various online “chat” protocols; and

generally reducing “middlemen” costs by centralizing a variety of important business functions in the web site. The sophistication of automated functions is certain to grow, with consequent adverse impacts on intermediaries in the productioddistributiodservice chain to the end consumer.

Is security an important concern in e-business?

Yes, security is a very Important issue in e-business. Many consumers are afraid to go online because of fears related to security of information and information systems.

The general security concerns in e-business involve the following:

+ User authorization; and

+ Data and transaction security

According to the Global e-commerce Report 2002 (Taylor Nelson Sofres Interactive), the biggest reasons for not purchasing online continue to be security related. 30 per cent of abstainers stated that

100

they didn’t want to give credit card details (up by 5 per cent from 2001) and 28 per cent citing general security concerns.

How does one ensure privacy and information security in an open network like the Internet?

The available authorization schemes which make sure that only authorized users and programmes can gain access to information resources such as user accounts, files, and databases, are:

+ Password protection;

+ Encrypted smart cards;

+ Biometrics (fingerprinting); and

+ Firewalls.

What are the available data transaction security schemes?

For purposes of protecting the privacy, integrity, and confidentiality of business transactions and messages, the following data and transaction security schemes may be used:

+ Secret-key encryption; and

+ Public/Private-key encryption.

The above schemes are commonly used in several online payment systems such as electronic cash and electronic checks, as well as in the transmission of credit card details for credit card payments.

For the safe arrival and storage of information, and for the protection of the same from internal and external threats, a system of cryptographic methods should be supported by perimeter guards known as firewalls.

What are the basic requirements of transaction security?

The basic requirements of transaction security are:

Transaction privacy: transactions must be held private and intact, with unauthorized users unable to understand the message content.

101

Transaction confidentiality: traces of transactions must be dislodged from the public network. No intermediary is permitted to hold copies of the transaction unless authorized to do so.

Transaction Integrity: transactions should be protected from unlawful interference - i.e. they must not be altered or modified.

What is encryption?

Encryption is a set of secret codes which defends sensitive information that crosses over public channels (such as the Internet). It is a mutation of information in any form (text, video, and graphics) into a form decipherable only with a decryption key.

The purpose of encryption is to make data impossible for a stranger who obtains the ciphertext (encrypted information) while in transit across the network, to understand it, while enabling the intended recipient to decode and recover the original message - unaltered and not tampered with.

What are the kinds of encryption?

The two main kinds of encryption in common use today are: (1) the “single-key” or “secret key” encryption; and (2) “public key” encryption. A “key” is a very large number, a string of zeroes and ones.

How does the Secret-key encryption work?

The secret-key encryption, otherwise known as symmetric encryption, involves the use of the same key - a shared key - for both encryption by the transmitter and decryption by the receiver.

For instance, Nguyen transmits a purchase order (PO) over the network to Ho in a way that Ho can read it. Nguyen encrypts the plaintext of the PO with an encryption key and sends the encrypted PO to Ho. Ho then decrypts the ciphertext with the decryption key and reads the PO. Decryption enables Ho to convert the ciphertext (the indecipherable text) into its readable format.

102

Figure 2. Secret-Key Encryption Process

In secret-key encryption, the key for encryption and decryption is the same.

This system has been found to be impractical for message exchanges among large groups of unknown parties over a public network. In this system, it is difficult to ensure secure key management because Nguyen or Ho can easily divulge their secret-key code to other parties (say, their friends). Hence, secret-key encryption cannot play a dominant role in e-business.

What is public-key encryption?

Public-key encryption is a type of secret encryption that can ensure safe e-business. Also known as asymmetric encryption, it uses two keys which are mathematically related: one key to encrypt the message and a different key to decrypt the message. Each party has a pair of keys. One of the key is a “public” key and the other is a “private” key. Under this system, the public key may be disclosed to others while the private key must be kept secret and confidential to its owner.

A common application of public key encryption is digital signatures.

What is a digital signature?

A digital signature is a cryptographic mechanism - the counterpart of a written signature on a paper-based transaction. Its basic function

103

Figure 3. Public-Key Encryption Process

is to verify the origin and contents of a message for sender authentication purposes. It allows the computer to notarize the message, to assure the intended recipient that the message has not been forged while it traversed the network.

In simple terms, a digital signature, just like a real one, validates the sender’s identity. The digital signature is composed of a unique sequence of data bits and codes which pertain to the sender’s identity or the document’s contents.

Technically, how do digital signatures work

First, data are electronically signed to the message through the application of the private key of the data’s author. The private key is applied to a shorter form of data called a “hash” or “message digest,” instead of the entire data. The digital signature can be stored and is transmitted along with the data. Any party can verify the signature through the use of a public key of the signer.

How do digital signatures ensure authentication?

Simple. When a user digitally signs a document, he integrates his private key with the document and performs a certain computation on the composite (key + document) in order to come up with a particular number called the digital signature. The digital signature is unique to one user.

104

Figure 4. How Digital Signatures Work

105

For instance, when an electronic document (say, an order form with credit card numbers) passes through the digital signature process, the outcome is a “fingerprint” of the document, which is attached to the original message further encrypted (second encryption) with the signer’s private key.

So, when a user communicates with his bank, he only sends the result of the second encryption to the bank. The bank then decrypts the document using the user’s public key to check if the enclosed message has been altered or interfered with by a third party. Then the bank performs a computation on the original document, the digital signature, and the customer’s public key for purposes of validation. The digital signature is verified as genuine if the results of the computation show a matching “fingerprint” Digital certificates further strengthen authentication.

What are digital certificates and how do they work?

Before two parties use public-key encryption to transact business, each party to the transaction wants to be assured that the other is authenticated. Say, before Ho even accepts a message with Nguyen’s digital signature, he wants to be sure that the public key indeed belongs to Nguyen and not to someone alleging to be Nguyen. How then can Ho ensure that the message is from Nguyen? Ho can do this by receiving messages over a secure channel directly from Nguyen. But in most circumstances, this is not practical. An alternative to the use of a secured channel is to use a trusted third party to authenticate that the public key belongs to Nguyen. Such a party is known as the certificate authority (CA).

What is an electronic payment?

Electronic payment is defined as “financial exchange that takes place online between buyers and sellers. The content of this exchange is usually some form of digital financial instrument (such as encrypted credit card numbers, electronic checks, or digital cash) that is backed by a bank or an intermediary, or by a legal tender.”

To date, there is a number of electronic payment systems employed in the Internet.

106

What are some of the most common forms of EPS?

1. Credit Cards. They account for the vast majority of payments to Internet merchants. In the brick and mortar world, credit cards account for only 19 per cent of payments, lagging behind cash at 53 per cent and checks at 22 per cent in the online world, credit cards are used for 93 per cent of all transactions. Due to its widespread use, Internet credit card fraud is a problem. Fraud is said to affect approximately 1.1 per cent of all Internet transactions - a rate 12 times that of offline commerce. To combat consumer concerns credit card associations guarantee cardholders that they can shop online with zero risk (at the expense of merchants). This problem is being addressed by enhancing authentication mechanisms such as the provision of a secret PIN or password verified online. Another drawback for credit card use is its impracticality to be used in small purchases such as music download fees because the processing fees are often more than the cost of the purchase. Also, e-tailers who rely solely on credit cards as a payment method often lose out on business because some would-be shoppers are ineligible for credit cards or unwilling to use them online.

2. Cyber-cash. Computer generated and manipulated e-money or e-cash lie apart from other money forms as currently managed by governments because it rests outside the usual bank deposits or cash niches. It is not within the measurable money aggregates or subject to the same regulatory surveillance and constraints and may be offered by banks or non-bank institutions. E-money is sometimes seen as having a shadowy existence of its own because: a) it has no physical presence; b) it does not resemble any other formal money aggregates; c) it is transferred out of official money stock or drawn into new money-like accounts; d) it rests in a computer memory or on chip embedded in plastic or on a computer hard disk; and e) it may be issued by a bank or credit card systems as a smart card or an electronic wallet or a cash substitute but is not of legal tender status, representing a liability of the issuer.

107

11. LEGAL AND REGULATORY ISSUES

A. Legal Framework for E-business

Why is it important to have a legal framework in order to spur the growth of

E-business?

The lack of a legal framework, in many jurisdictions, to address problems of validity of electronic transactions is seen as a significant barrier to the growth of e-commerce. And inasmuch as laws on contracts and other business transactions were grown in a paper-based world, they require written, signed, or so-called “first” documents. In e-business transactions, however, electronic data or documents or digitally signed contracts make up the whole transaction.

Are existing legal systems sufficient to protect those engaged in e-business?

Unfortunately, the existing legal systems in most developing countries are not sufficient to protect those engaged in e-commerce. For instance, with respect to contracts, existing laws were conceived at a time when the word “writing”, “document” and “signature” referred to things in paper form. On the other hand, in today’s electronic business transactions, paper is not used for record keeping or entering into contracts.

Another important and common legal issue faced by many developing countries is the uncertainty regarding whether the courts will accept electronic contracts or documents and/or electronic documents as evidence. The prevailing viewpoint is that the issue of admissibility will only be resolved when a law specifically referring to it is passed.

In the ASEAN region, only four countries - Singapore (Singapore Electronic Transactions Act), Malaysia (Cyberlaws), Philippines (E-commerce Act), and Thailand (Thailand Electronic Transactions Act) - have a legal framework for e-business. These frameworks provide

108

for the legal recognition of electronic documents and signatures and penalize common crimes committed in cyberspace.

Are there existing model laws that can be followed as an example?

The UNCITRAL (United Nations Commission on International Trade Law) has drafted a model law on e-commerce that can serve as guide for governments when they draft their own e-commerce laws.

What principles underpin the UNCITRAL Model Law?

The UNCITRAL Model Law operates on the following principles:

1.

2.

3.

4.

5 .

6.

Equivalence. Electronic communications shall be the functional equivalent of paper-based documents. Given proper standards, electronic documents can be treated and given the same value as paper documents.

Autonomy of contracts. Contracts may be in the form of electronic documents. However, this should not result in a change in the substantive terms and conditions of a transaction.

Voluntary use of the electronic communication. Parties may choose to enter into an electronic transaction or not at all. It is not mandatory.

Solemnity of the contract and the primacy of statutory requirements respecting formalities of contracts. The requirements for a contract to be valid and enforceable, such as notarization, remain the same.

Application to form rather than substance. The law should be applicable to the form rather than the substantive terms of the contract. Whatever statutory elements are required to be present must still be present, e.g., consent freely given, an object, cause or consideration.

Primacy of consumer protection laws. Consumer protection laws may take precedence over the provisions of the Model Law.

109

What kind of protection does the Model Law seek to provide?

The Model Law hopes to provide adequate legal protection for those who wish to engage in e-commerce. It ensures that electronic transactions are legally recognized and that a course of action, if necessary, is available and may be taken to enforce transactions entered into electronically.

B. Jurisdiction and Conflict of Laws

It has been said that: “For several years, some of the most difficult legal issues on the Internet have involved one of the medium’s greatest assets: its lack of boundaries. Although the free-flowing, borderless nature of cyberspace has revolutionized communication and commerce, it has also led to many lawsuits. And, as if resolving those lawsuits weren’t difficult enough, it’s often just as tough to determine where they should take place.”

When is there conflict of laws?

A resident of Manila who decides to file a malpractice suit against a Manila-based doctor who had done her an injury may do so in a Manila court. The Manila courts have jurisdiction over the doctor. But if the injured person later on moves to Hanoi, and decides to file the case there, the doctor in Manila will surely object - and validly - that no Hanoi court can have personal jurisdiction over him. That’s an easy case.

Consider a web site selling pornographic materials set up in Hong Kong, China, China, hosted in the Caribbean, with a web master residing in the Netherlands and owners who are British nationals, and broadcast throughout the world? If a complaint for pornography were to be filed, whom do you sue and where do you sue them?

For our third case, suppose A, in Hanoi, enters into a contract for the delivery of heavy machinery with B, in Yangon. If B fails to deliver the goods, where does A file the case? If A files the case for breach of contract in a Hanoi court, how does the Hanoi court acquire jurisdiction over B?

110

How can jurisdiction be asserted or acquired?

In the United States, there are ways by which courts are able to acquire jurisdiction over web-based activities:

1. Gotcha. Where the court obtains jurisdiction over an out-of- State defendant, provided that when he visits the State, that person is served with a summons and a complaint (documents that give the person notice of the lawsuit). This was applied to the case of the Russian programmer sued by the publishers of e-book (Adobe). While attending a convention in Nevada, he was served with a notice and was subsequently arrested.

Causing an injury within the State. An Internet business can also be subject to jurisdiction for purposefully causing an injury in another state. This principle derives from a series of cases where courts of another State acquired jurisdiction over non-residents who entered the State, caused an accident and left. If someone uses the Internet to cause an injury in one State, the person causing the damage may be hauled into court in the State where the injury occurred. In cases where the connection between the activity and the injury is not clear, courts also look for evidence that the activity was “purposefully directed” at the resident of the forum State or that the person causing the injury had contacts with the State.

3. Minimum contacts. A business or person with sufficient contacts with a particular State can be hauled to court even if he/she does not live nor has a business in that State. Usually, the basis is the regularity of solicitation of business, derivation of substantial income from goods or services sold in that other State, or engaging in some other persistent course of conduct there. For example, passive Internet sites, which merely advertise but do not really offer to sell goods or services, may be said not to have achieved the required minimum contacts for courts to acquire jurisdiction over them. But with web sites that actively offer to sell and then subsequently take orders from that State, it can be said that the minimum contacts have been satisfied for purposes of acquiring jurisdiction.

2.

111

4. Effects. When one’s conduct in cyberspace though emanating from another State creates or results in an injury in another, courts in the latter State can acquire jurisdiction over the offender. To illustrate: A case was filed by the DVD Copy Control Association against the creator of DeCCS, a software that decrypts the copy-protection system in Digital Versatile Discs (DVDs) to allow ordinary CD-ROM drives to play or read DVDs. An issue in the case was whether the courts of California had jurisdiction over the person, who was a student in Indiana when the suit was filed and who later on moved to Texas. The court said that the California courts had jurisdiction, citing a 17-year-old US Supreme Court case involving defamation, because the California movie and computing industry was affected by the “effects” of the defendant’s conduct in Indiana. This decision signals an expansion of personal jurisdiction in cyberspace. If other courts chart their course by California standards, any web publisher could be hauled to court wherever its site has an effect. The attorney general of Minnesota has issued this statement of caution: “Warning to all Internet Users and Providers: Persons outside of Minnesota who transmit information via the Internet knowing that information will be disseminated in Minnesota are subject to jurisdiction in Minnesota courts for violations of State criminal and civil laws.”

Why is it necessary to establish laws governing jurisdiction?

Due to the global nature of the Internet, it is important to establish which law governs a contract formed, perfected, or conducted online. Without an express choice of governing law, complex and difficult

issues can arise. This is to avoid unexpected liabilities that may arise as well as possible un-enforceability of contracts into which they enter. Better still, when they conduct transactions online, parties must first agree on the legal regimes under which they may operate, so that when a dispute arises, the questions of jurisdiction - what law and what courts - would have already been settled.

112

C. Ideas, Trade secrets and Intellectual property protection

In the information economy, the possession and safeguarding of ideas are of paramount importance. Ideas themselves are commodities in the information economy. Ideas also provide their owners the competitive edge in the information age. Therefore, it is necessary that a legal regime for the protection of ideas be put in place. The lack of such a legal system will not only stunt growth but also hinder prosperity in the information economy.

How is information used in the Internet?

Today, the Internet works basically by transmitting data and information between and among networks. Often, the data and information transmitted are compiled and collected by network administrators to establish a profile of the users. This profile will then be used to tailor-fit products and services for the customers, as well as predict their buying and spending patterns. There are also cases when the data collected are sold to or shared with other companies. These are often large corporations dependent on a revenue stream that consists, at least in part, of personal consumer data. Nearly every modern company in the world today uses personal information, at some level. However, some companies depend on this revenue stream more than others. Among the most well known companies that depend almost entirely on personal information are Doubleclick, which distributes online banner ads, and credit reporting companies such as Equifax and Experian.

It is also important to remember that trade in personal information was widespread long before the rise of the Internet. One of the first companies to discover the value of personal information was the Polk Company, founded in 1870. Polk’s first product was a directory of Michigan-based businesses, organized by railroad station. The idea was to make it easier for consumers who lived near one railroad station to shop near another. In the 20th century, Polk became the country’s leading purchaser of motor vehicle registration records. Polk used the records to contact car owners on behalf of the automotive industry in the event of a safety recall and made profits by combining the make and model of car with census information, and then selling this

113

information to marketers who used it to determine lifestyle, income, and the likelihood of purchasing any given product.

Is information a property right?

Individuals instinctively regard personal information as their individual property and any use thereof without their knowledge and consent as equivalent to “identity theft”. Thus, one school of thought proposes that data or information, specifically personal information, be accorded a corresponding property right and protection so that its use may be granted appropriate monetary value.

This is fundamentally different from the legal architecture currently in place. At present, privacy is protected by a set of liability rules. If Doubleclick tracks consumers by installing cookies in their computer storage devices, and if enough consumers feel that their collective privacy has been violated, then Doubleclick may be involved in a class action lawsuit. A property regime, on the other hand, gives control and power to the individual holding the property right, and requires negotiation before transference. In a property regime, the rights holder negotiates a price; in a liability regime, a court does. A property regime, though contentious, has become more and more appealing given the rampant misuse of personal information in the web. Treating data as a property right and giving it adequate protection may help solve the problem of abuse. However, it may yet become a source of problems in the future.

A person who invades another’s privacy can be sued.

What is a trade secret?

A trade secret is any formula, pattern, physical device, idea, process, compilation of information or other information that:

rn Provides the owner of the information with a competitive advantage in the marketplace; and

Is treated in a way that can reasonably be expected to prevent the public or competitors from learning about it, except through improper acquisition or theft;

H

114

w In the physical world, trade secrets and ideas are revealed, copied by or sold to business rivals, leaving owners with a diminished competitive advantage. The same is true, and probably easier to do, in the Internet.

How are trade secrets compromised?

Trade secrets can be compromised either through outright theft of the information, or violation of a confidentiality agreement. The former constitutes industrial espionage, which may involve either the old “spy” paradigm or the newer paradigm of the computer hacker. In violations of confidentiality agreements, the obligation of confidentiality that has been breached may be an implied obligation, as with a company employee who is expected not to act against the interests of the company, or an explicit, contractual obligation signed between two companies.

Are there ways of protecting trade secrets?

To emphasize the need for confidentiality, and to ensure proof of the existence of such an obligation, it has become customary in most high tech companies to require employees to sign a confidentiality agreement.

A trade secret owner can enforce rights against someone who steals confidential information by asking a court to issue an order (called an injunction) preventing further disclosure. It can also collect damages for any economic injury suffered as a result of the trade secret’s improper acquisition and use.

An example of a trade secret violation suit involved Wal-Mart and Amazon.com. In October 1998, Wal-Mart filed suit in Arkansas against Amazon.com “to bring an immediate stop to what appears to be a wholesale raiding of its proprietary and highly confidential information systems by Amazon.com and others through the use of former Wal-Mart associates.” In dismissing the suit, the court said it should have been filed in Washington State, where Amazon is based.

In January 1999, Wal-Mart again sued Amazon.com and its protCgC, Drugstore.com, but this time in a Washington State court. The lawsuit alleged that Amazon hired away 15 key Wal-Mart technology

115

executives for their knowledge of its computerized retailing systems. Amazon’s chief information officer had served as vice president of information systems at Wal-Mart prior to being hired by Amazon in August 1997. In March 1999, Amazon filed a countersuit against Wal-Mart based “in part on unfair competition and intentional interference,” setting up a complex legal web of lawsuits. The cases were not resolved by the courts as the parties reached a settlement agreement in April 1999.

How is ownership of a trade secret proven?

To prevail in a trade secret infringement suit, a trade secret owner must show that the information alleged to be confidential really is a trade secret. Again, a confidentiality agreement is usually the best way to do this. In addition, the trade secret owner must show that the information was either improperly acquired by the defendant (if the defendant is accused of making commercial use of the secret) or improperly disclosed - or is likely to be so - by the defendant (if the defendant is accused of leaking the information).

What if the secret is discovered within legal means?

However, people who discover the secret independently - that is, without using illegal means or violating agreements or state laws - cannot be stopped from using information protected under trade secret law. For example, it is not a violation of trade secret law to analyze (or “reverse engineer”) any lawfully obtained product and determine its trade secret.

Some software companies have intentionally revealed their trade secrets to reveal whatever flaws are in them and for other people to offer solutions to these flaws. For example, Netscape published its source code after Netscape discovered that the programme had security flaws that could be exploited by hackers or crackers. Netscape developers hoped that by revealing and posting the source code, other software developers can scrutinize it, find out the glitch, and provide patches that Netscape users can then download for free.

116

What are business method patents?

Business method patents are part of a family of patents known as utility patents that protect inventions, chemical formulas, and other discoveries. A business method is classified as a process because it is not a physical object like a mechanical invention or chemical composition.

In July 1998, a federal court ruled that patent laws were intended to protect any method, whether or not it required the aid of a computer, so long as it produced a “useful, concrete and tangible result.”

Some examples of business method patents are:

Amazon.com’s famous “1 -click” patent (United States Patent No. 5,960,411) issued September 28, 1999, is directed to a system and method for placing an order to purchase an item via the Internet. The patent is essentially directed to a methodology whereby information associated with a user is pre-stored by a web site, and the user may thereafter order items from it with only one click of the mouse on a link associated with the item.

Priceline “Reverse Auction” Patent (United States No. 5,794,207), for a “method and apparatus for a cryptographically assisted commercial network system designed to facilitate buyer-driven conditional purchase offers.” In October 1999, priceline.com sued Microsoft, accusing Microsoft’s Hotel Price Matcher of infringing its United States Patent No. 5,794,207 for reverse auctioning.

DoubleClick Banner Ad Patent (United States No. 5,948,06 l), for a “method of delivery, targeting, and measuring advertising over networks.” In November 1999, DoubleClick filed a suit against L90 Inc. in the Eastern District of Virginia for its method of delivering advertising on the Internet.

Open Market Electronic Shopping Cart Patent (United States No. 5,715,314) for a “network sales system.”

Business method patents can be used effectively against a major competitor. For example, in December 1999 Amazon.com successfully

117

stopped BarnesandNoble.com from using a one-click shopping system and forced it to adopt a more complicated ordering system.

What are the requirements for acquiring a patent?

The United States courts have since mandated that the Patent Office grant patents on business methods that satisfy the three-pronged test for patentability. That is, the invention must be:

1. Useful. A business need only demonstrate that its method or software provides some concrete tangible result. For example, the Amazon 1-Click patent provides a tangible result - an expedited purchase.

2. New. The method or software must be novel. This means it must have an aspect that is different in some way from all previous knowledge and inventions.

3. Non-obvious. The method or software must be non-obvious, meaning that someone who has ordinary skill in the specific technology cannot easily think of it. For example: An economist devised a method of avoiding taxes by using a credit card to borrow money from a 401(k) fund. The method did not exist previously and differed substantially from previous methods of avoiding taxes. Since the method was new and was not obvious to accountants or tax experts, the economist acquired a patent for it (United States Pat. No. 5,206,803).

What is the impact of the Internet on intellectual property?

The borderless character of the Internet, particularly electronic commerce, raises questions regarding the continued applicability of traditional legal systems in the enforcement of intellectual property laws. As discussed previously, traditional legal systems are based on notions of sovereignty and territoriality. In contrast, the Internet largely ignores distinctions based on territorial borders. Thus, the Internet has been described as “the world’s biggest copy machine.”

Given the capabilities and characteristics of digital network technologies, electronic commerce can have a tremendous impact on

118

the system of copyright and related rights, and the scope of copyright and related rights in turn can have an effect on how electronic commerce will evolve. If legal rules are not set and applied appropriately, digital technology has the potential to undermine the basic tenets of copyright and related rights. In the Internet, one can make an unlimited number of copies of programmes, music, art, books and movies virtually instantaneously, and without a perceptible degradation of quality. In fact, there is practically no difference between the original and the copy. And the copies can be transmitted to locations around the world in a matter of minutes. The result could be a disruption of traditional markets for these works.

How vulnerable is digital work to copyright infringement?

The digitalization of copyrighted works has made them more vulnerable to piracy. Because they hardly cost anything, downloading and pirating just about any available software, electronic books, or music from the convenience of one’s home computer is often irresistible.

This is cause for concern because e-commerce often involves the sale and licensing of intellectual property, and its full potential will not be realized if intellectual property products are not effectively safeguarded. Content providers and other owners of intellectual property rights will not put their interests at risk unless appropriate regimes - at the international and national levels - are in place to guarantee the terms and conditions under which their works are made available.

The music and movie industry has initiated copyright infringement actions against the use of mp3, a compression technology, which compresses music so it may not be as bulky to download. Aside from its successful action against Napster, a recent decision barred a site (2600.com) from distributing software to de-scramble DVD codes. In the latter case, a suit was filed against 2600.com centering on the site’s practice of posting software that de-scrambles the code meant to prevent DVDs from being copied and linking to more than 500 other sites worldwide that make similar software available. The judge ruled against 2600.com, saying that “the plaintiffs have been gravely injured because the use of the programme threatens to reduce the studio’s revenue from the sale and rental of DVDs and thwarts new, potentially lucrative

119

initiatives for the distribution of motion pictures in digital form, such as video-on-demand via the Internet.”

In May 2002, Audiogalaxy.com, a Napster-like clone that has facilitated and encouraged the unauthorized trading of millions of copyrighted songs, was taken to court by the Recording Industry Association of America (RIAA) and the National Music Publishers Association, Inc. (NMPA) for wholesale copyright infringement. Less than a month after the lawsuit, Audiogalaxy.com settled and agreed to a “filter-in” system that requires the consent of the songwriter, publisher and/or recording company before a song can be shared over the Internet.

The music and movie industry have since brought lawsuits against several other similar companies, including Kazaa BV, Grokster Ltd. and Streamcast’Networks Inc.

What are the key issues in intellectual property rights protection in the Internet?

The most fundamental issue is the determination of the scope of protection in the digital environment - that is, how rights are defined, and what exceptions and limitations are permitted. Other important issues include how rights are enforced and administered in this environment; who in the chain of dissemination of infringing material can be held legally responsible for the infringement; and questions of jurisdiction and applicable law.

Are there international initiatives to protect intellectual property in the Internet? What Internet-specific treaties are in place?

The World Intellectual Property Organization (WIPO), through its 179 member States, has assumed responsibility for the formulation of a legal and policy framework at the international level to encourage the creation and protection of intellectual property. Its ultimate goal is to achieve an appropriate balance in the law, providing strong and effective rights, but within reasonable limits and with fair exceptions. Since trade in copyrighted works, performances and phonograms has become a major element of global electronic commerce, rights-holders should be legally secured in their ability to sell and license their property

120

over the Internet subject to appropriate limitations and exceptions to safeguard public interest uses.

WIPO administers 23 international treaties dealing with different aspects of intellectual property protection.

Under the Berne Convention, the most important international copyright convention, copyright protection covers all “literary and artistic works.” This term encompasses diverse forms of creativity, such as writings, both fiction and non-fiction, including scientific and technical texts and computer programmes; databases that are original due to the selection or arrangement of their contents; musical works; audiovisual works; works of fine art, including drawings and paintings; and photographs. Related rights protect the contributions of others who add value to the presentation of literary and artistic works to the public, namely, performing artists, such as actors, dancers, singers and musicians; the producers of phonograms, including CDs; and broadcasting organizations.

Likewise, in 1996 WIPO concluded two treaties: the WIPO Copyright Treaty (WCT) and the WIPO Performances and Phonograms Treaty (WPPT). Commonly referred to as the “Internet treaties”, these seek to address the issues of the definition and scope of rights in the digital environment, and some of the challenges of online enforcement and licensing. The WCT and the WPPT also clarify the extent of rights-holders’ control when works, performances and phonograms are made available to the public for downloading or access on the Internet. This type of transmission differs from broadcasting, in that the material is not selected and delivered by an active transmitter like a broadcaster to a group of passive recipients. Rather, it is transmitted interactively, that is, on demand from the individual users, at a time and place of their choosing. The treaties require that an exclusive right be granted to control such acts of “making available”, while leaving it to individual countries to decide how to classify this right under national law.

The treaties came into effect in March and May 2002, respectively. The provisions of both treaties were adopted by consensus by more than 100 countries, and thus represent broad international agreement regarding the appropriate approach to copyright in the digital

121

environment. They are useful today as a guide and as a model for national legislation. In order for the treaties to be truly effective in cyberspace, they must become widely adopted in countries around the world. WIPO is therefore devoting substantial resources to promoting the treaties and to offering advice to governments on their implementation and ratification.

Why is there a need for such initiatives?

Issues of enforcement and licensing are not new, but they take on added dimensions and urgency when works are exploited on digital networks. In order for legal protection to become meaningful, rights-holders must be able to detect and stop the dissemination of unauthorized digital copies, which is accomplished at levels of speed, accuracy, volume and distance that in the past were unimaginable. In addition, for electronic commerce to develop to its full potential, workable systems of online licensing in which consumers can have confidence must evolve.

D. Domain name disputes

What are domain names?

Domain names provide the address of companies in the Internet and are equivalent to the business address in the physical world. As more and more companies use the Internet, the number of disputes arising from the use of domain names is increasing as well.

Domain names are divided into hierarchies. The top-level of the hierarchy appears after the last dot (.) in a domain name. In “microsoft.com”, the top level domain name is .corn, the most common top-level domain name, indicating that the domain name is owned by a commercial enterprise. Other common top-level domain names are .org (for non-profit organizations), .net (for network and Internet related organizations), .edu (for four-year colleges and universities), and .gov (for government entities). Aside from these generic domain names, each country has a unique top-level domain name. For instance, .ca indicates a domain in Canada, and .ie indicates an Irish domain.

122

When and how can disputes over domain names arise?

The disputes that arise over domain names involve “second level” domain names, which refer to the name directly to the left of the top-level domain name in an Internet address. For instance, in the address “www.microsoft.com”, the second level domain name is Microsoft.

Two identical second level domain names cannot coexist under the same top level domain. For example, even though both the Delta Faucet Company and Delta Airlines would like the “delta.com” domain name, only one Delta company can have delta.com. Unfortunately for both Delta Faucet Company and Delta Airlines, that Delta Company is Delta Financial of Woodbury, New York. (Delta Airlines uses deltaairlines.com, while Delta Faucet Company uses deltafaucet.com.)

Some well publicized examples of domain name disputes are:

mcdonalds.com - This domain name was taken by an author from Wired magazine who was writing a story on the value of domain names. In his article, the author requested that people contact him at [email protected] with suggestions on what to do with the domain name. In exchange for returning the domain name to McDonalds, the author convinced the company to make a charitable contribution.

micros0ft.com - The company, Zero Micro Software, obtained a registration for micros0ft.com (with a zero in place of the second ‘o’), but the registration was suspended after Microsoft filed a protest.

rntv.com - The MTV domain name was originally taken by MTV video jockey, Adam Curry. MTV at first showed little interest in the domain name or the Internet. But when Adam Curry left MTV, the company wanted to control the domain name. After a federal court action was taken, the dispute was settled out of court.

Taiwan Province of China Province of China.com - The mainland China news organization Xinhua was allowed to

123

register the domain name Taiwan Province of China.com, to the disgust of the government of Taiwan Province of China.

Who controls the registration of domain names? How are disputes resolved?

Prior to December 1999, a company called Network Solutions Inc. (NSI) was almost solely responsible for the registration of second level domain names for the most popular top-level domains, including .corn, .net, and .org. NSI dictated the policy on domain name registration and had a great deal of control over how domain names were registered, and how disputes would be resolved. To avoid having to arbitrate in disputes, NSI adopted a first-come, first-served arrangement. Under this scheme, NSI would not question an applicant’s right to have a particular domain name. If the domain name was available, the applicant was given the name.

This policy has now been replaced with the Uniform Domain Names Disputes Resolution Policy created by ICANN (Internet Corporation for Assigned Names and Numbers) and used by all accredited registrars. Under this new policy, a trademark owner can initiate a relatively inexpensive administrative procedure to challenge the existing domain name. In order to prevail, the trademark owner must show that:

1. the trademark owner owns a trademark (either registered or unregistered) that is the same or confusingly similar to the registered second level domain name;

the party that registered the domain name has no legitimate right or interest in the domain name; and

the domain name was registered and used in bad faith.

2.

3.

Those disputing the grant of a domain name can go to the courts for this purpose. In the United States, the Anti-Cyber-squatting Consumer Protection Act in November of 1999 made it easier for individuals and companies to take over domain names that are confusingly similar to their names or valid trademarks. However, they must establish that the domain name holder acted in bad faith.

124

One portion of this Act is related to famous individuals. This portion allows individuals to file a civil action against anyone who registers their name as a second level domain name for the purpose of selling the domain name for a profit. Take the case of the domain name juliaroberts.com. An individual who intended to sell it later to actress Julia Roberts registered the name. Citing bad faith on the part of the registrant, the court ruled that the domain name be transferred to its rightful owner.

Is there an international organization that can arbitrate disputes?

WIPO has set up an Arbitration and Mediation Center, described by its web site as “internationally recognized as the leading institution in the area of resolving Internet domain name disputes”. Since December 1999, the Centre has administered proceedings in the generic Top Level Domains (gTLDs) .corn, .org, .net.

Following TCANN’s decision of 16 November 2000 to admit seven new gTLDs, WIPO has been working with the operators of the new gTLDs to develop domain name dispute resolution mechanisms for their domains. The Centre has also been designated to provide dispute resolution services for these domains.

In addition, the Centre administers dispute procedures in a number of country code Top Level Domains (ccTLDs), such as .ph for Philippines or .th for Thailand.

111. BARRIERS TO E-BUSINESS

Practical issues for developing countries

What factors determine success or failure of e-business growth?

The number of online users determines the success of e-business. The greater the number of people online, the greater will be the opportunities for electronic transactions.

Successful and effective e-business therefore requires a number of factors. Some of the major barriers to the growth of e-business in a number of regions such as in some parts of Africa and Asia are: low

125

personal computer penetration, inadequate infrastructure, government policies, economic considerations, personal preferences, and market malleability.

1. Personal computer penetration. Personal computer penetration is arguably the prime indicator of readiness for e-business as there is a direct relationship between computer penetration and e-commerce. Since it is related to and dependent on disposable income, owning a computer is a major consideration in most developing countries. While a low-end PC in China may cost only US$ 450, that amount - while considered cheap in North America - represents more than what average income earners in developing countries like those in parts of Africa and Asia can afford.

2. Infrastructure. Inadequate infrastructure plays a key role in inhibiting e-business globally. Even as the cost of personal computers has declined, access to Internet connection eludes most people in developing countries. Issues such as access to Internet services, including the hardware and software, as well as the communications infrastructures, remain serious obstacles to e-business in many developing countries. In much of Africa, for example, the infrastructure is so poorly developed that it will likely take years for the average citizen to benefit from the advances in information technology.

Government policies. Government policies can also severely hinder e-business. In some countries, long distance telephone and Internet connections pass through a government monopoly or corporations owned or controlled by the government. The lack of competition and most of the time, funding, invariably results in higher fees, poor service and zero or minimal innovation. In addition, many telephone systems charge a toll per unit of usage. The combination of connection charges and use charges tend to inhibit the usage of the Internet in many countries and by extension reduces e-commerce activity.

Economic considerations. It is a sad reality that information technology still commands a high price tag. Since “third world” countries would rather devote their limited funds to

3.

4.

126

service and provide for the basic needs of the people, direct government financial intervention is pittance.

Personal preferencedlack of education and awareness. That much of the consumer world still pays by cash, rather than credit, is a fact - more so in developing countries. The lack of ability or interest to execute credit transactions is an enormous barrier to e-commerce. Also, issues of security of transactions and privacy protection over the Internet are of concern to many consumers.

6. Market concerns. Tariffs, fluctuating currency exchange rates, customs regulations, language, and return rates on international shipments are also impediments to a successful e-business climate. For instance, a large number of United States-based online merchants, particularly those selling computer hardware, do not take foreign orders. In a Forrester Research survey, forty-six per cent of the interviewees indicated they turn away international orders because they do not have processes in place to handle them. Address verification may be difficult, which increases the risk of fraud in non-credit card transactions. It is also quite difficult to estimate changes in demand by customers and to determine the amount of inventory in the channels of distribution.

5 .

Gaining Consumer Trust - Consumer privacy and protection

Advances in information technology and data management offer the promise of a new and prosperous cyberspace-based economy. New communications and information systems allow organizations to gather, share and transmit growing quantities of information with unprecedented speed and efficiency. But this technology also poses a serious threat to privacy. Private individuals and organizations now have the access, means, methods and tools to encroach into the privacy of another - and in a manner that is not so obtrusive.

127

What is information privacy?

Of utmost importance is information privacy, “individual’s claim to control the terms under which personal information - information identifiable to the individual - is acquired, disclosed and used.”

Disclosure privacy is similarly defined as “the individual’s ability to choose for h i d h e r the time, circumstance, and extent to which his/ her attitudes, beliefs, behaviour and opinion are to be shared with or withheld from others.”

Why protect privacy?

The right to privacy is fundamental to any democratic society. The slightest apprehension on the part of a person using the Internet about who will see his personal information and how it will be used would by itself mean that he has lost a basic freedom. Moreover, the more others know about the details of a person’s life, the greater their opportunity to influence, interfere with, or judge the choices the person makes.

Having knowledge and control of how personal information is provided, transmitted and used is the key to protecting privacy.

Is there such a thing as protecting privacy too much?

Foremost among the arguments used against the adoption of a stringent information disclosure regime is that it would ultimately hinder commerce. To require an individual’s prior consent before personal data can be elicited may actually hamper the growth of commerce that is largely based on a “better information equals better markets” theory. If the markets can profile their consumers accurately, a better match between interested buyers and sellers can be made.

Another argument is the need for truthfulness. The ethical or legal duties of disclosure inherent in a relationship command an openness that information privacy prevents.

128

What challenge does the protection of privacy pose? How can proper use of information be assured?

Finding a balance between the legitimate need to collect information and the need to protect privacy has become a major challenge. The following OECD guidelines may be considered as fundamental requirements for the proper use or processing of information online:

Information Privacy Principle. Personal information should be acquired, disclosed, and used only in ways that respect an individual’s privacy.

Information Integrity Principle. Personal information should not be improperly altered or destroyed.

Information Quality Principle. Information should be accurate, timely, complete and relevant for the purpose for which it is provided or used.

Collection Limitation Principle. Personal data should be obtained by lawful and fair means, and where appropriate, with the knowledge and consent of the data object.

Purpose Specification Principle. The purposes of data at the time of its collection should be specified.

Security Safeguards Principle. Personal data should be protected by reasonable safeguards against risks like loss or unauthorized access, destruction, use, modification or disclosure of data.

Openness Principle. There should be a policy of openness about developments, practices and policies with respect to personal data.

Accountability Principle. A data controller has the responsibility to comply with measures based on the foregoing principles.

Are there other existing guidelines for data protection?

The European Union has issued Directive 95/46/EC, which establishes a regulatory framework to guarantee free movement of

129

personal data, while giving individual EU countries room to maneuver with respect to how to implement the Directive. Free movement of data is particularly important for all services with a large customer base and dependent on processing personal data, such as distance selling and financial services. In practice, banks and insurance companies process large quantities of personal data, inter alia, on such highly sensitive issues as credit ratings and credit-worthiness. If each Member State had its own set of rules on data protection (for example on how data subjects could verify the information held on them), cross-border provision of services, notably over the information superhighways, would be virtually impossible and this extremely valuable new market opportunity would be lost.

The Directive also aims to narrow divergences between national data protection laws to the extent necessary to remove obstacles to the free movement of personal data within the EU. As a result, any person whose data are processed in the Community will be afforded an equivalent level of protection of his rights, in particular his right to privacy, irrespective of the Member State where the processing is carried out.

How can consumers be protected in electronic commerce transactions?

In December 1999, the OECD issued the Guidelines for Consumer Protection in the Context of Electronic Commerce to help ensure protection for consumers when shopping online and thereby encourage:

fair business, advertising and marketing practices;

clear information about the identity of an online business, the goods or services it offers and the terms and conditions of any transaction;

a transparent process for the confirmation of transactions;

secure payment mechanisms;

fair, timely and affordable dispute resolution and redress; privacy protection; and consumer and business education.

130

Box 1. OECD Guidelines on Consumer Protection

Consumers who participate in electronic commerce should be afforded transparent and effective consumer protection that is not less than the level of protection afforded in other forms of commerce.

1 B. FAIR BUSINESS, ADVERTISING AND MARKETING PRACTICES

Businesses engaged in electronic commerce should pay due regard to the interests of consumers and act in accordance with fair business, advertising and marketing practices.

C. ONLINE DISCLOSURES

I. INFORMATION ABOUT THE BUSINESS

Businesses engaged in electronic commerce with consumers should provide accurate, clear and easily accessible information about themselves sufficient to allow, at a minimum.

11. INFORMATION ABOUT THE GOODS OR SERVICES

Businesses engaged in electronic commerce with consumers should provide accurate and easily accessible information describing the goods or services offered; sufficient to enable consumers to make an informed decision about whether to enter into the transaction and in a manner that makes it possible for consumers to maintain an adequate record of such information.

111. INFORMATION ABOUT THE TRANSACTION

Businesses engaged in electronic commerce should provide sufficient information about the terms, conditions and costs associated with a transaction to enable consumers to make an informed decision about whether to enter into the transaction.

A. TRANSPARENT AND EFFECTIVE PROTECTION

IV. CONFIRMATION PROCESS

To avoid ambiguity concerning the consumer's intent to make a purchase, the consumer should be able, before concluding the purchase, to identify precisely the goods or services he or she wishes to purchase; identify and correct any errors or modify the order; express an informed and deliberate consent to the purchase; and retain a complete and accurate record of the transaction.

V. PAYMENT

Consumers should be provided with easy-to-use, secure payment mechanisms and information on the level of security such mechanisms afford.

D. DISPUTE RESOLUTION AND REDRESS

Consumers should be provided meaningful access to fair and timely alternative dispute resolution and redress without undue cost or burden.

E. PRIVACY

Business-to-consumer electronic commerce should be conducted in accordance with the recognized privacy principles set out in the OECD Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data (1980), and taking into account the OECD Ministerial Declaration on the Protection of Privacy on Global Networks (1998), to provide appropriate and effective protection for consumers.

F. EDUCATION AND AWARENESS

Governments, business and consumer representatives should work together to educate consumers about electronic commerce, to foster informed decision-making by consumers participating in electronic commerce, and to increase business and consumer awareness of the consumer protection framework that applies to their online activities.

Source: Organization for Economic Co-operation and Development, Guidelines

for Consumer Protection in the Context of Electronic Commerce (2000); available

from http://wwwl .oecd.org/publications/e-booW300023E.PDF

How will the OECD Guidelines be used?

The OECD Guidelines are designed to be a technology-neutral tool to help governments, business and consumer representatives by providing practical guidance to help build and maintain consumer confidence in electronic commerce. The Guidelines address the principal aspects of business-to-consumer electronic commerce and reflect existing legal protections available to consumers in more traditional forms of commerce. They stress the importance of transparency and information disclosure and the need for cooperation among governments, businesses and consumers at the national and international levels.

The Guidelines are intended to provide a set of principles to help:

Governments - as they review, and (if necessary) adapt, formulate and implement consumer policies and initiatives for electronic commerce.

Businesses, consumer groups and self-regulatory bodies - by providing guidance on the core characteristics of consumer protection that should be considered in the development and implementation of self-regulatory schemes.

Individual businesses and consumers - by outlining the basic information disclosures and fair business practices they should provide and expect online.

What about jurisdiction and consumer redress?

The OECD Guidelines discuss at length the issues related to jurisdiction, applicable law and access to redress. Because of the broad and horizontal nature of these issues, questions about how they might best be addressed within the context of electronic commerce are not unique to consumer protection. However, the Internet’s potential to increase the number of direct business-to-consumer cross-border transactions makes it important that consumer interests be fully taken into account.

The language on jurisdiction and applicable law within the Guidelines reflects the complexity and the current lack of international consensus on these issues. The Guidelines recognize that all business- to-consumer cross-border transactions are subject to the existing framework on jurisdiction and applicable law, but that electronic commerce poses certain challenges to that framework. The Guidelines call for further work in addressing these issues and ensuring that consumer interests are given appropriate consideration as the jurisdictional framework for electronic commerce evolves.

The Guidelines also focus particular attention on the importance of providing consumers with access to fair, timely and inexpensive means for redress, and encourage the development of effective alternative dispute resolution (ADR) mechanisms. Taking legal action

133

to resolve a consumer dispute is generally an expensive, difficult and time-consuming process for everyone involved. These are problems that could be amplified in the event of cross-border disputes. As in other forms of commerce, the development and promotion of ADR can help to avoid more formal and costly legal options. Responding to consumer complaints quickly, easily and fairly, and establishing affordable and effective online dispute resolution mechanisms can go a long way toward building consumer confidence and trust.

Should the government be involved in consumer protection and privacy? What role can the private sector play?

In the end, the issue of consumer protection and privacy is a concern of both the government and the private sector. Government must ensure that there are adequate laws that offer protection to consumers; the private sector must implement meaningful, user-friendly, self-regulatory privacy regimes. Until users are confident that their communications and data are safe from interception and unauthorized use, they are unlikely to routinely use of the Internet for commerce. Only with consumer trust can we make e-commerce work.

C yber-crimes

Is crime possible in the Internet?

The Internet has the potential to be one of humankind’s greatest achievements. Telecommunications, banking systems, public utilities, and emergency systems rely on the network. But there are those who use it to inflict harm on others. In the short life of the Internet, we have already seen a wide array of criminal conduct. Although it is often difficult to determine the motives of these digital outlaws, the result of their conduct threatens the promise of the Internet by reducing public confidence and consumer trust in the whole system.

The threat of growing criminal conduct in the Internet is such that the United States Federal Bureau of Investigation (FBI) has taken the unprecedented step of making the fight against cyber-crime and cyber terrorism the bureau’s No. 3 priority, behind counter-terrorism and counterintelligence. In addition, the FBI has changed its hiring

134

practices to focus on recruiting a new type of agent that can bring bedrock of experience from the world of IT.

What are computer crimes or cyber-crimes?

“Computer crime” or cyber-crime refers to a misdeed involving the use of a computer. Cyber-crimes can be divided into three major categories: cyber-crimes against persons, property and government.

Cyber-crimes against persons include transmission of child pornography, harassment with the use of a computer such as e-mail, and cyber stalking. In cyber-stalking the “victim” is repeatedly flooded with messages of a threatening nature.

Cyber-crimes against property include unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programmes, and unauthorized possession of computerized information. Hacking and cracking are among the gravest of this type of cyber-crimes known to date. The creation and dissemination of harmful computer programmes or viruses to computer systems is another kind of cyber-crime against property. Software piracy is also a distinct kind of cyber-crime against property.

A distinct example of cyber-crimes against government is cyber terrorism, in which cyberspace is used by individuals and groups to threaten governments and to terrorize the citizens of a country. This crime may take the form of individuals “cracking” into a government or military-maintained web site.

What are examples of common misdemeanors on the Internet?

1. Mail bombing involves the sending of messages to a target recipient repeatedly. The mailboxes of the recipients are then flooded with junk mail.

Spamming is often used as a tool for trade or promotion. It targets multiple recipients and floods selected mailboxes with messages.

List linking involves enrolling a target in dozens - sometimes hundreds - of e-mail listings.

2.

3.

135

Spoofing is faking the e-mail sender's identity and tricking the target recipient into believing that the e-mail originated from the supposed mail sender.

LinkingIFraming involves displaying one's site content on another's web page without permission.

Denial of Service (DOS) is an explicit attempt by attackers to prevent legitimate users of a service from using that service.

Cracking is the act of gaining unauthorized access to a system and subsequently destroying or causing damage thereto.

What is the reach of cyber-crimes? Table l: Most Common Spam Mails

crimes will adversely

Crimes in cyberspace do not respect geographical boundaries national jurisdictions. If left unchecked or

affect the growth of e-commerce. In addition, there is the rapid migration of real-world crimes such as child pornography, fraud, forgery,

unpunished, cyber- Source: Brightmail's Probe Network.

February 2003 Spam Category Data

falsification, intellectual property theft, theft of information and money, as well as grave threats, to the virtual world.

Adult

Other

What legal policies should be in place for the prevention, apprehension and prosecution of cyber-crimes?

Health

Leisure

Internet

Spiritual

34%

26%

19%

5%

5%

Legal provisions on theft or stealing need to be reviewed. In

3%

3%

3% 2%

many jurisdictions, or in the real world, stealing or theft refers to taking a thing or depriving the victim of ownership thereof. What happens when a person accesses without authorization another person's file and then proceeds to copy it? In this case, it may be argued that theft did not occur because the thing was simply copied, not taken. Making things even less clear is a case in the United States where it was held that the law pertaining to inter-State transportation of stolen

property refers only to corporeal things and does not apply to intangible property.

The United States Department of Justice has classified the challenges to international as well as State prosecution of cyber-crimes into three categories:

1. Technological challenges - While it is possible to trace an electronic trail, the task has become very difficult because of the skill and technology that allow near-absolute anonymity for the cyber-culprit.

Legal challenges - Laws and other legal tools to combat crime lag behind the rapid changes afforded by technology.

Resource challenges - These refer to the problem of lack of sufficient experts, or the lack of an adequate budget for new technologies as well as for the training of personnel.

2.

3.

What is being done to prevent and or prosecute cyber-crime?

The United States has passed the Computer Fraud and Abuse Act (18 USC 1030); 18 USC 2701 which punishes unlawful access to stored communications; 18 USC 2702 which prohibits divulging to any person the contents of a communication while in electronic storage; and 18 USC 2703 which allows government disclosure of the contents of electronic communications but only upon valid order of a court pursuant to a warrant.

After the terrorist attacks of September 11, 2001, the United States Congress enacted the USA Patriot Act. This is a comprehensive legislation aimed specifically at countering the threat of terrorism, including cyber terrorism. The new law gives sweeping powers to both domestic law enforcement agencies of the United States Government and United States international intelligence agencies to help thwart terrorist attacks. The Patriot Act expands all four traditional tools of surveillance - wiretaps, search warrants, pen/trap orders and subpoenas - to make it easier for United States law enforcement and intelligence agencies to combat terrorism. For instance, the United States government may now spy on web surfing of Americans by merely

137

telling a judge that the spying could lead to information that is “relevant” to an ongoing criminal investigation.

The Patriot Act likewise made two changes on how much information the government may obtain about users from their ISPs. First, Section 212 of the law allows ISPs to voluntarily hand over all “non-content” information to law enforcement with no need for any court order or subpoena. Second, Sections 210 and 211 expand the records that the government may seek with a simple subpoena to include records of session times and durations, temporarily assigned network addresses, means and sources of payments, including credit card or bank account numbers.

Are there intergovernmental efforts at combating cyber-crimes?

The 41-nation Council of Europe has approved a convention on cyber-crime. The treaty provides for the coordinated criminalization of the following:

1. Offenses against the confidentiality, integrity, and availability of computer data and systems, such as illegal access, illegal interception, data or system interference, and illegal devices;

Computer-related offenses like computer-related forgery and computer-related fraud;

Content-related offenses like child pornography; and

2.

3.

4. Copyright-related offenses.

The Treaty also urges its members to enter into cooperative efforts, through mutual assistance, extradition agreements and other measures, in order to combat cyber-crime. The call for international cooperation is important given the fact that cyber-crimes do not respect State, sovereign or national borders.

Similarly, the Asia-Pacific Economic Cooperation (APEC) has endorsed the following action items to combat the growing threat of cyber-crime:

immediate enactment of substantive, procedural and mutual assistance laws relating to cyber security;

138

making cyber-crime laws as comprehensive as those proposed in the Council of Europe Cyber-crime Convention;

assistance between and among the economies in developing threat and vulnerability assessment capabilities;

security and technical guidelines that can be used by governments and corporations in their fight against cyber-crime; and

outreach programmes to economies and consumers regarding cyber security and cyber ethics.

The member-countries of the Association of Southeast Asian Nations (ASEAN) have agreed to create an ASEAN Network Security Coordination Center that will help combat cyber-crimes and cyber terrorism. Computer emergency response teams (CERTs) will also be established in each ASEAN country to serve as early warning systems against viruses. The ASEAN nations will likewise focus on strengthening their respective ICT infrastructure to attract more investors.

Are there anti-cyber-crime efforts in developing countries?

In the Philippines, the E-commerce Act also penalizes hacking or cracking, as well as the introduction of viruses.

Malaysia’s Computer Crimes Act of 1997 penalizes unauthorized access to computer material, unauthorized access with intent to commit an offense, unauthorized modification of the contents of a computer, and wrongful communication.

The Computer Misuse Act of Singapore criminalizes unauthorized access to computer material, access with intent to commit or facilitate an offense, unauthorized modification of computer material, unauthorized use or interception of computer service, unauthorized obstruction of use of computers, and unauthorized disclosure of access code.

In India, the Information Technology Act of 2000 prohibits tampering with computer source documents and hacking.

139

What lies ahead in the fight against cyber-crimes?

It is thought that the best tool against cyber attacks and cyber-crimes is still prevention. Available to many corporate users are a host of technologies that prevent, if not minimize, the occurrence of these attacks. Some of these are firewalls, encryption technologies, and public key infrastructure systems.

Aside from legislation, adequate resources must be provided to law enforcement agencies so that they can acquire the tools, equipment, and know-how necessary for the successful defense of network systems from cyber attacks. Laws to combat cyber-crimes are useless if law enforcement agencies do not have the education and training necessary to even operate a computer. Judges, too, must be trained.

In addition, consultation, coordination and cooperation between and among governments and the private sector are important, in order to harmonize as completely as possible measures, practices, and procedures that will be utilized in combating this problem. Harmonization of laws at the international, regional and national levels is necessary to meet the challenges of a worldwide technology and its accompanying problems.

Who should be involved in preventing cyber-crimes?

Security and privacy are not the responsibility of governments alone. There is a need for the private sector to implement user-friendly, self-regulatory policies.

Governments will have to work with industry and other cyber-crime advocates to develop appropriate solutions to cyber-crime concerns that may not be addressed adequately by the private sector.

An overarching task is to increase awareness at every level of society - in government, in the private sector, in civil society, and even among individuals - of the need for, and the goals of, security, privacy and cyber-crime prevention and control. Also needed is awareness of the crimes that are committed in cyberspace and the possible measures against them. Finally, and perhaps most important, it is vital that we

140

develop a social consensus about the proper and ethical use of computers and information systems.

IV. EMERGING CONSENSUS

A. Other countries’ legislation: Singapore, Thailand, and the Philippines

What countries have enacted e-commerce laws?

For purposes of this primer, we will look at the Singapore Electronic Transactions Act, the Thailand Electronic Transaction Law, and the Philippine E-commerce Act.

What are the key principles and goals of these e-commerce laws?

The Singapore Electronic Transactions Act is enacted to give effect to the following purposes: facilitation of electronic communications by means of reliable electronic records, elimination of barriers to electronic commerce resulting from uncertainties over writing and signature requirements, facilitation of electronic filing, minimization of forgery ad fraud in e-business, and the promotion of public confidence in the integrity and reliability of electronic records, etc.

In the Electronic Transactions Act of Thailand, we see that the reason for such promulgation is to make an adjustment from paper-based requirements required by previous laws, in order that legal recognition is provided to data messages by treating them the same as the messages made or evidenced in writing, also that the sending and receiving of data messages is recognized as well as the use of electronic signatures, including the evidential admissibility of data messages- all aiming to promote the reliability of electronic transactions to enable them to have the same legal effect as that given to transactions made by traditional means.

Republic Act 8792 also known as the Electronic Commerce Act, recognizing the important role that ICT plays in the development of a nation’s economy, aims to facilitate domestic and international dealings, transactions, arrangements, agreements and contracts through the utilization of electronic, optical or similar means; it also provides

141

recognition of the authenticity and reliability of electronic data messages or electronic documents related to such activities, and also promote the universal use of electronic transactions in government and by the general public.

What is the scope and coverage of each of these laws?

The Singapore Act deals rather extensively with electronic contracts in Part IV (Sections 11- 15). It also provides rules on electronic records and signatures, liability of network service providers, secure electronic records and signatures, duties of certification authorities and its subscribers, and government use of electronic records and signatures. The law provides for certain areas though not to be covered by the law: creation and execution of wills, negotiable instruments, indentures, trusts, and powers of attorney, sale or disposition or conveyance of immovable property, and documents of title.

The law includes in it a host of definitions, from “asymmetric cryptosystems” to “verify a digital signature;” but it does not define electronic commerce or e-business. The same prevails in the Thailand and Philippine laws-various definitions are provided but there is no definition of e-commerce or e-business.

Thailand makes the law applicable to all civil and commercial transactions performed by using a data message, except those that may be prescribed by Royal Decree, provided too that the law shall not override laws and regulations intended for consumer protection. The law applies as well to transactions in connection with the carrying out of the affairs of the State. (Section 3)

In the Philippines the law is made to apply to any kind of electronic data message and electronic document used in the context of commercial and non-commercial activities to include domestic and international dealings , transactions, arrangements, agreements , contracts, and exchanges and storage of information. (Section 4, ECA) The law likewise mandates that government functions, e.g., filing of documents, creation or retention of documents, issuance of permits, licenses, or certificates of registration, acceptance of payments and issuance of receipts, etc. be done through the use of electronic means.

142

Do these laws give legal recognition to data messages and electronic signatures?

1. Data Massage

Singapore declares that “(f) or the avoidance of doubt, it is declared that information shall not be denied legal effect, validity or enforceability solely on the ground that it is in the form of an electronic record. (Section 6, ETA) The same rule practically prevails in Thailand as well when Section 7 of its ETA provides that “information shall not be denied legal effect and enforceability solely on the ground that it is in the form of a data message.” RA 8792 of the Philippines provides for practically the same application of the UNCITRAL-inspired provision. It states that information shall not be denied validity or enforceability or validity solely on the ground that it is in the form of an electronic data message purporting to give rise to such legal effect, or that it is merely incorporated by reference in that electronic data message. The last phrase is taken from the 1998 addition to the 1996 document that is the Model Law. It is aimed at facilitating the use of electronic means in business and as to how it might deal with the situation where certain terms and conditions, although not stated in full but merely referred to in a data message might need to be recognized as having the same degree of legal effectiveness as if they had been fully stated in the text of that data message. The expression “incorporation by reference” is often used as a concise means of describing situations where a document refers generically to provisions which are detailed elsewhere, rather than reproducing them in full. Examples would be terms of agreement when you become a member of an online book seller, or by reference to a URL or a hyperlink towards a thing which you want to sell or buy, rather than attaching or incorporating the picture or contents of a book which might result in too heavy (in terms of bits) a communication.

2. Writing

And where a law requires information to be written, in writing, to be presented in writing or provides for certain consequences if it is not, an electronic record satisfies that rule of law if the information contained therein is accessible as to be usable for subsequent reference. (Section 7, Singapore ETA). Put differently and more expansively,

143

the Thai law provides, “in case where the law requires any transaction to be made in writing, to be evidenced in writing or supported by a document which must be produced, if the information is generated in the form of a data message which is accessible and usable for subsequent reference without its meaning being altered, it shall be deemed that such information is made in writing, is evidenced in writing, or is supported by a document. Section 7 of the Philippine law also provides for legal recognition of electronic documents. It says, “Electronic documents shall haye the legal effect, validity or enforceability as any other document.” It requires, however, that the document or writing must maintain its integrity and reliability and can be authenticated as to be usable for subsequent reference in that the document remains complete and unaltered.

The three jurisdictions recognize the validity and enforceability of electronic forms serving as writing. It is important however, to put certain elements of certainty and security in the document for it to be regarded as a functional equivalent of “writing.” For example, the requirements of inalterability, integrity, and the capacity of the document to be authenticated. Such a requirement could be viewed as putting additional barriers to the acceptance of electronic data messages. However, this could also be viewed in such a way that greater trust and confidence can be engendered in business if there is present a modicum of security in the document.

3. Signature

Singapore recognizes electronic signatures in Section 8 of its law. It says, where a rule of law requires a signature, or provides for certain consequences if a document is not signed, an electronic signature satisfies that rule of law. An electronic signature may be proved in any manner, including by showing that a procedure existed by which it is necessary for a party, in order to proceed further with a transaction, to have executed a symbol or security procedure for the purpose of verifying that an electronic record is that of such party. Singapore also recognizes two types of signature: electronic signature which I have described above, and a digital signature defined as a “means of an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that

144

a person having the initial untransformed electronic record and the signer’s public key can accurately determine whether a transformation was created using the private key and whether the initial record has been altered. Needless to say, a digital signature, as they now are used, is more securing than a mere electronic signature.

Thailand likewise recognizes an electronic signature if a criteria is followed: reliability of the method used to assure integrity of the message and capacity for the information to be displayed for subsequent reference.

Philippine law recognizes electronic signatures as well - it declares an electronic signature to be the equivalent of a manual signature. It follows a criteria-based method for recognition in that the electronic signatures nay be rendered valid i f there is a showing of identity of the party who signed as well as his access and consent to what he signed, the reliability of method used, that the signature was necessary in order to move forward with the transaction, and that the other party is authorized and enabled to verify the electronic signature.

Will electronic documents be then admissible as evidence in court proceedings?

The recognition of the legal validity of electronic data messages, documents, and signatures undoubtedly will create a situation where courts, in cases of disputes, will admit and give to them its proper weight when presented as evidence.

However, Thailand and the Philippines have made explicit provisions regarding this. Section 7 of the ECA says that for evidentiary purposes, an electronic document shall be the functional equivalent of a written document under existing laws. The ETA says, the admissibility of a data message as an evidence in legal proceedings shall not be denied solely on the grounds that it is a data message. (Section 11, ETA; Section 12, ECA)

These provisions, it is hoped, will provide greater confidence in that in cases of disputes, the parties who enter into a contract or transaction electronically, are assured that no court will automatically reject a piece of evidence on the mere ground that it is electronic in form.

145

B. Useful tips for e-business

Ten ways to promote your web store

#l Search engine and directory submittal

Start with the major search engines and directories - Alta Vista, Yahoo, Infoseek, Lycos, Hotbot, Excite and Webcrawler - and then carefully select and submit to other search engines targeted towards your product or service. Beyond this you may wish to submit to the many other search engines available, or pay someone to do it for you.

#2 Negotiate or purchase links from other sites

Links from sites relating to products or services that are complementary to your own are likely to prove the best source of visitors. Identify sites that are likely to attract the same lund of customer that you are looking for and try to negotiate a cross-link with them.

Negotiating cross-links works well when both sites attract roughly the same amount of traffic. Clearly, you are going to have a hard time negotiating a cross-link with a site that has a much greater traffic level than your own (although its worth trying!) and in some instances it may be worthwhile paying for these links either direct or through services such as ClickTrade.

#3 E-mail marketing

If your site has been designed well, you should have a list of visitors and customers who have left their e-mail addresses and requested to be kept in touch with future developments and offers. This list of names is a valuable resource and should be treated accordingly. You need to judge when you have something of importance to tell your customers; too many messages and they'll get annoyed, too few and they'll forget you exist.

You have probably come across the following sentence a hundred times but I make no apologies for repeating it here. Never resort to spamming potential customers. There is no surer way of ruining the prospects for your new web store.

#4 Newsgroups and newsletters

Twelve months ago I would have had no hesitation in including newsgroup postings at the top of the list for any Internet promotion strategy. Now the level of spam in newsgroups has reached such a height that their worth is diminishing. Deja News estimates that about two thirds of newsgroup traffic is either spam or messages sent to can cancel spam.

Never the less, postings to newsgroups can deliver good results; choose your newsgroups carefully and post only when you have something of worth to add, letting your signature file act as an advertisement for your web store.

Postings to newsletters can also be effective. Moderated newsletters often produce the best results as they are kept spam free and can attract large, qualified audiences. The moderator will also eliminate any postings that are blatant selling attempts, so make sure your post is of value to the audience let your signature file do the selling for you.

Newsletter sponsorship can also be a cost-effective way of reaching your target audience.

#S Online advertising via banners

Budget permitting, you should consider placing banner adverts on sites whose products are complimentary to your own. Banner placements can either be purchased directly from the owners of your selected sites, or you can have a web advertising agency handle your requirements. As an alternative, you could use banner exchanges such as LinkExchange.

#6 Create a signature file

Create a signature file and add it to the bottom of every e-mail that you send. As well as your e-mail address and the URL of your web store, an effective signature should include a hook, that is, something that will entice the reader to visit your store. Keep your signature brief: aim for no more than 6 lines, each a maximum of 65 characters wide.

#7 Issue press releases

Although it is becoming more difficult to get journalists interested in new web sites, a well crafted press release should still generate good results, especially if your site has something new to offer.

#S Set up affiliate programmes

Allow other web sites to sell your products. You still fulfil1 all orders but pay your affiliate commission on each sale generated.

#9 Print your URL everywhere

Make sure the URL of your web store appears prominently on every piece of paper your business generates including adverts, letterheads, envelopes, flyers, shipping cartons and labels, invoices, compliment slips, brochures and catalogues. This is a great source of free publicity.

#l0 Keep refreshing your content

It is difficult enough to entice someone to visit your store once, so you need to ensure that.

Ten tips to help you beat credit card fraud

By Curtis Stevens of Simple Solutions

#l Review Orders Carefully

Whenever you receive an order, take some extra time and review the order carefully. Make sure the consumer filled out all of the information correctly and that it matches. If it is a fraudulent order, in most cases you can catch anything that does not seem right by carefully reviewing the entire order.

#2 Cross Check All Information

The consumer's contact information should match up with the shipping address and the credit card information. If it does not, then you need to find out why they want the products shipped to another address or have a credit card with different contacts. This is a very good sign of a scamster, but not in all cases.

#3 Use Address Verification Service (AVS)

Provided by most merchant processors, you can run the AVS service on all of your transactions to ensure that the information they gave you matches with the information on the file with the card issuing bank. If it is different, then it is possible, among other things, that the consumer has a partner involved with the order. Contacting the consumer to find out the exact reason is highly encouraged.

#4 Watch Out For Free E-mail Addresses

The majority of scamsters will use a free e-mail address to hide their identity. You can very easily find out if your consumer is using a free e-mail provider by just visiting the web site domain that comes after the @ symbol. For example: [email protected], you can go to 1simple.com to see if that web site is an e-mail provider like Hotbot or Yahoo. It is a good idea to require a real e-mail address from their own domain or their ISP when they order. This can be accomplished by stating the requirement on your order forms.

#S Document All Contacts

To give yourself greater protection and a bigger fighting chance against consumers, document all contacts you have with them. Keep all voice mails and e-mails, along with caller ID in order to prove your case.

#6 Check Domain Name Records

One unknown trick is to look up the domain name records of the domain name they are using in their e-mail address to see if it matches with what they provided in the order. This will only work if they have their own web site and used their own domain name as the e-mail address. Take the same procedure as explained in tip #4, and use the Network Solutions' database to search for the

records. Their information might not completely match up, depending if something changed or if they are using a business address verses a home address, but you should get an idea, like in the same state or city.

l

W7 Pay Special Attention to Very Large Orders

Take special caution when receiving noticeably high orders, the amount of products or services they are purchasing, especially around holiday seasons. Also pay attention to orders that are sent by overnight delivery. Since the scamsters aren't paying for it, they do not care about the extra cost and want it as fast as possible.

#8 Post Warning Notices

Place fraud warning notices, buttons and images on your order forms and your web site content. Let the consumers know that fraudulent orders will be pursed to the fullest extent of the law. By having these notices, it will usually run off most scamsters.

#9 Perform a Telephone Search

You can purchase a database of phone numbers on a CD or you can use online services such as that will do a reverse search on a phone number for you. This will allow you to confirm the contact information for the phone number that the consumer has provided.

#l0 Call the Customer

The last, and usually the most affective way, to clear up all confusion is to call the consumer with the phone number they provided. If they gave you a bad phone number, then try contacting them via e-mail for a valid phone number. Be very suspicious about this though, because most people usually don't give out wrong phone numbers unless it was mis-typed.

By using these tips, hopefully you will not experience any fraudulent orders. If you are scammed, then take serious action by following the order and prosecute the fraudulent consumer.

Source: http://sellitontheweb.com

V. CURRENT STATE OF THINGS-INDIVIDUAL COUNTRY EXPERIENCE

A. CAMBODIA

What is the current stage of IT/e-business in Cambodia?

Cambodia currently has two international gateways - one government owned and one privately owned - that enable it to connect to the world. It has 5 ISPs providing the following services:

+ Dial up Internet connection;

+ + ADLS Internet connection;

+ Wireless broadband;

+ Hotspot Internet connection;

+ Satellite Internet connection;

+ Cable Internet connection.

Dedicate Leased Line Internet Connection;

In addition, there are now over a thousand Internet cafi operators in the capital city of Phnom Penh providing easy access to Internet users.

What about e-business activities?

The e-business and e-commerce marketplaces and activities are still very limited. Although some companies have started maintaining online presence, hardly anybody knows about their existence.

The most recently completed project was the Siem Reap Angkor Hotel and Guesthouse Association Marketplace. This portal provides the most complete list of hotels and guesthouses and facilitates online reservation and payment.

150

What is being done to increase awareness of e-commerce and IT?

Since 2001, there has been a series of IT awareness seminars and conferences conducted in partnership with UN and other international agencies.

As regards education, there are 16 universities in Phnom Penh providing IT and IT related courses. There is also an existing Network Academy programme in collaboration with Cisco System that trains students to design, build and maintain computer networks.

What are the challenges to development of e-business?

The biggest challenge is the absence of a legal framework for e-business. As such, Cambodia needs to legislate its e-commerce law as soon as possible. The Ministry of Commerce has been tasked to work on this area and it is planned that the law will be put forward for Government approval in early 2004.

Another barrier is the lack of a central agency that will coordinate all e-business and e-commerce activities. Now, while there are a lot of initiatives and activities in the government and the private sector regarding e-business, the information is not centralized and made known to as many people as possible.

Lastly, human resource and capacity building in the areas of applying IT to business is a big gap for Cambodia. Even though many courses are being offered, the areas of business requirement analysis, business processes, project management and project implementation are not widely taught.

B. CHINA (YUNNAN PROVINCE)

What is the current stage of IT/e-business in Yunnan?

Yunnan is inferior to other developed areas of China in e-commerce. Its e-commerce is at starting stage and of low standard. However, it has been developing well in recent years. By the end of 2000, the total income of Yunnan’s information industry reached 8.95 RMB yuan, increasing by 25 per cent over the previous year. The Information Center of the State Economic Trading Commission reveals

151

that the regional information construction investment in the province increased by 115.07 per cent.

Among the significant developments in the province are the following:

Hongta Group established its 622 M ATM computer network and 2 long distance switch-in systems with El interface in 1998;

In April 2001, the province set up its biological resources development information network;

In July 2002, the “Dealing, Settlement, and Management Platform System of Tourist Industry” was put into operation in Lijiang District;

The Yunnan Electric Power Group put forward construction of “Ten Information Projects,” including broadband high-speed information network, e-commerce of power industry, and fiber-optical communication;

“Networking of government” in the whole province is progressing smoothly.

What about e-business activities?

The province has a rather weak basic environment for e-commerce development. According to the investigation made by the Information Center of Yunnan Economic Trade Commission on 9 June 2001, about 91.5 per cent of the investigated enterprises had not practiced e-commerce. By the end of June 2002, the number of Yunnan’s web sites with the domain name of “CN” accounted for 1.1 per cent of the total web sites of the same type in the whole country. Yunnan’s web sites accounted for only .7 per cent of the total web sites in China.

What are some of the difficulties and shortcomings of China in Developing e-commerce?

1. Backward consciousness and concept of the public in e-commerce development.

152

As a brand new commercial mode, e-commerce has not been accepted and adopted by the people in Yunnan. Yunnan is a frontier province of China and people here are of low cultural quality. The traditional culture takes strong root in Yunnan people’s minds. In addition, the enterprises of Yunnan have insufficient understanding of the role of e-commerce.

2. Existing goods flow distribution system of China seriously restricts its e-commerce development.

H Traditional methods of delivery are inefficient in China, much more for Yunnan province which is full of mountainous areas, of inconvenient traffic condition, low urbanization and seriously backward goods flow distribution system. The present condition of Yunnan can hardly meet the need of e-commerce development.

Lack of financial system and commercial credit appropriate for e-commerce.

3.

Online payment in China is of low efficiency, costs too much and the payment acknowledgement takes a long time. In China, commercial credit is generally low and dealers feel unsafe even in face to face dealing, more so with online dealings. According to the investigation, about 86 per cent of people said they would not make any type of online financial dealing. Online banking began to appear in Yunnan with the establishment of the Kunming Branch of the Merchants Bank in May 2002. However, online banks appear late in Yunnan compared with other places in China and their service scope is relatively narrow.

4. Failure in guaranteeing security of e-commerce.

H At present, over 90 per cent of China’s web sites have more or less loopholes and are weak in resisting virus attack and infection. A survey conducted by the China National Network Information Center revealed that security ranked first among the concerns of Chinese with e-commerce as well as the biggest problem they consider

153

with online shopping. A number of web sites of Yunnan have to conform to the principle of simplicity and suffer from a lack of security guaranteeing system due to insufficiency of effective support both in funds and in technologies.

5. Lack of relevant laws for e-commerce.

The lawmaking departments in fields of network, information, and trade act in their own ways and pay no attention to uniformity. In addition, necessary laws and scientific explanations on validity of electronic contracts, electronic signatures, electronic data evidence, online dealing and payment, jurisdiction, etc. are absent.

6. Lack of senior talents in information management.

Yunnan only has 6,000 professional information technicians, of whom, only 6.2 per cent have senior professional titles, 3.8 per cent with master’s degrees and those with junior professional titles account for 53.8 per cent. About 76.7 per cent of the investigated enterprises do not have more than 5 full time computer technicians.

What are some of China’s relevant laws and regulations on e-commerce?

China has promulgated some relevant laws on e-commerce, including the 1.) Interim Management Rules of China on Internet Domain Name Registration, 2.) Implementing Regulations of China on Internet Domain Name Registration, 3 .) Implementing Methods of Interim Regulations of the China on International Networking of Computer the Information Networks, 4.) Criminal Law, which came into force on 1 October 1997, includes regulations specially targeting at computer crime against information system security.

What can be done to develop e-commerce in the Province?

1. Quickening construction of basic e-commerce facilities

China must strengthen investment in the construction of basic network facilities, develop basic network platform

154

with great efforts, and quicken the construction of high speed and large volume multimedia information transfer network.

2. Perfecting goods flow distribution system.

rn Yunnan must combine the construction of the modern goods flow system with the construction of the international passage and the Lancang-Mekong River Subregional cooperation and development.

Perfecting financial system and credit mechanism gradually.

rn Yunnan should encourage and support the financial system to actively widen the online bank business, guide the organization of Yunnan’s online payment settlement centre, and promote the establishment of a Kunming-based safe and reliable trans-regional electronic payment system that covers the whole province and connects with the international network.

3.

4. Solving problems with e-commerce security.

rn Yunnan should establish its e-commerce Certificate Authority attestation centre in accordance with the unified arrangement of the country and in mode of enterprise operation by adhering to the principle of authorization by government, unified standard and implementation, mutual coordination, and share of resources. It should guarantee the neutrality, mutual attestation, and international compatibility of the CA attestation authority.

Establishing standardized e-commerce legal framework and realizing e-commerce’s openness, rationalization, and lawfulness.

5 .

rn Yunnan should, in accordance with the international trend of legislation convergence and the legislative demand of “making moderate standardization, leaving adequate room for amendment, and being in favour of development”, stipulate several local regulations as soon as possible, including the Regulations of Yunnan Province

155

on E-commerce Supervision and Administration and Regulations of Yunnan Province on Electronic Trading.

Strengthen cultivation and development of e-commerce technicians.

H Yunnan must mobilize the strength of the whole society to enhance the publicity of e-commerce scientific research, education, and application innovation engineering, and enhance study.

Increase the public’s consciousness of e-commerce development as part of Yunnan’s e-commerce development strategy. It should develop the roles of scientific research institutes, colleges, and universities, establish its e-commerce development and application office, and set-up the Yunnan E-commerce Consultation E-Center and Yunnan E-commerce Development Research Center.

6.

H

7. Government support and international cooperation.

E-commerce development must stick to the basic principle of being “led by government, hostqd by enterprises, and driven by market”.

Cooperation by domestic enterprises with foreign companies should be encouraged.

Help more enterprises to enter the international market

Yunnan should make e-commerce an important factor in Lancang-Mekong River Subregional cooperation and development and in the construction of the information platform of China-ASEAN Free Trade Zone.

C. L A 0 PEOPLE’S DEMOCRATIC REPUBLIC

What is the current state of IT/e-business in Lao People’s Democratic Republic?

Lao People’s Democratic Republic communications sector has developed quite rapidly in the last decade, especially in mobile service, even as most changes occur in 4-5 of the biggest cities. Many districts,

156

in fact, are still not connected - only 1.3 1 per cent of Laotian households have fixed line service.

What about e- business activities?

As of now, there is a lack of legal regulations governing electronic signatures, validity of electronic documents, or definitions of computer crimes. These factors hinder the implementation of e-business in the country.

In addition, factors such as low number of Internet users, lack of credit cards provision, the country infrastructure and small private economy all contribute to the slow development of e-business.

However, changes are forthcoming. The banking system is focusing on instituting reforms which is hoped to be completed by 2005-2006. Once implemented, cashless payments and clearings will now be made possible. Likewise, the Ministry of Justice has proposed many new laws related directly with e-commerce and e-business.

What is being done to increase awareness of e-commerce and IT?

Internet development, in terms of awareness and education, is defined by the Ministry of Education, although it would be ideal if a bottom-up approach is also developed by government. IT education, in government schools, makes available only two programmes for teachers and students.

A number of secondary schools have been connected to the Internet thanks to projects like the “smart school project” where the Malaysian government provided 20 PCs for each of the school involved in the project.

What could help spur development of e-business?

With lack of government funding, most e-projects are sponsored by bilateral and multilateral assistance. To ensure successful implementation and efficient use of funds, a National committee comprising both government and private sector should be created to guide such projects step by step.

157

The ongoing banking reform must be implemented with speed and quality and must proceed without delay. The same goes true with tariff modification for making ICT products and services cheaper.

Government should further promote e-government application and urgently develop a showcase to motivate and compensate successful teams, organizations or ministries.

Relevant laws must also be passed to address concerns like fair competition, and IT products and services liberalization and trade facilitation, not to mention the legal recognition of online transactions.

D. THAILAND

What is the current state of IT/e-business in Thailand?

In November 1997, Thailand adopted a comprehensive plan for telecommunications development which paved the way for the following:

+ establishment of a National Telecommunications Committee that will serve as a powerful, independent industry regulator;

+ opening of the telecommunications market to competition;

+ privatization of two state-owned enterprises, the Communization’s Authority of Thailand and the Telephone Organization of Thailand;

Conversion of existing build-transfer-operate concessions into licenses.

+

Full implementation of the plan, however, suffered delays and until now, the formation of the NTC has not been realized. The government has adopted a contingency plan at the end of 2002 which will make possible the creation of an “interim NTC by October 2003.

Despite this setback, many ICT projects have taken off and are in full swing. Some of these projects are the: Low-cost PC project; low-cost software project; e-procurement and e-services for government.

158

What regulatory frameworks are in place for e-business in Thailand

1.

2.

3.

4.

5 .

6.

Electronic Transaction Law - came into force on 3 April 2003;

Electronic Signature Law - incorporated into the ETA;

Data Protection Law - pending for consideration by the Economic Screening Committee (ESC) before proceeding to the cabinet for approval. This aims to protect the privacy of individuals;

Computer Crime Law - also pending with the ESC. The law aims at fighting Internet crimes through the identification and the creation of new types of online criminal offenses;

Electronic Fund Transfer Law - also pending with the ESC. EFT will provide consumer protection and establish security procedures in electronic fund transfers;

Universal Access Law - also pending with the ESC. The legislation will seek to promote universal and equal access to the Internet and will be drafted pursuant to Section 28 of the Thai Constitution.

What are the challenges and inhibitors to e-business in Thailand?

The biggest inhibitor to e-business growth is the uncertain regulatory situation. Currently, the 2 state-owned operators have assumed de facto regulation of the telephone and Internet market pending the creation of a new regulatory authority.

Likewise, the high cost of implementing e-business is likewise a barrier to e-business uptake by SMEs. Despite government assistance, the cost of access remains high and there is not enough application for daily use. Other difficulties facing SMEs are the language barrier between the buyer and the seller and the consistency of the product being sold.

159

E. VIET NAM

What is the current state of IT/e-business in Wet Nam?

In 2002, the total revenue from information technology and media in Viet Nam reached only more than $ 500 million. The draft IT development strategy sets the following targets: 10-15 PCs for 100 people by the year 2010, i.e. the value of approximately $ 4-6 billion for the whole country.

Viet Nam witnessed the highest telecommunication growth rate for the period 1995-2002 among ASEAN countries but has the lowest telephone and Internet subscription ratio. Its subscription ratios per 100 inhabitants are as follows: for fixed telephone: 4.51; mobile telephone: 2.34; and Internet: 1.84.

At present, Viet Nam has 6 enterprises permitted to provide Internet connection services (IXP), 10 enterprises permitted to provide Internet telephone services and 20 enterprises permitted to provide Internet access services (ISP). By early 2003, there are approximately 3,000 web sites with registered domain names with .VN suffix.

What are some of the challenges to the development of e-business in Viet Nam?

1. Expenses for infrastructure facilities, particularly transport, telecommunication and Internet service charges remain too high for the majority of SMEs;

The number of urban inhabitants and big cities is limited while the quality of telecommunication and transport networks cannot cover other areas;

The legal environment is still not complete and not easy to apply for all kinds of enterprises, particularly for the private sector;

2.

3.

4.

5.

Over dependence on high tech imports;

The culture of doing small business paying in cash and bargaining in person is hard to change quickly;

160

Table 3: The TOP 25 Countries with Highest Number of Internet Users

Population Internet Users, ## / Country or Region

Growth (Est. 2003) Latest Data I (2000-2003)

% Population (Penetration)

Date of Latest Data

% of Table

1 I United States 1 291,639,900 1 179,854,855 1 88.6 %

2 l China 1 1,311.863.500 1 68.000.000 1 202.2 %

3 1 Japan 1 127,708,000 1 59,203,896 1 25.8 %

4 Germany 81,904,100 44,139,062 83.9 %

5 United Kingdom 59,040,300 34,387,216 123.3 %

6 1 Republic of Korea 1 46,852,300 1 26,270,000 1 38.0 %

7 l France 1 59,303,800 1 21,309,352 1 150.7 %

9 Canada 3 1,720,400 16,841,811 32.6 %

10 India 1,067,42 1,100 16,580,000 231.6 5%

l1 l Brazil 1 179.712.500 1 14.322.367 1 186.4 %

14 1 Taiwan Province of China

1 23,614,200 1 11,602,523 1 85.3 % I 49.1

12

13

Spain

Australia

15

16 I I I . . I

4 1,547,400

19,978,100

Netherlands

Malaysia

17 l Sweden

13,986,724

12,823,848

16,258,300

24,O 14,200

8,872,600 1 6,726,814 1 66.2 % 75.8

159.6 %

94.3 %

1 0,35 1,064

7,800,000

33.7

64.2

165.4 %

110.8 %

63.7

32.5

Table 3: (continued)

% of Table

Population Country or Region 1 (Est. 2003)

Internet Users, Latest Data

6,000,000 Russia Federation (the) l 14193643200

Growth (2000-2003)

93.5 %

% Population (Penetration)

4.2

Thailand 1 63,393,600

Date of Latest Data

Dec12002

Mexico 1 101,457,200

Hong Kong, China 1 6,827,000

Switzerland 1 7,376,000

Argentina 1 36,993,000

1 Indonesia 1 217,825,400

TOP 25 Countries 1 4,096,094,200 1 600,756,466 1 89.7 % I 14.7 ( Sept19103 1 88.7

Source: http://www.internetworldstats.com/top25.htm

Next 213 Countries

Total World - Users

2,252,168,310

6,348,262,5 10

76,270,608

677,027,074

72.4 %

87.6 %

3.4

10.7

Sept 19/03

Sept 19/03

11.3

100.0

6. The campaign and education for developing an industrial society are not adequate and weighted in favour of entertainment.

Jupiter Research forecasts that each online consumer will receive nearly 1,600 retention-based e-mail messages, including newsletters, in 2007 - an increase from approximately 800 such messages in 2003. As e-mail marketing becomes mainstream, marketers are continually challenged to stand out among the clutter.

163

Reference:

Andam, Z.R., 2003. e-Commerce and e-Business (e-ASEAN Task Force and UNDP Asia Pacific Development Information Programme [ UNDP- APDIP] ) <h t tp://w w w. apdip. ne t/documents/eprimers/ e-Commerce-and-e-Business. pdf>

Chatikavanij, V., 2003. “Information TechnologyElectronic-Business Status and Challenges (Thailand)”, in the Country Paper for Thailand presented at the ESCAP Regional Seminar on Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion (GMS), Bangkok, 29 September - 1 October 2003.

Nie, Yuanfei, 2003. “Present State and Development Prospect of China’s e-Commerce”, in the Country Paper for China (Yunnan Province) presented at the ESCAP Seminar on Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion (GMS), Bangkok, 29 September - 1 October 2003.

Nguyen, Vu Kien, 2003. “Towards e-Commerce in Viet Nam”, in the Country Paper for Viet Nam presented at the ESCAP Seminar on Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion (GMS), Bangkok, 29 September - 1 October 2003.

Diep, S.H. , 2003. “IT/E-Business Status and Challenges in Cambodia”, in the Country Paper for Cambodia presented at the ESCAP Seminar on Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion (GMS), Bangkok, 29 September - 1 October 2003.

Kanlagna, T., 2003. “Information Technology (1T)Electronic-Business Status and Challenges” in the Country Paper for Lao People’s Democratic Republic, presented at the ESCAP Seminar on Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion (GMS), Bangkok, 29 September - 1 October 2003.

164

Lallana, E.C., R.S. Quimbo, and Z.B. Andam, 2000. E-Primer: An Introduction to E- Commerce <h t tp : //w w w. s apalovelez . c om/ E-commerceE-commerce. htm>

Quimbo, R.S., 2003. Legal and Regulatory Issues in the Information Economy (e-ASEAN Task Force and UNDP Asia-Pacific Development Information Programme [UNDP-APDIP]) <http:// www. apdip.net/documents/eprimers/Legal-Issues .pdf>

<http://www.internetworldstats.com/top25 .htm>

<http://www 1 .oecd.org/publications/e-book/9300023E.PDF~

<http://gram.eng .uci .edu/-tlenghecurity. h t m b

<http://sellitontheweb.com>

165


PART FOUR

REPORTS OF REGIONAL SEMINAR AND REGIONAL TRAINING WORKSHOP

167


I. REPORT OF THE REGIONAL SEMINAR ON INFORMATION TECHNOLOGY ENABLING

LEGAL FRAMEWORKS FOR THE GREATER MEKONG SUBREGION, BANGKOK, 29 SEPTEMBER - 1 OCTOBER 2003

ORGANIZATION OF THE MEETING

The Regional Seminar on Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion (GMS) was held at Bangkok on 29 September to 1 October 2003.

Attendance

The meeting was attended by the representatives of the following Cambodia, Yunnan Province of China, the Lao People’s countries:

Democratic Republic, Myanmar, Thailand and Viet Nam.

Representatives from France, ITU and APT also participated in the meeting.

The list of participants is given in Annex A.l .

Agenda item 1 - Opening of the session

The meeting was called to order by Mr. Xuan Zengpei, Chief, Information, Communication and Space Technology Division. He extended a warm welcome to the representatives of the six GMS countries as well as those of France, ITU and APT.

He observed that relentless developments in technology and the rapid acceptance of electronic business and electronic commerce had outstripped the laws governing conventional business and commerce. The activities of organizations and individuals had created a need for legal as well as policy solutions to some of the complex issues that had arisen, and the process of enacting new laws or legislation was generally a long and slow process. The increased use of electronic means of

169

communication, such as, e-mail and the Internet, had raised concerns about their legal effect, validity and enforceability. Outstanding issues ranged from security, to protection of creative efforts, to sovereignty of states. In most countries of the region, the existing national laws did not contemplate the use of modern means of communication. National and international laws imposed restrictions on the use of electronic communication techniques by requiring “written”, “signed” or “original” documents. As electronic business was not restricted by national boundaries, its adoption required that the legal ramifications were considered by all those interested in international business, commerce, and development.

It was mentioned that several governments of the ESCAP region had been involved in enacting legislation and establishing a regulatory framework to remove any uncertainty that may have existed from the use of electronic means of communication. International organizations such as UNCITRAL and UNCTAD, concerned with the harmonization of international trade laws and facilitation measures, had been active in preparing model rules, regulations and guidelines and setting directions for future legislative reform. Private sector organizations had also been busy arriving at a consensus on technical standards, and establishing infrastructure and required services. The objective of all these efforts was to create a favourable legal environment for electronic business and electronic commerce.

Although the principles of conflict of law were meant to apply equally in cyberspace, difficulties arose because of the borderless nature of cyberspace and the lack of geography in determining place of performance and place of formation of contracts by electronic means across international boundaries. A “click” in one country could have an effect in another country, or in very many countries. Investigating and combating crime in a transient and intangible world without forensic evidence posed fresh challenges to law enforcement authorities. With the increasing volume of data messages available and the greater ease with which they could be retrieved and mined, privacy and data protection became important issues. In conclusion, it was pointed out that these were some of the challenges that the GMS countries faced in their drive to become knowledge-based societies and bridge the digital divide, and it was hoped that the meeting would impart a greater

170

understanding on the legal and regulatory issues that had a direct bearing on e-business and e-commerce in the subregion.

Agenda item 2 - Election of officers

In lieu of an election of officers, U Moe Kyaw (Myanmar) was appointed Moderator for the meeting which was unanimously accepted.

Agenda item 3 - Adoption of the agenda

The meeting adopted the following agenda:

1. Opening of the session

2. Election of officers

3. Adoption of the agenda

4. Balancing sustainable development and ICT private sector development

Overview of information technology/electronic business as an emerging worldwide medium of information and commerce

5.

6. Presentation of country papers on IT/eBusiness status and challenges in GMS countries

Model Laws and “Best Practices” 7.

8.

9.

10. Recommendations

11. Adoption of the draft report

Presentation and discussion on draft ePrimer

Harmonization of cyberlaws in the GMS

Agenda item 4 - Balancing sustainable development and ICT private sector development

The presentation was meant to provide a reality check on B2B e-commerce. It was explained that B2B e-commerce was considered a promising vehicle for economic growth in many developing nations. At the same time, it was also made clear that even in its broadest definition, B2B e-commerce did not only offer opportunities, but also

171

presented some disadvantages and obstacles both on the national and organizational levels.

It was indicated that research had shown that B2B e-commerce tended to strengthen existing business relationships rather than create new ones. Nevertheless, opportunities for business growth and entry to new markets remained. Successful application of electronic business transactions between companies required appropriate application of the following essential building blocks:

1. The company must be able to invest in the hardware, software and the organizational structure to accommodate B2B e-commerce practices. Furthermore the company must have the capacity to continue to invest in upgrading B2B e-commerce facilities as needed;

Access to Wide Area Networks including the Internet must be fast, reliable and affordable;

2.

3. Availability of and access to qualified staff;

4. The freedom and security of the data flow must be guaranteed;

5. Trust was an essential ingredient of both business relationships and government-business relationships.

However, the presentation also revealed some obstacles that especially companies in developing nations face v i s - h i s B2B e-commerce:

1.

2.

3.

4.

The full implications of B2B e-commerce for the organization are not always fully understood;

Companies do not always have the resources to make the necessary initial and follow-up investments;

Qualified staff may be difficult to obtain;

Lack of consumer trust may seriously hamper B2B e-commerce. This applies especially to developing countries which often already have a high risk rating on a national level;

172

5. The national and international physical infrastructure may not support the logistics resulting from B2B e-commerce implementation.

In conclusion, the implication was that national governments needed to support the private sector through the establishment of policies that addressed as much as possible that mentioned obstacles. Additionally, it was indicated that it was important to understand that e-commerce policies were cross-cutting (e.g. involving financing policies, anti-corruption measures, etc.) and that the development of those policies should include all stakeholders. Last but not least, it was suggested that governments should be aware of the fact that successful B2B e-commerce did come with a price for the poor, as unskilled jobs tended to disappear and the burden on the environment tended to increase. Governments were, therefore, encouraged to prioritize and to develop measures to counteract such negative effects.

Agenda item 5 - Overview of information technology/electronic business as an emerging worldwide medium of information and commerce

It was pointed out that information technology had changed the way people lived. Information had become a global commodity and physical boundaries no longer limited education, entertainment, commerce and communication. The rapid progress in information technology, especially through the Internet and other new advances in information technology, had been such that its presence in everyday life could no longer be ignored. It had revolutionized the delivery of data and information and made electronic commerce possible. From the paper-based and brick and mortar milieu that were all so familiar, the world was well on the way to being paperless and borderless online.

In the rapidly emerging and evolving global online economy, electronic commerce and electronic business were increasingly becoming necessary components of business strategy. The integration of information technology in business had revolutionized the way good were offered and sold, services tendered and rendered, and clients sought and serviced.

173

Legal and regulatory obstacles abounded as economies shifted from paper-based transactions to e-transactions. While technology had grown in leaps and bounds, the existing laws that could offer protection and give security online were now antiquated and needed to be completely amended to become responsive to the changing times. The lack of legal frameworks had also been identified as a significant barrier to the rapid growth of e-commerce and e-business.

It was mentioned that the overview aimed to assist ongoing efforts to enable Cambodia, China (Yunnan Province) Lao People’s Democratic Republic, Myanmar, Thailand and Viet Nam to define and determine their requirements for shaping appropriate e-business legislation that addressed such complex issues as contract validity and enforceability, jurisdiction, privacy, consumer protection, security of transactions, intellectual property, and online fraud.

Agenda item 6 - Presentation of country papers on IT/e-business status and challenges in GMS countries

CAMBODIA

It was explained that Cambodia had endured over two decades of civil war, especially during the period of genocide from 1975-1979. All physical infrastructures in the society were completed destroyed or left untended without proper maintenance during that time. Those included road, railroad, education, power systems and telecommunication s y s tems.

The presentation gave a snapshot of the current stage of ICT and e-commerce development and challenges in the areas such as Infrastructure, Access level, Marketplace and market activities, Awareness, Education, Government involvement, Private sector participation, Legal, Policy and Regulatory frameworWpreparedness, Level of consumer trust, Online security, Consumer protection and privacy, and Challenges/Inhibitors to e-business in Cambodia. Also provided were some documented information on private sector development and the promotion of e-business and e-commerce.

174

CHINA (YUNNAN PROVINCE)

It was mentioned that China’s e-commerce was at an early stage although it was expected to develop rapidly with good prospects. Yunnan Province of China was inferior to other developed areas of the country in e-commerce. E-commerce there was still rudimentary and of a low standard. The difficulties and shortcomings of China in the development e-commerce included:

Lack of awareness on part of the public in e-commerce development;

Failure of basic information facilities in fully meeting the needs of e-commerce development;

Existing goods flow distribution system of China seriously restricting its e-commerce development;

Lack of the financial and commercial credit systems in meeting the needs of e-commerce;

Failure in guaranteeing the security of e-commerce and online transactions;

Lack of laws or law clauses relevant to e-commerce;

Lack of advanced information management capability.

It was expected in future that e-commerce in China would ultimately gain tremendous popularity. Basic information facilities would be gradually enhanced and the goods-flow distribution system would be continuously upgraded. The supporting environment for e-commerce will also be gradually standardized and developed in depth. Taking into account the situation with respect to Yunnan Province and the rest of China, the following suggestions were given for hastening e-commerce development in the country:

Expediting the establishment of basic e-commerce facilities;

Upgrading the goods-flow distribution system;

Improving, in a gradual manner, the financial system and credit mechanism;

Resolving e-commerce security issues and promoting e-commerce development;

175

Establishing standardized e-commerce legal frameworks and aiming for e-commerce’s transparency, openness, rationalization and compliance to legal provisions;

Creating and strengthening e-commerce related human resources development;

Enhancing government’s support for e-commerce and promoting international cooperation.

L A 0 PEOPLE’S DEMOCRATIC REPUBLIC

Lao People’s Democratic Republic communications sector had developed quite rapidly in the last decade, especially in mobile service, even as most changes occurring in 4 or 5 of the biggest cities. Many districts, in fact, were still not connected - 1.31 per cent of Laotian households had fixed line service. While the ICT industry was virtually non-existent, the potential for development was huge. So far, there was a lack of legal regulations governing electronic signatures, validity of electronic documents, or definitions of computer crimes.

Internet development, in terms of awareness and education, was defined by the Ministry of Education, although it was ideal if a bottom-up approach was also developed by the government. IT education, in government schools, made available only two academic programmes for teachers and students. Though the slack was assumed by the private sector educational institutions, so much was left to be desired: either the slots in those schools were fewer than what the country really needed or only very basic courses were taught. The quality of instruction was also a cause for concern in some schools.

Government, in an apparent effort to modernize itself had plans for the establishment of a government Intranet linking the ministries, agencies, and provincial offices. There were also efforts towards the computerization of the tax and Customs Departments. Enactment of a legal/law information system was also in the works. Lastly, government had also planned an information management system for the government public administration reform programmes.

The IT sector had been in existence for twenty years, although the development had not been dramatic because of a small urban,

176

computer-literate population. 4-5 years, IT had become affordable and reliable.

Cost had gone down and in the last

Because of lacking in funding, the government was dependent on bilateral and multilateral assistance grants. But, in order to ensure proper implementation of the projects government and private sector worked hand-in-hand in a National Committee.

Finally, there must be banking and legal reforms, together with capacity building and government promotion to ensure the success of e-business in Lao People’s Democratic Republic.

MYANMAR

Myanmar formed the e-National Task Force in the year 2000 in order to complement the contents of the e-ASEAN framework agreement signed by the leaders of ASEAN during the ASEAN Summit 2000 in Singapore.

There were seven working committees in the e-National Task Force, namely:

(a) e-Legal Infrastructure; (b) Information Infrastructure; (c) ICT Education; (d) e-Application; (e) ICT Standardization; (f) Liberalization; and (8) e-Measurement.

The e-Legal Infrastructure Committee, chaired by the Vice-Attorney General had drafted the cyberlaw which consisted of three major modules: (a) My anmar computer science development law; (b) Myanmar telecommunications law; and (c) Myanmar electronic transaction law.

The first draft of Myanmar cyberlaw was reviewed by the Prime Minister on 27 September 2003 and had to be submitted to the Cabinet for approval before the end of 2003.

It was mentioned that to prosper from e-commerce in the GMS countries, the harmonization of cyberlaws was one of the important issues for enabling cross-border transactions alongwith online security. Organizations like ESCAP could play a vital role in assisting GMS countries to implement harmonized policies for e-commerce and in the

177

setting-up of a forum on security matters, such as the PKI forum to discuss technical interoperability issues.

THAILAND

It was explained that, in the developing countries, like Thailand, only recently had a few top business managers and top government officials started to shift their attitudes and expound on the strategic value of information technology, about how IT could be used to gain a competitive edge, through the “digitization” of their business models. These initiatives and thinking were being pushed and supported by governmental agencies as demonstrated in the ICT 2003-2007 Master Plan. The set-up cost to buy hardware and software licenses, the maintenance cost, the access cost to IT networks and the content cost to build the information were still high. Those were becoming the costs of doing business that must be paid by all in order to compete and the separate those who have access to and utilize IT (the haves) from those who do not (the have nots).

For Small and Medium Enterprises (SMEs) which constituted the majority of businesses in Thailand, IT was still very costly and what was missing was a compelling return-on-investment argument. Put differently: SMEs desperately needed to find a cost-effective ITle-business infrastructure, access level, market place and market activity. They also needed support from the government in the area of non-formal education and to ensure that the businesses they conduct over the electronic medium would be trustworthy, transaction secured and private, and that their personnel data was protected and infrastructure and service were reliable.

With the delay in the formation of the National Telecommunication Commission (NTC) and the delay to pass the e-commerce laws, reducing access costs would be hard to come by and the use of IT for e-business applications would come at the expense of both the service providers and the users.

178

VIET NAM

The IT and related media industries of Viet Nam was a growing industry in that in 2002, $ 500 M was realized. This augured well for high growth, presenting great potential. In the software industry it was estimated that by the end of 2003, 600 companies would be involved. Despite a fast growth rate, the proportion of applied software in the IT market remained low. Exports in software amounted only to about $ 15 M. Piracy of software was severe (94 per cent), thus making the target of $ 500 M in software revenue difficult to achieve. While Viet Nam had achieved the highest growth rate in telecommunications during the years 1995-2003, it still had the lowest telephone and Internet subscription ratio.

While the Viet Nam government share of IT purchases amounted to 30 per cent of the entire nation and legislation had been enacted regarding rules on Internet use and other IT-related regulations, there was, as of yet, no e-commerce or e-business laws that recognized the validity of electronic documents or data messages, or electronic or digital signatures-except for inter-bank electronic payments.

Few companies had started going into the initial stages of e-commerce or e-business by developing a web presence, and they could be categorized into three types: trade web sites, online study, and electronic press.

Despite the fast growth in IT-related investments, it was not yet adequate to propel domestic e-commerce or e-business to take off. Cost for telecommunications and Internet service remained relatively high, the country was import-dependent in terms of IT products, the buying power of the population was weak, the legal environment was under the process of formation, the cultural demands of doing business using cash and doing it face-to-face was difficult to overcome, vocational training was weak, and media tilted towards providing entertainment rather than education.

Agenda item 7 - Model Laws and “Best Practices”

It was said that the most difficult part in discussing and then enacting a law seeking to govern the many aspects of cyberspace and

179

e-business was the fact that technology always developed ahead of the law. Law was merely developed as a reaction to a change that had already occurred. And, by the time a particular law was enacted by many jurisdictions, another change in technology had already occurred. With that in view, governments tried their hardest to make sense of the regulatory or legal infrastructure in place, hoping that what was there sufficed.

Yet without having a legal infrastructure in place, even with the seeming imperfections of regulations, the conduct of e-business or e-commerce may be more risky for both governments and the private sector. It was noted some years ago that a significant barrier to the growth of e-commerce in the Philippines was an inadequate legal framework. Laws, especially on the formation and validity of contracts, needed to be revised to engender greater trust among users and sellers on electronic networks. This was so because laws on trade were enacted in a paper-based world. They, by and large, required written, signed, or original documents in the paper sense. Such was not the case in e-business or e-commerce transactions where electronic data or documents, or digitally signed contracts may make up the entire transaction.

The presentation thus explained the important provisions of the UNCITRAL Model Law on e-commerce, as well as electronic transaction laws in the Philippines, Singapore and Thailand. It was hoped that participants were informed of the important role of the Model and the other laws’ provisions towards engendering greater business confidence in e-business. Ultimately, the presentation aspired to prompt participants from countries where there were no electronic transaction rules yet to exert influence upon their respective policy-makers to enact local e-business and other related rules.

Agenda item 8 - Presentation and discussion on draft ePrimer

The e-business primer addressed significant issues related to e-business. It provided an overview of key concepts related to e-business and e-commerce for a better grasp of the subject matter. Key concepts related to e-business included encryptioddecryption, the Internet and web sites, Digital Signature and Public Key Infrastructure

180

and electronic payment systems. The interrelation of those concepts and constructs to the conduct of e-business was similarly presented in detail.

The primer then proceeded to discuss legal and regulatory issues that may determine success or failure of e-business. Barriers to the successful conduct of e-business were also discussed at length. The problems brought about by the issue of information privacy, consumer protection, jurisdiction, and cyber-crimes were also included.

It was explained that the primer ended by discussing emerging consensus in so far as legislation on e-business was concerned, and in the context of individual country experiences of the GMS.

Agenda item 9 - Harmonization of cyberlaws in the GMS

It was pointed out that the need for e-commerce legal frameworks and their harmonization was acknowledged by official statements such as the Declaration on Electronic Commerce for Development, Joint UNCTAD-ESCAP Asia-Pacific Regional Conference on: “E-Commerce Strategies for Development” held in Bangkok on 20-21 November 2002. Harmonization of e-commerce legal and regulatory systems was also consistent with the ADB Strategic Approach for Information and Communication Technology. This convergence of interest was important, given that ADB was a key player in the establishment of the GMS cooperative framework.

As can be noted, the current legal frameworks were clearly inadequate to govern e-transactions in the GMS countries. Except in Thailand, which who adopted an e-transaction Act in 2001, issues such as the legal validity of electronic contracts, the acceptability of electronic documents in transactions, digital signatures, data and privacy protection, copyright and intellectual property protection, as well as cyber-crimes were absent in the legal and regulatory environment of the GMS countries. The lack of a formal international legal status of the GMS combined with different levels of economic development and achievement of e-commerce legislations in the subregion made harmonization of cyberlaws a very challenging issue.

181

It was suggested that possible solutions would reside in “soft harmonization” of cyberlaws as opposed to “hard harmonization”. The former approach would be based primarily on international principles of the UNCITRAL Model Law and regional Guidelines, such as the e-ASEAN Framework, rather than formal instruments of harmonization of laws such as Treaties, Conventions, Directives or Regulations.

Moreover, harmonization of cyberlaw initiatives had to involve capacity-building programmes for target audiences such as law-makers, lawyers and legal consultants of public administration and government agencies, as well as judges of the GMS countries. The successful outcome of any a GMS capacity-building programme would require the sustained involvement and support of regional and/or international organizations, donor agencies, governments, business associations and other constituencies.

Agenda item 10 - Recommendations

On the basis of the presentations and discussions held during the meeting by delegates from the participating countries and experts from ESCAP, France, ITU and APT, the following recommendations had emerged from these deliberations. These recommendations have been grouped under six categories which were considered priority areas for the promotion and adoption of information technology enabling legal frameworks as well as growth in e-business and e-commerce in the GMS, namely: legal and legislation issues; bridging the digital divide; human resources development; education; governmental role; and ESCAP’s role. While recognizing the primary role that the participating nations would have in the formulation, enactment and harmonization of cyberlaws that facilitate enhanced e-business and e-commerce activities, the participants desired that international organizations and institutions, such as ESCAP, ASEAN, ITU, APT, AIT and OECD should consider these recommendations while formulating the ICT related activities and programmes for the GMS. In particular, ESCAP should address these concerns in the ongoing implementation of Indo-China Phase VII Project entitled: “IT Programme for Private Sector Development in the GMS”.

182

LEGAL AND LEGISLATION ISSUES

There must be in the GMS enactment, at the earliest possible time, of harmonized e-commerce laws especially as it refer to or address the problems of

a. Legal recognition of electronic data, messages, and signatures as functional equivalents of its traditional counterparts;

b. Cyber-crimes

There must also be capacity building and training of lawyers, judges and other members of the legal profession so that these people are better prepared to meet the challenges that a host of e-commerce- related cases that they may soon be encountering.

Access to justice must be made readily available to consumers who are seeking redress. Encouragement must be made of the growth of applicable and culturally-attuned alternative modes of resolving conflicts (or online dispute resolutions) so that resorting to court cases - which can entail a lot of expenses - is made last in a menu of dispute settlement modes.

Finally, whatever laws that may be passed must reflect the spirit and tenor of the UNCITRAL Model Laws on e-commerce and Digital Signatures as well as the e-ASEAN Framework.

BRIDGING THE DIGITAL DIVIDE

E-commerce will not grow nor will its full potential be met if the existing digital divide that is present in the GMS is not addressed successfully.

Greater access equals greater opportunities for trade and business. Universal access or access of all citizens to the Internet, and other media of electronic communications, at least in the region, must be an important goal. To address the problem of lack of access, overall infrastructure development could be encouraged and the tariffs on telecommunication services and the cost of telecommunication equipment should be affordable.

183

Infrastructure problems-referring not only to telecommunications infrastructure - but also the development and construction of roads, bridges, sea and air ports must be addressed.

Consideration should also be given on the language barriers in the GMS and development and use of machine translation.

HUMAN RESOURCES DEVELOPMENT

The more professionals for e-business there are the better for the region. There must be expended deliberate efforts towards creating a great number of people trained to deal with matters of e-commerce and e-commerce-related laws.

The training of trainers, for the development of their domestic legal frameworks on e-commerce, is necessary and must be conducted at the soonest possible time, so that these trainers can themselves go home to their own countries, in the GMS, to train even more people.

Lawmakers, court personnel, lawyers, and judges must be trained in both the civil and criminal aspects of e-commerce law.

RAISING AWARENESS

Seminars for awareness creation must be conducted continuously and in a sustained manner.

The need for education and awareness of the public and business, as well as the legal community on e-commerce issues must be addressed. Those who must enjoy the benefits of this relatively new way of conducting business must themselves exercise responsibility in the use of this medium. The general public, government, business, and technology experts must also be educated as to the proper use or ethical practices in the utilization of computers, the Internet, and the other wealth-generating technologies that may soon arrive.

GOVERNMENTAL ROLE

Governments must set up rules that are clear, transparent, predictable, and consistently applied. Government officials, especially those responsible for the enactment and enforcement of e-commerce

I84

regulations must be encouraged to participate in these types trainingd seminars in order to increase their knowledge. Governments, with the participation of business and other stakeholders should designate a National ICT Legal Task Force in each GMS country to monitor and develop legal frameworks for e-commerce, whenever appropriate, and in line with the pace of regional development.

ESCAP’s ROLE

ESCAP must continue to pursue efforts towards educating and further training of stakeholders (government, business, consumers, and the legal community in the GMS) on the importance of enactment of harmonized e-commerce and e-business laws based on the UNCITRAL Model laws.

ESCAP may also conduct, in cooperation with other relevant international organizations, technical training of IT experts on online security management, and interoperability of certificate authorities so that there is uniformity of standards. It may also set up a cyber-bulletin board so legal practitioners from the GMS can share and exchange views and experiences online regarding e-commerce law.

Through ESCAP, greater cooperation regarding e-commerce and e-business law issues, between and among countries in the GMS and outside the region, must be fostered. A technical cooperation system in GMS must be established or made stronger. Efforts towards specific training of GMS countries, especially their Internet managers, lawyers, and supply-chain managers, must be pursued. These upcoming trainings should also focus on solutions and “how to do it” approaches rather than on relating each other’s “present status.” To a greater extent, ESCAP should, in these upcoming training activities, involve the chambers of commerce to ensure better understanding of the issues. The trainings activities would acquire greater importance because they could serve as the forum for greater exchange of information so that those countries which are more advanced can assist those who are just starting.

185

With respect to related matters on ESCAP’s role:

The meeting endorsed the draft ePrimer as an appropriate and useful training module to be used in a follow-up training workshop on information technology enabling legal frameworks for the GMS to be organized in due course.

The meeting was informed that, based on a joint initiative with the French Government, ESCAP had formulated and was taking steps to seek ADB and/or other donor support for a project titled: “Regional capacity-building for harmonized development of e-commerce legal and regulatory systems for trade facilitation in South and Southeast Asia”, which was expected to be implemented starting from 2004.

Agenda item 11 - Adoption of the draft report

The meeting adopted the draft report on 1 October 2003.

186

ANNEX A

A A LIST OF PARTICIPANTS

CAMBODIA

Mr. Seng Ho Diep, Chief Executive Officer, Computer Plus OA Group Company Limited, Phnom Penh

Mr. Sovanna Yun, IT and Information Officer, Cambodia Chamber of Commerce, Phnom Penh

Mr. Lydavuth Bun, Assistant to President of Cambodia Chamber of Commerce and Chairman of Sokimex Group Company Limited, Phnom Penh

Ms. Yanida Suth, Assistant to Executive Manager, OMC Co., Ltd., Phnom Penh

Mr. Poue Nhek, Network Administrator, Union Commercial Bank, Phnom Penh

CHINA (YUNNAN PROVINCE)

Mr. Su Zhengguo, President of Yunnan Provincial Chamber of Commerce, Kunming City

Mr. Xia Yundong, Vice Director of Economic Division of Yunnan Provincial Chamber of Commerce, Kunming City

Mr. Nie Yuanfei, Professor of Research Department under the People’s Government of Yunnan Province, Kunming City

Mr. Hang Zheng, Vice President, Yunnan Hungyu Group Co., Ltd., Kunming, Yunnan Province

Ms. Li Xiao, Cadre of Liaison Department of Yunnan Provincial Chamber of Commerce, Kunming City

1 a7

FRANCE

Mr. Roland Amoussou-Guenou, Regional Expert on Legal Cooperation in the ASEAN, The Embassy of France, Bangkok, Visiting Lecturer at the Asian Institute of Technology, AIT, Pathumthani, Thailand


Mr. Thanongsinh Kanlaya, Chief Executive Officer of DATACOM Company Limited, Vientiane

Mr. Thong Souvanna, Responsible for IT of LNCCI, Vientiane

Mr. Daovone Phachanthavong, General Manager, Consultancy Co., Vice President of Lanexang Internet Co., Vientiane

Mr. Sirisamphanh Vorachith, Deputy Director General, Economic Research Institute for Trade, Ministry of Commerce, Vientiane

Mr. Kingphet B annavong, Information Technology Officer, Lao National Chamber of Commerce and Industry, Vientiane

Mr. Vannakone Vongsouthi, Director, Manila Software Limited, Vientiane

MYANMAR

U Pyone Maung Maung, Vice President, the Union of Myanmar Federation of Chambers of Commerce and Industry (UMFCCI) and Managing Director, CE Technology Co., Ltd., Yangon

U Moe Kyaw, CEC Member, UMFCCI, Managing Director, MMRD Co., Ltd., Yangon

U Khun 00, Managing Director, CIT Co., Ltd., Yangon

THAILAND

Mr. Jingjai Hanchanlash, Executive Board Member, Thai Chamber of Commerce, Executive Vice President, Loxley Public Company, Bangkok

188

Mr. Pichet Durongkaveroj, Director of Knowledge Network Institute of Thailand, Bangkok

Mr. Suthi Aksornkitti, President of Pathumwan Institute of Technology (PIT)

Mr. Vasant Chatikavanij, Executive Vice President, Loxley Public Company, Bangkok

Ms. Vasoontara Chatikavanij, Director of Technical and Economic Cooperation Programme, Loxley (PLC) Co., Ltd., Bangkok

VIET NAM

Mr. Nguyen Vu Kien, Deputy Director, Business Information Center, Vietnam Chamber of Commerce and Industry (VCCI), Hanoi

Mr. Nguyen Xuan Hai, Expert, General Department, Vietnam Chamber of Commerce and Industry, Hanoi

Mr. Vu Tung, Vietnam Chamber of Commerce and Industry (VCCI), Hanoi

Mr. Tran Dinh Toan, Vietnam Chamber of Commerce (VCCI), Hanoi

Mr. Nguyen Minh Son, Chief, Information Officer Information Center, Vietnam Chamber of Commerce (VCCI)

and Industry

of Business and Industry

SPECIALIZED AGENCY

International Telecommunication Union ITU

Ms. Eun-Ju Kim, Senior Advisor, (ITU) Regional Office for Asia and the Pacific, Bangkok

189

INTERGOVERNMENTAL ORGANIZATION

Asia-Pacific Telecommunity (APT) Programme Coordinator,

Mr. Robledo M. Salvador,

The Asia-Pacific Telecommunity, Bangkok

Mr. Kim Hak-Su

Ms. Keiko Okaido

Mr. S. Thampi

Mr. Daewon Choi

Mr. Xuan Zengpei

Mr. G.M. Fedorov

Mr. S.R. Din

Mr. Ram S. Tiwaree

SECRETARIAT

Executive Secretary

Deputy Executive Secretary

Principal Officer

Special Assistant to the Executive Secretary

Chief, Information, Communication and Space Technology Division

Chief, ICT Policy Section, Information, Communication and Space Technology Division

Economic Affairs Officer, ICT Policy Section Information, Communication and Space Technology Division


Ms. Maria Margarethe van Doodewaard & Strategies,

Regional adviser on ICT Policies

Information, Communication and Space Technology Division

190

Mr. Rodolfo Noel S. Quimbo Consultant, ICT Policy Section, Information, Communication and Space Technology Division

Ms. Anchalee Charnsupharindr Officer-in-Charge, a.i. Administrative Services Section

Mr. Christian de Sutters Chief, Conference Services Section Administrative Services Section

A.2. PROGRAMME

Monday, 29 September 2003

0930- 1000 hrs. Registration of participants

1000-1010 hrs.

1010-1030 hrs.

1030-1045 hrs.

1045-1100 hrs.

Opening remarks Dr. Xuan Zengpei Chief, Information, Communication and Space Technology Division, ESCAP

Election of officers Adoption of the agenda

Coffee break

Balancing sustainable development and ICT private sector development: The pros and cons of e-business from a development perspective Ms. Maria Margarethe van Doodewaard Regional Advisor on ICT Policies and Strategies Information, Communication and Space Technology Division, ESCAP

191

1100-1200 hrs.

1200-1300 hrs.

1300-1345 hrs.

1345- 1430 hrs.

1430-1445 hrs.

1445-1530 hrs.

Tuesday, 30 September 2003

0930-1015 hrs.

1015-1100 hrs.

1100-1115 hrs.

1115-1200 hrs.

1200-1300 hrs.

1300-1400 hrs.

Overview of information technology/electronic business as an emerging worldwide medium of information and commerce Mr. Rodolfo Noel S. Quimbo Consultant, Information, Communication and Space Technology Division, ESCAP

Lunch

IT/eBusiness status and challenges in GMS countries Country paper, Cambodia

Country paper, China (Yunnan Province)

Coffee break

Country paper, Lao People’s Democratic Republic

Country paper, Myanmar

Country paper, Thailand

Coffee break

Country paper, Viet Nam

Lunch

Model Laws and “Best Practices” Mr. Rodolfo Noel S. Quimbo Consultant, Information, Communication and Space Technology Division, ESCAP

192

1400-1500 hrs.

1500-1515 hrs.

1515-1545 hrs.

Presentation and discussion on draft ePrimer Mr. Rodolfo Noel S. Quimbo Consultant, Information, Communication and Space Technology Division, ESCA P

Coffee break

Harmonization of cyberlaws in the GMS Dr. Roland Amoussou-Guenou Visiting Lecturer, School of Management, Asian Institute of Technology

1545-1630 hrs. Recommendations

Wednesday, 1 October 2003

Morning: Preparation of the draft report

Afternoon: Adoption of the draft report and closing session

193

11. SUMMARY REPORT OF THE REGIONAL TRAINING WORKSHOP ON INFORMATION

TECHNOLOGY ENABLING LEGAL FRAMEWORKS FOR THE GREATER MEKONG SUBREGION, BANGKOK,

9-12 FEBRUARY 2004

ORGANIZATION OF THE MEETING

The Regional Training Workshop on Information Technology Enabling Legal Frameworks for the Greater Mekong Subregion (GMS) was held at Bangkok on 9 to 12 February 2004.

Attendance

The meeting was attended by the representatives of the following countries, Cambodia, Yunnan Province of China, the Lao People’s Democratic Republic, Myanmar, Thailand and Viet Nam.

List of participants is enclosed in Annex B. 1.

Opening of the session

The meeting was called to order by Mr. Xuan Zengpei, Chief, ICSTD who extended a warm welcome to the representatives of the six GMS countries. He mentioned that the meeting had been organized to serve as a follow-up to the Regional Seminar which was held in September 2003 and in which participants from the GMS countries provided important inputs on the legal situation governing electronic business and commerce in their respective countries. On the basis of what transpired, the E-Business Primer had been finalized to be extensively used to help the participating countries define and determine their requirements for shaping e-business legislation and address such complex issues as: contract validity and enforceability, jurisdiction, privacy, consumer protection, security of transactions, intellectual property, and online fraud in a more indepth and pragmatic manner.

It was now well recognized that electronic business and commerce were important vehicles for promoting the participation of developing

194

countries in global business, commerce and development. Yet, a number of prerequisites for creating an environment conducive to the development of electronic business and commerce needed to be met and included: (a) a modern telecommunication infrastructure, by means of which electronic business and commerce could take place; (b) a supportive information infrastructure, involving the acquisition and development of the appropriate software and other information products which contributed to the backbone of global electronic communications; (c) a human resource infrastructure and the education of the business community as to the benefits and potential uses of electronic business and commerce, as well as the training of the workforce to take advantage of those benefits; and, (d) a legal and policy infrastructure which was conducive and supportive of electronic business, and which was the focus of the training workshop.

The first major point that emerged was that of minimal legislation: Governments should not over-regulate; the concern was that attempts to control, restrain or channel electronic commerce developments would hamper the ability of business to adopt those technical applications that are best for their activities, prevent innovation in terms of both technology and business implementation models, and hamper the development of the market place. In addition, it has become accepted that any legislation should be technology-neutral: that to the extent possible all modes of electronic communication and authentication should be recognized and supported. Although the theme of “technology neutrality” was heard most often in the debates surrounding the legal effect of electronic and digital signatures, the concept was a broader one: the law should not, through the adoption of rules peculiar to one type of technology, block innovation and preclude development of newer methods. A further related concern frequently articulated was that of party autonomy: the parties involved in electronic commerce should be able to determine, between themselves, the rules and standards applicable to their business relationship.

Over the years, numerous legal issues had been identified by various bodies as crucial in the evolution of electronic business and commerce. Indeed, WTO’s list included security, privacy, taxation, access, trade facilitation, public procurement, intellectual property, content regulation, and the legal framework for Internet transactions.

195

Not all of the identified issues were of the same nature or importance if the goal was elimination of barriers to foster electronic e-business and commerce. Some of these issues, including privacy, informational content, and consumer protection issues, were directed more to the protection of the public interest than support and facilitation of electronic business. In addition, there was currently no consensus either within countries or internationally on a common approach in these areas. In other areas, the issues were more of policy than of law. For example, while it was important to consider the impact of the tax regime of a country on the willingness of people to do business there, electronically or by traditional means, the choice of tax regimes was not primarily a legal one. There was, however, an emerging consensus on how these tax issues should be addressed which was similar to the approach taken on other issues, and that is, not to take steps to tax or regulate that were in any way different from the current approach to business and trade.

The key for developing countries of the ESCAP region was to identify: (1) those areas in which an international consensus had emerged on how to treat electronic business and commerce issues; (2) those areas where domestic action was absolutely necessary to foster an environment favourable to electronic business and commerce; and (3) those areas where it was possible for developing countries to resolve the legal issues in an expedite manner. If a particular area fell into those categories, then it would appear to be expedient to act with respect to that particular issue. However, as things had stood, the current legal frameworks were mainly inadequate to govern e-transactions in the GMS countries. Except in Thailand, which had adopted an E-transactions Act in 2001, issues such as the legal validity of electronic contracts, the acceptability of electronic documents in transaction, digital signatures, data and privacy protection, copyright and intellectual property protection as well as cyber-crimes were absent in the legal and regulatory environment of most of the GMS countries. To meet the challenges of current situation, it was noted that UNCITRAL had produced a Model Law which was minimalist in approach, represented an international consensus, was adaptable to countries with different legal traditions, and perhaps offered a way to the “soft harmonization” of cyberlaws among the GMS countries.

196

It was, therefore, hoped that the training workshop would prove useful to the participants of GMS countries in their examination of those elements of a legal structure which were critical components of a vibrant economic marketplace - whether in cyberspace or otherwise. As the global electronic marketplace was here to stay, the challenges for the GMS countries was to ensure that they became active and equal participants.

Conduct of meeting

The meeting was conducted by the secretariat with the assistance of Mr. Rudy Quimbo, ESCAP consultant.

TECHNICAL ISSUES

Tentative Programme

The Tentative Programme is given in Annex B.2.

E-Business Primer

The E-business Primer is a guide designed to help entrepreneurs in the GMS. It provides a detailed description of the e-business concept and the different issues that surround the conduct of business in the information age.

In the overview, key concepts are defined and discussed in detail to provide entrepreneurs or policy makers a better grasp of the many interrelated topics that come into play when e-business is conducted.

When the key concepts are adequately explained, the primer proceeds to show the importance of having a legal framework within which e-business can operate. It explains that without a legal framework, there is uncertainty as to how electronic documents or electronic contracts will be treated, given that most laws are drafted in a paper-based world. In this section, the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce is presented as standard when other nations would choose to adopt their own e-commerce laws.

197

Problems that arise as a result of questions in jurisdiction and possible conflict of laws are then presented to highlight the need to be aware of the existing law and regulations that would apply to ones business. It cautions businessmen to make sure that they are well versed in the local laws of the areas where they wish to set up their web presence.

Another important component of the Primer is the discussion on trade secrets and intellectual property rights. As ideas in themselves become commodities in an information economy, the possession and safeguarding of ideas become crucial. In this section, the concept of secrets, business methods patent and intellectual property rights, as well as their protection from theft and misuse are discussed at length.

Because businesses cannot exist without their addresses, the primer also discusses domain names and their importance in providing proper identification to online businesses. This section provides a detailed description of the different levels of domain names, domain name registration and the disputes that arise out of the registration of similar domain names. Famous domain name disputes and how they were resolved are given here as examples.

Aside from legal and regulatory issues, entrepreneurs must also be made aware of other critical issues that prevent e-business from realizing its full potential. Here, issues that affect third world countries such as infrastructure, PC penetration, culture, etc. are presented.

The other barriers to e-business growth - consumer trust and cyber-crimes - are then discussed in great detail. The primer states that for e-business to succeed, it is important to build consumer trust and confidence by protecting consumer privacy. But this becomes difficult as there are those who have elevated their nefarious activities into cyberspace. Cyber-crimes, thus pose a problem not only to victims and would be victims but also to authorities. In this section, the different types of cyber-crimes and the efforts being done to address them are presented.

Towards the end, the primer looks at the emerging consensus between nations and discusses at the differences and similarities between the e-commerce laws of Singapore, Thailand, and the Philippines. The

198

primer illustrates that while there may be difference in the laws of the three countries, these differences may be considered minor as these laws have used the UNCITRAL Model Law as their basic working document and thus paved the way for the legal recognition of electronic documents and electronic signatures in the three states. Also in this section, useful tips are provided to guide e-entrepreneurs when they start doing business online.

Lastly, the primer covers the current state of things in GMS countries with regards to e-business development. It provides a quick picture of the IT readiness of GMS countries and the challenges that the GMS needs to address in order for e-business to fully take off in the subregion. The meeting arranged for a break-out session where each of the participating GMS countries used the UNCITRAL model law to identify issues relevant to the drafting of their respective country c yberlaws.

Towards a Legal Framework for e-business in Cambodia, China (Yunnan Province), Lao People’s Democratic Republic, My anmar, Thailand and Viet Nam

The rapid development of e-business as a mainstream reality has made it difficult for some territories to catch up. Thus, while e-business continues to grow worldwide, countries such as those in the Greater Mekong Subregion (GMS) like Cambodia, China (Yunnan Province), Lao People’s Democratic Republic, Myanmar, Thailand and Viet Nam are still finding the methods, means and approaches of adopting e-business into a mainstream activity. This study aims to help GMS countries define and determine their requirements for shaping appropriate e-business legislation that would address such complex issues as contract validity and enforceability, jurisdiction, privacy, consumer protection, security of transactions, intellectual property, and online fraud.

Common barriers or impediments inhibiting the introduction and integration e-business in the GMS include the lack of human resources possessed of technical skills in both technology and business models, and insufficient infrastructure like computers and networks. The absence of a legal framework is a major deficiency that effectively denies the market itself in taking the initiative in adopting e-business as a regular activity.

199

The absence of a specific legal framework for e-business has been identified as a significant barrier to the rapid growth of e-commerce and, consequently, e-business. For one, this is because laws on contracts and other legal instruments were developed in a paper based-world. They require written, signed or original documents. Such is not the case in e-business transactions where electronic data or documents or digitally signed contracts may make up the whole transaction.

Legal policies, processes and systems must therefore be developed, implemented, maintained and updated to ensure that this medium of information and commerce will continue to grow and achieve mainstream acceptability.

Using the UNCITRAL Model Law on e-commerce and those enacted by the Philippines, Thailand and Singapore as “models”, the study hopes to serve as a guide for GMS governments (when they draft their own laws on e-commerce or e-business) in avoiding inconsistency of commercial codes among countries and in addressing legal concerns such as:

1. Legal recognition and enforceability of online transactions. A key component in any e-commerce legislation is the granting of legal recognition and protection to electronic documents and electronic signatures, in a manner and in the way which would be the same as that in paper-based contracts. For then, courts of law will be duty-bound to accept electronic documents as evidence, once satisfied that the documents have met the requirements established by law for acceptability, and to rule on any dispute.

2. Jurisdiction and conflicts of law. While not anymore a novel legal issue or something peculiar to the online economy, courts continue to grapple with the application of the legal concept of jurisdiction to a growing number of transactions concluded online. Due to the global nature of the Internet, it is important to establish which law governs a contract formed and concluded online. Without an express choice of governing law, complex issues can arise. The various rules used in the United States are thus presented as illustrations or examples on how GMS countries can resolve this ticklish issue.

200

3. Consumer protection and privacy. The need to protect the rights of the online consumer is perhaps of greater necessity than in the traditional marketplace for the opportunity for mischief is made easier by anonymity. Thus, a law which has for its purpose the protection of the rights and privacy of the consumer in electronic transactions must be such as would provide transparent and effective consumer protection that is not less than the level of protection afforded in other forms of commerce. The OECD Guidelines for Consumer Protection would serve as an important aid in achieving or enhancing this legal issue.

4. Encryption and security in online transactions. Security in online transactions is of high importance because in an open network, such as the Internet, information that flows is open to all who have access to the system. The OECD Guidelines for Security of Information Systems are both informative and instructive and thus included in the study.

5. Intellectual Property. The borderless character and nature of the Internet, particularly electronic commerce, has inevitably raised questions regarding the continued applicability of traditional legal systems in the enforcement of intellectual property laws. Given the capabilities and characteristics of digital network technologies, electronic commerce can have a tremendous impact on the system of copyright and related rights, and the scope of copyright and related rights in turn can have an effect on how electronic commerce will evolve. If legal rules are not set and applied appropriately, digital technology has the potential to undermine the basic tenets of copyright and related rights. On these, two vital and important WIPO treaties and the Berne Convention are included as possible models for legislation.

6. Fraud. Laws that recognize and give legal validity to electronic documents, signatures, and those contracts entered into electronically contribute to the creation of an atmosphere of business confidence. However, the consumers at large need also to be protected from unscrupulous persons who take advantage of cyberspace in order to perpetrate fraud upon the innocents.

7. Cyber-crimes. The Internet has the potential to be one of mankind’s greatest achievements. Telecommunications, banking

20 1

systems, public utilities, and emergency systems do- and in our region, could rely on the network. But there are those who use it to inflict harm on others. In the short life of the Internet, we have already seen a wide array of criminal conduct. Although it is often difficult to determine the motives of these digital outlaws, the result of their conduct threatens the promise that the Internet offers by reducing public confidence and consumer trust in the whole system. But beyond legislation, there must be adequate resources provided to law enforcement agencies so that these agencies possess the necessary tools, equipment, and know-how necessary for the successful defense of their country’s network systems from cyber-attacks.

Concluding the study are recommendations on how GMS countries can best legislate and craft legal policies for online commerce, as well on the need to increase or enhance access to the internet, to develop and train a large pool of people trained to handle and deal e-commerce and e-business activities, raise consumer and business awareness, and as to how best the government can define its role in a rapidly evolving and growing Internet economy.

Other Presentations

CAPACITY-BUILDING ASIAN-PACIFIC INSTITUTIONS THROUGH OPEN-SOURCE SOFTWARE

by Mr. David Hastings, Geographic Information Systems Officer, Information, Communication and Space Technology Division

The open-source (www.opensource.org) and free software (www.gnu.org) initiatives have become increasingly popular and dynamic over the past decade. They protect intellectual property through copyright, yet also foster sharing of distributed design, development, bug-fixing, training, other support, development of add-on products, etc. Beyond the claims that some others have, it can be noted that open-source is a major potential contributor to capacity-building in Asian countries, especially developing countries. Open-source software is often more friendly to older computers. It often runs fully on older, slower hardware, with less stringent memory requirements, than the

202

latest versions of proprietary closed software. Thus the user with an older machine is not required to upgrade so often. This is a benefit to organizations, especially in developing countries, with minimal computing budgets who still want adequate functionality. Also one often only needs to acquire one copy (often free on the Internet, or cheap on CD-ROM) for installation on an unlimited number of computers with full permission of the developer/vender. An example of such software in the field of geographic information systems was given.

NECTEC PRESENTATION ON THAI INFORMATION TECHNOLOGY LEGISLATIONS

by Ms. Surangkana Wayuparb, Chief of IT Laws,

the Electronic Transactions Commission Secretariat, National Electronic and Computer Technology Center

In presenting the Thai Information Technology Legislation, an overview was provided on Internet developments in Thailand alongwith ICT indicators and promotion schemes in the country; the various information technology laws; and their enforcement. It was mentioned that NECTEC has been working on issues relating to electronic commerce in three main areas: developing the electronic commerce framework for Thailand, drafting six IT laws, and drafting technical specifications and recommendations. The National Information Technology Committee (NITC) whose main responsibility is to oversee Information Technology development in Thailand assigned NECTEC to develop an electronic commerce framework suggesting the roles and responsibilities of government agencies. One of the objectives of the plan is to facilitate private sector involvement in evolving domestic and international electronic commerce arenas. Parallel to the development of the framework, NECTEC - under the mandate of NITC - is drafting six IT laws, which are Electronic Transactions Law, Electronic Signatures Law, Electronic Fund Transfer Law, Computer Crime Law, Data Protection Law, and National Information Infrastructure Law. The six laws will serve as an infrastructure for doing electronic commerce and enhance confidence among the members of the electronic market place while providing rules and etiquette for

203

fair play. Voluntary participation and members of government agencies, the private sector, educational institutes and independent research centres, and civil society are assisting in providing inputs to draft IT technical recommendations and standards. TIS-620 to be used for Thai characters and the registration of the character set with the Internet Assigned Number Authority (IANA) enables web browsers to display the Thai language properly. NECTEC has also played a major role in setting up Thailand’s national EDI service provider: TradeSiam.

Furthermore, NECTEC has played a major role in developing recommendations for smart card and PKI implementations in Thailand. The recommendations will help stimulate the widespread use of smart card and public key technology, which are the key technologies enabling trust among electronic commerce players.

Closing session

The participants were awarded Certificates of Attendance for their successful completion of the training workshop during the closing session on 12 February 2004.

204

ANNEX B

B.l. LIST OF PARTICIPANTS

CAMBODIA

Mr. Seng Ho Diep, Chief Executive Officer, Computer Plus OA Group Company Limited, 787-789 Preh Monivong Blvd. Phnom Penh, Cambodia, Tel/Fax: 855- 12-8 12 286; e-mail: sengdiep @ hotmail.com

Ms. Sotheavy Sok, Administrative Supervisor, Cambodia Chamber of Commerce, Villa No. 7B, the corner of Road No. 81 & 109, Sangkat beung raing, Khan Daun penh, Phnom Penh, Cambodia, Tel: 855-23- 212 265; Fax: 855-23-212 270, e-mail: [email protected], ppcc@ bigpon.com.kh

Mr. Dararith Om, Chief of Commercial Law Office, Ministry of Commerce, No. 20 A&B, Narodom Blvd. Phnom Penh, Cambodia, Tel: +855-11-813 913; e-mail: [email protected]

CHINA

Mr. Yin Yonglin, Division Chief, Department of Commerce of Yunnan Province of China, Foreign Trade Building, 175 Beijing Road, Kunming, Yunnan, China, Tel: +86-87 1-3 13 1586; Fax: +86-87 1-3 16 2549; e-mail: ynyonglin @ yahoo.com

Ms. Zha Wenhong, Principal Staff Member of Liaison Department of Yunnan Provincial Chamber of Commerce, No. 3 Chongreng Street, Kunming City, Yunnan, China, Tel: +86-87 1-363 1832; Fax: +86-87 1- 363 4229; e-mail: yccllc @hotmail.com

Ms. Pan Lihong, Vice General Manager of Kunming Univwell Information System Co., Ltd., 14 F Huayi Square, No. 387 Qing Nian Road, Kunming City, Yunnan, China, Tel: +86-87 1-3 15 6660; Fax: +86-871-3 10 0525; e-mail: [email protected]

205


Mr. Kingphet Bannavong, Information Technology Officer, Lao National Chamber of Commerce and Industry, Sihom Road, Ban Haisok, Vientiane, Tel: 856-21 -21 9223; e-mail: laocci @laotel.com

856-2 1-2 19 223-4; Fax:

Mr. Daovone Phachanthavong, Vice President, Lane Xang Internet Co., Ltd., 10/2 Manthaturath Road, Vientiane, Lao People’s Democratic Republic, Tel: +856-2 1-2 18 060; Fax: + 856-2 1-2 15 274; e-mail: phachanthavong @ yahoo.com

Mr. Sornpheth Douangdy, Deputy Chief of Division, Law Research Center, Ministry of Justice, P.O. Box 08, Lanexang Avenue, Patouxai Square, Vientaine City, Lao People’s Democratic Republic, Tel: +856- 21-452 359; Fax: +856-21-414 102; e-mail: sornpheth@ yahoo.com

MYANMAR

Mr. Myint Soe, Assistant Director, Directorate of Trade, Ministry of Commerce, 228-240 Strand Road, Yangon, Myanmar, Tel: +95 1 - 377600; Fax: +95 1-253028; e-mail: [email protected]

Ms. Khin Mya Mya Htway, Staff Officer, Department of Border Trade, Ministry of Commerce, 19/43 Bosunpat Street, Yangon, Myanmar, Tel: +95 1-2520 16/2520 18; Fax: +95 1-379638; e-mail: btdhq 0 mptmail .net.mm

THAILAND

Ms. Vasoontara Chatikavanij, Director of Technical and Economic Cooperation Programme, Loxley (PLC) Co., Ltd., 102 Na Ranong Road, Klong Toey, Bangkok 101 10, Tel: +66-2-240 3000; Fax: +66-2-240 3286; e-mail: [email protected]

Mr. Pisai Piriyastit, Trade Officer, Bureau of Multilateral Trade Negotiations, Department of Trade Negotiations, Ministry of Commerce, 44/100 Thanon Sanam Bin-Nahm, Bang Krasor, Nonthaburi 11000, Tel: 66-2-507 7238; Fax: +66-2-547 5614; e-mail: [email protected]

206

Ms. Onanood Phadoongvithee, Trade Officer, Electronic Commerce Division, Department of Business Development, Ministry of Commerce, 44/100 Thanon Sanam Bin-Nahm, Bang Krasor, Nonthaburi 11000, Tel: +66-2-547 5960; Fax: +66-2-547 5973; e-mail: onanoodp@ thairegistration.com

VIET NAM

Mr. Nguyen Vu Kien, Deputy Director, Business Information Center, Vietnam Chamber of Commerce and Industry (VCCI), International Trade Center, 9 Dao Duy Anh Str, Hanoi, Viet Nam, Tel: 84-4-574 2022; Fax: 84-4-574 2020, 574 2030; e-mail: vcci@ fmail.vnn.vn

Mr. Tran Chi Dung, Deputy Chief of Vietnam Chamber of Commerce and Industry (VCCI), No. 9 Dao Duy Anh, Hanoi, Vietnam; Tel/Fax: +84-4-574 2022 ext. 249; e-mail: dzungtc @ yahoo.com

Mr. Nguyen Son Tung, Director, Tinh Van Company Limited, 371 Kim ma Street, Ba dinh District, Hanoi, Viet Nam, Tel: +84-4-771 5737; Fax: +84-4-77 1 5738; e-mail: tungns @ tinhvan.com

Ms. Nguyen Huong Thi Thu, Senior Specialist in E-Commerce, Ministry of Trade, 31 Trang tien, Hanoi, Viet Nam, Tel: +84-4-826 2538 ext: 1040; Fax: +84-4-826 4696; e-mail: thuhuong @ mot.gov.vn

RESOURCE PERSONS


Ms. Surangkana Wayuparb Head of Project Electronic Transaction Commission Secretariat National Science and Technology Development Agency NECTEC

207

Mr. Aditep Chairungruang Project Analyst National Science and Technology Development Agency NECTEC

Mr. Winai Thanprachertkul Assistant Researcher National Science and Technology Development Agency NECTEC

Mr. Xuan Zengpei

Mr. G.M. Fedorov

Mr. S.R. Din

Mr. Ram S.Tiwaree

Mr. Youngjin Choi

Ms. Ja-Kyung Yoo

SECRETARIAT

Chief, Information, Communication and Space Technology Division

Chief, ICT Policy Section, Information, Communication and Space Technology Division



Expert on Information & Communication Technology Information, Communication and Space Technology Division

Chief, ICT Application Section Information, Communication and Space Technology Division

208

Mr. Wu Guoxiang

Mr. Nokeo Ratanavong

Mr. David A. Hastings

Mr. Cihat Basocak

Chief, Space Technology Applications Section Information, Communication and Space Technology Division

Scientific Affairs Officer, STA Section Information, Communication and Space Technology Division

Geographic Information Systems Officer, STA Section Information, Communication and Space Technology Division

Geographic Information Systems Officer, STA Section Information, Communication and Space Technology Division


Mr. Peter van Laere Chief Administrative Services Division

Mr. Christian de Sutters Chief Conference Services Section Administrative Services Division

Mr. David Lazarus Chief United Nations Information Services

209

B.2. PROGRAMME

Monday, 9 February 2004

0900-0930 hrs.

0930-0940 hrs.

0940-0950 hrs.

0950-1015 hrs.

1015-1030 hrs.

1030-1115 hrs.

1115-1200 hrs.

1200- 1300 hrs.

1300-1400 hrs.

1400- 1500 hrs.

1500-1515 hrs.

1515-1600 hrs.

Registration of participants

Opening remarks Mr. Xuan Zengpei ChieJ; Information, Communication and Space Technology Division

Introduction of participants

Overview of objectives and expectation setting'

Coffee break

Internet as a new tool for conducting business

Security in online transactions - The role of digital signatures, PKI and certificate authorities

Lunch

Encryption and online security

Electronic payment systems and e-business

Coffee break

Types of e-business - how it levels the playing field

All substantive sessions were conducted by Mr. Rodolfo Noel S. Quimbo, Consultant, Information, Communication and Space Technology Division, ESCAP.

210

Tuesday, 10 February 2004

0900-0930 hrs.

0930-1030 hrs.

1030-1045 hrs.

1115-1200 hrs.

1200-1300 hrs.

1300- 1345 hrs.

1345-1415 hrs.

1415-1500 hrs.

1500-1515 hrs.

Recap of previous day

Online contracts

Coffee break

Jurisdiction in cyberspace

Lunch

Conflict of laws

Ideas, trade secrets, and intellectual property rights

Open-S ource Software M E David Hastings Geographic Information Systems Oficer Information, Communication and Space Technology Division

Coffee break

1515-1600 hrs. Domain names

Wednesday, 11 February 2004

0900-0930 hrs. Recap of previous day

0930- 1030 hrs.

1030-1045 hrs.

1115-1200 hrs.

1200-1300 hrs.

1300-1445 hrs.

Practical issues for e-business growth in developing countries

Coffee break

Gaining consumer trust

Lunch

C yber-crimes

211

1445-1500 hrs. Coffee break

1500-1600 hrs.

Thursday, 12 February 2004

Tips for e-business success

1000- 1 200 hrs.

1200-1300 hrs.

1300-1415 hrs.

1415-1515 hrs.

1515-1530 hrs.

1530-1600 hrs.

1600- 1630 hrs.

Presentation by NECTEC

Lunch

UNCITRAL model law on e-commerce

Workshop on drafting of country laws

Coffee break

Presentation of outputs

Closing session and award of Certificates of Attendance

212