The growth and potential of electronic commerce have recently captured the attention of businesses, consumers, journalists and government officials, and the topic is now high on the policy agenda of many OECD Member countries. While its place in the spotlight is new, electronic commerce has existed for some time. It is the Internet, with its open, non-proprietary standards which exploit the existing communications infrastructure, that is behind the change and plays an important role in fuelling the growth of electronic commerce. Developments in global network technologies and graphic-based Internet applications make transmission of all kinds of digitised data fast, cheap and simple, at a time when public consumption of computer technologies is increasing.
This environment offers lower barriers to entry for electronic commerce. Today, for a few thousand dollars, anyone can become a merchant and reach consumers throughout the world. As a result, electronic commerce has expanded from business-to-business transactions between known parties to a complex web of commercial activities which can involve vast numbers of individuals, many of whom may never meet. By virtue of the Internet's architecture, electronic commerce was "born global" --geographical and political boundaries mean little in this networked environment. Because electronic commerce provides a fundamentally new way of conducting commercial transactions, it has potentially far-reaching economic and social implications for many facets of life, including, the nature of work, the role of governments, and even the environment. Looking more narrowly at the world of commercial transactions, it is clear that accepted ways of doing business will be profoundly modified: traditional intermediaries will be replaced, new products and markets will be created, new and more direct relationships will be forged between businesses and consumers. These changes require new procedures for conducting business and a questioning both of the effectiveness of government policies pertaining to commerce and of traditional commercial practices and procedures, most of which were formed with a much different image of commerce in mind.
Many of these policies and practices can act as barriers to the full realisation of electronic commerce. Although the issues tend to overlap, four areas seem to require attention: ensuring access to the information infrastructure, building user and consumer trust in information systems and electronic transactions, minimising regulatory uncertainty in the new electronic environment, and easing logistical problems for payment and delivery. The inherently global nature of today's network environment challenges the ability of national governments to address these issues on their own. In fact, unco-ordinated, inconsistent national policies for electronic commerce, no matter how well-intentioned, could be worse than no action at all, and it is generally agreed that an internationally co-ordinated approach is needed. Electronic commerce and the policy issues it raises have been the topic of a number of international meetings, most notably the G7 Ministerial Conference on the Information Society held in Brussels in February 1995, and the Ministerial Conference on Global Information Networks held in Bonn in July 1997. The OECD seeks to build on this momentum both through the conference in Turku, Finland, "Dismantling the Barriers to Global Electronic Commerce", and through the follow-up conference scheduled for October 1998 in Ottawa, Canada, "The Borderless World: Realising the Potential of Global Electronic Commerce". The OECD conferences have the following objectives:
first, to identify major policy problems, their potential solutions, and organisations able to develop and implement them;
second, to take stock of the initiatives currently under way and contribute to ensuring consistency and effective co-ordination among them;
third, to develop a consensus between business and government as to some of the guiding principles that will constitute a framework for electronic commerce policies.
The orchestration of this work could begin with the Turku Conference and be agreed and established in Ottawa. This document offers a basis for this work. First, it identifies and discusses the main barriers to the realisation of electronic commerce that currently exist. Second, it catalogues present efforts to address these issues (see Appendix). While exhaustive coverage of all these issues is impossible at this early stage in the development of electronic commerce, it is important to examine as many as possible. They are, by design, presented at a rather general level in order to be able to observe the interaction among them and to avoid concentrating on those that may appear central today but which, in this constantly evolving environment, may soon be displaced by others. The potential of electronic commerce Electronic commerce shrinks the world of business: low transaction costs, low barriers to entry, and improved access to information. The intense interest in electronic commerce's economic impact is linked to the fundamental fact that it shrinks the economic distance between producers and consumers. Consumers can go directly to producers without the need for traditional retailers, wholesalers and, in the case of intangibles, distributors. While new intermediaries are needed (e.g.network access providers, electronic payment systems, and services for authentication and certification of transactions), such services are far less labour-intensive than traditional intermediaries and do not require a specific geographic location. In general, electronic commerce succeeds in moving economic activity closer to some of the ideals of perfect competition: low transaction costs, low barriers to entry, and improved access to information for the consumer. It may significantly lower prices while improving quality. Because it is a new way of conducting business, it may be a significant source of new products, jobs, and economic growth. Two years ago, who would have thought that in 1997 consumers would be spending over $100million to connect to the Internet and an additional $50million to play online games? Business-to-business transactions dominate a market expected to grow by a factor of10 by the year 2000. Consumers largely purchase services and intangibles. Although today's embryonic electronic commerce market is relatively small in comparison to other types of commerce, nearly all analysts predict growth by a factor of ten by the year2000. Even so, it will still be a relatively minor part of most economies --about the size of mail order catalogue sales in the United States. To date, it has penetrated sectors unevenly. While much media attention has focused on on-line merchants selling books, wine and computers to consumers, the available data suggest that the biggest e-commerce market involves businesses supplying products to other businesses, where transactions of just a few firms exceed all estimates of the business-to-consumer market. Consumer sales today are dominated by services and intangibles: travel and ticketing services, software, entertainment and financial services. This makes intuitive sense, given the convenience of electronic commerce for products that cannot be physically examined or those that consumers already purchase remotely. More generally, the digital nature of e-commerce effectively standardises transactions, making the information contained in them a commodity in its own right and vastly increasing opportunities for storing, searching and manipulating it. Healthcare, finance, education, and government services are likely to be affected. For these sectors, and for other intangible products such as audio, video, information services, real estate services, and some business services, the economic impact of e-commerce may be great and relatively swift. Further out, any easily digitised economic activity --including health, finance, education, and many government services-- will be affected. Analytical work on the impact of electronic commerce is just beginning. It should be encouraged, so that decision makers in business and government can better understand its role in the economy.
Points for discussion: What are the areas in which the economic impact of electronic commerce is greatest? How can their economic implications best be assessed?
Barriers to electronic commerce It offers opportunities for taking a new look at commerce policy and legal regulations.... What makes electronic commerce unique and attractive also fits uneasily with many of the policies and much of the behaviour that traditionally govern commercial transactions. In brief, while the attributes of the Internet enable electronic commerce, they also hinder its growth for reasons as varied as lack of trust, uncertainty about the regulatory environment, gaining access, and logistical problems. Yet, because the revolution in information and communication technologies enables electronic commerce, it also makes possible a new perspective on policy formation: top-down, prescribed legal regulations are not the only approach to an environment where new technologies allow greater self-regulation and market-based solutions. Reliance on self-regulation, entrepreneurial ingenuity, and the power of technology have fostered the development of the Internet, and it has defied predictions about its ability to scale up to serve user demand. However, it may be necessary to place self-regulatory approaches within a legal framework to ensure enforcement and implementation. ...but achieving a good balance between self-regulation and a legal framework will not be easy. Care must be exercised not to over-regulate electronic commerce. In its present embryonic state, overly restrictive regulations could stifle innovation and retard growth. At the same time, measures to promote confidence are needed. Rightly or wrongly, a few well-publicised incidents have cast it as a Wild West of roaming bandits, immorality, little governance, and an unreliable infrastructure. While certainly an exaggeration, this image, if left to persist, is likely to mean that mainstream consumers and businesses will not widely adopt e-commerce. Some rules or principles may have to be established while electronic commerce is still limited and few vested interests have established themselves. Access to and use of infrastructure First, users need access to network infrastructure. Before users can engage in on-line commercial transactions, they must be able to access and use the network infrastructure. This includes access to information technologies such as computers, servers and software, as well as to the network itself, which is composed of a number of different infrastructures: fixed-line communications, cable TV, cellular mobile networks, satellites, broadcasting networks and even electricity distribution networks. The constant and rapid decline in prices and improved information technologies have promoted their widespread diffusion. Recent WTO agreements to reduce tariffs on many of these products further fuel this phenomenon, as will the implementation of bilateral mutual recognition agreements on product testing and conformance standards.
Even so, further hardware and software innovations are needed to create a wide variety of devices so that access is not a function of income, location, price, or specialised skills, and computing becomes truly ubiquitous. Regulatory structures will affect how service providers and users access and use communication infrastructures... A more pressing issue is the fact that regulatory structures in most OECD countries limit market access. Although this is changing with the liberalisation of telecommunications, regulations are likely to remain in place during the transition from monopoly to competitive market structures and influence the framework in which service providers and users access and use communication infrastructures for electronic commerce applications and services. ...yet the network is ill-suited to current demands and needs to evolve. This is worth emphasising because the current network is poorly suited to the task at hand. In the words of the out-going chairman of the US Federal Communications Commission, Reed Hundt, "We need a data network that can easily carry voice; instead what we have today is a voice network struggling to carry data."(1) In particular, three aspects of the voice system need to evolve to serve the new data needs generated by electronic commerce.
Developing infrastructure capacity requires competition... Infrastructure capacity. Regulatory structures provide the market framework and incentives or disincentives to expand infrastructure capacity. At present, most households or business customers are connected to communication networks via a pair of copper wires, called the local loop, which is part of the public switched telecommunication network (PSTN). The speed of local loops and related total network capacity is likely to play a crucial role in how fast electronic commerce applications develop, diffuse through the economy, and are accepted by the public. This is because sophisticated electronic commerce applications will need to rely on relatively high-speed, high-bandwidth data transfers of sufficient quality for services, the because the development of that bandwidth largely depends on the existence of sufficient competition in the communications market. ...to allow the development of generic networks... Network convergence. As forms of communication become increasingly digital, allowing the development and integration of generic networks able to provide and support all types of applications, including entertainment, voice telephony, and electronic commerce will be key to expanding network capacity. Such convergence will be fundamental in shifting from regulatory structures and regulations that are specific to broadcasting and telecommunication markets and towards frameworks that emphasise open access to networks for all services. Network and service providers would then be subject to fewer regulatory restrictions than at present. ...and offer choices at the level of the local loop. The local loop. Local telephone tariffs currently account for more than 60 per cent of the average total cost of Internet access across the OECD (Figure1). Infrastructure competition that puts pressure on prices and encourages innovation in pricing will largely depend on allowing competition between different network technologies to stimulate local loop competition. This will ensure that users and service providers have a choice in how they access electronic commerce applications or obtain access to their customers. However, incumbent operators have significant market power because of their near universal access to households and to most businesses. Regulatory safeguards are therefore necessary to ensure that new entrants face a level playing field as they develop their infrastructure and build their customer base.
Note: PSTN charge includes 20 hours on-line per month (peak rate). PSTN = public switched telephone network; IAP = Internet access provider. Source: OECD, Communications Outlook 1997.
The domain name system needs to evolve... The need for competition is apparent not only as the traditional communications networks are adapted to new conditions but also as new infrastructures are developed to serve a growing information society. The domain name system (DNS) is a case in point. It generates the root of Internet addresses (e.g. .be for Belgium or one of the generic top-level domains such as .com, .org, .net) for Internet hosts and is a crucial component of the Internet routing system. The current system grants de facto monopoly power to a few DNS registrars and was developed when the Internet was largely used by academics. With its growth, the system has become strained and the subject of extensive criticism. ...with help from public policy. While nearly all parties agree that reform is needed, consensus on the extent and nature of reform remains elusive. Outstanding issues include the general organisational framework, trademarks, the creation of new global top-level domains (gTLDs) like .com, and policies for registries. The business, government, and Internet communities agree on the need to move to a competitive, commercial market and to introduce safeguards to ensure transparent and non-discriminatory practices. The transition to this new market environment should involve all stakeholders and be subject to standards of openness, transparency, and public accountability, as should the rules that bind the final authority. Governments need to ensure that the administration and operation of the DNS are stable and that competition is fair and open. To this end, a clear statement of public policy on DNS reform would give direction to industry self-regulation. The resolution of this issue is important in and of itself and because the DNS is an element of the broader general issue of Internet governance. Points for discussion: What can be done to bolster competition in the provision of network services? What are the key regulatory barriers? What role can governmental organisations at the national and international level best play? How can competition in the local loop be best achieved? What is the best method for achieving a more competitive and effective domain name system?
Building user and consumer trust Boosting confidence requires legal and technical tools, such as mechanisms for providing security, certification, privacy and redress, as well as education of users. Trust is central to any commercial transaction. Typically, it is generated through relationships between transacting parties, familiarity with procedures, or redress mechanisms. Developing new kinds of commercial activities in the electronic environment largely hinges on assuring consumers and businesses that their use of network services is secure and reliable, that their transactions are safe, and that they will be able to verify important information about transactions and transacting parties, such as origin, receipt and integrity of information; and identification of parties dealt with. Furthermore, consumers want to have control over the collection and use of their personal data and to have appropriate redress mechanisms available in the event of a problem. Some observers fear that unless action is taken very soon to bolster trust in electronic commerce, it will never assume its place as an important channel for commerce. Others suggest that such fears are exaggerated, maintaining that, in time, as consumers become more familiar with new technologies, they will gain confidence in electronic commerce. This is a sterile debate. The issue is that policies to promote electronic commerce must be directed towards developing and implementing trustworthy technologies and policies, planning to avoid and respond to failures, gaining public support for and confidence in their use, developing redress mechanisms to reduce the incidence of problem transactions and resolve those that occur, and developing law enforcement mechanisms to respond to those who seek to misuse the technologies. Public education on the issues and the technologies could help raise consumer confidence. Doubts may be dissipated, and confidence fostered, by building consensus on the use of new technologies for electronic commerce. The challenge is not to make e-commerce fool-proof but to make the system reliable enough so that the value greatly exceeds the risk. Many observers see lack of confidence in electronic transactions as the main barrier to electronic commerce, because, unlike some other issues, establishing trust depends very much on the user's perceptions. Mechanisms for instilling confidence have to be both trustworthy and trusted by businesses and consumers. However, like the physical world --where systems fail, privacy is invaded, and people impersonate others for economic gain-- the electronic environment will never be completely secure, private, or free of fraud. While electronic transactions should be secure, reliable and trustworthy, they will ultimately involve a calculated risk and will only be embraced when their value is greater than the perceived risks. As with other technological developments, this trade-off will change over time. The question then becomes, "Are electronic transactions reliable enough to foster the near-term development of electronic commerce?" Given industry's role in developing technological solutions, policies need to be technology-neutral. Governments have traditionally played a role in helping to establish trust in economic transactions, but in the rapidly changing world of information technology, the private sector plays an increasingly important role. Industry is called upon to develop technological solutions to meet the needs of businesses and consumers for different levels of security, certification, privacy and consumer redress. As a result, governments should implement technology-neutral policies, so as not to limit electronic commerce or create regulations that will hinder electronic business transactions. Security and authentication As systems and data become more vulnerable, trust may be eroded... The importance of information systems for society and the global economy is intensifying as the value and quantity of data transmitted and stored on those systems increases. At the same time, systems and data are increasingly vulnerable to unauthorised access and use, misappropriation, alteration, and destruction. Proliferation of computers, increased computing power, interconnectivity, decentralisation, growth of networks and numbers of users, as well as the convergence of information and communications technologies, both enhance the utility of these systems and increase their vulnerability. ...especially since the digital nature of electronic commerce allows relatively extensive international damage in a short time. This vulnerability can erode trust in electronic transactions. The information infrastructure is an attractive target for thieves, terrorists and pranksters, because when today's information systems are compromised, extensive damage can be done in a short time, while the open distributed nature of networks makes it difficult to find the culprits. Moreover, the global interconnection of computer systems has increasingly made security an international problem. Resolving security problems may require international co-ordination of legal measures for violators. Security of information systems depends not only on the hardware and software used, but also on good managerial, organisational and operational procedures. Often, ensuring the latter is a more urgent problem, and one that can be addressed through security audits, measures to prevent unauthorised access, and instilling in users an appreciation of security issues. Technological solutions, instead, often raise practical problems of interoperability. Global electronic commerce highlights the importance of common standards and procedures for security techniques. It may also necessitate international co-ordination to implement legal means of rendering those responsible for providing security accountable, and to make those who violate security subject to civil liability and criminal prosecution. Cryptography can ensure confidentiality and integrity of data... The lack of physical clues that permit identification and the ability to make perfect copies and undetectable alterations of digitised data complicate the matter. Traditionally, hand-written signatures serve to authenticate an original document. In the electronic world, instead, the concept of an "original" document is problematic, although a cryptographic digital signature can verify data integrity, and provide authentication and non-repudiation functions. Cryptography is therefore one of the most important technological tools in an information security system, as it can ensure both the confidentiality and the integrity of data. ..but strong encryption raises fears about government's ability to detect and prosecute criminal activities. However, strong encryption raises concerns about concealed criminal activities and the ability of governments to carry out legitimate law enforcement activities, including taxation. Some governments have approached this issue by limiting the strength of encryption products for export and calling for mechanisms to ensure access to private cryptographic keys. Others have taken the position that the cryptography market should not be limited and that access to private cryptographic keys held by third parties would compromise security and erode trust in the system. Since no clear solution is in view, the best course may be to agree to disagree and accept that multiple solutions may have to co-exist.(2)
The market for security and authentication should resolve the debate about the need for different levels of security and authentication. On a more pedestrian level, as electronic commerce spreads from the technological elite to less sophisticated users, demands for various levels of security and authentication for different kinds of transactions are developing. Some experts argue that everyone should use only the highest level of security at all times, but others suggest that a "latch", rather than a "lock", may sometimes suffice. Moreover, for private cryptographic keys, some users may want to keep a "spare key" in a safe place in case they lose theirs. If a variety of technology options are allowed to flourish, the market for security and authentication products should resolve the debate. In such an environment, demand for the best available security mechanisms will drive the development of technological solutions. Industry needs to implement measures to instil confidence in consumers. Industries that will gain from electronic commerce --merchants and intermediaries-- have an important role to play in implementing measures to instil confidence by reducing fears that users who suffer a breach in security will also suffer severe financial penalties. For example, in 1996, both America Online and AT&T guaranteed users protection from losses for purchases made from an approved merchant (AOL) or using their payment system (AT&T). Some "e-commerce malls" have recently made similar guarantees. It is worth recalling that it was only when the credit card industry assured users that their exposure to criminal misuse of their card was limited that confidence in that form of payment developed. Some feel, however, that, in the case of e-commerce, the limited liability concept may be insufficient to deal with potentially catastrophic risk.
Points for discussion: What is the best method for educating the public so as to boost confidence in electronic commerce? To what degree can technological solutions instil trust in electronic commerce? Is international co-ordination necessary for promoting network security? Can the market adequately resolve the debate over different approaches to security? What role, if any, can international organisations play in promoting trust and confidence in electronic commerce?
Certification authorities are needed to verify information... Secure technologies, most notably cryptography, and a predictable regulatory environment to support them will form the basis for building business and consumer trust in electronic transactions. Digital signatures, electronic signatures, and electronic representations that link individuals and entities to operations in the electronic environment are less meaningful without accompanying certification mechanisms --means of independently verifying information about transactions and transacting parties. Like the physical world, the electronic world needs means of its own for certifying information. ...and to act as trusted third parties to verify information about parties involved in a transaction. A certification authority (CA) can act as an independent trusted means of determining that factual information is verifiably connected to a transacting party. It could certify at least six types of information to provide a basis for confidence in electronic transactions: identification and registration, user attributes, compliance with standards, authorisation to act, transactional information, or applicable laws. Different kinds of transactions may require different levels of certification, and all transactions may not require verification of all kinds of information. This will require international interoperability and mutual recognition of CAs. A number of issues need to be considered when developing policies for certification mechanisms and certification authorities. Due attention should be paid to clarifying the responsibilities and the liability of entities that certify information. Also, because certification processes can generate vast quantities of data, issues related to the protection of privacy and personal data also need to be considered. Finally, a framework for supporting the international interoperability of certification mechanisms and the mutual recognition of certification authorities needs to be developed.
Points for discussion: How central is the role of certification? Should certification be limited to certifying public (cryptographic) keys? Is it important to clarify the liability of those entities that certify information and their responsibilities? If so, how can this be achieved? What role, if any, should governments and international organisations play in ensuring international interoperability of certification mechanisms and mutual recognition of certification authorities?
Protection of privacy and personal data Compilations of personal data may be viewed as a threat or as an opportunity... One of the hallmarks of electronic commerce is that, by drastically reducing transaction and search costs, it reduces the distance between buyer and seller, enabling businesses to target very small niches, develop individual customer profiles, and essentially provide a means of marketing on a one-to-one basis. The ability to realise this goal will largely hinge on the climate of confidence businesses are able to create in their relations with consumers. Assurances about protection of consumer privacy and personal data play an important role in building that confidence. Consumers want to know --and have some control over-- the personal data or information on their on-line activities and electronic transactions that are collected and how they are used. They have become more aware of and concerned about the ease with which data about them can be generated, compiled, accessed, processed, compared, linked, stored and used. _#sup_62; ...since electronic commerce facilitates accumulation of vast quantities of data... Consumers may see the compilation of such statistical profiles as a threatening invasion of privacy, and this may retard the development of electronic commerce. However, trends in traditional commerce, such as participation in fidelity or loyalty shopping plans and the increasing use of payment methods that leave an electronic trail (Figure2), suggest that consumers may either be ignorant of their erosion of privacy or willing to exchange some privacy for something they value (e.g.lower prices, convenience, personalisation). E-commerce could greatly facilitate this exchange, but informed consent by consumers is essential to its realisation. ...and techniques such as data mining make it possible to discover new relationships. New methods of processing vast amounts of data, such as data mining techniques, make it possible to identify new kinds of purchasing relationships and unusual associations, and, in some cases, to make statistical inferences. While they raise some potentially serious privacy issues, they can also be used to detect fraud, especially for large-volume, small-value e-commerce transactions. They are already being used for this purpose by credit-card companies, cellular communications providers, and law enforcement agencies.
Therefore, both the public and private sectors must judge the trade-offs and work together to develop the necessary technological tools and industry self-regulation. Both the public and private sectors must help adjudicate the trade-off between protecting privacy and obtaining the benefits of electronic commerce that users value, while fostering consumer confidence. Some 20years ago, OECD countries agreed upon principles for the protection of privacy and personal data. These principles include assurances to consumers that personal information will not be collected or used without their knowledge, made available to parties other than their initial correspondents, or linked to other data about them without their consent. Governments and the business community should reaffirm these fundamental principles and, by developing effective practices and appropriate technologies, seek to ensure their implementation in the world of electronic commerce. To this end, a dialogue between the public and private sectors would be useful to determine what business needs to ensure on-line privacy, to educate the public about these issues, to encourage the development of technological solutions and industry self-regulation, and to uphold consumers' rights to protection of their privacy in the electronic environment. Governments may need to monitor closely the outcomes of such discussions and even to back them up by regulations to ensure that privacy rights are sufficiently safeguarded, especially for those segments of society, particularly children, that may be unable to make an informed decision. Given the global nature of electronic commerce, it is important that the decisions taken continue to allow for the international flow of data.
Points for discussion: Is a review of the OECD privacy principles developed almost 20 years ago (see Appendix) necessary to ensure that they are applicable to the electronic environment? If they are, how can they best be implemented? To what degree can technological solutions give users confidence that their privacy is being protected? What complementary solutions are needed? What frameworks can be developed to foster the development of effective privacy protection while still allowing e-commerce to thrive? Are these frameworks sufficient to protect consumer privacy, particularly for children?
Consumer protection Electronic commerce may require novel protection and redress mechanisms... Electronic commerce has many qualities that consumers find attractive: variety, convenience, personalisation and sometimes lower prices. It also has properties that facilitate fraud and make prosecution difficult. In addition, its international nature means that the laws and regulations a consumer relies on for protection at home may not apply in the merchant's country. Indeed, even determining jurisdiction may be a problem. Novel redress mechanisms may be needed to reverse problem transactions and give merchants incentives to ensure customer satisfaction. ...some of which will develop through competition, others of which will require international co-operation between industry and government. Consumer confidence in electronic commerce will require consumer protection mechanisms that address four key issues: i)fairness and truthfulness in advertising; ii)labelling and other disclosure requirements such as warranties, guarantees, product standards and specifications; iii)refund mechanism in case of cancelled orders, defective products, returned purchases and lost deliveries, etc.; and iv)a means of qualifying merchants in terms of the above. Some of these mechanisms may emerge as the result of competition between on-line businesses that seek to attract customers through clear consumer protection policies. Others will require international co-operation among industry and government. Financial intermediaries may be able to settle some disputes... For international electronic commerce, the usefulness of courts for resolving problem transactions may be limited, and appropriate dispute settlement mechanisms will therefore have to be found. The most promising appears to be the financial intermediary, because it can, in many cases, reverse the financial portion of a transaction under appropriate circumstances (e.g.mistake, non-delivery, delivery of the wrong item) and therefore arbitrate disputes efficiently. This ability to "charge back" a transaction also gives merchants a strong incentive to ensure high levels of consumer satisfaction at the outset: payment card associations can and do drop merchants with too frequent chargebacks. In the United States, chargeback mechanisms are partly responsible for high confidence in telephone shopping among consumers and its enormous growth. Extension of chargeback principles to international electronic commerce will be important for developing similar levels of confidence in this new medium. ...but law authorities will have to control systematic fraudulent or misleading conduct.... While financial intermediaries should play an important role in preventing and resolving individual disputes, law enforcement authorities will need to control systematic fraudulent and misleading conduct. While many governments have the legal tools to control such conduct effectively in their own markets, electronic commerce requires international mechanisms. National consumer law enforcement authorities will have to co-operate in fighting international swindlers by conducting joint investigations, sharing confidential information, seizing swindlers' assets, and organising redress for victims. ...and technology will also have to help protect consumers through certification, labelling, etc. Technology also offers new ways to resolve some of the issues. The Internet is distinct from other kinds of media in that there are technological tools that allow consumers to protect themselves. Some technological solutions for helping consumers protect themselves in the on-line environment are certification mechanisms, such as labelling systems that certify that an on-line business meets certain good standards of business, or mechanisms for notifying consumers of the legal jurisdiction or venue for resolving disputes arising from a transaction. In addition, consumers can access consumer education messages that describe their rights in the context of electronic transactions. Attention should be paid to devising technological solutions that consumers trust and understand. To this end, consumer education is a key component of consumer protection. However, technological solutions must be underpinned by common criteria and organisational procedures to ensure that the information provided to consumers is correct and true. Such co-ordination could be achieved by industry self-regulation. Government input, when required, should consist of simple and predictable legal tools that are sensitive to the technology and to the pace of change in the on-line environment. Digital intangibles present special problems. Finally, products sold via electronic commerce are frequently digital intangibles --such as software, music, e-tickets or services. These create particular challenges for many existing consumer protection laws. In most cases, a consumer "consumes" the product immediately by downloading it and making a perfect digital copy; this makes "returning" the product for a refund problematic. The status of "click wrap" licenses (which require online consumers to accept certain conditions prior to "consuming"), are unclear and may violate basic consumer rights to redress. Likewise, there is a question about whether product liability laws apply to software infected with a virus that damages a consumer's computer. This issue is complicated for "freeware" which consumers receive free of charge. Another question is whether consumers' rights are infringed if intelligent agent software programmes that search for the lowest price are blocked from accessing a site.
Points for discussion: What role can industry self-regulation play in protecting consumers? What can international organisations do to promote consumer protection? How willing are traditional payment card associations and new financial intermediaries to provide chargeback mechanisms for global electronic commerce? How can technological solutions be used to protect consumers? What are the best mechanisms for developing and deploying these solutions? What is needed for consumer law enforcement authorities to be able to co-operate effectively to control international fraud and misleading conduct in electronic commerce? How best can consumers be educated about electronic commerce? How suitable are existing consumer protection measures for digital products?
Minimising regulatory uncertainty Uncertainty about the regulatory consequences of on-line commercial activity is hampering the development of electronic commerce. A regulatory consensus must be sought at international level... Associated with the issue of trust is general uncertainty about how existing regulatory frameworks will be applied or updated, and new regulations drafted, for this new realm. Both businesses and individuals want to know the expected consequences of on-line activities, and government action is one way to respond. Policy papers, such as those produced by Australia, the European Commission, Japan, and the United States, help to promote a predictable regulatory and legal environment by providing guiding principles that government and other bodies abide by. However, electronic commerce is inherently international, and in order to establish a consistent regulatory environment, some consensus must be found at international level. Some of the key problems in this regard are customs and taxation, intellectual property issues, and the updating of commercial codes, in particular those dealing with issues of liability and jurisdiction.
Taxation ...and countries need to work together to develop a tax framework that protects the tax base but avoids hindering the development of electronic commerce. Assessment and collection of taxes on e-commerce transactions are an issue that concerns both government and business. Governments are concerned about the potential loss of revenue and businesses are concerned about the possible impacts of government regulation. In the physical world, collecting taxes is a challenge that, by and large, governments have met. They will probably be equally successful in the "virtual" world insofar as countries interpret and apply existing rules in an internationally consistent fashion. If they succeed in this, they will not need to create new taxes specifically for electronic commerce. The potential for mistrust and uncertainty can be avoided if countries work together to develop a tax framework that protects the tax base but avoids hindering the development of electronic commerce. Some of the issues to be resolved are noted below. Direct taxation Jurisdiction: source, residency and permanent establishment. A revenue authority must have jurisdiction over either the income or the taxpayer in order to assess a tax. The two basic tax concepts for establishing jurisdiction are source and residence. Jurisdictional concepts based on physical geography, such as residence, source, and permanent establishment... Generally, residence is best thought of as the country with which a taxpayer has the closest personal links and source as the country with which income has its closest economic connection. Both of these concepts rely somewhat on evidence of physical connection (e.g.where income has its source or a taxpayer resides), and certain attributes of the e-commerce environment call into question the availability or reliability of such evidence. While a profit can be derived from electronic commerce, it may be difficult to determine, where, in a physical sense, it was derived. Similarly, a taxpayer's Internet identity does not necessarily provide evidence about that taxpayer's true residency status. Countries may need to revise their mix of source-based (e.g.products) and residence-based (e.g.citizens or corporations) taxation rights as the location of source of income and residency status of Internet-based businesses become increasingly difficult to identify. Under the OECD Model Tax Convention's concept of permanent establishment, the concepts of geographical fixedness and substantial presence are important in determining whether an enterprise has brought itself into a particular tax jurisdiction. Given the nature of e-commerce, firms can more easily conduct substantial business with a transient and insubstantial presence. Consequently, computer servers or Web sites may have to be included in the notion of what constitutes a permanent establishment. ...as well as characterisation of income, may require modifications to fit the world of electronic commerce. Characterisation of income. The ability to digitise physical products and sell them over the Internet raises issues that fall under the income characterisation rules of tax treaties. Any information that can be digitised --computer programmes, books, music or images-- can be transferred electronically between countries for a fee. In a transaction involving a downloaded digital image, for example, it may be argued either that this is equivalent to purchasing a physical photograph and results in business profits or that it is a service and results in royalty income taxable in the source country. Therefore, present income characterisation principles may require modification to cover the electronic world. Indirect taxation: consumption and value added taxes (VAT) VAT rules governing international services have always posed problems for tax administrations and these are greatly amplified for e-commerce services. Electronic commerce raises particularly difficult questions for VAT, as the vast majority of the services concerned are normally taxed at a positive rate of VAT when supplied for domestic consumption and at a zero rate for export. The VAT rules governing accountability of international services have therefore always posed problems for tax administrations. Such problems are greatly amplified for e-commerce services, particularly in respect of the time, place, and value of the supplies. For VAT, "place of supply" for electronic commerce may come to be the place where the service is consumed. Tariff-free zones Goods and services delivered electronically should be considered as transactions taking place in a tariff-free zone, but physical goods ordered electronically and delivered through conventional means should be subject to generally applicable duties. It has been suggested that "goods" or services delivered electronically should be considered as transactions taking place in a tariff-free zone (i.e. free of customs duties). This is consistent with current law. For computer software, for example, tariffs are imposed on the value of the media (e.g.the value of the computer disk or tape) but not on the value of the software contained on it. In an electronic transaction, the medium is eliminated and tariffs should not be applied. However, for physical goods ordered electronically and delivered through conventional means, the transaction should be subject to any generally applicable duties, as if the goods had been ordered over the telephone or by mail. There is no intention in this proposal to limit the application of VAT/GST to goods and services, as appropriate, by national tax administrations.
These are difficult issues and governments are wise to move cautiously... Solutions to these issues are elusive and, while most revenue authorities feel that there is no room for complacency, governments have been cautious about taking steps that would slow the development of e-commerce, given the relatively small amount of revenue currently at risk. They recognise that the global nature of the Internet will require an internationally agreed response. Practical solutions may be found if Internet identities are carefully linked to physical identities and steps are taken to associate particular Internet attributes, such as IP addresses, with the countries with practical jurisdiction over the relevant aspects of electronic commerce. ...in co-operation with business and with help from technology. A more realistic solution may be the use of certificates issued by a certification authority to inform the seller and buyer of the jurisdiction applicable to that transaction. While potentially feasible, there is some question about the practicality of such solutions. They could place a large administrative burden on merchants to calculate, collect and transfer taxes on what often are low-value, high-volume products (e.g.CDs). Other technology solutions may be found to help with the identity problem and administrative procedures, and there is already software available for calculating multi-jurisdictional tax obligations. Tax procedures for e-commerce should be simple but should not advantage or disadvantage traditional commerce. Whatever the solution adopted, the taxation of e-commerce should be relatively simple, should facilitate voluntary compliance, should not artificially advantage or disadvantage e-commerce over comparable traditional commerce, and should not unnecessarily hinder the development of e-commerce. Given the complex and difficult examination required, a moratorium on new tax initiatives may be in order. This evaluation of existing tax laws will be a complex and lengthy endeavour, especially at international level. To avoid a proliferating patchwork of tax laws that could stifle e-commerce while this review is being conducted, it has been suggested that a moratorium should be imposed on any new tax initiatives for the Internet. Such a moratorium would allow the authorities to participate actively in devising internationally consistent policy recommendations.
Points for discussion: What are the best methods for maintaining the neutrality of the various tax regimes for products sold via electronic commerce? Is establishing jurisdiction a key issue? If so, how can the jurisdiction of a transaction be determined? Is a moratorium on new taxes for Internet e-commerce appropriate? Do fundamental concepts such as "permanent establishment" or "place of supply" need to be re-examined in light of electronic commerce? If so, how is this best done? Will the duty-free nature of electronically delivered services such as software create an opportunity for arbitrage with the physical version of the product that undermines the principle of neutrality?
Intellectual property issues IPR is crucial to the development of electronic commerce. Intellectual property rights (IPRs) have been crucial in providing security and trust with respect to investment and trade in ideas and cultural activities by guaranteeing commercial returns. The growing importance of intellectual content in the global information infrastructure-global information society (GII-GIS) means that such rights are crucial for the development of electronic commerce. Yet, the digital nature of the content and the availability of new technologies make it relatively easy to circumvent many controls, owing to the possibility of making exact duplicates. At the same time, new technologies (digital watermarking and encryption) can help protect against or prosecute rights violations. In a number of cases, the private sector has made significant progress in agreeing to common standards for the protection of IPRs in new multimedia goods and services. Through the TRIPS (Trade Related Aspects of Intellectual Property Rights) and recent WIPO agreements on intellectual property rights (see Appendix), governments have also made progress in agreeing to common international standards of protection: it is important for the development of electronic commerce that countries move rapidly to implement these agreements in national legislation.
Points for discussion: How can the implementation of the WIPO and WTO (TRIPS) agreements be best achieved? Are these agreements sufficient for promoting electronic commerce? How best can technologies be developed to help protect or aid in the prosecution of IPR violators?
Updating of commercial codes Because electronic commerce challenges many of the rules and regulations for conducting business, a model law for commercial practices at the international level should be drafted. Most rules and regulations for conducting business address a world of paper, physical products, and retailing within national borders. Electronic commerce calls for an evaluation and updating of the commercial codes that govern business transactions. Until these codes incorporate the digital world, e-commerce will be hampered. The situation is complicated by the inconsistency of codes among countries, many of which are a reflection of cultural norms. International harmonisation of these laws will require drafting a model law for commercial practices at international level which can serve as a common framework. At a minimum, it should address issues such as the legal recognition of electronic signatures; acceptance of electronic documents for paper filing requirements; the formation, validity and enforcement of contracts; the harmonisation of rules that govern commercial communications (e.g.advertising, direct marketing) and commercial pricing practices (e.g.sales, coupons). Responsibilities need to be clarified across the chain of liability that extends from consumers to network access and service providers, software developers, intermediaries such as certification authorities and e-payment providers, and finally, the electronic commerce merchants themselves.
Points for discussion: What is the best mechanism for making commercial codes compatible with global electronic commerce? How can liability be properly assigned across the various elements in an electronic commerce transaction?
Easing logistical problems Logistical problems can retard and limit growth.... The growth of electronic commerce and its potential economic impact could be limited by a number of logistical problems relating to two necessary elements of any commercial transaction: payment and delivery. For electronic commerce to thrive, secure and simple electronic payment systems must be in place. Furthermore, efficient and low-cost distribution channels are needed, both for physical delivery of goods ordered electronically and, as discussed under the section on "access", for timely delivery of digital goods and services over crowded information networks. Paying electronically ...as can the unsolved problem of electronic payment. Wrapped up with issues of information infrastructure, user trust and confidence, and a predictable regulatory environment is the fundamental logistical problem of paying for electronic commerce transactions. Depending on the business model assumed, the problem is either Herculean, requiring a completely new system, or no problem at all, as existing methods of payment suffice. The reality is probably somewhere in between, but even this middle-of-the-road assessment is clouded by three big unknowns:
little is known about consumer behaviour and acceptance in this environment;
cultural and historical differences in attitudes to and the use of different forms of money (e.g.use of credit cards in North America and debit cards in Europe) limit international generalisations;
new technologies (i.e.biometrics for identification) could radically change the landscape.
Many e-payment systems are being tested, but e-commerce will not achieve its full potential until the -payment system is faster, more trusted, and more reliable and secure. Currently, over 30systems and technologies are being proposed and tested. They differ across a number of dimensions: size of payment; whether the system is closed (e.g.a specific system for a specific purposes such as a pre-paid phone card), or open (a generic system for a wide variety of uses such as a stored value card); degree of anonymity; level of security; and time of payment (credit, debit and cash). One thing is certain: until the e-commerce payment system is faster, engenders more trust, and is more reliable and secure than giving a credit or debit card number over the phone, electronic commerce will not achieve its full potential. Traditionally, governments have been involved in this crucial area. However, given the embryonic state of the market and the experimentation now taking place, a cautious approach to government intervention appears appropriate, among other things to ensure that any de facto standard that emerges is open so that interoperability is achieved and digital anarchy avoided.
Points for discussion: What role can and should governments play in the development of e-payment systems? Is it important to achieve the interoperability of systems? If so, how can this best be realised?
The delivery of physical goods Two major barriers stand in the way of the inexpensive, convenient, and timely delivery of parcel packages: parcel delivery and customs clearance. One barrier to electronic commerce is the fact that while on-line transactions are convenient, the immediate off-line delivery of goods is often costly and inefficient. The high cost and inconvenience of international parcel delivery are sufficient to limit the growth of international electronic commerce to luxury goods. Moreover, a recent survey of on-line shoppers by a market research company found that their most important criterion is timely delivery of goods. Of those polled, "...96per cent said that if their goods arrive on time they are likely to buy again from the same merchant, and repeat customers on average spend more than 50per cent more than first time buyers".(3) Two major barriers stand in the way of the inexpensive, convenient, and timely delivery of parcel packages: parcel delivery and customs clearance. Parcel delivery and customs clearance International parcel delivery is several times more expensive than delivery over a comparable distance in a competitive national market and constitutes a major barrier to electronic commerce... The cost of international parcel delivery is several times higher than delivery over a comparable distance in a competitive national market such as the United States, and slower and less convenient as well. This is due to government red tape, the cumbersome collection of taxes and duties, and difficulties in returning goods. In addition, potentially important economies of scale, especially in the final delivery leg, have yet to be achieved. These problems represent major barriers to electronic commerce. ...largely owing to regulatory structures and the economies of scale enjoyed by operators. The cost of processing parcels within a country and internationally is largely a reflection of the regulatory structure in effect and the economies of scale enjoyed by operators. Moreover, regulatory structures can work against achieving economies of scale. The liberalisation of parcel delivery markets is an important factor in lowering parcel rates. Given the intermodal nature of parcel delivery (e.g.road freight/air transport/road freight), regulatory reform should be extended to all segments of the delivery industry. Moreover, customs clearance procedures add unnecessary additional costs. Further, owing to customs clearance procedures, significant additional costs per package are incurred. Successive rounds of international trade negotiations have led to large reductions in duties, but some remain. The administrative procedures typically followed for collecting duties and taxes may need to be reformed. One-stop shopping would consolidate costs and reduce costs, delays, and frustration. One idea is "one-stop shopping", whereby the merchant collects all taxes, duties and delivery charges from the consumer when the goods are ordered and periodically pays them directly to the importing country. Such a system, combined with pre-clearance of shipments and the replacement of all paperwork by electronic data interchange (EDI), can make borders effectively transparent and greatly reduce the costs, delays and frustration currently associated with international parcel delivery. In the meantime, countries should consider expanding tax and duty-free thresholds to simplify the arrival of low-value shipments. Pending adoption of such simplified systems, countries should consider expanding tax and duty-free thresholds to simplify the arrival of low-value shipments, especially where the administrative cost to government exceeds the tariff revenue. Another alternative is to privatise some portion of the customs clearance process by allowing commercial carriers that meet certain criteria to collect duties and taxes levied on shipments below a certain value. In one OECD Member country, this approach decreased average delivery time by a factor of three, reduced costs to the consumer, and almost halved government administrative expenses associated with low-value shipments. For intangible products, new arrangements for the collection of relevant dues may need to be considered. The question of collecting any relevant dues becomes more problematic when the product is intangible and is delivered directly to the user over the network. Not only does the product not go through custom controls, but there is no carrier to which collection responsibilities can be assigned. One solution may be to eliminate relevant dues on directly delivered intangible products. Another may be to identify new arrangements involving suppliers or new intermediaries (e.g.e-payment providers or certification authorities) to perform the task.
Points for discussion: How significant is the physical delivery of packages in the overall cost of electronic commerce? How best can parcel delivery costs be reduced? What solutions (i.e. pre-clearance, duty thresholds, privatisation of tax and duty collection) can effectively improve custom clearance procedures? How can these solutions be implemented? How should custom duties be collected on intangible products delivered over the network, if at all? What role can international organisations play in reducing these barriers to electronic commerce?
Conclusion While electronic commerce over the Internet is little more than two years old, its impact is already being felt in some sectors of the economy. In the future, its economic impact is expected to be profound and widespread. Beyond the narrow definition of "economy" used here, it is likely that electronic commerce will affect nearly all facets of society, including relationships among businesses, consumers and governments, cultural norms, and foreign relations. This document has attempted to describe some of the barriers that limit the development of electronic commerce, to identify solutions that reduce these barriers, and to catalogue organisations that might develop and implement them. If these solutions are to be successful, however, they must be discussed in the context of the larger societal issues. Principles such as those being developed by OECD's Business and Industry Advisory Committee (BIAC) represent an important contribution towards achieving this dialogue, but are only a beginning. Over the next year, discussions must continue among businesses, governments and citizens in the hopes of achieving a consensus on principles for electronic commerce in Ottawa in October 1998. The development of these principles must be linked to work planned or under way in a variety of fora to dismantle some of the barriers to electronic commerce. While the identification of potential solutions can be difficult, it is even harder to develop and implement them in a coherent fashion. Two major factors impede the dismantling of barriers to e-commerce.
There is an inherent tension between the need to move quickly to establish an environment conducive to developing e-commerce while the system is malleable and the fact that many of its aspects are still embryonic and need to mature before establishing policies.
The uneven use of electronic commerce across countries leads to high variance in policy analysis and in its sophistication, and, in some cases, unease about the countries or regions perceived to be in the lead.
Despite these limiting factors, e-commerce has a momentum of its own. Although currently small, it is growing rapidly. It has economic properties that will propel it forward with or without international consensus on policies and principles. Like many information society issues, electronic commerce is by nature a global issue and therefore beyond the province of individual countries. This effectively limits the ability of any one country to dictate policy in this area. Confronted with the challenges of electronic commerce, however, individual countries may try to assert their own rules. But the ensuing fragmentation would result in a much less effective outcome that would limit the gains achievable. In addition, countries that choose to impose rules in isolation might find that e-commerce bypasses them, to the detriment of the competitiveness of their industries that support and use electronic commerce. There are nonetheless reasons for optimism. A consensus already exists on many aspects of electronic commerce, including fundamentals such as the importance of the private sector and insistence that governments should play a minimalist regulatory role. Treaties on access and intellectual property have already been signed. Work at international level to update commercial laws for electronic commerce is well under way, and discussions have begun regarding taxation, privacy and standards. Industry has a strong interest in dismantling the barriers to electronic commerce and in developing self-regulatory mechanisms. Possibly most important, the technology continues to evolve at a dizzying pace, providing policy makers in governments and board rooms with a wider range of solutions. What is needed is a framework for co-ordinating this work so that confusion about who is doing what and by when is reduced, consistency among different solutions is achieved, and a true dialogue is established. This framework should not be binding or exclusionary; it should instead be a first step in achieving some coherence in the development of solutions. It should have three parts, all of which should be worked out in parallel: 1) The development of a consensus among business, government and citizens on principles to guide the formation and implementation of electronic commerce policies. The principles developed by BIAC for the conference in Turku are an important contribution to this dialogue. These principles need to be discussed at Turku so that a consensus can begin to be formed. This dialogue must continue over the next year with the hope that an agreed set of principles can be adopted in Ottawa. 2) A general agreement on the basic policy approach adopted in devising solutions to each problem, ranging from doing nothing to industry self-regulation to binding international treaties with enforcement mechanisms. This paper has made initial suggestions for an approach to each issue. It is hoped that the discussion at Turku will clarify each of these issues and that the participants will strive for consensus where possible. Between Turku and Ottawa, efforts to achieve consensus and refine the approach taken to resolving each problem should be undertaken with the goal of endorsement at Ottawa. 3) A general agreement as to the organisations best placed to develop and implement solutions that adhere to the approach identified above. This paper has tried to catalogue the organisations with work under way on various aspects of electronic commerce (Appendix). While the list is incomplete and needs expanding, it is intended to help avoid duplication and promote coherence. Nonetheless, it is not necessary for one organisation to be charged with seeking one solution; it may be better to encourage multiple solutions to particular problems. In either case, transparency and co-ordination are needed to obtain consistent solutions in a useful time frame.
The conference in Turku should strive to identify the organisations best placed to work on dismantling the various barriers to e-commerce so that, in Ottawa, preliminary progress is reported and a framework can be constructed which effectively co-ordinates this work. These three elements --principles, agreement on the approach to devising solutions to particular problems and assigning the development and implementation of solutions to various organisations-- provide a loose framework for dismantling the barriers to global electronic commerce. As in the new information society, this plan effectively constitutes a virtual international organisation by drawing on the strengths of existing organisations while avoiding the creation of a new supervisory body. In essence, this approach mirrors that undertaken in Member countries, where various departments and ministries come together to forge national or regional policies. The horizontal nature and speed of electronic commerce necessitates a similar strategy at the international level.
Appendix: International initiatives to enable electronic commerce
The following is a preliminary listing of organisations that have initiated work on removing the barriers to electronic commerce discussed in this document. The intent is to begin to catalogue the efforts under way, or planned, so as to begin to co-ordinate the work, avoid duplication, and achieve some consistency. Given that most electronic commerce activity is currently located in Asia-Pacific, North America and Europe, only those organisations with membership encompassing those areas are included.
WTO Declaration on Trade in Information Technology Products At the meeting of the World Trade Organisation in December 1996 in Singapore, an agreement to eliminate tariffs on information technology products was forged that would phase out tariffs on a wide range of information technology products, including software, computers, semiconductors and telecommunications equipment. Tariffs would be reduced to zero in a series of four steps: July 1997, January 1998, January 1999, and January 2000.
WTO Agreement on Basic Telecommunications Services On 15 February 1997, 55 schedules of commitments representing 69 WTO member governments had been agreed. These schedules are annexed to the Fourth Protocol to the General Agreement on Trade in Services which will remain open for acceptance until 30 November 1997. The commitments will enter into force on 1 January 1998 and will cover not only cross-border supply of telecommunications but also services provided through the establishment of foreign firms, or commercial presence, including the ability to own and operate independent telecommunication network infrastructure. Examples of the services covered by this agreement include voice telephony, data transmission, telex, telegraph, facsimile, private leased circuit services (i.e.the sale or lease of transmission capacity), fixed and mobile satellite systems and services, cellular telephony, mobile data services, paging, and personal communications systems. OECD Council adoption of the report on Global Information Infrastructure/Global Information Society The OECD Council meeting at Ministerial level in May 1997 endorsed the recommendations of the report on Global Information Infrastructure/Global Information Society . The report provides a set of recommendations for OECD economies which covers issues of access to infrastructures, the competitive safeguards required, as well as recommendations related to the applications and services provided on networks (electronic commerce) as well as issues such as intellectual property rights, transaction safeguards, and multimedia content.
Domain Name System
The ITU, WIPO, the Internet Society and the Internet Assigned Numbers Authority have been involved in initiatives in this area including participation in a gTLD-MoU process. Information on this initiative and these organisations' respective roles, including WIPO's work on trademark issues, is available here . Between July and August 1997, the US Department of Commerce issued a Request for Comments on the Registration and Administration of Internet Domain Names in order to ascertain the views of the public regarding various domain name policy issues, including the appropriate role of government in the operation of domain name system. A summary of comments received is available here . The US House of Representatives Basic Research Subcommittee held hearings on DNS reform in September 1997.
Trust Security OECD Guidelines for Cryptography Policy (1997)
Recently adopted as a Recommendation of the Council of the OECD, these guidelines provide internationally comparable criteria for encryption of computerised information, which governments would adopt and businesses, individuals, and law enforcement officials would apply in safeguarding electronic transactions, communications, and data storage. OECD Guidelines for the Security of Information Systems (1992); Review of Implementation (1997) In 1992, the OECD adopted guidelines aimed at protection of the availability, integrity, and confidentiality of information systems. Key principles include: accountability, awareness, ethics, multi-disciplinarity, proportionality, integration, timeliness, reassessment, and democracy.
Certification, authentication and digital signatures
UNCITRAL : Digital Signature, Certification Authorities The UNCITRAL Working Group on Electronic Data Interchange at its 30th session in 1996, agreed that work should continue on the preparation of legal standards that could bring predictability to electronic commerce, notably the establishment of digital signature laws, together with laws recognising the actions of "certifying authorities" or other persons authorised to issue electronic certificates or other forms of assurance as to the origin and attribution of messages "signed" digitally. This work will not become involved in the technical issues of digital signatures. The Secretariat has been instructed to prepare a background study on the issues of digital signatures and service providers, based on an analysis of laws currently being prepared in various countries. On the basis of that study, the Working Group will examine the desirability and feasibility of preparing uniform rules on the above-mentioned topics.
OECD Work on Certification
In support of its work on electronic commerce issues, the OECD has tabled two papers that analyse the role of certification in validating information about electronic transactions and transacting parties. The first provides background information on issues related to certification in the electronic environment. The second outlines various policy and technology options for certifying information in global networks and undertakes an initial stocktaking of these different approaches across various entities.
W3C began a high-intensity, short-term project that will result in the following deliverables: specification of the framework, protocols, and formats that would address both of these issues and be endorsed by the full W3C membership (a "W3C Recommendation"); sample implementation, used industry-wide to implement the core of this framework; on-going process for maintaining and extending all of the above (e.g. a W3C Editorial Review Board, or a submission to IETF or ANSI). The goal of this project is to achieve clear user benefit by creating interoperable solutions to the common problem of Internet trust.
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). The Guidelines define basic principles for the protection of privacy and personal data in the context of automated processing of personal data. They apply to personal data, whether in the public or private sectors, which pose a danger to privacy because of the manner in which they are processed, or because of their nature or the context in which they are used. A consequence of implementing the guidelines at national level is the free transborder flow of information at the international level. OECD Declaration on Transborder Data Flows (1985) This Declaration addresses the policy issues arising from transborder data flows, such as flows of data and information related to trading activities, intra-corporate flows, computerised information services and scientific and technological exchanges. In adopting it, the governments of OECD Member countries expressed their intention to promote access to data and information and to develop common approaches to dealing with transborder data flow issues. Future OECD work on privacy protection in the GIS In the context of electronic commerce, the OECD has tabled a proposal to launch a dialogue involving the private sector and individual users to consider the appropriate means -- including technical solutions -- of putting the 1980 Privacy Guidelines into practice for the information and communication networks. OECD Member countries might then consider the design of a framework for international co-operation on privacy protection in the global information society.
The Platform for Privacy Preferences Project (P3P) will result in the specification and demonstration of an interoperable way for Web sites and users to express privacy practices and preferences. Users are informed and given the opportunity to decide how their data are used. Sites with practices that correspond to a user's preference will be accessed "seamlessly". Otherwise, users will be notified of a site's practices and have the opportunity to agree to those terms, to be offered new terms, or to discontinue browsing that site.
OECD Guidelines on Consumer Redress: "Chargebacks" In consultation with representatives from the financial services industry, the OECD Committee on Consumer Policy has developed a set of basic principles to guide "chargeback" operations in both national and international transactions. The objective is to encourage credit card associations to provide redress mechanisms for consumers by reversing problem transactions and to remove repeat offenders from card networks. The goal is to achieve an agreement on these principles in the form of a Council Recommendation before the end of 1997.
OECD Consumer Protection Guidelines
These are guidelines to: 1) control fraudulent and misleading commercial conduct; 2) resolve disputes and establish redress mechanisms; and 3) ensure on-line consumer privacy. Drawn up by an OECD project team consisting of OECD delegates and outside experts, these guidelines are scheduled to be completed by September 1998.
Predictable legal and regulatory environment - Taxation
OECD Model Tax Convention on Income and Capital The OECD's Fiscal Affairs Committee (CFA) has set up four study groups to research and investigate how the development of e-commerce affects the current tax systems for direct and indirect taxation, and to consider increased opportunities for tax avoidance and evasion and other tax administration issues. This work reviews the basic concepts of taxation of the OECD Model Tax Convention on Income and Capital as they relate to this new environment, the potential difficulties in applying the OECD Transfer Pricing Guidelines when intra-group transactions are carried out electronically, the implications for VAT concepts of place of supply and issues concerning the identification of taxpayers and the traceability of transactions. Study groups are required to put forward recommendations for internationally consistent solutions to the CFA in January 1998.
International Chamber of Commerce UNCITRAL: Model Law for Electronic Commerce In 1996, the UNCITRAL Model Law on Electronic Commerce was adopted at the 29th session. Member states are encouraged to "give favourable consideration" to the model law when enacting or revising their laws to accommodate the transitions from paper-based communication to electronic communication so as to "...contribute significantly to the development of harmonious international economic relations". The model law covers the formation and validity of contracts and the recognition, attribution, and acknowledgement of messages and receipts. It also includes a guide to the enactment of the model law.
Intellectual property rights
WIPO Copyright Treaty The Copyright Treaty offers a response to some of the challenges presented by digital technology. In particular, it specifically protects, by copyright, computer programmes, regardless of the form and compilations of data or other material ("databases"), in any form, which, by reason of the selection or arrangement, of their contents constitute intellectual creations. As to the rights of authors, the Treaty deals specifically with the right of distribution, the right of rental, and the right of communication to the public. This Treaty was concluded in Geneva on 20 December 1996. It is open for signature at the headquarters of WIPO until 31December 1997.
The WIPO Performances and Phonograms Treaty covers the protection of the rights of performers other than their rights in the audio-visual fixations of their performances and the provisions on the right of distribution. It also covers protection on other economic rights of performers and producers of phonograms in a way more or less similar to that of the 1961 Rome Convention and, as far as the right of rental is concerned, in a way similar to the TRIPS Agreement. The Treaty also recognises performers' moral rights in respect of their live aural performances and their performances fixed in phonograms. This Treaty was concluded on 20December 1996. It is open for signature at the headquarters of WIPO until 31December 1997.
Formed at the request of the G7 heads of State meeting in June 1996, the G-10 Working Party has analysed the development of new payment products and has issued three reports addressing consumer issues, law enforcement(4) and supervisory issues.(5) In particular, these reports focused on the financial integrity, technical security, and vulnerability to criminal activity of electronic money.
JEPI is a joint project of W3C and CommerceNet with a number of industry partners to provide an architecturally viable and neutral mechanism for negotiating automated payment instruments over the Web. It is not meant to provide a new payment protocol or a way to convert dynamically between payment schemes but rather a way to negotiate and select a single payment system to be used for a particular transaction from multiple payment systems installed on the client server platform. Technically, it hinges on creating specifications for a pair of negotiation protocols.
Universal Postal Union Customs clearance - Simplifying customs clearance procedures The World Customs Organisation should strive to streamline customs clearance procedures, especially for low-value shipments, when it revises the Kyoto Convention (the International Convention on the Simplification and Harmonisation of Customs Procedures) within the next two years.
Internet Engineering Task Force (IETF) The Internet Engineering Task Force is a loosely self-organised group of people who make technical and other contributions to the engineering and evolution of the Internet and its technologies. and is open to any interested individual. It is the principal body engaged in the development of new Internet standard specifications. The IETF is not a traditional standards organisation, although many specifications are produced that become standards. The IETF is made up of volunteers who meet three times a year to fulfil the IETF mission.
ISO (the International Organisation for Standardisation) and IEC (the International Electrotechnical Commission) have established a joint technical committee, ISO/IECJTC1, on information technology which deals with standardisation in the field of information technology. The committee co-operates with the International Telecommunication Union's Telecommunication Standardisation Sector (ITU-T). Its subcommittees (SC) engage in activities relevant to electronic commerce, including open electronic data interchange (SC30), IT security techniques (SC27) and identification cards and related devices (SC17).
An Electronic Commerce Working Group has been established within ETSI's Information and Communications Technologies Standards Board (ICTSB) to examine the High Level Strategy Group (HLSG) requirements concerning electronic commerce, and prepare an evaluation for consideration by the Board. Its mandate includes developing a framework that defines the standardisation requirements and specifications related to electronic commerce, studying security of electronic payments and carrying out a feasibility study of "light" EDI. In addition, the topics of trusted third parties and conformity assessment procedures for electronic commerce have been identified as issues requiring monitoring.
The Agreement On Mutual Recognition Between the United States Of America and the European Community covers areas of relevance to electronic commerce, including telecommunication equipment and electromagnetic compatibility (EMC). NOTES
Heichler, Elizabeth (1997), "U.S. FCC's Hundt sees Obstacles to Internet Growth," Infoworld Electric , 27August.