Chapter Five

ACG 5458

The Regulatory

Environment

The Regulatory Environment

Primary International and Legal Issues– Cryptography Issues– Privacy Issues– Web Linking– Internet Sales Tax– Electronic Agreements and Digital Signatures– Spam Mail– Online Auctions and Content Filtering

Implications for the Accounting Profession

Cryptography

Cryptography is a mathematical encoding that transforms readable messages into unreadable formats (cyphertext).

Key length (size) determines the difficulty to crack the code.

Encryption is the coding

Decryption is the decoding

•40-Bit Key-3 hours to break code•56-Bit Key-22 hours to break code•64-Bit Key-30 days to break code•128-Bit Key-2,000 years to break code

Cryptography

Regulatory Issues: Domestic use, Importation and Exportation

rules– Rules differ by country– US is “looser” than China, Belarus, Kazakhstan and

Pakistan Use of encryption by criminals, terrorists, and

money launderers. Ability of law enforcement to obtain decrypted

forms of encrypted messages, either through a key recovery or a key escrow system.

Cryptography

Key escrow systems involves a central repository that contains all encryption keys.

Key recovery systems have some mechanism that will provide authorized law enforcement agencies the ability to recover and use the key (e.g., trusted third party).

Issues: How will sufficient controls be created and

maintained to protect citizens from law enforcement abuse of authority?

How is it possible to enforce internationally?– INTERPOL prefers a key recovery system.

Privacy of Private Citizens

Information Privacy: the right to have one’s personal or business data be kept confidential.

Privacy Groups: Center for Democracy and Technology Electronic Frontier Foundation Electronic Privacy Information Center Privacy International Privacy Rights Clearinghouse Online Privacy Alliance

0.62

0.97

0.76

0.94

Random Sample Most PopularSites

Post a PrivacyPolicy.

Links thePrivacy Policyfrom the HomePage

Figure 5-1: Percentage of US Sites That Post Privacy Policies and Link From Home Pages

Source: FTC, 2000

Privacy of Private Citizens

Federal Trade Commission (FTC) Five Core Principles of Privacy Protection:

Notice Choice Access Integrity and Security EnforcementRegulatory Issues: Self-regulation or government regulation?

– If government regulation, which one? Differences exist between countries, US “looser” than European Union

How do we protect children’s privacy?

Figure 5-2: Percentage of US Sites That Collect Personally Identifiable Information and Utilize the FTC Principles

55%

89%

50%

67%

43%

83%

55%

74%

20%

42%

0

0.1

0.20.3

0.4

0.5

0.60.7

0.8

0.9

Notice Choice Access Security All 4 tosomeextent

RandomSample

MostPopular

Source: FTC, 2000

Figure 5-3 Percentage of US Sites That Collect Personally Identifiable Information and Implement Choice Options

Random Sample(detail of the 50% who offer choice)

Opt-In25%

Opt-Out 71%

Unclear4%

Most Popular

Opt-Out 75%

Opt-In16%

Unclear9%

(detail of the 67% who offer choice)

Source: FTC, 2000

Privacy and Security

From the FTC’s 2000 study: Only 39% of the random sample (54% of the

most popular sites) take steps to provide security during transmission.

Only 29% of the random sample (48% of the most popular sites) take steps to provide security after receipt.

Only 8% of the random sample (45% of the most popular sites) display some sort of privacy seal from an independent third party.

Children’s Privacy Regulation

FTC’s 1998 study found that 89% of children’s sites were collecting private information on children:– Email and postal addresses

– Telephone numbers and Social security numbers

– Age, date of birth, and Gender

– Education

– Interests and Hobbies Enticements such as prizes, raffles or contests

are used often.

Adults’ Privacy Rights and the EU’s Directive

1998 European Union Privacy Directive states that personal data on the Internet must be:– Collected only for specified purpose– Processed fairly and lawfully– Kept accurate and current– Destroyed after stated purpose is fulfilled.

Users have the right to access their information for correction, erasure or blockage, choose to opt in or out, oppose automated decisions, and have judicial remedy and compensation.

EU Privacy Directive Affects US Companies doing Business with the EU EU citizens have greater privacy rights than US

citizens US and the EU developed a “safe harbor” for

US businesses in 2000:– Notice– Choice– Transfers to third parties– Access– Security– Data integrity– Enforcement

More on Privacy: Past and Current Events

Toysmart.com selling its customer list More.com passed customer’s

prescription information to HealthCentral Carnivore: FBI’s Internet sniffing code

– Argument with Earthlink.com exposed a high level of citizen monitoring.

Web-Linking

Legal problems occur when: Inappropriately referencing a linked site Not referencing the site from which you copied

information to your site Displaying another site’s information without

the original advertisements Unauthorized use of trademarks in metatags Unauthorized display of registered trademarks

Web-Linking and Defamation

Defamation occurs when an individual makes a false statement about another individual or business that is damaging to their reputation.

The issue: whose rights prevail? The right to free speech? The right to be safe from harassment?

It’s often not clear: Can opinions be separated from facts?

Web linking withoutProper Referencing

Linking using framing involves: Not carrying the original site’s

advertisements to the new site TotalNews case of copyright and

trademark infringement, unfair competition, and wrongful interference

Web linking using Metatags

Corporations attempt to increase the visits to their sites by putting well-recognized trademarks in the HTML metatags that are labeled as keywords for search engines

Trademarks include words, names, symbols, logos, and graphical designs

Federally registered trademarks bear an ®

Trademark Infringement

Trademark is displayed on the website without explicit permission granted by the owner of the trademark, and

Trademark display causes either– A likelihood of confusion

• Similarity to something else, malicious intent, actual evidence of confusion

– Or tarnishes the value of the trademark• Association with inferior quality, alteration of

the trademark, or representing the trademark in an attack.

Linking to Illegal Files

Downloading of copyrighted materials, such as music, increases your risks of litigation:– Napster cases– MP3.com cases

Domain Name Disputes Top level domains (e.g., .com, .org)

– Internet Corporation for Assigned Names and Numbers (ICANN) – nonprofit organization

• Many domain name registrants, such as Network Solutions, Inc.

1999 Anticybersquatting Consumer Protection Act – Does not allow domain names to be held hostage or

used if they are established trademarks.– Does not allow similar or identical trademarks to

share a domain name.– Changed the domain name assignment from “first

come, first served” to “who utilized the name for business purposes first”

Internet Sales Taxes

It is an interstate taxation problem: which jurisdiction applies? There are over 30,000 tax jurisdictions in the US alone.

2001(1998) Internet Tax Freedom Act– No state/local sales taxes on Internet services

provision or use.– Does not apply if the buyer and seller are in

the same state and the seller has a corporate presence (if no corporate presence, then a use tax applies).

– A future federal sales tax may be the only solution in the future to this problem.

International Tax Issues

Different countries have different opinions and tax systems:

European Union prefers a value-added tax, but still has to resolve different rates in different countries within the EU.

China prefers sales taxes on Internet transactions.Corporate presence: Differing definitions between countries. Global infrastructures: what if company building is in

one country, and web server is in another? Organization for Economic Cooperation and

Development (OECD) is working on a global definition of physical presence

Electronic Agreements and Digital Signatures

American Bar Association (ABA) details important aspects of digital signatures:

Signature and document authentication Affirmative act Efficiency

2000 Electronic Signatures Act (E-Sign) Allows but does not require electronic signatures for

contracts for international and interstate contracts Electronic record should accurately reflect the written

document information and stay accessible to all parties. Wills, trusts, family matters such as divorce, transportation

of hazardous materials, recalls of products, cancellation of insurance do not apply.

1999 Uniform Electronic Transactions Act (UETA)

National Conference of Commissioners on Uniform State Laws (NCCUSL)

22 states have adopted this attempt at a common standard, similar to E-Sign

Provides standards for electronic contract acceptance, accuracy and integrity, enforcement, and electronic agents.

1999 Uniform Computer Information Transactions Act (UCITA)

National Conference of Commissioners on Uniform State Laws (NCCUSL)

2 states have adopted this attempt at a common business transactions standard

Clarifies the UCC law in terms of computer information transactions

Makes the law uniform among various jurisdictions

International Digital Signature Environment

Many countries have passed digital signature laws:

Argentina, Australia, Austria, Canada, Columbia, Estonia, European Union, Finland, Germany, Hong Kong, Ireland, Japan, Malaysia, Philippines, Singapore, Switzerland

Many more are currently in process.

SPAM e-mails

Spam mail is the mass sending of unsolicited e-mail advertisements.

E-mail addresses may be purchased lists or may be retrieved from intelligent agents.

Cost of sending SPAM is very low Costs to recipients is high on network

loads

Online Auctions and Content Filtering

What does an e-marketplace do when found to be supporting “unethical” transactions?

Filter (censor) incoming packets Filter (censor) outgoing packets depending on the

recipient (IP information such as country code)Who should determine the limits? Web site owners? Web site users? Government regulation?

Implications for the Accounting Profession

Expansion of legal skill sets, resources and services are warranted from:

Increased liability exposures– Taxation, privacy, intellectual property,

cryptography, digital signatures, acceptable business practices

New liability exposures More complex risk assessments Changing legal and regulatory environmentsIncreased opportunities for new services: Consulting in system design Certificate authority role in society