Session 3: TRANSACTIONS
Teaching Fellows: Raheemah Abdulaleem, Len Kardon
Guest Panelists:
Stephen Y. Chow, Esq.
Commissioner, National Conference of Commissioners on Uniform State Laws
Perkins, Smith & Cohen, LLP
Boston, MA
www.pscboston.com/attorneys/chow_s.html
Jorge Contreras, Esq.
Senior Partner, Vice Chairman Internet Practice
Group
Hale & Dorr LLP
Boston, MA
www.haledorr.com/attorney/bio.asp?ID=C382000149
Linda Hamel, Esq.
General Counsel, Information Technology Division
Commonwealth of Massachusetts
www.state.ma.us/itd/
TRANSACTIONS - TABLE OF CONTENTS
I. Introduction
II. Digital Signatures
III. Clickwraps
IV. Terms of Service
V. Payment Technology
VI. Taxation
This segment of
the class will cover transactions in the broad sense of the term, generally
referring to all interactions between the website owner and the website users.
We will first discuss the rapidly evolving concept of digital signatures. Then
we discuss the terms of service or "clickwrap" user agreement, which
governs the users use of the website. We then move on to an overview of the
major online payment systems. Finally, we briefly discuss legal issues related
to the sale of goods online.
One of the first elements addressed in e-commerce transactions is how to guarantee that a valid contract has been entered between the parties. Assessing the validity of contracts is complicated in the Internet environment because the contracts are paperless. Digital signatures are therefore essential in helping to promote e-commerce because they ensure that all parties have entered in a binding contractual agreement.
Going Digital 2000-
"the use of digital signature technology clearly establishes the necessary
evidence for the integrity of the electronic contract. If any part[y] changes
any aspect of a digitally signed document then the digital signature verification
process will identify that the document has either been changed since it was
signed or that it was not signed by the party who is attributed as being the
signatory" (Fitzgerald).
A. OVERVIEW
The issue of digital signatures is an essential consideration for an online enterprise because it allows for both consumers and businesses to enter binding agreements over the Internet (Website) (Tutorial1). How one identifies oneself over the Internet is of critical concern because an online enterprise needs to ensure the authenticity, integrity and confidentiality of the signature of signers who use the online enterprise. Assessing the validity of contracts or agreements entered online is complicated due to the paperless nature of the transaction so it is essential that there are standards developed to ensure the security and reliability of digital signatures.
How does a digital signature work?
The Electronic Signatures in Global and National Commerce Act broadly defines an electronic signature as "an electronic sound, symbol, or process, attached to or logically associated with a contract or record and executed or adopted by a person with the intent to sign the record" (Act). Under this law an electronic signature would have the same force of law as its handwritten equivalent. Digital signatures, in contrast, are narrowly defined to only include those types of signatures that involve encryption or cryptography. Unlike a traditional signature a digital signature would not involve the fixing of someone's name in ink on a piece of paper. Typically, digital signatures would involve the use of encryption technology.
One type of encryption technology that could be used for digital signatures is asymmetric public key and private key encryption. This type of "double key" encryption entails the following steps:
Step One - The signer who seeks to enter an agreement with an online enterprise will affix his or her "private key" to a particular document. The private key can be stored on the user's computer and accessed by password. The "signature" produced by this private key is a number that has been generated by numerical algorithms.
Step Two - The signer will also have a "public key" which is widely available to anyone who wants to authenticate the documents that have been signed by the signer. The public key is then used to verify that the private key belongs to the same person. It may also be used to verify that the message received is exactly the same as the message that was sent. Throughout this identification process the actual identity of the signer is not revealed, the only concern is that the public and private key correspond.
Step Three - To ensure the accuracy of the public and private keys, a certification authority may be used. The role of the certification authority is to authenticate the keys. The certification authority issues a certificate that guarantees that the holder of the public key is the same person who holds the private key. The certificate is digitally signed and date stamped by the certification authority to ensure its enforceability (Website) (Tutorial2). Certificates may be issued at different levels of authentication. They may be issued with no effort to establish whether the key holder is indeed the person that the keyholder claims to be, or keys may be issued at a level where extensive background identification is required in which case the identity of the keyholder is also being certified.
See the memo on Encryption for more information.
Although the use
of public and private key encryption is one of the more commonly discussed types
of digital signatures there are other methods of signatures that could be used.
These other types are often distinguished by referring to them as electronic
signatures as opposed to digital signatures. These signatures do not involve
the use of public and private key encryption. Some examples of electronic signatures
are, 1) a smart card that is swiped through the user's computer (the smart card
contains verifiable information about the user), 2) passwords, 3) emailed pictures
of handwritten signatures and 4) signatures on digital pads using biometric
technology (Website)
(Jacobus). The use of these technologies would also be
useful for an online enterprise because it helps to ensure the integrity of
the transaction. The specific technology chosen may often depend on the specific
legislation that has been passed in the state selected in the choice of law
provision. This is because many of these statutes limit their applicability
to certain types of digital signature technology.
B. WHAT ARE THE TECHNICAL/LEGAL LIMITATIONS OF DIGITAL SIGNATURES?
There are both technical and legal limitations regarding the use of digital signatures. Some of the technical limitations involve ensuring that the encryption technology used is safe from hackers and forgery. Public keys may not be posted in a convenient central location, but be scattered among different certificate authorities. Certificate authorities may not be licensed or otherwise regulated for consumer protection. Also, moving to a system of digital signatures may require both time and resources on the part of both the signer and the recipient. In many instances the signer would be a consumer who would need to invest in some encryption software and enter an agreement with a certification authority. If the costs of these services are too expensive then the widespread adoption of digital signatures that involve encryption technology may be slower then the use of other types of electronic signatures that involve smart cards or passwords.
The year 2000
served as a milestone in eliminating many of the legal limitations of digital
signatures. With the passage of the Electronic Signatures in Global and National
Commerce Act on June 30, 2000, the legal status of electronic signatures was
recognized as binding under US law (Website)
(E-Sign). Although the importance of the federal law cannot
be understated it is also important to recognize the different laws that have
been passed by state legislatures that involve electronic signatures. Addressing
the differences present is state laws is important because many states impose
different requirements on the applicability of electronic signatures.
C. CURRENT STATUS OF THE LAW REGARDING DIGITAL SIGNATURES
Uniform Electronic Transactions Act (UETA)
The National Conference of Commissioners on Uniform State Laws ("NCCUSL") adopted the Uniform Electronic Transactions Act ("UETA") in 1999. NCCUSL adopted UETA and recommended it to states for adoption in order to establish uniformity in the law regarding transactions in e-commerce. Under UETA an electronic signature is defined as "an electronic, sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record." As of April 6, 2001 UETA has been adopted by 28 states and bills have been introduced in 15 states to adopt UETA. (Website) (UETA).
Many states have modified their existing digital signature laws and replaced them with UETA provisions. Illinois has introduced a bill that inserts UETA provisions into their existing Electronic Security Act. Missouri has similarly introduced a bill to repeal the Missouri Digital Signatures Act and replace it with UETA provisions. According to NCCUSL, "the objective of UETA is to make sure that transactions in the electronic marketplace are as enforceable as transactions memorialized on paper and manual signatures, but without changing the substantive rules of law that apply . . . UETA is procedural, not substantive. It does not require anybody to use electronic transactions or to rely upon electronic records and signatures." (Website) (NCCUSL).
An important aspect of UETA is that it is voluntary. According to NCCUSL,
UETA applies only to transactions in which each party has agreed by some means to conduct them by electronically. Agreement is essential. Nobody is forced to conduct to electronic transactions. Parties to electronic transactions come under UETA, but they may also opt out. They may vary, waive or disclaim most of the provisions of UETA by agreement. . . The rules in UETA are almost all default rules that apply only in the event the terms of an agreement do not govern. (Website) (NCCUSL).
The NCUSSL also
emphasizes the fact that UETA should not be considered a digital signature statute
because digital signature legislation only refers to one particular type of
encryption technology and UETA allows for various types of electronic security
technology outside of encryption.
United States Federal Law
In June of 2000 President Clinton signed the Electronic Signatures in Global and National Commerce Act ("Electronic Signatures Act") into law (Website) (E-Sign). The Electronic Signatures Act became effective October 1, 2000 and was meant to provide a framework for the acceptance of electronic signatures in a range of transactions where a signature is required by law.
The Electronic Signatures Act defines electronic signatures broadly to include not only digital signatures but also other types of electronic signatures which are "adopted by a person with the intent to sign the record" [Electronic Signatures Act § 106(5)]. The Electronic Signatures Act does not apply to all contracts, "contracts for the sale of goods would be governed by [the Act], but other UCC contracts and documents would not be" (Website) (Inman1). Commentators have stated that the intent behind the Electronic Signatures Act was,
to provide a national standard for electronic commerce until all states have adopted UETA. The lack of state uniformity in the area of state laws governing electronic signatures and records prompted the Act. Thus, in order to clarify the role that electronic signatures and records are to play in e-commerce, E-Sign also contains important provisions designed to preempt state laws which create barriers to e-commerce or which are inconsistent with E-Sign (Website) (Inman2)
An important issue with regard to the Electronic Signatures Act is the fact that the Act is designed to preempt state laws that are inconsistent with the Act's provisions. Most importantly, this refers to those state laws that only give legal effect to a narrower range of electronic signatures than those proscribed under the Act. Section 102(a) of the Electronic Signatures Act provides the instances in which a State statute can modify, limit or supersede the Act (Website) (E-Sign).
(a) IN GENERAL- A State statute, regulation, or other rule of law may modify, limit, or supersede the provisions of section 101 with respect to State law only if such statute, regulation, or rule of law--(1) constitutes an enactment or adoption of the Uniform Electronic Transactions Act as approved and recommended for enactment in all the States by the National Conference of Commissioners on Uniform State Laws in 1999, except that any exception to the scope of such Act enacted by a State under section 3(b)(4) of such Act shall be preempted to the extent such exception is inconsistent with this title or title II, or would not be permitted under paragraph (2)(A)(ii) of this subsection; or
(2)(A) specifies the alternative procedures or requirements for the use or acceptance (or both) of electronic records or electronic signatures to establish the legal effect, validity, or enforceability of contracts or other records, if--
(i) such alternative procedures or requirements are consistent with this title and title II; and
(ii) such alternative procedures or requirements do not require, or accord greater legal status or effect to, the implementation or application of a specific technology or technical specification for performing the functions of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures ; and
(B) if enacted or adopted after the date of the enactment of this Act, makes specific reference to this Act.
In order to avoid preemption, the above-mentioned provisions of the Electronic Signatures Act need to be considered by any state before enacting electronic signature legislation.
Utah
Utah was the first state to enact legislation concerning electronic signatures. The statute enacted by Utah in 1995 is entitled the Utah Digital Signature Act (Website) (§ 46-1-6). The purpose was to provide uniform standards for the acceptance of digital signatures in order to facilitate e-commerce (Website) (§ 46-3-102). The Utah Act was seen as essential in helping to reduce fraud and forged digital signatures. During the 2000 General Session, the Utah Legislature adopted the Uniform Electronic Transactions Act.(Website) (§ 46-4-101).
California
California originally passed digital signature legislation in 1995 (Website) (§ 16.5). The California legislation granted digital signatures the same legal effect as written signatures as long as the digital signature: "(1) is unique to the person using it, (2) is capable of verification, (3) is under the sole control of the person using it, (4) is linked to data in such a manner that if the data were changed the digital signature is invalidated and (5) it conforms to regulations adopted by the Secretary of State."
The legislature
passed the digital signature regulation in 1995 and required the promulgation
of regulations in order to facilitate e-commerce and communication with public
entities. The California Digital Signature Regulations were approved in June
of 1998 and they provide guidelines for digital signatures that define the coverage
of the law, the acceptable technologies for digital signatures, and the process
for adding new technologies to the acceptable technologies (Website)
(CA Regs). In January of 2001, California Senate Bill 97 was
introduced to repeal Division 3, Part 2, Title 2.5 of the Civil Code on electronic
transactions and replace it with a version that conformed to the Uniform Electronic
Transactions Act.
D. ARE DIGITAL SIGNATURES NEEDED?
Digital signatures are essential to protect the authenticity, integrity and privacy of online transactions. Online enterprises need to ensure that they receive accurate and verifiable information regarding the person who attempts to use their services. One of the largest problems for online enterprises is fraud. (Website) (Ecommerce) and (Website) (Ackman). Various studies have shown that in the year 1999 Internet businesses estimated loses at over $230 million due to credit card fraud (Website) (Terrence). By utilizing some type of digital signature technology these enterprises can seek to protect their services or goods from being fraudulently acquired. Although it is debatable whether asymmetric cryptography is the best or most feasible way to achieve this security, online enterprises need to investigate and invest in some form of digital or electronic signature technology in order to protect themselves. Digital signature technology also protects the consumer because it provides them with heightened security so that their information is protected by a private key (or some other technology) that is only known to the signer thereby preventing consumers from being victims of identity theft.
A. OVERVIEW
An e-commerce site, and probably any website, should contain some form of user agreement or a listing of the terms and conditions of use of the website (commonly called terms of service or TOS). The TOS grants the user a license to use the website under the terms specified or simply states that by using the website, the user is agreeing to be bound by the provisions of the TOS. Just as in a bricks-and-mortar store, there are many reasons why an online proprietor may wish to establish rules of behavior such as prohibiting the further reproduction of proprietary data or banning abusive language in a chat room.
Terms of Use agreements
are generally established through the use of clickwraps. These agreements have
their origins in software license agreements, which traditionally were contained
with the software inside a box shrink-wrapped with clear cellophane. In the
U.S., these agreements have been found to be enforceable in ProCD v. Zeidenberg
and other cases (Website)
(ProCD). On the Internet, the same type of agreement is
shown to the web user who then must click an "agree" or "I accept"
button to access to website. Thus, these agreements are called "click-through"
or "web-wrap" or, most commonly, "clickwrap."
B. ENFORCEABILITY
In the landmark ProCD case, the Seventh Circuit Court of Appeals held that the defendant was bound by the terms of the shrink-wrapped license prohibiting commercial use of the software. The license was only inside the box but there was a notice on outside referring to the license. The Court held that by using the software after opening the shrink wrap, the defendant had manifested assent to the contract as is required under the Uniform Commercial Code.
This precedent has been extended to the Internet and clickwraps in a series of cases. In Hotmail Corporation v. Van Money Pie, Inc. (Website) (Hotmail) the court upheld the validity of a clickwrap agreement that prohibited the use of Hotmail e-mail accounts for transmitting unsolicited mass e-mail. In Groff v. America Online, Inc. (AOL) (Website) (Groff) the court upheld a forum selection clause contained within AOL's clickwrap user agreement. See also Caspi v. The Microsoft Network (Website) (Caspi) (upholding forum selection clause in Microsoft Network subscriber agreement which the user was required to click "I agree" next to the scrollable window containing the agreement.)
Although clickwraps can be enforceable, courts may require that users be given adequate notice of what the terms and conditions of use are and that they clearly manifest their assent. See for example, Ticketmaster v. Tickets.com (Website) (Ticketmaster) (holding that there was no breach of contract by Tickets.com because there was no evidence that users were bound by the clickwrap which was buried in Ticketmaster's website). But see, Register.com, Inc. v. Verio, Inc. (Website) (Register) (holding that Register.com's Terms of Use created a binding contract with Verio notwithstanding the fact that the user was not asked to click on an icon agreeing to the terms). It is interesting to note that many major websites (Yahoo, Lycos, Amazon) allow nonregistered users access without requiring a click-through, but do require one (although Amazon does not) for the user to register and have access to full services such as e-mail or message posting.
A recent case to discuss the enforceability of clickwrap agreements was Williams v. America Online, Inc, (Website) (Williams), decided by a Massachusetts Superior Court in 2001. The plaintiffs claimed that AOL version 5.0 caused unauthorized changes to their computers. The defendants brought a Motion to Dismiss since the forum selection clause in the Terms of Service agreement stated that Virginia was the forum selected for all AOL consumer suits. The court denied AOL's Motion to Dismiss based on two factors. First, the plaintiffs were only presented with the terms of service after AOL version 5.0 was installed on their computers. Even if the plaintiffs attempted to uninstall the program and decline the terms of service their computers were already reconfigured. Second, the court held that it was against Massachusetts public policy to force consumers whose individual claims were only a few hundred dollars to pursue litigation against AOL in Virginia.
There are at least three main ways to display such agreements when a user is first registering to use a site or download software or submit an order. The agreement can be displayed on a screen with the "I accept" button appearing at the bottom, requiring the user to scroll down the webpage to get to the button. This is not considered user friendly as a new web user or an inpatient one may not realize they can only continue by scrolling down to the bottom. The agreement can be placed in a scrollable window within the webpage screen with the "I accept" button to the side or below that window. This appears to be the setup in the Microsoft Network case referenced above, but does leave some question about the user's manifestation of assent. It easy to skip reading the agreement and just click the "I accept" button and the user could argue that the part of the agreement not scrolled through was not agreed to. Finally, the "I agree" button could be located at the bottom of the agreement within the scrollable window, or preferably, could be outside the window but would only be activated once the user as scrolled through the full agreement. This would seem to result in the clearest manifestation of assent, although clear directions to the user in all three setups may be enough to demonstrate assent. Under UCITA, which is discussed below, a safe harbor of sorts is created for agreements that require the user to click twice that she is agreeing.
Although assent is the biggest issue in putting these agreements on the Internet, it is important to note that the provisions in the Clickwrap Agreement still must conform to traditional contract law. As stated by the ProCD Court, "shrink-wrap licenses are enforceable unless their terms are objectionable on grounds applicable to contracts in general."
As discussed in a recent Wired article, clauses that overreach beyond what is considered reasonable by courts for these type of "take it or leave it" contracts will probably not be enforced (Website) (Manjoo). Anything that would be unconscionable in a shrink wrap agreement could also be unconscionable in a clickwrap, although the context could make a difference and courts have not yet addressed such a situation. For example, in Tony Brower v. Gateway 2000, Inc., (Website) (Brower), the court allowed ProCD but found that a clause requiring that disputes be arbitrated under the rules of the International Chamber of Commerce were unconscionable ($4000 filing fee of which $2000 is nonrefundable even if consumer wins) and therefore unenforceable. See also Williams v. American Online, Inc., above.
Keys for structuring clickwrap agreements:
C.
UNIFORM COMPUTER TRANSACTIONS ACT (UCITA) PROVISIONS
Clickwraps are also affected by the passage in the states of Virginia and Maryland of the Uniform Computer Information Transactions Act (Website) (UCITA). This law was proposed in 1999 by the National Conference of Commissioners on Uniform State Laws, a panel of expert lawyers and law professors (Website) (NCCUSL2). See also the UCITA news site. (Website) (UCITA news). UCITA is a model uniform law that applies to "computer information transactions." Therefore "if a transaction includes computer information and goods, this [Act] applies to the part of the transaction involving computer information, informational rights in it and creation or modification of it." [Uniform Computer Information Transactions Act § 103 (1999)] The Official Comment to UCITA § 112 provides examples of clickwrap agreements as evidence of "manifestation of assent" to the terms of a contract. It also states that retention of the information by the website user is not by itself sufficient to establish "manifestation of assent." This may go beyond what is required under the current caselaw of some states.
In addition to passage in Maryland and Virginia. UCITA has been introduced in Arizona, District of Columbia, Illinois, Maine, New Hampshire, New Jersey, Oregon and Texas. Maryland adopted an amendment to its UCITA provisions, exempting open source software which does not charge license fees from the implied warranty of merchantability. Enactment of UCITA may be limited as it has come under strong criticism from various consumer groups due to the fact that it appears to have a strong bias toward licensors.
Opponents of UCITA argue that the provisions contained in UCITA provide little protection for consumers who receive defective computer software. Allowing software vendors to disclaim all liability for damages caused by the software this leaves consumers with little recourse when they receive poor software products. (Website) (Simons).
Proponents of UCITA argue that it provides a new common body of law to govern computer information transactions. Prior to the development of UCITA there was no uniform body of law to address transactions in software, instead courts had to rely on the Uniform Commercial Code provisions that governed transactions in goods. In addition, proponents argue that UCITA provides clear support for the enforceability of shrink-wrap and click-wrap agreements. Proponents argue that before UCITA it was unclear as to what standard shrink-wrap and click-wrap agreements had to meet in order to be enforceable. (Website) (SIIA).
For a more detailed
review of Clickwraps, please see the following articles:
Kimberly M. Inman, Clickwraps And Electronic Signatures:
Creating An Enforceable Web Site Contract, (Website)
(Inman)
Jorge
Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap
Agreements, (Website)
(Contreras2)
D. INTERNATIONAL ENFORCEMENT
In the EU and other nations where traditional shrink-wrap agreements are likely to be enforced, click-wrap agreements should also be enforced. Although only China appears to refuse to enforce click-wrap agreements outright, other countries may also make enforcement difficult due to a combination of factors, including local language requirements and variations in consumer protection laws. For more information, see the discussion in Jorge Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap Agreements, (Website) (Contreras1).
Since clickwraps
will likely be enforced, it is important that the website owner take some time
to specify the terms of service of the website. Like software licenses and terms
and conditions on tickets, general contract law governs these provisions and
different practitioners have different preferences on how legalistic the terms
need to be.
A. SAMPLE TERMS OF SERVICE
See Elements That Are Generally Included in Terms of Service Agreements for more information.
B. CUSTOMER SERVICE CONSIDERATIONS
In addition to issues of enforceability, practitioners should be aware of customer service issues when drafting a TOS. The Wired article discussed above was written after customer outrage forced Microsoft to change a clause in the TOS for its Passport site which granted the company ownership to users' personal data.
Consumer protection laws in each state and regulation by the Federal Trade Commission may also come into play, particular for sites selling merchandise. Internet sellers are bound by the FTC's Mail or Telephone Order Merchandise Rule - see A Business Guide to the Federal Trade Commission's Mail or Telephone Order Merchandise Rule, (Website) (FTC). The FTC brought civil penalty actions against e-tailers for allegedly violating the rule during the 1999 holiday season, and the companies paid more than $1.5 million in total penalties. See TooLate.Com: The Lowdown on Late Internet Shipments (Website) (FTC Release).
Some websites may wish to participate in the Better Business Bureau's BBBOnLine Reliability Program [http://www.bbbonline.org/businesses/reliability/index/html] or at least follow program's guidelines (Website) (BBB). See Ethical Principles for more information.
A. AVAILABLE SYSTEMS
The vast majority of e-commerce payments are done by credit card. There are two general types of payment systems available. For an e-commerce site of any significant size, the Operator will need to open Merchant Account and choose an online payment processing service such as CyberCash (Website). For a smaller site, a third-party system such as PayPal (Website) or MoneyZap (Website) may be more cost effective. The third party collects the funds for the website operator using its own merchant account and then deposits the funds into the website operator's account.
It will cost $400-600 to open a merchant account plus yearly account maintenance fees. Because of pervasive fraud, new websites may not even be able to obtain a merchant account. The online processing service will also charge fees for each transaction as will the financial institution that manages the merchant account. The website will need off-the-shelf or customized software which can interact with the online processing service. This will allow the website to know within seconds whether the charge has been approved. The website will also need to have a secure server for transaction processing, or it can lease server space from a service provider such as Itransact.com.
Third-party systems can have little or no upfront account opening fee and can be setup with just a few lines of HTML code. While some may offer an instant approval or rejection response, others will only send the website an e-mail with the transaction details. To use one of these services, the website operator will have to sign a nonnegotiable user agreement or terms of service. The agreement is of course unfavorable to the website operator, but like the website users themselves, there is no choice but to accept the nonnegotiable terms.
American Express has also introduced a new type of payment technology in its one-time-use credit card numbers. This new option would allow American Express cardholders to enroll in its Private Payments program. This new program allows AmEx cardholders to use their Private Payments number (instead of their actual AmEx card number) whenever they enter an online transaction. This Private Payment number could be used at any site that accepts AmEx because the Private Payment number is linked to the card holder's actual AmEx account (Website) (AmEx). For an overview of different payment technology systems like digital cash, anonymous credit cards and electronic checks visit (Website) (Robotics).
Micropayments offer an additional form of payment technology for those transactions that are for small amounts. Qpass Inc, an online payment firm has teamed up with Trivnet, Inc. to develop a micropayment system where users can purchase goods from a Qpass merchant partner and have that transaction appear on the users Internet service bill or telephone bill (Website) (Collett). These different forms of payment technology offer consumers increased privacy and security in their e-commerce transactions.
B. FRAUD CONCERNS
Internet Credit Card fraud is an increasing concern. Meridien Research estimates online credit card fraud costs 24 million dollars per day in bogus charges. For information on fraud prevention, please go to the Worldwide E-Commerce Fraud Prevention Network (Website), a website developed by Amazon.com, American Express, buy.com and others to help e-commerce merchants protect themselves from e-commerce fraud. As discussed above, digital signatures may be one answer to the fraud problem.
See Payment System Reference Materials for more information.
In Quill Corp. v. North Dakota, (Website) (Quill), the Supreme Court affirmed that a physical presence in a state was required for a corporation to have a "substantial nexus" to the state. Under the Courts dormant commerce clause cases, states cannot require out of state corporations to collect sales taxes for them unless they have a substantial nexus to the state. Thus remote sellers, such as an Internet retailer, are not required to collect sales and use taxes for sales made to purchasers located in states where the seller does not have a physical presence.
Supporters of an Internet sales tax argue that the current system discriminates against bricks and mortar retailers who must collect taxes in most states. They argue that it will drain vital revenue from state and local governments as more commerce shifts to the internet. See, e.g. E-fairness.org (Website) (E-fairness). Opponents either oppose taxes in general, or argue that applying taxes to the Internet will stifle ecommerce. Some point out that Internet business do not use the same level of local government services as local retailers. Critics also note that state and local tax systems are so complex that national collection is next to impossible. As a response, 31 states are working together on sales tax simplification.
Detailed summaries
of state activity in the area of Internet taxation is available at:
(Website)
(Cybertax). In April 2000, the Advisory Commission on
Electronic Commerce issued its report to Congress. (Website)
(Commission) The required 2/3 majority was not able
to agree on an answer to the Internet sales tax issue. For an overview of the
internet tax debate, see Patrick Thibodeau, (Website)
(Thibodeau).
Edited by Anne Fitzgerald [et al], Going Digital 2000: Legal issues for e-commerce, software and the Internet, St. Leonards, Australia: Prospect Media, 2000, p. 200 [Back to text]
Digital
Signature Tutorial, available at <http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html>
[Back to text 1][Back to
text 2]
Electronic
Signatures in Global and National Commerce Act, Pub. L. No. 106-229, §
106, 114 Stat. 464 (2000) [Back to text]
Jacobus,
Patricia, "Digital Signatures prepare to wipe away ink," CNET News.com,
available at <http://news.cnet.com/news/0-1005-200-2894498.html>
[Back to text]
Electronic
Signatures in Global and National Commerce Act, available at <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106>
[Back to text]
http://www.uetaonline.com
for more information about UETA [Back to text]
http://www.nccusl.org/uniformact_summaries/uniformacts-s-ueta.htm
[Back to text]
Electronic
Signatures in Global and National Commerce Act, 2000 Senate Bill 761 reconciliation
of H.B. 1714 and S.761) available at <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106>
[Back to text]
Inman,
Kimberly, "Clickwraps and Electronic Signatures: Creating an Enforceable
Web Site Contract," available at <http://www.husch.com/showpage.phtml?name=corpjul1>
[Back to text 1][Back to text
2]
Electronic Signatures in Global and National Commerce Act, 2000 Senate Bill 761 reconciliation of H.B. 1714 and S.761) available at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106 [Back to text]
Utah
Digital Signature Act, Utah Code Ann. § 46-1-6 et seq, at <http://www.le.state.ut.us/~code/TITLE46/46_03.htm>
[Back to text]
Utah Digital Signature
Act, Purposes and construction, Utah Code Ann. § 46-3-102, at <http://www.jmls.edu/cyber/statutes/udsa-1.html>
[Back to text]
Uniform Electronic Transactions Act, Utah Code Ann. § 46-4-101 (2000), at <http://www.archives.state.ut.us/recmanag/46-4-101.htm> [Back to text]
Use of digital signature, Cal Gov Code § 16.5, at <http://www.ss.ca.gov/digsig/code165.htm> [Back to text]
California Digital Signature Regulations, Final Text Approved By Office of Administrative Law on June 12, 1998, at <http://www.ss.ca.gov/digsig/regulations.htm> [Back to text]
See Ecommerce-guide.com, "Eliminating Some Credit Card Risk for E-Business," available at http://ecommerce.Internet.com/solutions/ec101/ [Back to text]
See
Dan Ackman, Forbes.com, "Equifax, eHNC Join Forces to Fight Online Fraud,"
available at http://www.forbes.com/2000/06/21/mu6.html [Back
to text]
See Terrence, Verifyfraud.com, "Internet Merchants Bear Higher Cost of Credit Card Fraud," available at http://www.verifyfraud.com/merchantsite/highercost.asp (visited March 14, 2001) [Back to text]
ProCD
v. Zeidenberg 86 F.3d 1447 (7th Cir. 1996) available at http://www.law.emory.edu/7circuit/june96/96-1139.html
[Back to text]
Hotmail
Corporation v. Van Money Pie, Inc., 47 U.S.P.Q.2d 1020 (N.D.Cal. 1998) available
at http://cyber.law.harvard.edu/h2o/property/alternatives/hotmail.html [Back
to text]
Groff
v. America Online, Inc. (AOL) 1998 WL 307001 (R.I. Super. May 27, 1998) available
at http://legal.web.aol.com/decisions/dlother/groff.html [Back
to text]
See
also Caspi v. The Microsoft Network 743 A.2d 851 (N.J. 1999) available at
http://legal.web.aol.com/decisions/dlother/caspi.html [Back
to text]
See
for example, Ticketmaster v. Tickets.com, 54 U.S.P.Q.2d 1344, (C.D.Cal. 2000)
available at http://www.gigalaw.com/library/ticketmaster-tickets-2000-08-10-p1.html
(holding that there was no breach of contract by Tickets.com because there was
no evidence that users were bound by the clickwrap which was buried in Ticketmaster's
website). [Back to text] But
see, Register.com, Inc. v. Verio, Inc., 126 F.Supp.2d 238, (S.D.N.Y. 2000) available
at http://pub.bna.com/eclr/00cv5747.htm (holding that Register.com's Terms
of Use created a binding contract with Verio notwithstanding the fact that the
user was not asked to click on an icon agreeing to the terms). [Back
to text]
Williams
v. America Online, Inc, 2001 WL 135825 (Mass. Dist. Ct.. 2001) available
at http://www.socialaw.com/superior/000962.html [Back
to text]
Farhad
Manjoo, Fine Print Not Necessarily in Ink, WIRED, Apr. 6, 2001, available
at http://www.wired.com/news/business/0,1367,42858,00.html [Back
to text]
Tony
Brower v. Gateway 2000, Inc., 246 A.D.2d 246, (N.Y.App. Div. 1998) available
at http://www.law.seattleu.edu/chonm/cases/brower.html [Back
to text]
See
also Williams v. America Online, Inc., 2001 WL 135825 (Mass. Dist. Ct.. 2001)
(Holding it would violate Massachusetts public policy to require Massachusetts
consumers with small individual damages (few hundred dollars) to litigate in
Virginia.) [Back to text]
Uniform
Computer Information Transactions Act (UCITA) at <http://www.law.upenn.edu/bll/ulc/ucita/ucita1200.htm>
[Back to text]
National
Conference of Commissioners on Uniform State Laws at <http://www.nccusl.org/>
[Back to text]
See
also the UCITA news site. at <http://www.ucitanews.com/> [Back
to text]
Barbara
Simons, Shrink-Wrapping Our Rights, Inside Risks 122 CACM 43, 8 August 2000,
available at http://www.acm.org/usacm/copyright/ucita.cacm.htm [Back
to text]
Software
& Information Industry Association, Summary of Benefits - Uniform Computer
Information Transactions Act, May 11, 2000 available at http://www.siia.net/sharedcontent/govt/issues/ucita/summary.html
[Back to text]
Jorge
Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap
Agreements, available at http://www.haledorr.com/practices/prac_pubsdetail.asp?ID=1322111092000&areaID=17&TypeID=1
[Back to text1]
Yahoo at <http://docs.yahoo.com/info/terms> [Back
to text]
Lycos
at <http://www.lycos.com/lycosinc/legal.html> [Back
to text]
Student
Advantage at <http://studentadvantage.com/terms> [Back
to text]
Federal
Trade Commission's Mail or Telephone Order Merchandise Rule, at <http://www.ftc.gov/bcp/conline/pubs/buspubs/mailordr/index.htm>
[Back to text]
TooLate.Com:
The Lowdown on Late Internet Shipments, FTC Release, available at http://www.ftc.gov/bcp/conline/features/toolate.htm
[Back to text]
BBBOnLine
Reliability Program at <http://www.bbbonline.org/businesses/reliability/index/html>
[Back to text]
BBB
has published ethical guidelines at <http://www.bbbonline.org/code/code.asp>
[Back to text]
Clickwraps
And Electronic Signatures: Creating An Enforceable Web Site Contract, available
at http://www.husch.com/showpage.phtml?name=corpjul1 [Back
to text]
Jorge
Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap
Agreements, available at http://www.haledorr.com/practices/prac_pubsdetail.asp?ID=1322111092000&areaID=17&TypeID=1
[Back to text2]
See http://www26.americanexpress.com/privatepayments/info_page.jsp
[Back to text]
For
an overview of different payment technology systems like digital cash, anonymous
credit cards and electronic checks visit <http://robotics.stanford.edu/users/ketchpel/ecash.html>
[Back to text]
Collett,
Stacey, New Online Payment Options Emerging, available at http://www.cnn.com/2000/TECH/computing/02/03/pay.online.options.idg/
[Back to text]
For more information
on payment systems:
Good reference cite (Hal Varian, leading Internet economist)
at
http://www.sims.berkeley.edu/resources/infoecon/Commerce.html#cash [Back
to text]
http://www.transaction.net/payment/index.html (summarizes
categories) [Back to text]
http://ecommerce.internet.com/resources/library/paysolutions/
(vendor products) [Back to text]
http://www.w3.org/ECommerce/roadmap.html (older article,
but authoritative) [Back to text]
Quill
Corp. v. North Dakota, 504 U.S. 298 (1992) available at http://supct.law.cornell.edu/supct/html/91-0194.ZO.html
[Back to text]
Detailed
summaries of state activity in the area of Internet taxation is available
at:
http://www.vertexinc.com/taxcybrary20/CyberTax_Channel/taxsum_73.asp [Back
to text]
Advisory
Commission on Electronic Commerce available at http://www.ecommercecommission.org/report.htm].
[Back to text]
See,
e.g. http://www.e-fairness.org/ [Back to text]
Patrick Thibodeau, New bill kicks off battle over Internet tax moratorium extension, Computerworld, February 12, 2001 available at http://www.computerworld.com/cwi/story/0,1199,NAV47_STO57636,00.html [Back to text]
VIII. Additional Materials (Optional Reading)
A. ELEMENTS THAT ARE GENERALLY INCLUDED IN TERMS OF SERVICE AGREEMENTS (TOSs)
Back
to TOC
B.
PAYMENT SYSTEM REFERENCE MATERIALS
Principles of the ethical guidelines for online merchants and advertisers published by the Better Business Bureau. BBBOnLine, Code of Online Business Practices, http://www.bbbonline.org/code/code.asp.
Principle
I: Truthful and Accurate Communications.
Online advertisers should not engage in deceptive or misleading practices
with regard to any aspect of electronic commerce, including advertising, marketing,
or in their use of technology.
Principle II: Disclosure.
Online merchants should disclose to their customers and prospective customers
information about the business, the goods or services available for purchase
online, and the transaction itself.
Principle III: Information Practices and Security.
Online advertisers should adopt information practices that treat customers'
personal information with care. They should post and adhere to a privacy policy
based on fair information principles, take appropriate measures to provide
adequate security, and respect customers' preferences regarding unsolicited
email.
Principle IV: Customer Satisfaction.
Online merchants should seek to ensure their customers are satisfied by honoring
their representations, answering questions, and resolving customer complaints
and disputes in a timely and responsive manner.
Principle V: Protecting Children.
If online advertisers target children under the age of 13, they should take
special care to protect them by recognizing children's developing cognitive
abilities.