Upload
tomwinfrey
View
660
Download
4
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Chapter Five
ACG 5458
The Regulatory
Environment
The Regulatory Environment
Primary International and Legal Issues– Cryptography Issues– Privacy Issues– Web Linking– Internet Sales Tax– Electronic Agreements and Digital Signatures– Spam Mail– Online Auctions and Content Filtering
Implications for the Accounting Profession
Cryptography
Cryptography is a mathematical encoding that transforms readable messages into unreadable formats (cyphertext).
Key length (size) determines the difficulty to crack the code.
Encryption is the coding
Decryption is the decoding
•40-Bit Key-3 hours to break code•56-Bit Key-22 hours to break code•64-Bit Key-30 days to break code•128-Bit Key-2,000 years to break code
Cryptography
Regulatory Issues: Domestic use, Importation and Exportation
rules– Rules differ by country– US is “looser” than China, Belarus, Kazakhstan and
Pakistan Use of encryption by criminals, terrorists, and
money launderers. Ability of law enforcement to obtain decrypted
forms of encrypted messages, either through a key recovery or a key escrow system.
Cryptography
Key escrow systems involves a central repository that contains all encryption keys.
Key recovery systems have some mechanism that will provide authorized law enforcement agencies the ability to recover and use the key (e.g., trusted third party).
Issues: How will sufficient controls be created and
maintained to protect citizens from law enforcement abuse of authority?
How is it possible to enforce internationally?– INTERPOL prefers a key recovery system.
Privacy of Private Citizens
Information Privacy: the right to have one’s personal or business data be kept confidential.
Privacy Groups: Center for Democracy and Technology Electronic Frontier Foundation Electronic Privacy Information Center Privacy International Privacy Rights Clearinghouse Online Privacy Alliance
0.62
0.97
0.76
0.94
Random Sample Most PopularSites
Post a PrivacyPolicy.
Links thePrivacy Policyfrom the HomePage
Figure 5-1: Percentage of US Sites That Post Privacy Policies and Link From Home Pages
Source: FTC, 2000
Privacy of Private Citizens
Federal Trade Commission (FTC) Five Core Principles of Privacy Protection:
Notice Choice Access Integrity and Security EnforcementRegulatory Issues: Self-regulation or government regulation?
– If government regulation, which one? Differences exist between countries, US “looser” than European Union
How do we protect children’s privacy?
Figure 5-2: Percentage of US Sites That Collect Personally Identifiable Information and Utilize the FTC Principles
55%
89%
50%
67%
43%
83%
55%
74%
20%
42%
0
0.1
0.20.3
0.4
0.5
0.60.7
0.8
0.9
Notice Choice Access Security All 4 tosomeextent
RandomSample
MostPopular
Source: FTC, 2000
Figure 5-3 Percentage of US Sites That Collect Personally Identifiable Information and Implement Choice Options
Random Sample(detail of the 50% who offer choice)
Opt-In25%
Opt-Out 71%
Unclear4%
Most Popular
Opt-Out 75%
Opt-In16%
Unclear9%
(detail of the 67% who offer choice)
Source: FTC, 2000
Privacy and Security
From the FTC’s 2000 study: Only 39% of the random sample (54% of the
most popular sites) take steps to provide security during transmission.
Only 29% of the random sample (48% of the most popular sites) take steps to provide security after receipt.
Only 8% of the random sample (45% of the most popular sites) display some sort of privacy seal from an independent third party.
Children’s Privacy Regulation
FTC’s 1998 study found that 89% of children’s sites were collecting private information on children:– Email and postal addresses
– Telephone numbers and Social security numbers
– Age, date of birth, and Gender
– Education
– Interests and Hobbies Enticements such as prizes, raffles or contests
are used often.
Adults’ Privacy Rights and the EU’s Directive
1998 European Union Privacy Directive states that personal data on the Internet must be:– Collected only for specified purpose– Processed fairly and lawfully– Kept accurate and current– Destroyed after stated purpose is fulfilled.
Users have the right to access their information for correction, erasure or blockage, choose to opt in or out, oppose automated decisions, and have judicial remedy and compensation.
EU Privacy Directive Affects US Companies doing Business with the EU EU citizens have greater privacy rights than US
citizens US and the EU developed a “safe harbor” for
US businesses in 2000:– Notice– Choice– Transfers to third parties– Access– Security– Data integrity– Enforcement
More on Privacy: Past and Current Events
Toysmart.com selling its customer list More.com passed customer’s
prescription information to HealthCentral Carnivore: FBI’s Internet sniffing code
– Argument with Earthlink.com exposed a high level of citizen monitoring.
Web-Linking
Legal problems occur when: Inappropriately referencing a linked site Not referencing the site from which you copied
information to your site Displaying another site’s information without
the original advertisements Unauthorized use of trademarks in metatags Unauthorized display of registered trademarks
Web-Linking and Defamation
Defamation occurs when an individual makes a false statement about another individual or business that is damaging to their reputation.
The issue: whose rights prevail? The right to free speech? The right to be safe from harassment?
It’s often not clear: Can opinions be separated from facts?
Web linking withoutProper Referencing
Linking using framing involves: Not carrying the original site’s
advertisements to the new site TotalNews case of copyright and
trademark infringement, unfair competition, and wrongful interference
Web linking using Metatags
Corporations attempt to increase the visits to their sites by putting well-recognized trademarks in the HTML metatags that are labeled as keywords for search engines
Trademarks include words, names, symbols, logos, and graphical designs
Federally registered trademarks bear an ®
Trademark Infringement
Trademark is displayed on the website without explicit permission granted by the owner of the trademark, and
Trademark display causes either– A likelihood of confusion
• Similarity to something else, malicious intent, actual evidence of confusion
– Or tarnishes the value of the trademark• Association with inferior quality, alteration of
the trademark, or representing the trademark in an attack.
Linking to Illegal Files
Downloading of copyrighted materials, such as music, increases your risks of litigation:– Napster cases– MP3.com cases
Domain Name Disputes Top level domains (e.g., .com, .org)
– Internet Corporation for Assigned Names and Numbers (ICANN) – nonprofit organization
• Many domain name registrants, such as Network Solutions, Inc.
1999 Anticybersquatting Consumer Protection Act – Does not allow domain names to be held hostage or
used if they are established trademarks.– Does not allow similar or identical trademarks to
share a domain name.– Changed the domain name assignment from “first
come, first served” to “who utilized the name for business purposes first”
Internet Sales Taxes
It is an interstate taxation problem: which jurisdiction applies? There are over 30,000 tax jurisdictions in the US alone.
2001(1998) Internet Tax Freedom Act– No state/local sales taxes on Internet services
provision or use.– Does not apply if the buyer and seller are in
the same state and the seller has a corporate presence (if no corporate presence, then a use tax applies).
– A future federal sales tax may be the only solution in the future to this problem.
International Tax Issues
Different countries have different opinions and tax systems:
European Union prefers a value-added tax, but still has to resolve different rates in different countries within the EU.
China prefers sales taxes on Internet transactions.Corporate presence: Differing definitions between countries. Global infrastructures: what if company building is in
one country, and web server is in another? Organization for Economic Cooperation and
Development (OECD) is working on a global definition of physical presence
Electronic Agreements and Digital Signatures
American Bar Association (ABA) details important aspects of digital signatures:
Signature and document authentication Affirmative act Efficiency
2000 Electronic Signatures Act (E-Sign) Allows but does not require electronic signatures for
contracts for international and interstate contracts Electronic record should accurately reflect the written
document information and stay accessible to all parties. Wills, trusts, family matters such as divorce, transportation
of hazardous materials, recalls of products, cancellation of insurance do not apply.
1999 Uniform Electronic Transactions Act (UETA)
National Conference of Commissioners on Uniform State Laws (NCCUSL)
22 states have adopted this attempt at a common standard, similar to E-Sign
Provides standards for electronic contract acceptance, accuracy and integrity, enforcement, and electronic agents.
1999 Uniform Computer Information Transactions Act (UCITA)
National Conference of Commissioners on Uniform State Laws (NCCUSL)
2 states have adopted this attempt at a common business transactions standard
Clarifies the UCC law in terms of computer information transactions
Makes the law uniform among various jurisdictions
International Digital Signature Environment
Many countries have passed digital signature laws:
Argentina, Australia, Austria, Canada, Columbia, Estonia, European Union, Finland, Germany, Hong Kong, Ireland, Japan, Malaysia, Philippines, Singapore, Switzerland
Many more are currently in process.
SPAM e-mails
Spam mail is the mass sending of unsolicited e-mail advertisements.
E-mail addresses may be purchased lists or may be retrieved from intelligent agents.
Cost of sending SPAM is very low Costs to recipients is high on network
loads
Online Auctions and Content Filtering
What does an e-marketplace do when found to be supporting “unethical” transactions?
Filter (censor) incoming packets Filter (censor) outgoing packets depending on the
recipient (IP information such as country code)Who should determine the limits? Web site owners? Web site users? Government regulation?
Implications for the Accounting Profession
Expansion of legal skill sets, resources and services are warranted from:
Increased liability exposures– Taxation, privacy, intellectual property,
cryptography, digital signatures, acceptable business practices
New liability exposures More complex risk assessments Changing legal and regulatory environmentsIncreased opportunities for new services: Consulting in system design Certificate authority role in society