Internet Commerce
By Holly K. Towle*
* Holly K. Towle is a partner with Preston Gates & Ellis LLP, which has an international practice in intellectual property law and electronic commerce.
[M]y brother Richard . . . runs a small inn in Cape May, N.J. In the past year, he started advertising on the Internet with his own Web site. He’s never seen anything like it; almost a fifth of his customers found the inn online. No magazine or newspaper ad ever showed remotely similar results. And the Internet is inexpensive. He paid less than $1,000 to a small company in Indianapolis to create and maintain the site for a year. ‘On the Internet, you compete equally [with bigger inns and hotels],’ he says. ‘You have a page, and they have a page.’ [1]
You have a page, they have a page. That is the promise of the Internet.
The question is whether having that page will create any legal problems. Internet Law & Regulation is devoted to highlighting and explaining the multiple and varied legal issues that are raised by Internet activities. This article discusses selected aspects of Internet commerce and some of the issues it poses for those who provide goods and services online.
1.Electronic Commerce -- What are you selling? There is a tendency to believe that electronic contracting and the Internet are worlds apart from the virtual world. While that may be true metaphysically, it is not true as a legal matter. Article 2 of the Uniform Commercial Code governs sales of goods, whether sold at the local drugstore or on the Internet. The change made by the Internet is that the contract or order for an item is frequently handled electronically, the location of the “store” is in cyberspace, and the consequences of all that are complex.
New laws are being enacted or proposed to accommodate electronic commerce.[2] But they will only act as an overlay to, not supplant, laws governing the subject matter of a contract (e.g., a toaster) that is made or signed electronically. Thus it is left to Internauts to determine how to apply in an electronic medium, laws that were written for physical goods and contracting methods. Put another way, “wool is not to be expected to have hidden vicious tendencies to kick,” i.e., laws written for horses did not work well for wool and other wares of commerce, and laws written for goods and traditional contracting methods do not work well for our information and electronic economy.[3]
C:\ae docs\ICC\articles\ICInt Law & Reg.doc
November 8, 2000 (10:32am)
1
Accordingly, the first question an Internet business should ask is, what am I selling? If goods, Article 2 of the Uniform Commercial Code will apply; if computer information, the proposed Uniform Computer Information Transactions Act (UCITA)[4] will apply once adopted; if services or licensed information that do not fall under UCITA, the common law or other applicable law will apply; and if the business is engaging in a regulated activity such as offering insurance, deposit accounts, or securities, the rules and regulations applicable to those activities will apply. Any combination of the foregoing may apply depending upon the mix in the transaction.
2.What writing or signature requirements apply? Certain contract terms must, by some law, be in a "writing," such as a disclaimer of an implied warranty of fitness. U.C.C. Article 2-316(2). Writing requirements may also exist in private contracts applicable to online distribution programs: for example, if monthly subscription or membership fees are to be charged automatically to a credit card, such should be a "recurring transaction" under applicable credit card processing contracts. Some of those contracts still require the authorization for recurring charges to be in writing. Depending on the nature of the Internet contract, another writing requirement may apply. There are many statutes of frauds,[5] there are special statutes such as those that require deposit contracts to be in a writing signed by all depositors, and there are numerous consumer protection statutes that often have “writing” requirements (e.g., obtaining a consumer credit report other than for a statutory purpose requires the “written instruction” of the consumer). 15 USC §1681(b)(2).
The trend is towards viewing “writing” requirements as including computer displays. In connection with consumer regulations that it promulgates, the Federal Reserve Board offered this view:
The requirement that disclosures be in writing has been presumed to require that creditors provide paper documents. However, under many laws that call for information to be in writing, information in electronic form is considered to be “written.” Information produced, stored, or communicated by computer is also generally considered to be a writing at least where visual text is involved.[6]
Nevertheless, it is not safe to assume that all “writing” requirement will be so interpreted,[7] particularly when important rights are involved.[8]
Hence the need for adoption or revision (at least as to electronic commerce) of the major U.S. commercial contracting statutes. Proposed uniform acts, to wit, the Uniform Computer Information Transactions Act and the Uniform Electronic Transactions Act, and proposed revisions to U.C.C. Articles 1, 2 and 2A, are intended to resolve some of these writing and signature requirements by replacing common law or U.C.C. requirements for a “writing” with requirements for a “record,” and by replacing requirements for a signature with definitions that allow digital or other electronic signatures.[9] Where a signature is not required, a “manifestation of assent” is sufficient to form an agreement, either under the common law or some of the proposed legislation.[10] Individually, states have also been enacting piecemeal legislation to allow electronic substitutes for writing and signature requirements.[11] State laws cannot, however, supplant federal writing and signature requirements, so those will continue to act as an “overlay” requirement until amended or interpreted to allow electronic alternatives.
C:\ae docs\ICC\articles\ICInt Law & Reg.doc
November 8, 2000 (10:32am)
1
1
The obvious advantage of uniform laws is their standardization of writing and consent requirements. Unfortunately, only one of the current uniform projects, UCITA (formerly known as “Article 2B”), will actually enable electronic commerce. To date, the proposed revisions to Article 2 (sales of goods) will not. The difference lies in the practical utility of the two proposed statutes: both generally modernize writing and signature requirements, but only UCITA uniformly codifies the common law concept of “manifestation of assent.” Thus, when a signature is not required to form a contract, but parties question what conduct will suffice, UCITA answers that question in a uniform manner.[12] Proposed revisions to Article 2 provide no guidance and instead add new requirements for “express agreement” without defining what will meet those requirements, electronically or otherwise. UCITA also makes uniform for purposes of electronic commerce, selected procedural or formatting provisions of state consumer protection statutes. While leaving in place all substantive consumer protections, UCITA replaces the multiple and variable procedural rules regarding writings, signatures and consents, and “conspicuousness,” with a uniform rule. Generally, the Federal Reserve Board has taken a similarly uniform approach in its revision of consumer regulations to enable electronic commerce.[13]
Under the proposed revisions to Article 2 (sales of goods), however, uniformity is not possible and Internauts will still have to figure out each of the above procedural items in every state and under every judicial decision within those states.[14] In short, after 10 years of effort to “update” Article 2, revised Article 2 does not offer any practical path for electronic or global contracting[15] and does not even offer procedural uniformity for sellers of consumer goods (uniformity as to substantive law is not possible in either Article 2 or UCITA, because both retain all substantive consumer protections of each state). The proposed Uniform Electronic Transactions Act cannot solve this problem for Article 2 sellers or buyers because it has a different purpose.[16] Revised Article 2 could be fixed, at least as to the above problem, by adding to it the UCITA electronic contracting rules and protections. Resolution of the other problems with revised Article 2 will be considerably harder.[17]
3.In a medium without borders, how does one restrict advertising and offers?
Print and television advertising can be targeted to a national, local or regional audience. Advertising or offering a product on the Internet, however, automatically creates a national or international audience and the consequent legal issues multiply. For example, if a bank advertises its deposit accounts on the Internet, is it soliciting deposits in every state or country, including jurisdictions that prohibit deposit solicitations absent a special charter or compliance with applicable branching or banking rules? If an ad comparing Coke and Pepsi passes muster under U.S. law, what is the consequence of having the ad available for viewing in countries that do not allow comparative advertising?
C:\ae docs\ICC\articles\ICInt Law & Reg.doc
November 8, 2000 (10:32am)
1
1
Is being on the Internet the equivalent of being everywhere or nowhere? As yet, there is no uniform answer to that question, but the answer affects not only compliance with advertising and marketing laws, but also invokes a jurisdictional debate. Much has been written about the jurisdictional problem.[18] The essential point is that the nature and scope of activities on or via the Internet can and will be considered by a court in determining whether it may assert jurisdiction.[19] Thus, the business that thinks it only operates in one state may discover that it is deemed to be operating in all states and even internationally, and that it may be “hailed” into court in those jurisdictions.
The solution? No one knows, but assessment of the risk is important. Possible solutions worthy of consideration include the use of disclaimers, limitations on the geographic scope of offers, refusal to sell or provide services to customers in prohibited jurisdictions, and restrictions on contacts with a jurisdiction to Internet contacts only. Some of this can be done electronically so as not to offend visitors. For example, a web site offering insurance can be configured to require all visitors to type in their state of residence before viewing offering material. Then visitors can be routed solely to the brokers and material licensed or approved for their state.
4. How will payment be made for the product? Central to the development of electronic commerce will be a secure and reliable method of payment. As the market chooses among developing alternatives and standards, the primary criterion is authenticity and the avoidance of fraud. Other major concerns include ease of use and anonymity.
A. Smart Cards. "Smart cards" or "stored value" cards provide an "off-line" version of cash. Merchants in Europe (and in the United States) sell "smart cards," which are plastic cards embedded with a computer chip. The buyer purchases a "full" smart card in which the computer chip stores a value equal to the purchase price. The buyer can then purchase goods or services by inserting the smart card into a reader or by presenting the card to a cashier who inserts the card into a reader in the cash register. The reader "withdraws" funds from the smart card to pay for the good or service by changing the amount stored in the computer chip memory. Smart cards are relatively secure because the technology for manipulating the computer chip is not widely available.
Online counterparts to smart cards are being developed. Further, web sites may offer an equivalent without realizing it, e.g., an airline might allow consumers electronically to debit their frequent flier mileage. A critical question for smart cards (on or offline) and accounts that are electronically debited, is whether they are subject to federal Regulation E regarding electronic funds transfers.[20] Most people not steeped in banking would say no (and laugh). But the answer is not that simple and one need not be a bank in order to worry about the issue. Regulation E covers "financial institutions," which term is defined to include accounts held by a bank and "any other person who, directly or indirectly, holds an account belonging to a consumer". 15 USC § 1693b(8). The obvious question, then, is whether the Internet business is offering a consumer “account” that is electronically debited.
Typically there is no clear answer, but at one time the FRB took the position that Regulation E could be interpreted to cover smart cards and their online counterparts.[21] The resulting furor[22] caused an FRB study regarding whether the EFTA should be amended clearly to apply to smart cards and whether such amendments might adversely impact smart card development. The FRB concluded that Regulation E should not be amended and that such a regulatory approach would adversely affect the development of alternate technologies and payment systems.[23] That leaves existing Regulation E in place. Thus any holder of a “consumer asset account” that can be electronically debited, should determine whether they are subject to Regulation E.
C:\ae docs\ICC\articles\ICInt Law & Reg.doc
November 8, 2000 (10:32am)
1
1
B.Electronic Money: Digital Cash. A number of companies are introducing their own "money" on the Internet, with the ease of use associated with smart cards. Electronic money allows the buyer to purchase a denomination of "e-money" from an issuer through conventional methods of payment. E-money essentially consists of a very long string of numbers, with an "electronic watermark" that uniquely identifies the e-money.
There are advantages and disadvantages to e-money: it costs less than cash because cash is expensive to count, move, store and protect. It is also more convenient than cash and can offer a host of features that cash cannot, such as the ability to earmark e-money for one purpose but not for others (e.g., college books, not beer). Also, a goal is to allow payments to be made to all kinds of recipients, e.g., merchants, friends and creditors, without the need to pass the transaction only through traditional entities such as merchants tied to credit card associations or banks.
Disadvantages include the need to develop adequate security systems, the lack of audit trails and the elimination of curbs on behavior caused by the physical form of cash (e.g., it is difficult to carry around $1,000,000 and hence difficult to spend it). With respect to the latter, e-money could pave "the way for new versions of old crimes such as kidnapping and blackmail where money drops can now be carried out safely from the criminal's home computer."[24] The creditworthiness and trustworthiness of the issuer of the e-money and its ability to prevent and withstand counterfeiting, are also obvious and significant issues. All of these pressures may affect whether or not truly anonymous e-cash systems will develop.
5. Encryption, why is everyone talking about it? The most direct method of contracting online is to allow the parties to transfer information in such a way that each can be sure the other actually originated the message and that the delivered message is the same as the message sent. This can be done if the sending party encodes his or her message in such a way that only the intended receiver can decode the message. Parties who are familiar with one another can set up a code system between themselves with little difficulty. But the Internet is an open forum, so encryption is increasingly attractive and the above payment systems use various forms of it.
There are two basic types of encryption. First, the Data Encryption Standard ("DES") establishes a standard mathematical algorithm for encoding and decoding messages. The sender uses a "key" (a series of numbers) to scramble the message with the DES algorithm, and the recipient uses the same key to unscramble the message. DES encryption is already commonly used in electronic funds transfers. DES requires that the key be closely guarded, because anyone with the key can use the widely-known DES algorithm to decode messages made with the same key.
C:\ae docs\ICC\articles\ICInt Law & Reg.doc
November 8, 2000 (10:32am)
1
1
A second encryption system is known as public key encryption. This is the kind of encryption upon which the Washington and Utah “digital signature” statutes are based. Again, the algorithm must be known by both sender and recipient (e.g., RSA is a patented public key algorithm licensed widely). Each person using the public key encryption system has two keys, a public key and a private key. The public key decodes a message encoded with the same person's private key, and vice versa. If each person keeps the private key confidential, he or she can distribute the public key widely to others who can then read the person's messages encoded with the private key. Anyone who is able to decode a message with the public key can be certain that only the owner of the private key could have sent it. Also, someone with the public key can send a secure message to the owner of the private key, because only the private key will decode the message. Further, "hashing algorithms" are used to produce a “hash” or "message digest:" if even one character of the message is changed after signing, the message hash process will show that the message received is not the same as the message sent.