Professional Documents
Culture Documents
by
Khaled Saad
Supervisor
Prof. James P. Nehf
Indiana University School of Law – Indianapolis
i
ii
Declaration
I hereby solemnly declare that I have written this thesis by myself and without support from any
other person or source, that I have used only the materials and sources indicated in the footnotes
and in the bibliography, that I have actually used all materials listed therein, that I have cited all
sources from which I have drawn intellectual input in any form whatsoever, and placed in
―quotation marks‖ all words, phrases or passages taken from such sources verbatim which are
not in common use and that neither I myself nor any other person has submitted this paper in the
present or a similar version to any other institution for a degree or for publication.
iii
Table of Contents
Abbreviations
A. Introduction 1
I. Stating the Background to the Study 1
II. Problem 2
III. Purpose 2
IV. Significance of the Study 3
V. Problem Statement Question 3
VI. Literature Review 4
VII. Methodology 5
VIII. Scope and Limitations of the Study 5
IX. Outline of Chapters 6
iv
3. Assuring the Identity of the Electronic Record Signer 20
V. Problems with Digital Signature 21
1. Determining the nature of the signature 21
2. Claiming Forgery of the Signature 21
3. Digital Signature is coherent to person‘s rights 21
VI. Solutions:
1. Developing Secure Storage for Digital Signatures 22
2. Authenticity of Signature via Third party 22
3. Creating a Portfolio for the Owner of the Signature 23
vi
List of Abbreviations:
vii
Electronic Contracts and Consumer Protection
A. Introduction:
1 Bashar H. Malkawi, E-commerce in Light of International Trade Agreements: The WTO and the United Sstates-Jordan Free
Agreement, (Summer 2007), International Journal of Law and Information Technology
3 David M. Cielusniak You Cannot Fight What you cannot See: Securities Regulation on the Internet, (1998), Fordham
International Law Journal Vol. 22, pp 612-616
1
transactions on a national and international level. 4 E-commerce is covering a wide range
of business and reached a great boom, as in 1999 the global electronic commerce
exceeded US$ 150 billion.5Moreover, e-commerce has a great influence on purchasing
and selling, since internet users initiated great bargains that competes standard markets
prices. According to eBay.com in 2005 there were 150 million users registered on its
database and they sold items worth more than US$ 40 billion.6
Traditional companies should work on developing an electronic partition to their business
if they are willing to survive and compete with the other dominating corporations. In
addition, taking into consideration the low-cost moderate charge of the internet, the
comfortable method of connection, and the pleasing manner for responding to
individuals‘ taste through surveys would be an awesome opportunity for communicating
with customers. Therefore, it must be concede that creating a website to an already
existing business would not be sufficient, as there should be an electronic service to
induce competition, offer lower prices, and variable choices.
4 Study from WTO Secretariat Highlights Potential Trade Gains from Electronic Commerce, (13 March 1998), PRESS/96
2
III. Purpose:
This thesis aims to investigate the crucial foundations of consumer protection within the
borders of e-commerce, including proving assent of the internet user to enter into a
contractual relationship, explaining the concept of electronic signature as means for
concluding contracts within the electronic medium, and the inherent legal controversies
surrounding it. Furthermore, it will also address elementary issues that create obstacles to
e-commerce such as: security regulations, and the fear of exposing personal information
over the internet. Finally, it will provide guidelines and recommendations from deviating
approaches to help solve these matters, and ensure better consumer protection.
3
V. Problem Statement Question:
Concerning the wide extension of e-commerce worldwide, what are the paramount issues
that could be considered as obstacles in e-contracting?
Although lots of studies and researches have been carried out in concern with E-
commerce in general, yet in this study we are about to focus on the factual enigmas that
could intervene in the e-contracting deal.
It has been about twenty years since the internet projected for public usage a new sort of
business that would operate new type of opportunities for companies by spending less
money for the place, and offer better prices for consumers.
At the very beginning of internet, electronic commerce was known as electronic data
interchange and it was surrounded by various doubts in relation to the extent of legality
of electronic contracting as a new form of commerce. In fact, Legal authorities and
business dominating entities started asking whether electronic contracts could be treated
the same way as Standard contracts, and could business deals carried out via electronic
space have a legal effect that may result in legal duties and responsibilities? However,
Jurists and Lawyers inquired whether an electronic nonphysical paper could be used as
evidence in case a dispute rises between the contracting opponents? 7
Hence, such questions received a great response especially after the great work executed
by the United Nations Commission on International trade Law (UNCITRAL) as in 1996
it issued the United Nations Model Law on Electronic Commerce.8 The UNICTRAL
Model law on Electronic Commerce is indeed the first initiative in the field of
7Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution. Retrieved: March 12th 2011, Website:
http://www.unescap.org/tid/publication/tipub2348_part2iv.pdf
8 Report of the United Nations Commission on International Trade Law on the Work of its Twenty-Ninth Session, United
Nations General Assembly, 51st Session, Supplement No. 17, at United Nations Document A/51/17 Annex I (1996), reprinted in
36 I.L.M. 200 (1997).
4
harmonizing the law in conformity with electronic commerce, as its main interest is to
facilitate electronic commerce deals through disposing any legal impediment.
This was achieved through the Model Law on Electronic Commerce and the United
Nations Model Law on Electronic Signatures, as these two laws constitute the
cornerstone of enforcing electronic transactions.
VII. Methodology:
This thesis involves an examination of literature from primary sources such as: statutes,
also secondary sources like books, internet, law reviews, journals, case laws, and articles.
This study relies heavily on library and internet sources in order to cover such technical
topic with all its attributes. On the other hand, the study will follow a case study
approach, as it picks certain riddles and cases that are considered as fundamental
blockades to electronic commerce where a deep analysis for these issues shall be
provided.
Though E-commerce may be approached from variable sides and angles, but in this study
a legal perspective is being followed. Hence, there is a focus on the main legal features of
E-commerce such as: the electronic contract and its attributes, consumer protection laws
and guidelines, security laws and regulations on the internet.
“We can provide a better protection for consumers in e-commerce through explaining the
initial components of e-commerce, highlighting the key pressure points in e-contracting,
5
proposing guidelines and recommendations for protecting consumers in internet business
transactions, finally delivering different approaches on internet security and ensuring
privacy”.
Chapter two is a discussion of the issue of assent in the contractual agreement terms and
conditions. Chapter three will explain the impediment of electronic signature as a
cornerstone in electronic commerce. Chapter four is a discourse of the dilemma of
privacy and data protection, Chapter five analyzes security as a predicament in electronic
contracting. Finally, chapter six introduces guidelines and recommendations from various
approaches for consumer protection, and a conclusion.
6
B. The Issue of Assent in Contractual Agreement Terms and Conditions:
I. Mutual Assent:
Contract law composes of a large set of rules that determines its components and
enforcement. Nevertheless, a contract is nothing more than a promise to perform or
refrain from performing which if breached the law provides a remedy. Basically, a legally
recognized contract needs an offer, acceptance, and consideration.9 Mutual assent which
is considered as the core of contracting consists of an offer by one party which is faced
by an acceptance of that offer by another party, and in case of absence of this minds
meeting no contract shall be found. There is no specific method for expressing an offer
yet acceptance requires more clarity in order to create mutual assent. Manifesting an
assent may arise via written document, spoken word, or any other conduct that shows that
a party had an intention to accept the terms of the offer.10
9 Donnie L. Kidd, Jr., William H. Daughtrey, Jr., (2000). Adapting Contract Law To Accommodate Electronic Contracts:
Overview and Suggestions, Rutgers Computer and Technology Law Journal
10 Restatement of the Law-Contracts, Restatement (Second) of Contracts, (August 2010), Chapter3 Formation of Contracts-
Mutual Assent, Topic 3 Making Of OffersRetrieved: January 4th 2011, Website http://caseandcontroversy.com/Statutes/restat.pdf
7
1. Shrink Wrap:
Shrink wrap license agreement gets its name from the plastic or paper wrap that the
product is packed in, as the vendor encloses a license agreement notice on the surface of
the pack, which accordingly binds the customer to the agreement terms and conditions in
case of opening the package. The producer can then enjoy certain privilege over the
customer as the producer sets the terms of the agreement without negotiating with the
customer, which also gives the producer a control over the customer on how to use or
benefit from the product.12 In ProCD v. Zeidenberg, the seventh circuit court of appeals
in 1990s embraced a trend recognizing and enforcing shrink wrap licenses. According to
this case, the seventh circuit court validated electronic transactions and shrink wrap
licenses terms and conditions which governed the contractual agreement after the
payment for the product was concluded. As Mathew Zeidenberg who is a customer
bought ProCD software and ProCD stated that there are terms and conditions regarding
the use of the product in an enclosed license. The license was printed on the CD itself, the
user manual, and the computer screen on every time the software operates. It was clearly
stated that the software is not for commercial usage. Zeidenberg established a company in
order to make copies of ProCD‘s software and sell it, which was in contradiction with the
terms and conditions of the license, and then ProCD sued Zeidenberg for copyright
infringement and breaching license. The court treated the license as a simple contract that
would be governed by the common law of contracts and the UCC. The court found that
ProCD mentioned an opportunity to reject the product if the user found the license terms
inconvenient, and what happened is that Zeidenberg checked the product, used it,
reviewed the license, and didn‘t reject the product. Finally, the court upheld that the
shrink wrap license is valid and was in accordance with the UCC.13
12 Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution. Retrieved: March 12th 2011, Website:
http://www.unescap.org/tid/publication/tipub2348_part2iv.pdf
13 ProCD, Incorporated, Plaintiff-Appellant, v. Matthew ZEIDENBERG and Silken Mountain Web Services, Inc., Defendants-
Appellees, No. 96-1139, Argued May 23, 1996, Decided June 20, 1996
8
2. Click Wrap:
Click wrap license agreement is almost an upgrade to the concept of shrink wrap license,
as in click wrap form, the license is being displayed on the screen prompting the user to
click on an acceptance icon such as ―I agree‖. This type of contractual license agreement
is favorable because the customer must primarily accept the terms and conditions of the
license before proceeding in downloading the software or entering the website.
Moreover, all the terms and conditions that are stated on the website are preliminary
terms which means that the customer will be approving those terms before accessing the
website and then negotiating another terms.14 In Hotmail Corp. v. Van $ Money Pie Inc.,
Hotmail grants free email services for a huge amount of individuals worldwide on the
internet under the concept of click wrap license terms and conditions agreement that
prevents users from using their email accounts to send spam or pornographic messages.
Some Hotmail users started using their accounts for sending spam and pornographic
messages which are considered in violation with the license agreement, then Hotmail
sued the defendants for breaching the contract. The court granted a preliminary injunction
as the defendants agreed to abide by the terms of the agreement but violated it by sending
spam and pornographic messages.15
3. Web Wrap:
Web wrap agreements also known as ―Browse wrap‖ agreements are different from click
wrap agreement because of the way they are displayed to the customer. Web wrap
agreements are being accessed through a link or at the main homepage of a website
stating the terms and conditions decided by the owner of the website, and determining
what is permissible to the user. As the owner of the website may display an icon ―click
here to show legal terms‖, then the internet vendor gives the user the right to check the
14 Michael H. Dessent, Digital Handshakes in Cyberspace Under E-sign: ―There‘s a New Sheriff in Town!‖, (January2002),
University of Richmond Law Review
15 HOTMAIL CORPORATION, Plaintiff v. VAN$ MONEY PIE INC.; ALS Enterprises, Inc.; LCGM, Inc.; Christopher Moss
d/b/a the Genesis Network, Inc.; Claremont Holdings Ltd.; Consumer Connections; Palmer & Associates; and Financial
Research Group; and Darlene Snow d/b/a Visionary Web Creations and/or d/b/a Maximum Impact Marketing, Defendants. No.
C-98 JW PVT ENE, C 98-20064 JW. April 16, 1998
9
agreement terms of sale, but without requiring the user to show his compliance with these
terms before purchasing a product.16
In Pollstar v. Gigmania ltd., Pollstar which is website providing information about
concerts in the form of a web wrap license agreement, and stated terms to restrict any
copying of the information. The license agreement was not present on the homepage of
the website but it was on another page, yet there was a notice mentioning that usage of
information on this website is subject to license agreement. Though the website users
were able to see the license, they didn‘t need to click on a button to specify their consent.
The website sued a user for breaching the license agreement, but the user aimed to
dismiss the case on the basis of not showing any approval to the license. The court
decided that the web wrap agreement may be arguably enforceable, as the presence of
such a license prevented the court from dismissing the case. 17
In Specht v. Netscape Communications corp., an internet user downloaded computer
software that included a message stating, ‖please review and agree to the terms of the
Netscape smart download software license agreement before downloading and using the
software‖, and at the same time didn‘t request a review or clicking a button for approving
the terms. The court declared that there was no agreement between the parties as there
was no demonstration of assent by the user to the terms displayed by the website, and
therefore there was no contract.18
16 Legal Architecture of Virtual Stores: World Wide Websites and the Uniform Commercial Code, (1997), San Diego L. Rev.
1263, 1354
18 Specht v. Netscape Communications Corp., 150 F. Supp.2d 585, 593-94 (S.D.N.Y. 2001), aff‘d 306 F.3d 17 (2d Cir. 2002)
10
Shrink wrap agreements, the customer usually find the license terms and conditions on
the outside package of the product, which will allow him to check the terms before using
the object of the contract. As well as, in Click wrap agreement the user has to click on an
icon such as ―I agree‖ to identify his approval to the terms and conditions of the
contractual agreement. While in Web wrap license, there is no icon or button to click on
for specifying acceptance of the terms of the license, yet it might be found somewhere on
the homepage of the website. A working group within the American Bar Association has
come up with certain strategies for ensuring valid assent in electronic commercial
transactions.19This cluster of strategies can be pointed as follows:
Viewing Terms and Conditions before Assenting:
The internet user should not be able to disclose assent without having the option of
reviewing the terms of the agreement which should appear automatically or by
clicking on a button or hyperlink that is clear and visible. The method of assent
should be placed at the end of the agreement terms that compels the user to read or at
least navigate the terms before approving.
Assenting before Access to Governed Item:
The user should be deprived from gaining any access to the web site, information,
property, software, or services ruled or governed by the agreement without assenting
to it first.
Ease of Viewing Terms:
The interface of the web wrap agreement should give the user enough opportunity to
check the agreement thoroughly before assenting. If the terms occupy more than one
page, there should be forwards and backwards tabs to navigate through the term.
Continued Ability to View Terms:
The user should be able to view the terms before assenting, also he should be given
the ability to review it back and forth along the assent process.
Format and Content:
19 Christina L. Kunz, Working Group on Electronic Contracting Practices, within the Electronic Commerce Subcommittee of the
Cyberspace Law Committee of the Business Law Section of the American Bar Association (ABA), ―Browse-wrap agreements:
validity of implied assent in electronic form agreements‖, (2003), Business Law 59, 279
11
The format and content of the terms must be clear and readable in legible neat font. If
the law requires certain assent to a specific type of term, the format of the assent
process should be in compliance with the requirement.
Consistency with Information Elsewhere:
Any information provided to the internet user elsewhere should not be in
contradiction with the agreement terms and conditions, or cause any ambiguity to the
agreement.
Assent or Rejection:
The contracting user should be given a straight choice to either assent to the terms
and conditions of the contractual agreement or reject it. Availability of that choice
should be present at the end of the contracting process when the user‘s assent is
required.
Clear Assent or Rejection:
Any ambiguity should be eliminated, as the user‘s words regarding assent or rejection
should be clear. Examples of clear words showing assent can be ―Yes‖, ―I agree‖, ―I
accept‖, ―I assent‖, or ―I consent‖. It is not preferable to use ambiguous or vague
phrases such as,‖ Submit‖, ―Continue‖, ―Next page‖, or ―Enter‖. Examples of clear
words manifesting rejection can be ―No‖, ―I disagree‖, ―I decline‖, or ―Not agreed‖.
Assent or Rejection Using Clear Methods:
The contracting user method of declaring assent or rejection must be clear and
unambiguous. Examples are clicking an icon or a button containing a word of assent
or rejection, or typing particular words of assent or rejection in an empty box.
Consequences of Assent or Rejection:
In case the user rejects the terms of the proposed agreement, therefore this action
should prevent the user from gaining access to what is provided by this agreement.
This means that the transaction should end up automatically if the user did not agree
to the terms. For instance, if the license agreement would allow the user to use a
software, website, or a certain data, then rejecting these terms should deprive the user
from the granted right of usage. In the same way, if the agreement would grant the
user specific rights to goods or services, the result of rejecting the proposed terms
should be barring the user from receiving his request. On the other side, user‘s assent
12
to the proposed terms and conditions of an agreement should permit access to the
requested promise without any additional agreements.
Notice of Consequences of Assent or Rejection:
When the user discloses his assent or rejection, a statement should grab the user‘s
attention to the consequences of either his approval or denial. Instances of assent
notices: ― By clicking ‗Yes‘ below you acknowledge that you have read, understand,
and agree to be bound by the terms above‖ or ―These terms are a legal contract that
will bind both of us as soon as you click the following acceptance button‖. Examples
of rejection notices:‖If you reject the proposed terms above, you will be denied access
to the (Software, product, web site, or services) that we are offering‖.
Correction Process:
The process of assent should render a reasonable method to prevent, correct, and
detect any errors likely to occur by the user when assenting.
Accurate Records:
Maintaining accurate records of the format and content of the contractual agreement,
also documenting the steps that the user had to take for gaining access to specific
items and what version of the agreement was in effect at the time of contracting.
Using user‘s identifying information could be helpful if necessary for proof of
performance by accurate records, as well as the user‘s assent to the terms and
conditions of the agreement, and the version of the terms to which the user assented.
Privacy law should be taken into consideration while concluding this step.
Retention and Enforceability:
Regarding any legal proceedings, a record of the contractual agreement has to be
provided or delivered; as the sender must make sure that any electronic record is
capable of retention by the recipient. Moreover, in order to enforce an electronic
record against the recipient, the sender cannot forbid the recipient from printing or
storing the electronic record.
Accessibility and Accuracy after the Assenting Process:
In case an applicable law requires retention of a record of information of the
transaction, the electronic record should precisely reflect the information of the deal
13
and remains accessible to the parties of the agreement, and capable of accurate
reproduction for later reference.
These strategies are not intending to set minimum standards to obtain valid assent, but to
add suggestions for performing electronic deals in a more legitimate manner. However,
these strategies are for avoiding disputes on contractual agreements carried out via the
electronic medium, which would lead to developing a better set up agreements which
electronic vendors and users will have confidence in.20
20Christina L. Kunz, Click Through Agreements: Strategies for Avoiding Disputes on validity of Assent, (November, 2001), The
Business Lawyer vol.57
14
C. The Impediment of Electronic Signature as a Cornerstone in Electronic
Contracting:
In general, authentication is a major peril for concluding business on the internet in the
information and computer age. In this regard, how would it be possible for the parties to a
contract affirm their identities and approval to the bargain without a tangible medium?
Besides, how can parties to an agreement carried out via electronic instrument express
their identities in a unique manner? Basically, Electronic signatures and digital signatures
have been deemed by many judicial systems as technologies that have been created to
perform this mission.21
The main concern of electronic signature laws has been electronic documents which are
also known as electronic records; and signatures that are created and stored in electronic
form. These signatures are referred to sometimes as ―Electronic Signatures‖ or ‖Digital
Signatures‖, which lead to deep confusion, because each term has a different
understanding.22
1. Electronic Signature:
Electronic signature is a comprehensive term that refers to all various means by
which a party can sign an electronic document. According to the Federal E-sign Law,
it defines E-signature as,” information or data in electronic form, attached to or
logically associated with an electronic record by a person or an electronic agent‖.
The Uniform Electronic Transaction Act which is enacted in 43 states defines E-
signature as,‖ means an electronic sound, symbol, or process attached to or logically
associated with a record and executed or adopted by a person with the intent to sign
the record‖. Though all electronic signatures are represented in a digital way (as a
series of ones and zeros), yet they can take various formations. For instance: a name
21Richard Raysman & Peter Brown, Contract Law and Business Practices in the Information Age, Computer Law: Drafting and
Negotiating Forms, (2004)
22 The UCITA Revolution: The New E-Commerce Model for Software and Database Licensing, Moving with Change:
Electronic Signature Legislation as a Vehicle for Advancing E-commerce, (April-May 2000)
15
typed at the end of an email by the sender, a digital image of a handwritten signature,
a secret code or PIN to identify the sender of the electronic record, biometrics-based
identifier such as fingerprint scan, and digital signature.23
2. Digital Signature:
Digital signature is a term for one particular technology of electronic signature. It
depends on the use of public key cryptography to sign a message, and is considered
the most common sort of electronic signature that is being used as a mean of signing
electronic records.24
Under the Egyptian Electronic Signature Law No. 15/2004 Article (1) the legislature
defined E-signature as ―What is on an electronically written message in the form of letters,
digits, codes, signals or others and has a unique identity that identifies the signer and uniquely
distinguishes him/her from others‖.
1. Biometric Signature:
Biometrics could be defined as “the automated technique of measuring a physical
characteristic or personal trait of an individual and comparing that characteristic or trait to a
database”. Through unique physical traits for example a person‘s fingerprints, retina which is the
inner layer of an eyeball, or iris which is the colored circle surrounding the eye pupil.25
Unlike PIN or digital signature, biometric characteristics cannot be stolen or lost. Besides,
biometrics is easy to use. An individual can access a specific file via placing his finger on a
computerized pad or gazing into a camera. However, iris and retina scanning may raise privacy
aspects because of revealing private medical information about a person. Hence, identification
23 California Code of Regulations Title 2 Administration Division 7, Secretary of State, Table of Contents, ch10, Digital
Signatures, Under the California Digital Signature Regulations, ―‗Signature Dynamics' means measuring the way a person writes
his or her signature by hand on a flat surface and binding the measurements to a message through the use of cryptographic
techniques.‖
24Thomas J.Smedingoff, Warwick Ford, and Michael Baum, Secure Electronic Commerce , Ed. Online Law ch.3, 4, 31, (1996)
25 Biometric Scanning, Law & Policy: Identifying the Concerns—Drafting the Biometric Blueprint, 59 U. Pitt. L. Rev. 97, 99 ,
(1997)
16
programs could be set to discourse crucial identification information without providing excessive
data that would expose personal medical status.
Furthermore, voice and video recognition can be considered as biometric tools for authentication,
though it might not be of the same high standards of ensuring identification as in the case of
fingerprints or eye scanning, but it is more economic to use.
Biometrics is a great alternative to private keys that is more complicated to spoof. Biometric
signature along with digital signature is considered an ideal method for a maximum level of
security and authentication.26
2. Click Wrap:
Click wrap is considered the basic type of e-signature since you merely click on an icon
to apply a signature to an electronic record. A click on the send button in an e-mail
account could qualify as a click wrap. Another example could be at Amazon.com or
Ebay.com, by clicking ―I agree‖, ―I accept‖, or ―I submit‖ button.27
3. PINS or Passwords:
Online banking system is the model representative to illustrate this type of e-signature.
As in these closed systems, users need log in passwords or PINs to gain access. When the
user enters his own PIN code, his identity is verified. Through this extensive
authentication process of proving the user‘s own identity, a form of trust is created
between the system and the user by which large amounts of money transfer could be
carried out with a click of a button.28
26 Ian C. Ballon. Privacy, Security, and Internet Advertising Chapter 27, Internet, Network and Data Security, Part IV:
Encryption, Cryptography and Biometrics E-Commerce and Internet Law, (2010-2011 update)
27 Toby Brown, an E-signature Primer, (May/June 2004), Rhode Island Bar Journal
28 Ibid
17
signature. This is considered a unique system in which users or signers do not have to
posses the same shared secret to trust the signer‘s identity such as in PIN systems.
According to this type of E-signature, the user can have a private key to sign a certain
document which can be verified by the public key. As a result, if the signer of document
or electronic record keeps his own private key, then the public key can validate it. There
is an extremely high scale of trust that the content verified by the public key is exactly the
content signed by the private one. Certs may have various levels of trust as it is
determined by the policies and technologies used, which also lead to a few wide-spread
application for this type of e-signature for its high cost. The three standard authentication
factors are what you know which is the PIN, what you have which is a credit card, and
what you are which is your finger print. Depending on the level of security, a signer can
utilize one, two, or three factors of authentication signing.29
1. Cryptography:
Cryptography is a tool used to allow two or more individuals at different locations to start
sharing vast information with confidence that this information has been altered or
intercepted by a third party at the time of exchanging and sharing. In order to achieve
this, the parties need first to create what is known as ―cipher‖ that enables converting the
original unencrypted text ―Plain text‖ into an encrypted text ―Cipher text‖. This process is
done by using encryption algorithms that combine the ―plain text‖ with a key or a code to
produce the ―Cipher text‖, also this key or code is considered a unique series of numbers.
Besides, the length of the key is measured in bits, e.g. 32 bit, 128 bit, or 256 bit
encryption...etc, and the more bits the better the encryption. As a result, each key which
consists of a unique series of numbers that leads to generating a unique cipher text, this
means that any change in the plain text will cause the cipher text to change too assuring
the recipient of the information that it has not been changed from its original form.
As a matter of fact, there are several sorts of cryptography, such as: Conventional and
Asymmetric cryptography. Conventional cryptography which is also known as symmetric
29 Toby Brown, an E-signature Primer, (May/June 2004), Rhode Island Bar Journal
18
cryptography uses the same key to encrypt and decrypt the information. While
Asymmetric cryptography uses two distinct keys but mathematically related, known as
public and private keys to encrypt and decrypt information, and this is the type of
cryptography used in digital signature. 30
30 Janet K. Winn, “The Emperor's New Clothes: The Shocking Truth About Digital Signatures and Internet Commerce,‖
(revised draft) (March 9, 2001)
31 Aristotle G. Mirzaian, Electronic Commerce: This is not your Father‘s Oldsmobile, (May 16th 2002), Rutgers Law Record
19
3. Certification Authorities and Public Key Infrastructure:
There is a major security threat regarding doing business on the internet and that vendors
aren‘t sure whether they can trust the integrity of electronic messages even if digitally
signed. Public key infrastructure is one of the principal methods to resolve these
problems. Public key infrastructure is a system that allows contracting parties who
depend on digital signatures to rely upon a trusted third party to prove each other‘s
identity. This third party is called Certification Authorities.32
Certification authorities are concerned with authenticating the ownership and traits of a
public key so that the public key can be trusted. There are three essential steps that the
certification process involves, yet they might change from one certification authority to
another. First, the sender of the message who is known as the subscriber generates his
own private key-public key pair. Second, the subscriber goes to the certification authority
and shows an identification card such as passport or driving license. Third, the subscriber
then declares that he holds the private key that is linked with a specific public key.
Accordingly, once the subscriber is a trustworthy to the certification authority, it can
issue a certificate. This certificate is a computer based record that is used to connect the
private key with the corresponding public key. These certificates often contain the public
key in addition to other information such as: the name of the certification authority, type
of key, algorithm of the key, and any licenses held by the holder of the certificate.
Consequently, subscribers can then start propagating the certificates to third parties who
33
would like to conclude business with the subscribers.
32 European Commission Guidelines on Encryption, ―Towards a European Framework For Digital Signatures and Encryption‖,
(October 8, 1997)
33 Ibid
20
If the program fulfills decrypting the digital signature, then the recipient assures that the
communication came from the sender, because the sender‘s public key will be able to
decrypt a digital signature that was encrypted by his own private key. The program starts
creating a second message digest of the received communication and then compares it
with the decrypted message digest. If the two messages match together then the recipient
34
knows that the communication was not altered or changed.
IV. The Reasons behind Choosing Digital Signature as the Sole Model of Electronic
Signature under the Egyptian Law:
34 Thomas J. Smedingoff, (June 14-15, 1999). Electronic Contracts & Digital Signature: An Overview of law and Legislation.
Patents, Copyrights, Trademarks, and Literary Property Course Handbook Series
21
35
ones both the private and public key.
The Egyptian Electronic Signature Law No. 15/2004 mentioned under Article (1) (c) that
the legislature determined various types of electronic signature that could be letters,
digits, symbols, signals, or anything else, as long as it enables identifying the signer, and
at the same time differentiates him from others in compliance with the technical aspects
mentioned in the regulations of the Ministerial Decree No.109 of 2005. The Egyptian
Electronic Signature Law No. 15/2004 Article (18) entails a link between the electronic
signature and the public key so as to gain authenticity. In addition, Article (9) of the
regulations of the Ministerial Decree No.109 of 2005 stated that signing in a certain
website cannot be fulfilled unless there is a secure public key infrastructure and a
certification authority. As a result, the Egyptian legislature accredited digital signature as
a sole model of electronic signature, because the electronic signature will not be
authorized until it is linked to the website that the signer is aiming to sign in to. Besides,
this link will not be achieved until there is a public key infrastructure. 36
35 Prof. Mohamed Elmorsy Zahra, The Civil Protection of Electronic Commerce, (2008), P.239-240
36 Prof. Mohamed Elmorsy Zahra, The Civil Protection of Electronic Commerce, (2008).238-239
22
2. Claiming Forgery of the Signature:
The signer can claim at any time that the signature is forged to avoid any obligations
or duties caused by his signature. In standard contracts, if someone argues that his
handwritten signature is genuine then he has to prove so. On the other hand, if a party
in a contractual agreement claims that his signature has been forged, then the other
party has to give evidence that the signature is authentic, genuine, and has been
signed by the pleading party. In electronic contracts, despite it could be possible to
show that the signature has been created through the private key, but it is
inconceivable to prove that the private key was only in possession of the legitimate
holder.
VI. Solutions:
37 Kiril Kesarev, Digital Signatures and Encryption in the European Union, (22 November 1998), Department of Computer
Science and Engineering, Helsinki University of Technology
23
securing private key storage could be delivered through smartcard technology which
is capable of signing digitally, as the private key is being installed on it. Besides,
smartcards are accessible to the outside world even their own legitimate users. 38
38 Report of Day 1 of the European Expert Hearing on Digital Signatures and Encryption (Copenhagen, April 23, 1998)
39 Kiril Kesarev, Digital Signatures and Encryption in the European Union, (22 November 1998), Department of Computer
Science and Engineering, Helsinki University of Technology
40 Ibid
24
D. The Dilemma of Privacy and Data Protection:
Technology has played a great role in enhancing the capacity of internet companies to
collect and analyze huge amounts of data relating to customers who merely visit their
web sites, which raises concerns about how this data is treated. Many businesses around
the world collect a variety of information on a regular basis about their own customer in
order to understand their clients better, improve their business processes, and target
special offers. Before finding the internet, companies used to track the purchases made by
individuals, while now there is more to take care of, as a company can also record pages
of websites that grabs customers‘ attention. This information can form a great
compilation with other data sources to constitute a profile of customers. The increase in
the way of collecting and using data has lead to raising public awareness and consumer
cautions about internet privacy. Such worry made governments respond by using various
approaches that includes establishing new laws and regulations, as well as inquiring
regulating businesses. Meanwhile, these contrasting approaches have led to diverse
municipal standards and may create predicaments for companies that transfer personal
data between operations located in different jurisdictions.41
41 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
42 Mark E. Budnitz, Privacy Protection for Consumer Transactions in Electronic Commerce: Why Self-Regulation is Inadequate,
(Summer 1998), South Carolina Law Review
25
ones. 89% of consumers are worried about threats to their privacy when concluding
monetary services. 81% have lost control over determining how personal information is
being circulated and used by companies and businesses. 25% of individuals prefer to
keep their own personal information in private and not even willing to trade information
in return for money or benefits. 20% have no strong believe in safeguarding their own
information, while the remaining 55% are willing to trade their privacy information
depending on the benefits that might be given in return for their information, the
protection policy of the company that is willing to use these information, and whether the
company is a trustworthy to keep it‘s privacy promises. Consumers highly value medical
or financial information possessed by credit card companies and banks. 43
A Harris surveys in 1997 found that the majority of consumers engaged in online
activities and electronic transactions are concerned about threats to their confidentiality
and protection of these systems even when it comes to purchasing goods. Consumers do
not trust online services and the voluntary terms and conditions of these companies.
Consumers affiliated in these surveys assert that they will not get involved in electronic
commerce deals unless privacy rules are strengthened.
According to a survey conducted by the Boston Consulting group, about 86% of
consumers aim to get control over their own personal data, and 81% believe that web
sites do not have the right to use or resell consumers‘ information to third parties.
Further, 70% of consumers said that privacy concerns were the primary reason that they
do not register information on websites. Moreover, 70% are concerned about giving their
own information online than giving it over the phone or by mail; also 75% are highly
concerned about companies that monitor consumers‘ browsing on the internet. Besides,
27% of consumers provide false information because of privacy and data protection
concerns. These surveys findings are significantly important in the field of electronic
commerce, as the internet presents a huge market. As long as consumers do not trust
companies to protect their information, companies will suffer to generate the volume of
consumers needed to make electronic commerce seriously profitable. As a matter of fact
43 Prepared Testimony of Dr. Alan F. Westin, Publisher Privacy and American Business Before the House Banking and
Financial Services Committee, Financial Institutions and Consumer Credit Subcommittee, Electronic Payment Systems,
Electronic Commerce, and Consumer Privacy, (Sept. 18, 1997), Federal News Service, available in LEXIS, News Library,
Federal News Service File
26
this could lead to another result that government regulation is almost irrelevant because
companies will accept self regulation for the sake of assuring the continuation of their
electronic commerce ventures.44
44 Mark E. Budnitz, Privacy Protection for Consumer Transactions in Electronic Commerce: Why Self-Regulation is Inadequate,
(Summer 1998), South Carolina Law Review
27
the beginning of May till September of year 1997, and found that each electronic
commerce customer faced at least one serious attack monthly.
As disclosed above, privacy concerns are considered extremely decisive factor
influencing consumer reluctance to take part in electronic transactions. In addition, the
studies and surveys mentioned along with its findings provide abundant justification to
consumers‘ fears regarding privacy and data protection. 45
45Ibid
46 FRB Report (Mar. 1997) Board of Governors of the Federal Reserve System, Concerning the Availability of Consumer
Identifying Information and Financial Fraud 18 n.14
28
Advance in technology motivated companies leads to establishing broad databases of
consumers, aggregating data in unique classifications, and collecting from brand sources
never used before. On the other side, consumers do not know that their personal
information is being collected, to whom it is sold, and how it is used. Consequently,
consumers‘ privacy is invaded without their, consent, control, or knowledge. 47
II. The United States Approach to Foster Protection of Privacy and Personal Data:
The United States has mainly promoted industry self-regulation by governmental laws
and regulations in specific departments, which would be considered the best trend to
assure data protection and privacy in an evolving environment like electronic commerce.
The United States privacy laws supply protection specifically for personal healthcare,
personal information about children, and financial information. Nonetheless, there are
different interests in the American society including businesses, consumer groups, and
Federal Trade Commissioners that have debated the need for a quite comprehensive
legislation.
In some judicial systems, laws are considered comprehensive and act on an extensive
level to cover various issues. In other judicial systems such as the United States, laws are
acting intensively and focus on specific matters.48
47 Mark E. Budnitz, Privacy Protection for Consumer Transactions in Electronic Commerce: Why Self-Regulation is Inadequate,
(Summer 1998), South Carolina Law Review
48 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
29
b) Health Insurance Portability and Accountability Act (1996):
According to this act, consumers are provided with certain rights in terms of using their
personal health information.
Although the above mentioned laws are not specific to online privacy rules or
international electronic commerce, yet these laws do highlight how personal information
is treated including transferring data electronically.
Furthermore, the Federal Trade Commission can furnish more protections to consumers
under the 1914 FTC Act when a business violates its own stated privacy statement. In
fact, the FTC, consumer groups, and many businesses motivates posting such privacy
statements so as to render consumers with information in relation to their practices.
According to the General Accounting Office‘s privacy statement posted on the internet; if
30
a business violates its stated practices, then the FTC will have the right to challenge that
business for using deceptive practices. 49
In addition, the FTC has brought a law enforcement action against a company that did not
stick to its privacy and security policies.50
49 Retrieved March 1st 2011 from the Federal Trade Commission Site
Website: http://www.ftc.gov/os/1999/07/pt071399.htm
50Retrieved March 1st 2011, In the Matter of Eli Lilly, File No. 012 3214 (2002
Website: http://www.ftc.gov/opa/2002/01/elililly.htm
51 Directive 95/46/EC of the European Parliament and of the Council of 24.10.1995 on the protection of individuals with regard
to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31)
52 European Commission, Brussels, (4.11.2010) Communication from the Commission to the European Parliament, the Council,
the Economic and Social Committee and the Committee of the Regions
31
developments and situations affecting basic rights including those not detected at the time
of adopting this directive. 53
Transparency is a fundamental condition which enables individuals to control their own
data and to assure protecting it. Consequently, under the Directive 95/46/EC, individuals
must be clearly informed in a transparent way by data controllers about who is collecting
54
their data, how, what are the reasons, and for how long. In general, basic elements of
transparency require that privacy information should be easy to understand, accessible,
clear and in plain language. This is more relevant in the internet environment, as most of
the privacy statements are vague, non-transparent, and difficult to access.55
Two major prerequisites for assuring that individuals are supplied with a high level of
data protection are the limitation of the data controllers in relation to its purposes, and the
retention by data owners of an effective control over their own data. Individuals should
always be given the ability to access, delete, block, or rectify their own data unless there
is a specific legitimate reason by law for preventing such act. 56
55 A Euro barometer survey carried out in 2009 showed that about half of the respondents considered
privacy notices in websites ‘very‘ or ‘quite unclear‘
56 European Commission, Brussels, (4.11.2010),Communication from the Commission to the European Parliament, the Council,
the Economic and Social Committee and the Committee of the Regions
32
a) Notice or Awareness Principle:
Data collectors, for instance: websites should provide consumers conspicuous and clear
notice regarding any practices of their information. This is to include what kind of
information they collect, how they collect it, how they make use of it, and how they
provide consumers with access, choice, and security.
58 The U.S. Federal Trade Commission‘s summary of the basic principles embodied in the OECD guidelines
33
Specific legislations may differ from one country to another in the way of implementing
the OECD general principles. For instance, according to the Gramm-Leach-Bliley Act in
the United States, certain rights are provided for consumers in terms of using their own
personal financial information, as it permits consumers to opt out of any act that would
expose their nonpublic personal information to nonaffiliated third parties. Referring to the
principle of Consent or Choice, if the individual does not respond to the opportunity to
opt out of having his personal information shared with third parties, therefore the
company may share the individual‘s personal information.
Furthermore, the Children‘s Online Privacy Protection Act requires internet companies to
obtain the consent of the child‘s parent at first before commencing the collection of
information. This requirement is a more strict privacy prerequisite than an opt out,
because an individual should not be taking any steps or procedures to prevent third
parties from collecting his information, and it‘s clear in the Children‘s Protection Act, as
parents‘ approval is a must for the validity of collecting information from a child.
34
E. Security as a Predicament in Electronic Contracting :
There are several security perils to consumers when concluding business transactions on
the internet. As there are criminals all over the world who are targeting online banking
transactions, internet purchases, electronic cards information, and much more. However,
criminals in some foreign countries were successfully able to penetrate computer systems
of United States headquarters of financial institutions, countless cases of credit, debit, and
ATM cards fraud, intellectual property rights infringements and piracy, and telemarketing
fraud which have caused noteworthy losses for United States corporate and individual
victims. These sorts of crimes are determined critically important as the well known
cyber crimes committed via internet, such as: fraud, money laundering, identity or
information theft. Moreover, some of the notable challenges that law enforcement faces
on the international arena is to enhance cooperation in identifying and locating inter
borders perpetrators, to obtain electronic evidence of their committed crimes so as to be
brought before courts, and to prevent distinctions between countries‘ criminal provisions.
Taking into consideration other aspects of international electronic commerce, issues
related to security are remarkable ones.59
Security is conceived as both an end and the means to reach the aim. The end in security
is a document that meets commercial and legal requirements of authenticity, integrity,
non-repudiation, writing, and signature. The measures for providing security vary
according to the nature of the document. In paper documents, security is ensured by
handwritten signatures, writing, sealed envelopes, ink, and couriers. In electronic
documents, security is acquired by including digital signatures, acknowledgement
procedures, encryption, and controlling access. These security steps will supply
significant commercial and legal benefits if they are implemented properly. 60
59 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
60 Thomas J. Smedingoff, (June 14-15, 1999). Electronic Contracts & Digital Signature: an Overview of law and Legislation.
Patents, Copyrights, Trademarks, and Literary Property Course Handbook Series
35
Security measures usually take two levels for implementation in the field of computing:
System security level and Information security level.
1. System Security:
The term system security refers to the measures that could be taken by a company itself
in order to protect its own records and computer systems or any other information that
might be attacked from outside, such as: any sort of damages that could be caused by
viruses, hackers, and sometimes natural disasters; and inside, such as: damages that could
be caused by snooping and dishonest employees. Besides, systems security measures
include controllers for access which are designed to determine and authenticate the user
of the system, also it helps in limiting users‘ access to databases, files, systems, as well
as, auditing any activity occurred on the system.
Further, there are system security controls that are used traditionally to combat
unauthorized access, such as: passwords and biometric tokens like eye pupil or
fingerprints scan. In spite of the superior effect of these methods, yet systems are
increasingly getting connected to networks from all over the world, which urges the need
for additional access controls that are specifically designed for protecting systems from
outsiders.
Firewall is conceived as one of the best access controls, as it is software that supplies a
barrier between two networks, an internal and external one, the same as in internet.
Firewall controls all incoming and out coming communications within the network, so
when a user from inside the network wants to communicate with another user outside of
the network, the user communicates with the firewall, and then the firewall forwards the
message to the outside user. Equally the same with the outside users or servers, they all
need to communicate with the firewall, then the firewall forwards the communication to
the user in the internal network.
It has to be denoted that there are plenty system security measurements that can be set in
addition to password, biometric tokens, and firewalls; yet such security systems can be
employed on computer systems or networks that are under control only. In other words,
36
these security systems cannot have control on any outside users or networks, such as: the
internet.61
2. Information Security:
System security level ends when digital information leaves a computer system, as the
system security cannot protect the digital information when it resides on a computer that
is out of the boundaries of the sender‘s network. Accordingly, protecting the information
is extremely important even the most crucial security strategy, as digital information
security ensures that it is authentic and no one has edited or modified it, although it could
have been accessed.
Security procedure is the mean for protecting digital information, as it is a methodology
or procedure used for verifying that an electronic document is owned or sent by a specific
person, or detecting alteration or error in the electronic record, content, or storage. In
addition, a security procedure of protecting digital information may acquire using codes,
identifying words or numbers, algorithms, encryption, passwords, security questions,
identification procedure, or any other security measure.62
61 Ibid
62 Illinois Electronic Commerce Security Act, 1997 Ill. H.B. 3180, at Section 5-105
63 David M. Cielusniak, You cannot Fight What You Cannot See: Securities Regulation on the Internet, (December, 1998),
Fordham International Law Journal
37
updates, forums, and trades. Unfortunately, internet investments aren‘t desirable in all
matters, because not all that could be accessed on the internet is true and authenticated.
One of the tensest barriers facing securities regulators on the internet is the case of
anonymity of numerous communications. Reliance on internet information is getting
more complicated to measure, even when it comes to boiler room brokerage trying to sell
people commodities, stocks, or lands under high-pressure or illegal tactics, there are still
physical locations to track, while online fraud acts is more difficult to trace and almost
impossible to track or find the exact real source. When internet security regulators are
unable to discover who is behind the fraud, or from where it originates, prosecutions most
likely will fail.
38
There is no more need for brokers to hamper by hours of phone calls and sales pitches, as
scammers nowadays can pay a few amount of money to a certain internet service
provider, and then create a single sales pitch, send the information to hundreds of
thousands of people around the world by the click of a mouse button. Consequently, the
internet creates an ideal boiler room for brokers who would make around 150 to 200 cold
call pitches each day, to expand this number to make it thousands every minute.
Moreover, internet provides a great advantage for scam artists as developing a fraudulent
website is not just a simple trap that can be created while staying at home comfortable
with few costs, but it can also be effective against victims by creating a more convincing
webpage with much more effort and value that would give it a sophisticated preview as
fortune companies. Besides, scam artists use some common tactics for reassuring the
legitimacy of the website. Scammers provide hypertexts on their webpage by a security
regulator agency so as to falsely give an implication of the secure environment of the
website which is approved by such a regulator. Another form of false guarantee is to add
hypertext to a certain newsletter that is praising the website and concluding deals with it.
This would motivate suspicious eyes that the website is safe and encourages investors to
do business with.
Another method of defrauding investors online is the pump and dump tactic, as scammers
begin to enter chat rooms where investors are discussing their business, then stock
promoter enters the chat rooms encouraging buying stocks that they own by claiming that
they have some late breaking news or inside information related to the company. The
promoters work on spreading these words, and finally sell the stocks that they own while
the prices rose for the fake rumors they spread. This technique is similar to what is being
done in boiler rooms, as brokers make their own market by manipulating the stocks and
shares prices through spreading rumors between clients and for benefiting themselves. 64
64 David M. Cielusniak, You cannot Fight What You Cannot See: Securities Regulation on the Internet, (December, 1998),
Fordham International Law Journal
39
III. Chosen Security Challenges for Electronic Commerce:
65 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
40
Moreover, it has to be acknowledged that criminal laws contradict from one country to
another, yet when a certain country‘s national criminal law considers a certain activity as
a crime that should be punished, while on the other side, another country‘s national
criminal law does not criminalize the exact activity. Therefore, effective international
cooperation between nations to face such crimes and prosecute the perpetrator is
challenging and sometimes impossible.
―Love Bug‖ which is an email virus that was distributed in an email with the subject ―I
love you‖ caused almost US $10 billion in losses in 20 countries66 is a good instance to
illustrate the situation. When that virus spread in different countries and damaged a lot of
computer systems and networks causing huge losses for various countries, the United
States investigators started working closely with the Philippines investigators in order to
reach the computer programmer who designed this computer virus. Although cooperation
occurred between the two countries and at the end they were able to capture the criminal,
yet international coordination could have been achieved faster and effectively if there was
an already set common criminal law encompassing the two countries, so as to coordinate,
follow procedures, and stick to its laws. 67
1. Council of Europe:
Basically, the Council of Europe (COE) was established in 1949 and consists of 47
member states. It includes all the member states of the European Union and some other
states. The reason behind establishing this council is to strengthen and uphold human
rights, promote democracy and the rule of law in the European countries. 68
66 Mike Ingram, "Love-Bug" virus damage estimated at $10 billion, (10th May 2000) Retrieved March (8th 2011) Website:
http://www.wsws.org/articles/2000/may2000/bug-m10.shtml
67 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
41
There are many international bodies that are concerned about cybercrime and computer
related crime. The United States government is cooperating with some of these
international channels in order to handle global threats that are linked to computer
networks. The Council of Europe drafted a Convention on Cybercrime with the
participation of the United States since the beginning of the project in 1997. In particular,
the United States Department of Justice, State, and Commerce, along with consulting
other US governmental organs, has participated in the negotiations and drafting of the
COE Cybercrime Convention. There were other states who were nonmembers of the
COE who participated also in the drafting and negotiations, such as: Japan, Canada, and
South Africa. For their participation in the drafting of the convention, these nonmembers
of the COE would be granted the right to become parties of the Cybercrime Convention if
they willed to do so. In June 29th 2001, the Council of Europe issued the final draft of the
Cybercrime Convention, which is deemed to be the first international instrument
addressing the complications imposed by crimes committed in the field of computer
networking. The most elementary requirements made by the Convention were:
a) The duty of the signatory states to set punishments for offenses perpetrated in the
plane of computer networks crime.
b) The parties are required to establish procedural laws for investigating cybercrimes.
c)
Ensure the presence of international law enforcement authorities to cooperate in
69
prosecuting and combating computer networks crimes.
69 Ibid
42
OECD in 1992, which means before the tremendous growth of the internet and electronic
commerce.70
70 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
71 David M. Cielusniak, You cannot Fight What You Cannot See: Securities Regulation on the Internet, (December, 1998),
Fordham International Law Journal
72 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
43
F. Consumer Protection Guidelines in Electronic Commerce:
Building an environment that is attractive and safe at the same time is the key for success
in electronic commerce. To achieve this goal, a set of certain alliances is required
between governmental and private interests, in addition to computer technology
specialists, attorneys, and business people. As consumer protection is the true essence for
trust and confidence in the field of electronic commerce. In fact, electronic commercial
transactions raise various issues related to consumers‘ interest, such as: determining the
identity of the online vendor, also technological tools in fulfilling the electronic contract
like e-signature. Moreover, the internet environment makes it easier for scam artist to
defraud electronic consumers and may be abusing consumers‘ information or selling it to
third party. Accordingly, it would be of an extreme difficulty for governments,
businesses, consumers to deal with such predicaments using traditional consumer
protection standards for deterring criminals in the internet medium.73
73 Asia-Pacific Economic Cooperation (APEC) Ecommerce Steering Group, Voluntary Online Consumer Protection Guidelines
44
also it does not obligate transparency and complete disclosure by electronic companies in
the sale of goods contracts, as any sale of good contract will be conceived as final.
Consequently, this could be deemed as an extension to the American approach of contract
law principles which is pro-business in commercial transactions.
Further, as several scholars mentioned that the best way to raise the level of electronic
commerce transactions is to boost consumers‘ confidence in the electronic environment.
As a result, the American government in order to notice continued growth in electronic
commerce rates, it should lay down more incentives to adopt more consumer protection
measurements. 74
74 Paul Stylianou, Online Dispute Resolution: the Case for a Treaty Between the United States and the European Union in
Resolving Cross-Border E-commerce Disputes, (Fall 2008), Syracuse Journal of International Law and Commerce
75 Ibid
45
disputes, also allowing consumers to use such dispute settlement mechanisms for suing
electronic businesses. Furthermore, the European Union has adopted several
recommendations for safeguarding dispute resolution operations, as well as standards of
transparency, independence, effectiveness, legality, representation, and liberty in legal
proceedings that could be rose before arbitral tribunals. Nevertheless, the European
Union established a program named EEC-Net which encourages the circulation of any
information related to the mechanisms of dispute resolution, and make it available to
consumers to benefit from it. Besides, the EEC-Net supplies services for dispute
resolution through many premises located in each member state of the EU. 77
77 Paul Stylianou, Online Dispute Resolution: the Case for a Treaty Between the United States and the European Union in
Resolving Cross-Border E-commerce Disputes, (Fall 2008), Syracuse Journal of International Law and Commerce
46
Regarding Article (5), the supplier must handle the consumer an invoice in case of
request concerning the transaction or agreement related to the product, including the
principal information related to the commodity.
Coherent to Article (6), the supplier and advertiser must provide the consumer with
correct information related to the nature and characteristics of the product, and
prevent anything that would cause misleading impression to the consumer or make
the consumer fall into confusions or mistake.
Pertaining to Article (7), if the supplier discovered or became aware of the existence
of a defect in a product, the supplier must inform the Consumer Protection Agency of
this defect and the potential prejudice that it may cause within seven days from the
date of discovery.
Relating to Article (8), the consumer will be entitled to exchange or return the
commodity and receive a refund without any additional cost if it was defective or
didn‘t conform with the purpose of use agreed upon within fourteen days from
receiving the commodity.
According to Article (9), the service provider is obligated to pay a refund or cover the
diminution in the service or provide the consumer with it again for the defect or fault
that appears referring to the nature of the service, the contractual conditions, and
commercial norms.
Pertaining to Article (10), any condition appears in a contract, document, or any other
similar item regarding the agreement concluded with the consumer relieves the
importer of the commodity or the service provider of his obligations will be
considered null and void.78
It is clear from the abovementioned articles‘ discussion that the Egyptian legislature is
highly concerned in the field of protecting the consumer about obliging the supplier or
the service provider to inform any defects in the commodity of the service if found. As
well as, the supplier should provide all the needed information about the commodity, also
to refrain from defrauding or misleading the consumer. Besides, the legislature gave the
consumer the right to return or exchange the commodity under particular circumstances,
47
and finally considering any relieves from responsibility will be conceived as null and
void. 79
Although there is an Egyptian Draft Law on E-commerce, but it has not been
implemented yet. However, pertaining to Article (17), any authority that has the ability to
obtain financial or personal data of any client is not permitted to keep these data after the
fulfillment of the transaction, use it for any other reason than the one agreed upon, or
conclude any deal with it.
The Egyptian legislature showed appreciable anxiety about consumers‘ privacy interests
which include banking and personal information, as there must be an explicit assent from
the customer himself to declare his approval for letting the supplier use the information
given for concluding the transaction. Besides, this information could be used by the
supplier or the service provider himself, or selling it to a third party who would make a
benefit out of it by any mean.
79 Prof. Mohamed Elmorsy Zahra, The Civil Protection of Electronic Commerce, (2008), P.95-97
80 Electronic Commerce and Consumer Protection Group (E-commerce Group) includes America Online, AT&T, IBM,
Microsoft, Network Solutions, Dell Computer Corporation Time Warner, Inc., Visa U.S.A. Inc.
48
Consumers should be given easy and effective means for contacting the vendor; also
the vendor should disclose his full name, the name used for conducting the business,
the principal address or the address of his agent, email, telephone, or any other
available contact information. Besides, there should be a mean for contacting the
organization that is affiliated to the merchant‘s business for any inquiries from
consumers.
Refrain from Any Suspicious Activities:
Vendors should not engage in any activity that would be considered misleading,
deceptive, or fraudulent.
Vendors Should Obviously Disclose the Following:
a) All the Main Features of the Goods or Services.
b) Price, Type of Currency of Payment, and Expected Costs.
c) Terms and Conditions of the Contractual Agreement.
d) Return, Refund, or Cancellation Policies.
e) Scope, Means of Exercising, Duration of Warranty if Present.
f) Availability of Customer and Technical Support.
g) Shipping Terms.
The Right to Review the Agreement:
Vendors should give consumers an opportunity to review the terms of the contractual
agreement, and not to take further steps in the transaction until it becomes binding on
the parties.
The Usage of Appropriate Language is a Must, in Order to prevent any Ambiguity.
Recording the Agreement. Vendors should provide adequate record of the transaction
and make it available for the consumer.
Privacy:
Vendors must stipulate privacy policies within its contractual terms and conditions
that match legal requirements and industry standards.
Security:
Vendors should also exert efforts for assuring secure transactions with consumers via
security measurements in consistency with updated industry standards.
Adopting Self-regulatory Programs:
49
Vendors must expose any contact information if they are participating in any kind of
self-regulatory programs.
Means of Dispute Settlement:
Vendors must accommodate consumers with affordable, easy, timely, and fair
methods for resolving disputes and redress. This should be including third-party
dispute settlement programs that are classified as reputable and independent.
Enforcing Participation in Self-regulatory Programs:
Vendors are required to participate in effective self-regulatory programs, so as to
prove their adherence to these programs principles and guidelines. 81
81 Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution. Retrieved: March 12th 2011, Website:
http://www.unescap.org/tid/publication/tipub2348_part2iv.pdf
82Ibid
50
Providing a resolution center for resolving transactions and ensuring that sellers are
committed to high standards.86
Authenticating and grading the quality of the item through a third party.87
VERO program also known as verified rights owner program. This is a program
which allows the owner of an intellectual property rights to report any kind of
infringement to their rights.88
Outage policy for covering all transactions in case the service goes down for any
purpose or at any time.89
Nonpaying bidders‘ policy, as sometimes a seller may not receive payment for the
item that he sold, through this policy a final fee is permitted to the seller.90
Protecting sellers against unauthorized use of credit card through third party
programs. 91
These protection services and policies shows that purchasers and sellers who are users of
eBay are covered with proper protection measurements. Despite the fact that eBay is
facing problems in regard of enforcing some of its policies, yet it may cooperate with
other parties to combat fraud and cybercrimes committed while concluding business on
its network.92
V. Conclusion:
As we have seen, electronic commerce is one of the fastest growing retail channels in the
entire business market; though this emerging technology offers promise and hazard: the
promise of accessing global market, enhancing economic efficiency, and ease of doing
business, as well as the hazard of several obstacles that may barrier gaining the fruit out
92 Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution. Retrieved: March 12th 2011, Website:
http://www.unescap.org/tid/publication/tipub2348_part2iv.pdf
51
of this intelligent new system of commerce. One of these main hazards is to manifest the
assent of the client or the user of website, as this varies from an online vendor to another,
as a result this contrast in the way of proving assent has made courts consider some as
valid and binding while other are not. However, another challenge is privacy and
customers concerns about their financial and personal data, since this information could
be abused by the parties contracting with customers and selling it to beneficiary third
parties. Further, security is another hurdle that may sophisticate electronic commerce, as
there are several security perils when concluding business on the internet such as:
criminals who intervene in computer systems of banks and financial institutions, fraud
electronic cards, and infringing intellectual property rights. As well as, electronic
signature is one of the means used in accommodating security, despite the fact that it is
considered as an issue in the field of electronic commerce in itself because it might be
forged, or the signer may claim that this is not his own signature.
Given the doubt and uncertainty that surrounds electronic commerce and technology may
affect individuals‘ interest, additionally this means that laws need to be appropriately
reformed and should directly focus on increasing accountability and transparency in order
to assure self-confidence to consumers in electronic transactions, and expand its range on
the municipal and international level. It might sound complicated to start reforming laws
and keeping norms of electronic commerce parallel to law and public policy, however
delaying such reform might lead to other problems that might rise in the future.
Consumer protection which is the core of electronic commerce and the only way to
combat the various challenges facing it, then more efforts are needed from governments
and legislators on the national and foreign scale. This is for determining methods for
managing the relation between the law and technical aspects that would secure the
jurisdiction of legal authorities, and at the same time harnessing the global expansion of
technology for the sake of public interest.
52
Bibliography:
i
19- Report of the United Nations Commission on International Trade Law on the Work of its
Twenty-Ninth Session, United Nations General Assembly, 51st Session, Supplement No.
17, at United Nations Document A/51/17 Annex I (1996), reprinted in 36 I.L.M. 200
(1997).
20- Richard Raysman & Peter Brown, Contract Law and Business Practices in the
Information Age, Computer Law: Drafting and Negotiating Forms, (2004)
21- The UCITA Revolution: The New E-Commerce Model for Software and Database
Licensing, Moving with Change: Electronic Signature Legislation as a Vehicle for
Adavacning E-commerce, (April-May 2000)
22- Janet K. Winn, “The Emperor's New Clothes: The Shocking Truth About Digital
Signatures and Internet Commerce,‖ (revised draft) (March 9, 2001)
23- European Commission Guidelines on Encryption, ―Towards a European Framework For
Digital Signatures and Encryption‖, (October 8, 1997)
24- Report of Day 1 of the European Expert Hearing on Digital Signatures and Encryption
(Copenhagen, April 23, 1998)
25- United States General Accounting Office, International Electronic Commerce, (March
2002), Report to the Ranking Senate Minority Member of the Joint Economic Committee
26- Prepared Testimony of Dr. Alan F. Westin, Publisher Privacy and American Business
Before the House Banking and Financial Services Committee, Financial Institutions and
Consumer Credit Subcommittee, Electronic Payment Systems, Electronic Commerce,
and Consumer Privacy, (Sept. 18, 1997), Federal News Service, available in LEXIS,
News Library, Federal News Service File
27- FRB Report (Mar. 1997) Board of Governors of the Federal Reserve System, Concerning
the Availability of Consumer Identifying Information and Financial Fraud 18 n.14
28- European Commission, Brussels, (4.11.2010),Communication from the Commission to
the European Parliament, the Council, the Economic and Social Committee and the
Committee of the Regions
29- The U.S. Federal Trade Commission‘s summary of the basic principles embodied in the
OECD guidelines
30- Asia-Pacific Economic Cooperation (APEC) Ecommerce Steering Group, Voluntary
Online Consumer Protection Guidelines
ii
III. Websites:
35- Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution.
Retrieved: March 12th 2011, Website:
http://www.unescap.org/tid/publication/tipub2348_part2iv.pdf
36- Restatement of the Law-Contracts, Restatement (Second) of Contracts, (August 2010),
Chapter3 Formation of Contracts-Mutual Assent, Topic 3 Making Of Offers, Retrieved:
January 4th 2011,
Website http://caseandcontroversy.com/Statutes/restat.pdf
37- Retrieved March 1st 2011 from the Federal Trade Commission Site Website:
http://www.ftc.gov/os/1999/07/pt071399.htm
38- Retrieved March 1st 2011, In the Matter of Eli Lilly, File No. 012 3214 (2002 Website:
http://www.ftc.gov/opa/2002/01/elililly.htm
39- Retrieved March 2nd 2011, History of the OECD Website:
http://www.oecd.org/pages/0,3417,en_36734052_36761863_1_1_1_1_1,00.html
40- Mike Ingram, "Love-Bug" virus damage estimated at $10 billion, (10th May 2000)
Retrieved March (8th 2011) Website: http://www.wsws.org/articles/2000/may2000/bug-
m10.shtml
41- Council of Europe, Retrieved March 8th 2011, Website:
http://www.coe.int/aboutCoe/default.asp
42- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/protection-
programs.html
43- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/pay/escrow.html
44- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/account/id-verify.html
45- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/resolving-
problems.html
46- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/authentication.html
47- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/tp/vero-rights-
owner.html
48- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/policies/everyone-
outage.html
49- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/sell/unpaid-items.html
50- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/pay/paypal.html
iii
Consumer Connections; Palmer & Associates; and Financial Research Group; and
Darlene Snow d/b/a Visionary Web Creations and/or d/b/a Maximum Impact Marketing,
Defendants. No. C-98 JW PVT ENE, C 98-20064 JW. April 16, 1998
61- Directive 95/46/EC of the European Parliament and of the Council of 24.10.1995 on the
protection of individuals with regard to the processing of personal data and on the free
movement of such data (OJ L 281, 23.11.1995, p. 31)
iv