Electronic Contracts and Consumer Protec

Master Thesis
Electronic Contracts and Consumer

Protection
submitted on 23rd April 2011
by
Khaled Saad
Supervisor
Prof. James P. Nehf
Indiana University School of Law – Indianapolis
i
ii
Declaration
I hereby solemnly declare that I have written this thesis by myself and without support from any
other person or source, that I have used only the materials and sources indicated in the footnotes
and in the bibliography, that I have actually used all materials listed therein, that I have cited all
sources from which I have drawn intellectual input in any form whatsoever, and placed in
―quotation marks‖ all words, phrases or passages taken from such sources verbatim which are
not in common use and that neither I myself nor any other person has submitted this paper in the
present or a similar version to any other institution for a degree or for publication.
Indianapolis, 23 April 2005 Khaled Saad
iii
Table of Contents
Abbreviations
A. Introduction 1
I. Stating the Background to the Study 1
II. Problem 2
III. Purpose 2
IV. Significance of the Study 3
V. Problem Statement Question 3
VI. Literature Review 4
VII. Methodology 5
VIII. Scope and Limitations of the Study 5
IX. Outline of Chapters 6
B. The Issue of Assent in Contractual Agreement Terms and Conditions 7

I. Mutual Assent 7
II. Types of Transactions in Electronic Contracting 7
1. Shrink Wrap 8
2. Click Wrap 8
3. Web Wrap 9
III. Fundamental Strategies for Ascertaining Assent 10
C. The Impediment of Electronic Signature as a Cornerstone in Electronic

Contracting 14
I. Electronic Signature vs. Digital Signature 14
1. Electronic Signature 14
2. Digital Signature 15
II. Types of Electronic Signature 15
1. Biometric Signature 15
2. Click Wrap 16
3. PINS or Passwords 16
4. Digital Certificates or Signatures 16
III. Substantial Elements of Digital Signature 17
1. Cryptography 17
2. Private and Public Keys 18
3. Certification Authorities and Public Key Infrastructure 18
4. Verifying a Digital Signature 19
IV. The Reasons behind Choosing Digital Signature as the Sole Model of Electronic
Signature under the Egyptian Law 20
1. Assuring the Identity of the Signer of the Electronic Record 20
2. Assuring the Security of the Electronic Record 20
iv
3. Assuring the Identity of the Electronic Record Signer 20
V. Problems with Digital Signature 21
1. Determining the nature of the signature 21
2. Claiming Forgery of the Signature 21
3. Digital Signature is coherent to person‘s rights 21
VI. Solutions:
1. Developing Secure Storage for Digital Signatures 22
2. Authenticity of Signature via Third party 22
3. Creating a Portfolio for the Owner of the Signature 23
D. The Dilemma of Privacy and Data Protection 24

I. Consumers Privacy Concerns 24
1. Surveys Concerning Consumers Privacy 24
2. Facts Supporting Consumer Concerns 26
3. Types of Privacy and Information Invasions 27
II. The United States Approach to Foster Protection of Privacy and Personal Data 28
1. Well-known US Laws Governing Privacy and Personal Information 28
a) Fair Credit Reporting Act (1970) 28
b) Health Insurance Portability and Accountability Act (1996) 28
c) Identity Theft and Assumption Deterrence Act (1998) 29
d) Children‘s Online Privacy Protection Act (1998) 29
e) Gramm-Leach-Bliley Act (1999) 29
III. The EU Approach to Foster Protection of Privacy and Personal Information 30
IV. International Principles for Ensuring Data Protection and Privacy 31
1. Basic Principles of Data Privacy and Protection Laws in the OECD 31
a) Notice or Awareness Principle 31
b) Choice or Consent Principle 31
c) Access or Participation Principle 32
d) Integrity or Security Principle 32
e) Enforcement or Redress Principle 32
E. Security as a Predicament in Electronic Contracting 33

I. Levels of Security Measures 34
1. System Security 34
2. Information Security 34
II. Deception on the Internet 35
1. The Complication of Anonymity on the Interne 35
2. Securities Fraud Online 36
III. Chosen Security Challenges for Electronic Commerce 37
1. The Issue of Cooperation 37
2. The Issue of Legislation 38
IV. Security Arrangements for International Electronic Commerce 39
1. Council of Europe 39
2. The Organization for Economic Co-operation and Development (OECD) Security
Guidelines 40
V. The Requisite of an International Resolution 40
v
F. Consumer Protection Guidelines in Electronic Commerce 41
I. The Difference between the US and the EU Approach in Consumer Protection 42
II. The United States 42
III. The European Union 43
IV. Consumer Protection under the Egyptian Law 44
V. The Approach of the Private Sector towards Consumer Protection 46
VI. An Example of Protections Given to Consumers: Electronic Contracts on eBay 48
VII. Conclusion 50
vi
List of Abbreviations:
ATM Automated Teller Machine

COE Council of Europe
E-commerce Electronic Commerce
EC European Commission
EU European Union
FTC Federal Trade Commission
OECD Organization for Economic Co-operation and Development
PKI Public Key Infrastructure
UCC Uniform Commercial Code
UNCITRAL United Nations Commission on International Trade Law
VERO Verified Rights Owner
WPISP Working Party Specialized in Information Security and Privacy
WWW World Wide Web
vii
Electronic Contracts and Consumer Protection
A. Introduction:
I. Background to the Study:

Due to the broad, variable, and highly expected expansion of the internet from the late
1990s and the beginning of the new millennium, various nations started treating
electronic commerce (E-commerce) as a new medium that should be taken into
consideration within the legal system for all the consequences it accompanies. Millions of
internet users worldwide are enjoying it for different purposes such as: researching,
purchasing online, surfing, and social networking. Yet its greatest revolutionary impact
on both individuals and entities is the development of what is known as electronic
commerce (E-commerce).1
The internet facilitates business transactions via electronic means either locally or
internationally, and it was developed by a United States Army experiment forty years
ago, around the 1970s.2 The term internet is composed of the prefix of both terms:
―interconnection‖ and ―network‖, so it meant the network which is made out of
interconnection of computer networks. Further, the internet is considered as a huge
network which connects countless smaller webs of connecting computers which is known
as the World Wide Web (www). Hence, the internet allows broadcasting data and
information to millions of people at almost no time with very low cost. This affordable
nature of the internet expense motivated lots of companies to try their business at a
cheaper place.3 E-commerce can be defined as using the internet for conducting business
1 Bashar H. Malkawi, E-commerce in Light of International Trade Agreements: The WTO and the United Sstates-Jordan Free
Agreement, (Summer 2007), International Journal of Law and Information Technology
2 47 United States Code § 230 (e) (1) (Supp. 1998)
3 David M. Cielusniak You Cannot Fight What you cannot See: Securities Regulation on the Internet, (1998), Fordham
International Law Journal Vol. 22, pp 612-616
1
transactions on a national and international level. 4 E-commerce is covering a wide range
of business and reached a great boom, as in 1999 the global electronic commerce
exceeded US$ 150 billion.5Moreover, e-commerce has a great influence on purchasing
and selling, since internet users initiated great bargains that competes standard markets
prices. According to eBay.com in 2005 there were 150 million users registered on its
database and they sold items worth more than US$ 40 billion.6
Traditional companies should work on developing an electronic partition to their business
if they are willing to survive and compete with the other dominating corporations. In
addition, taking into consideration the low-cost moderate charge of the internet, the
comfortable method of connection, and the pleasing manner for responding to
individuals‘ taste through surveys would be an awesome opportunity for communicating
with customers. Therefore, it must be concede that creating a website to an already
existing business would not be sufficient, as there should be an electronic service to
induce competition, offer lower prices, and variable choices.
II. Stating the Problem:

There is more than one facet that this thesis is intending to argue, and these are the
principal ones:
 Which method of Assent is followed in e-contracts; i.e. Shrink wrap, Web wrap, or
Click wrap?
 What are the prime types of electronic signature, which is the most secured one, and
how to face its complications?
 Whether privacy bars confidence in e-commerce?
 What are the major security issues in electronic contracting, and how to combat it?
 What about the inherent fundamentals of consumer protection?
4 Study from WTO Secretariat Highlights Potential Trade Gains from Electronic Commerce, (13 March 1998), PRESS/96
5 Dotty about dot commerce, (February 26, 2000), The Economist
6 Anniversary lessons from eBay, (June 11, 2005), The Economist
2
III. Purpose:
This thesis aims to investigate the crucial foundations of consumer protection within the
borders of e-commerce, including proving assent of the internet user to enter into a
contractual relationship, explaining the concept of electronic signature as means for
concluding contracts within the electronic medium, and the inherent legal controversies
surrounding it. Furthermore, it will also address elementary issues that create obstacles to
e-commerce such as: security regulations, and the fear of exposing personal information
over the internet. Finally, it will provide guidelines and recommendations from deviating
approaches to help solve these matters, and ensure better consumer protection.
IV. Significance of the Study:
E-commerce is characterized by a worldwide coverage, as there is no country or

boundaries on the internet, also the comfort in accessing internet websites twenty four-
seven is a great aspect that stimulates customers from all around the world to enter and
check the items and services at any time. On the other hand, there are certain legal risks
that might be facing those customers for the absence of territorial borders, as a result
these hazards should be analyzed and at the same time deciding specific solutions for it.
This thesis would be of a great value to almost every internet user from all around the
world, this is because it is not associated with certain customers or users from a specific
country or territory, and even any legal entity can benefit from it too; for instance:
companies, corporations, governmental organs, organizations…etc. as these bodies could
be in the position of a customer and conduct business transactions online. As an expected
result for this thesis, a thorough analysis for the substantial perils that might occur in e-
contracting would be detected which would support internet users to be aware of the legal
rights and duties that may arise from an electronic contractual agreement, as well as,
there will be recommendations and thoughts on how to reduce these cognitive contents.
3
V. Problem Statement Question:
The broad question that this dissertation addresses is as follows:
 Concerning the wide extension of e-commerce worldwide, what are the paramount issues
that could be considered as obstacles in e-contracting?
VI. Literature Review:
Although lots of studies and researches have been carried out in concern with E-
commerce in general, yet in this study we are about to focus on the factual enigmas that
could intervene in the e-contracting deal.
It has been about twenty years since the internet projected for public usage a new sort of
business that would operate new type of opportunities for companies by spending less
money for the place, and offer better prices for consumers.
At the very beginning of internet, electronic commerce was known as electronic data
interchange and it was surrounded by various doubts in relation to the extent of legality
of electronic contracting as a new form of commerce. In fact, Legal authorities and
business dominating entities started asking whether electronic contracts could be treated
the same way as Standard contracts, and could business deals carried out via electronic
space have a legal effect that may result in legal duties and responsibilities? However,
Jurists and Lawyers inquired whether an electronic nonphysical paper could be used as
evidence in case a dispute rises between the contracting opponents? 7
Hence, such questions received a great response especially after the great work executed
by the United Nations Commission on International trade Law (UNCITRAL) as in 1996
it issued the United Nations Model Law on Electronic Commerce.8 The UNICTRAL
Model law on Electronic Commerce is indeed the first initiative in the field of
7Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution. Retrieved: March 12th 2011, Website:
http://www.unescap.org/tid/publication/tipub2348_part2iv.pdf
8 Report of the United Nations Commission on International Trade Law on the Work of its Twenty-Ninth Session, United
Nations General Assembly, 51st Session, Supplement No. 17, at United Nations Document A/51/17 Annex I (1996), reprinted in
36 I.L.M. 200 (1997).
4
harmonizing the law in conformity with electronic commerce, as its main interest is to
facilitate electronic commerce deals through disposing any legal impediment.
This was achieved through the Model Law on Electronic Commerce and the United
Nations Model Law on Electronic Signatures, as these two laws constitute the
cornerstone of enforcing electronic transactions.
Electronic contracting is facing certain spheres that might be considered problematic in

accordance with its electronic nature. First of all, the issue of assent although it might not
sound even doubtful that a party can express his assent in an electronic manner, but the
predicament is in determining the rules that govern the electronic contract in the aspect of
consent whether it‘s a Shrink wrap, Click wrap, or Browse wrap which will be discussed
later. In addition, another concern in electronic contracting is delivering protection to
consumers and how to ensure it. Finally, arguing the issue of privacy and security, and
the perils that might surround exposing personal details over the internet
VII. Methodology:
This thesis involves an examination of literature from primary sources such as: statutes,
also secondary sources like books, internet, law reviews, journals, case laws, and articles.
This study relies heavily on library and internet sources in order to cover such technical
topic with all its attributes. On the other hand, the study will follow a case study
approach, as it picks certain riddles and cases that are considered as fundamental
blockades to electronic commerce where a deep analysis for these issues shall be
provided.
VIII. Scope and Limitations of the Study:
Though E-commerce may be approached from variable sides and angles, but in this study
a legal perspective is being followed. Hence, there is a focus on the main legal features of
E-commerce such as: the electronic contract and its attributes, consumer protection laws
and guidelines, security laws and regulations on the internet.
“We can provide a better protection for consumers in e-commerce through explaining the
initial components of e-commerce, highlighting the key pressure points in e-contracting,
5
proposing guidelines and recommendations for protecting consumers in internet business
transactions, finally delivering different approaches on internet security and ensuring
privacy”.
In fact, it is hard to determine a certain scope of a specific category of people or time to

benefit from this study, while it is a legal dissertation that would advantage law students
and scholars, yet students from other educational backgrounds for instance: economics,
business, marketing, computer science…etc can still get a proper gain from this study as
a reason that electronic commerce is a collective subject that comprises numerous aspects
not only legal ones.
IX. Outline of Chapters:
Chapter two is a discussion of the issue of assent in the contractual agreement terms and
conditions. Chapter three will explain the impediment of electronic signature as a
cornerstone in electronic commerce. Chapter four is a discourse of the dilemma of
privacy and data protection, Chapter five analyzes security as a predicament in electronic
contracting. Finally, chapter six introduces guidelines and recommendations from various
approaches for consumer protection, and a conclusion.
6
B. The Issue of Assent in Contractual Agreement Terms and Conditions:
I. Mutual Assent:
Contract law composes of a large set of rules that determines its components and
enforcement. Nevertheless, a contract is nothing more than a promise to perform or
refrain from performing which if breached the law provides a remedy. Basically, a legally
recognized contract needs an offer, acceptance, and consideration.9 Mutual assent which
is considered as the core of contracting consists of an offer by one party which is faced
by an acceptance of that offer by another party, and in case of absence of this minds
meeting no contract shall be found. There is no specific method for expressing an offer
yet acceptance requires more clarity in order to create mutual assent. Manifesting an
assent may arise via written document, spoken word, or any other conduct that shows that
a party had an intention to accept the terms of the offer.10
II. Types of Transactions in Electronic Contracting:

Internet vendors always seek to conclude their online sales with customers through
standard license agreement. Online sellers are different in the way they present their
license agreement, as some clearly pop-up their license terms and conditions on the
screen, and require the consumer to click on ―I agree‖ icon, while others may disclose
their license without asking to click on any acceptance button. As a result, courts have
considered some of these licenses as binding while others are not. So basically there are
three major types of agreement:
Shrink wrap, Click wrap, and Web wrap.11
9 Donnie L. Kidd, Jr., William H. Daughtrey, Jr., (2000). Adapting Contract Law To Accommodate Electronic Contracts:
Overview and Suggestions, Rutgers Computer and Technology Law Journal
10 Restatement of the Law-Contracts, Restatement (Second) of Contracts, (August 2010), Chapter3 Formation of Contracts-
Mutual Assent, Topic 3 Making Of OffersRetrieved: January 4th 2011, Website http://caseandcontroversy.com/Statutes/restat.pdf
11 Casamiquela, Ryan J. (2002), CONTRACTUAL ASSENT AND ENFORCEABILITY IN CYBERSPACE, Berkeley

Technology Law Journal
7
1. Shrink Wrap:
Shrink wrap license agreement gets its name from the plastic or paper wrap that the
product is packed in, as the vendor encloses a license agreement notice on the surface of
the pack, which accordingly binds the customer to the agreement terms and conditions in
case of opening the package. The producer can then enjoy certain privilege over the
customer as the producer sets the terms of the agreement without negotiating with the
customer, which also gives the producer a control over the customer on how to use or
benefit from the product.12 In ProCD v. Zeidenberg, the seventh circuit court of appeals
in 1990s embraced a trend recognizing and enforcing shrink wrap licenses. According to
this case, the seventh circuit court validated electronic transactions and shrink wrap
licenses terms and conditions which governed the contractual agreement after the
payment for the product was concluded. As Mathew Zeidenberg who is a customer
bought ProCD software and ProCD stated that there are terms and conditions regarding
the use of the product in an enclosed license. The license was printed on the CD itself, the
user manual, and the computer screen on every time the software operates. It was clearly
stated that the software is not for commercial usage. Zeidenberg established a company in
order to make copies of ProCD‘s software and sell it, which was in contradiction with the
terms and conditions of the license, and then ProCD sued Zeidenberg for copyright
infringement and breaching license. The court treated the license as a simple contract that
would be governed by the common law of contracts and the UCC. The court found that
ProCD mentioned an opportunity to reject the product if the user found the license terms
inconvenient, and what happened is that Zeidenberg checked the product, used it,
reviewed the license, and didn‘t reject the product. Finally, the court upheld that the
shrink wrap license is valid and was in accordance with the UCC.13
12 Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution. Retrieved: March 12th 2011, Website:
13 ProCD, Incorporated, Plaintiff-Appellant, v. Matthew ZEIDENBERG and Silken Mountain Web Services, Inc., Defendants-
Appellees, No. 96-1139, Argued May 23, 1996, Decided June 20, 1996
8
2. Click Wrap:
Click wrap license agreement is almost an upgrade to the concept of shrink wrap license,
as in click wrap form, the license is being displayed on the screen prompting the user to
click on an acceptance icon such as ―I agree‖. This type of contractual license agreement
is favorable because the customer must primarily accept the terms and conditions of the
license before proceeding in downloading the software or entering the website.
Moreover, all the terms and conditions that are stated on the website are preliminary
terms which means that the customer will be approving those terms before accessing the
website and then negotiating another terms.14 In Hotmail Corp. v. Van $ Money Pie Inc.,
Hotmail grants free email services for a huge amount of individuals worldwide on the
internet under the concept of click wrap license terms and conditions agreement that
prevents users from using their email accounts to send spam or pornographic messages.
Some Hotmail users started using their accounts for sending spam and pornographic
messages which are considered in violation with the license agreement, then Hotmail
sued the defendants for breaching the contract. The court granted a preliminary injunction
as the defendants agreed to abide by the terms of the agreement but violated it by sending
spam and pornographic messages.15
3. Web Wrap:
Web wrap agreements also known as ―Browse wrap‖ agreements are different from click
wrap agreement because of the way they are displayed to the customer. Web wrap
agreements are being accessed through a link or at the main homepage of a website
stating the terms and conditions decided by the owner of the website, and determining
what is permissible to the user. As the owner of the website may display an icon ―click
here to show legal terms‖, then the internet vendor gives the user the right to check the
14 Michael H. Dessent, Digital Handshakes in Cyberspace Under E-sign: ―There‘s a New Sheriff in Town!‖, (January2002),
University of Richmond Law Review
15 HOTMAIL CORPORATION, Plaintiff v. VAN$ MONEY PIE INC.; ALS Enterprises, Inc.; LCGM, Inc.; Christopher Moss
d/b/a the Genesis Network, Inc.; Claremont Holdings Ltd.; Consumer Connections; Palmer & Associates; and Financial
Research Group; and Darlene Snow d/b/a Visionary Web Creations and/or d/b/a Maximum Impact Marketing, Defendants. No.
C-98 JW PVT ENE, C 98-20064 JW. April 16, 1998
9
agreement terms of sale, but without requiring the user to show his compliance with these
terms before purchasing a product.16
In Pollstar v. Gigmania ltd., Pollstar which is website providing information about
concerts in the form of a web wrap license agreement, and stated terms to restrict any
copying of the information. The license agreement was not present on the homepage of
the website but it was on another page, yet there was a notice mentioning that usage of
information on this website is subject to license agreement. Though the website users
were able to see the license, they didn‘t need to click on a button to specify their consent.
The website sued a user for breaching the license agreement, but the user aimed to
dismiss the case on the basis of not showing any approval to the license. The court
decided that the web wrap agreement may be arguably enforceable, as the presence of
such a license prevented the court from dismissing the case. 17
In Specht v. Netscape Communications corp., an internet user downloaded computer
software that included a message stating, ‖please review and agree to the terms of the
Netscape smart download software license agreement before downloading and using the
software‖, and at the same time didn‘t request a review or clicking a button for approving
the terms. The court declared that there was no agreement between the parties as there
was no demonstration of assent by the user to the terms displayed by the website, and
therefore there was no contract.18
III. Fundamental Strategies for Ascertaining Assent:

Any business engaged in electronic commerce and internet contracts urges assuring that
all terms and conditions pertaining to the deal should be binding and enforceable among
the parties. This also means that sureness about consenting to the terms of the agreement
must be guaranteed. Broadly speaking, Shrink wrap and Click wrap agreements are not
triggering many problems in the case of assent in electronic contracting, which
contradicts Web wrap agreements that impose more caution regarding consent. In case of
16 Legal Architecture of Virtual Stores: World Wide Websites and the Uniform Commercial Code, (1997), San Diego L. Rev.
1263, 1354
17 Pollstar v. Gigmania, Ltd., 170 F.2d 974 (E.D. Cal. 2000)
18 Specht v. Netscape Communications Corp., 150 F. Supp.2d 585, 593-94 (S.D.N.Y. 2001), aff‘d 306 F.3d 17 (2d Cir. 2002)
10
Shrink wrap agreements, the customer usually find the license terms and conditions on
the outside package of the product, which will allow him to check the terms before using
the object of the contract. As well as, in Click wrap agreement the user has to click on an
icon such as ―I agree‖ to identify his approval to the terms and conditions of the
contractual agreement. While in Web wrap license, there is no icon or button to click on
for specifying acceptance of the terms of the license, yet it might be found somewhere on
the homepage of the website. A working group within the American Bar Association has
come up with certain strategies for ensuring valid assent in electronic commercial
transactions.19This cluster of strategies can be pointed as follows:
 Viewing Terms and Conditions before Assenting:
The internet user should not be able to disclose assent without having the option of
reviewing the terms of the agreement which should appear automatically or by
clicking on a button or hyperlink that is clear and visible. The method of assent
should be placed at the end of the agreement terms that compels the user to read or at
least navigate the terms before approving.
 Assenting before Access to Governed Item:
The user should be deprived from gaining any access to the web site, information,
property, software, or services ruled or governed by the agreement without assenting
to it first.
 Ease of Viewing Terms:
The interface of the web wrap agreement should give the user enough opportunity to
check the agreement thoroughly before assenting. If the terms occupy more than one
page, there should be forwards and backwards tabs to navigate through the term.
 Continued Ability to View Terms:
The user should be able to view the terms before assenting, also he should be given
the ability to review it back and forth along the assent process.
 Format and Content:
19 Christina L. Kunz, Working Group on Electronic Contracting Practices, within the Electronic Commerce Subcommittee of the
Cyberspace Law Committee of the Business Law Section of the American Bar Association (ABA), ―Browse-wrap agreements:
validity of implied assent in electronic form agreements‖, (2003), Business Law 59, 279
11
The format and content of the terms must be clear and readable in legible neat font. If
the law requires certain assent to a specific type of term, the format of the assent
process should be in compliance with the requirement.
 Consistency with Information Elsewhere:
Any information provided to the internet user elsewhere should not be in
contradiction with the agreement terms and conditions, or cause any ambiguity to the
agreement.
 Assent or Rejection:
The contracting user should be given a straight choice to either assent to the terms
and conditions of the contractual agreement or reject it. Availability of that choice
should be present at the end of the contracting process when the user‘s assent is
required.
 Clear Assent or Rejection:
Any ambiguity should be eliminated, as the user‘s words regarding assent or rejection
should be clear. Examples of clear words showing assent can be ―Yes‖, ―I agree‖, ―I
accept‖, ―I assent‖, or ―I consent‖. It is not preferable to use ambiguous or vague
phrases such as,‖ Submit‖, ―Continue‖, ―Next page‖, or ―Enter‖. Examples of clear
words manifesting rejection can be ―No‖, ―I disagree‖, ―I decline‖, or ―Not agreed‖.
 Assent or Rejection Using Clear Methods:
The contracting user method of declaring assent or rejection must be clear and
unambiguous. Examples are clicking an icon or a button containing a word of assent
or rejection, or typing particular words of assent or rejection in an empty box.
 Consequences of Assent or Rejection:
In case the user rejects the terms of the proposed agreement, therefore this action
should prevent the user from gaining access to what is provided by this agreement.
This means that the transaction should end up automatically if the user did not agree
to the terms. For instance, if the license agreement would allow the user to use a
software, website, or a certain data, then rejecting these terms should deprive the user
from the granted right of usage. In the same way, if the agreement would grant the
user specific rights to goods or services, the result of rejecting the proposed terms
should be barring the user from receiving his request. On the other side, user‘s assent
12
to the proposed terms and conditions of an agreement should permit access to the
requested promise without any additional agreements.
 Notice of Consequences of Assent or Rejection:
When the user discloses his assent or rejection, a statement should grab the user‘s
attention to the consequences of either his approval or denial. Instances of assent
notices: ― By clicking ‗Yes‘ below you acknowledge that you have read, understand,
and agree to be bound by the terms above‖ or ―These terms are a legal contract that
will bind both of us as soon as you click the following acceptance button‖. Examples
of rejection notices:‖If you reject the proposed terms above, you will be denied access
to the (Software, product, web site, or services) that we are offering‖.
 Correction Process:
The process of assent should render a reasonable method to prevent, correct, and
detect any errors likely to occur by the user when assenting.
 Accurate Records:
Maintaining accurate records of the format and content of the contractual agreement,
also documenting the steps that the user had to take for gaining access to specific
items and what version of the agreement was in effect at the time of contracting.
Using user‘s identifying information could be helpful if necessary for proof of
performance by accurate records, as well as the user‘s assent to the terms and
conditions of the agreement, and the version of the terms to which the user assented.
Privacy law should be taken into consideration while concluding this step.
 Retention and Enforceability:
Regarding any legal proceedings, a record of the contractual agreement has to be
provided or delivered; as the sender must make sure that any electronic record is
capable of retention by the recipient. Moreover, in order to enforce an electronic
record against the recipient, the sender cannot forbid the recipient from printing or
storing the electronic record.
 Accessibility and Accuracy after the Assenting Process:
In case an applicable law requires retention of a record of information of the
transaction, the electronic record should precisely reflect the information of the deal
13
and remains accessible to the parties of the agreement, and capable of accurate
reproduction for later reference.
These strategies are not intending to set minimum standards to obtain valid assent, but to
add suggestions for performing electronic deals in a more legitimate manner. However,
these strategies are for avoiding disputes on contractual agreements carried out via the
electronic medium, which would lead to developing a better set up agreements which
electronic vendors and users will have confidence in.20
20Christina L. Kunz, Click Through Agreements: Strategies for Avoiding Disputes on validity of Assent, (November, 2001), The
Business Lawyer vol.57
14
C. The Impediment of Electronic Signature as a Cornerstone in Electronic
Contracting:
In general, authentication is a major peril for concluding business on the internet in the
information and computer age. In this regard, how would it be possible for the parties to a
contract affirm their identities and approval to the bargain without a tangible medium?
Besides, how can parties to an agreement carried out via electronic instrument express
their identities in a unique manner? Basically, Electronic signatures and digital signatures
have been deemed by many judicial systems as technologies that have been created to
perform this mission.21
I. Electronic Signature vs. Digital Signature:
The main concern of electronic signature laws has been electronic documents which are
also known as electronic records; and signatures that are created and stored in electronic
form. These signatures are referred to sometimes as ―Electronic Signatures‖ or ‖Digital
Signatures‖, which lead to deep confusion, because each term has a different
understanding.22
1. Electronic Signature:
Electronic signature is a comprehensive term that refers to all various means by
which a party can sign an electronic document. According to the Federal E-sign Law,
it defines E-signature as,” information or data in electronic form, attached to or
logically associated with an electronic record by a person or an electronic agent‖.
The Uniform Electronic Transaction Act which is enacted in 43 states defines E-
signature as,‖ means an electronic sound, symbol, or process attached to or logically
associated with a record and executed or adopted by a person with the intent to sign
the record‖. Though all electronic signatures are represented in a digital way (as a
series of ones and zeros), yet they can take various formations. For instance: a name
21Richard Raysman & Peter Brown, Contract Law and Business Practices in the Information Age, Computer Law: Drafting and
Negotiating Forms, (2004)
22 The UCITA Revolution: The New E-Commerce Model for Software and Database Licensing, Moving with Change:
Electronic Signature Legislation as a Vehicle for Advancing E-commerce, (April-May 2000)
15
typed at the end of an email by the sender, a digital image of a handwritten signature,
a secret code or PIN to identify the sender of the electronic record, biometrics-based
identifier such as fingerprint scan, and digital signature.23
2. Digital Signature:
Digital signature is a term for one particular technology of electronic signature. It
depends on the use of public key cryptography to sign a message, and is considered
the most common sort of electronic signature that is being used as a mean of signing
electronic records.24
Under the Egyptian Electronic Signature Law No. 15/2004 Article (1) the legislature
defined E-signature as ―What is on an electronically written message in the form of letters,
digits, codes, signals or others and has a unique identity that identifies the signer and uniquely
distinguishes him/her from others‖.
II. Types of Electronic Signature:
1. Biometric Signature:
Biometrics could be defined as “the automated technique of measuring a physical
characteristic or personal trait of an individual and comparing that characteristic or trait to a
database”. Through unique physical traits for example a person‘s fingerprints, retina which is the
inner layer of an eyeball, or iris which is the colored circle surrounding the eye pupil.25
Unlike PIN or digital signature, biometric characteristics cannot be stolen or lost. Besides,
biometrics is easy to use. An individual can access a specific file via placing his finger on a
computerized pad or gazing into a camera. However, iris and retina scanning may raise privacy
aspects because of revealing private medical information about a person. Hence, identification
23 California Code of Regulations Title 2 Administration Division 7, Secretary of State, Table of Contents, ch10, Digital
Signatures, Under the California Digital Signature Regulations, ―‗Signature Dynamics' means measuring the way a person writes
his or her signature by hand on a flat surface and binding the measurements to a message through the use of cryptographic
techniques.‖
24Thomas J.Smedingoff, Warwick Ford, and Michael Baum, Secure Electronic Commerce , Ed. Online Law ch.3, 4, 31, (1996)
25 Biometric Scanning, Law & Policy: Identifying the Concerns—Drafting the Biometric Blueprint, 59 U. Pitt. L. Rev. 97, 99 ,
(1997)
16
programs could be set to discourse crucial identification information without providing excessive
data that would expose personal medical status.
Furthermore, voice and video recognition can be considered as biometric tools for authentication,
though it might not be of the same high standards of ensuring identification as in the case of
fingerprints or eye scanning, but it is more economic to use.
Biometrics is a great alternative to private keys that is more complicated to spoof. Biometric
signature along with digital signature is considered an ideal method for a maximum level of
security and authentication.26
2. Click Wrap:
Click wrap is considered the basic type of e-signature since you merely click on an icon
to apply a signature to an electronic record. A click on the send button in an e-mail
account could qualify as a click wrap. Another example could be at Amazon.com or
Ebay.com, by clicking ―I agree‖, ―I accept‖, or ―I submit‖ button.27
3. PINS or Passwords:
Online banking system is the model representative to illustrate this type of e-signature.
As in these closed systems, users need log in passwords or PINs to gain access. When the
user enters his own PIN code, his identity is verified. Through this extensive
authentication process of proving the user‘s own identity, a form of trust is created
between the system and the user by which large amounts of money transfer could be
carried out with a click of a button.28
4. Digital Certificates or Signatures:

Digital signatures are also known as Digital certificates or Certs. This type of E-signature
is burdened with policies and can be highly trusted. Digital signatures are managed
through a standardized approach which is known as Public Key Infrastructure (PKI).
There is a set of keys are being used by the public and private key in this type of E-
26 Ian C. Ballon. Privacy, Security, and Internet Advertising Chapter 27, Internet, Network and Data Security, Part IV:
Encryption, Cryptography and Biometrics E-Commerce and Internet Law, (2010-2011 update)
27 Toby Brown, an E-signature Primer, (May/June 2004), Rhode Island Bar Journal
28 Ibid
17
signature. This is considered a unique system in which users or signers do not have to
posses the same shared secret to trust the signer‘s identity such as in PIN systems.
According to this type of E-signature, the user can have a private key to sign a certain
document which can be verified by the public key. As a result, if the signer of document
or electronic record keeps his own private key, then the public key can validate it. There
is an extremely high scale of trust that the content verified by the public key is exactly the
content signed by the private one. Certs may have various levels of trust as it is
determined by the policies and technologies used, which also lead to a few wide-spread
application for this type of e-signature for its high cost. The three standard authentication
factors are what you know which is the PIN, what you have which is a credit card, and
what you are which is your finger print. Depending on the level of security, a signer can
utilize one, two, or three factors of authentication signing.29
III. Substantial Elements of Digital Signature:
1. Cryptography:
Cryptography is a tool used to allow two or more individuals at different locations to start
sharing vast information with confidence that this information has been altered or
intercepted by a third party at the time of exchanging and sharing. In order to achieve
this, the parties need first to create what is known as ―cipher‖ that enables converting the
original unencrypted text ―Plain text‖ into an encrypted text ―Cipher text‖. This process is
done by using encryption algorithms that combine the ―plain text‖ with a key or a code to
produce the ―Cipher text‖, also this key or code is considered a unique series of numbers.
Besides, the length of the key is measured in bits, e.g. 32 bit, 128 bit, or 256 bit
encryption...etc, and the more bits the better the encryption. As a result, each key which
consists of a unique series of numbers that leads to generating a unique cipher text, this
means that any change in the plain text will cause the cipher text to change too assuring
the recipient of the information that it has not been changed from its original form.
As a matter of fact, there are several sorts of cryptography, such as: Conventional and
Asymmetric cryptography. Conventional cryptography which is also known as symmetric
29 Toby Brown, an E-signature Primer, (May/June 2004), Rhode Island Bar Journal
18
cryptography uses the same key to encrypt and decrypt the information. While
Asymmetric cryptography uses two distinct keys but mathematically related, known as
public and private keys to encrypt and decrypt information, and this is the type of
cryptography used in digital signature. 30
2. Private and Public Keys:

Understanding private and public keys could be better achieved through illustration. Let
us assume that Jay in New York and Khaled in Cairo concluded negotiations and reached
a contractual agreement on their contract. Before Jay can sign anything he must create a
private key-public key pair. The private key is kept private and is used to create a digital
signature. The public key is made available and could be posted online databases or
anywhere else that the recipient can access it. For signing the contract digitally, Jay must
start a computer program that creates a message digest of the contract. This program
encrypts the message digest of the contract using Jay‘s private key. The encrypted
message digest is Jay‘s digital signature. Jay then attaches the digital signature to his e-
mail and then sends it to Khaled. Jay‘s message can only be decrypted using the public
key that Jay gave to Khaled before.
When Khaled receives Jay‘s message, he runs a computer program that contains the same
cryptographic algorithm that Jay used to create his digital signature. The program
decrypts Jay‘s message using Jay‘s public key. Then the program creates a second
message digest of Jay‘s message and the two messages are compared, if both messages
match then Jay‘s message will be authenticated and Khaled can be sure that the message
is original.
Encrypting information with a private key is useful when the recipient who is holding the
related public key wants to ensure that the message was sent by the holder of the private
key. As well as, encrypting a message with a public key may help the sender in making
sure that the holder of the private key is the only one who can decrypt his message.31
30 Janet K. Winn, “The Emperor's New Clothes: The Shocking Truth About Digital Signatures and Internet Commerce,‖
(revised draft) (March 9, 2001)
31 Aristotle G. Mirzaian, Electronic Commerce: This is not your Father‘s Oldsmobile, (May 16th 2002), Rutgers Law Record
19
3. Certification Authorities and Public Key Infrastructure:
There is a major security threat regarding doing business on the internet and that vendors
aren‘t sure whether they can trust the integrity of electronic messages even if digitally
signed. Public key infrastructure is one of the principal methods to resolve these
problems. Public key infrastructure is a system that allows contracting parties who
depend on digital signatures to rely upon a trusted third party to prove each other‘s
identity. This third party is called Certification Authorities.32
Certification authorities are concerned with authenticating the ownership and traits of a
public key so that the public key can be trusted. There are three essential steps that the
certification process involves, yet they might change from one certification authority to
another. First, the sender of the message who is known as the subscriber generates his
own private key-public key pair. Second, the subscriber goes to the certification authority
and shows an identification card such as passport or driving license. Third, the subscriber
then declares that he holds the private key that is linked with a specific public key.
Accordingly, once the subscriber is a trustworthy to the certification authority, it can
issue a certificate. This certificate is a computer based record that is used to connect the
private key with the corresponding public key. These certificates often contain the public
key in addition to other information such as: the name of the certification authority, type
of key, algorithm of the key, and any licenses held by the holder of the certificate.
Consequently, subscribers can then start propagating the certificates to third parties who
33
would like to conclude business with the subscribers.
4. Verifying a Digital Signature:

When the recipient receives the digitally signed communication, he starts a computer
program that contains the same cryptographic algorithm that the sender used to create the
digital signature. This program decrypts the digital signature by the sender‘s public key.
32 European Commission Guidelines on Encryption, ―Towards a European Framework For Digital Signatures and Encryption‖,
(October 8, 1997)
33 Ibid
20
If the program fulfills decrypting the digital signature, then the recipient assures that the
communication came from the sender, because the sender‘s public key will be able to
decrypt a digital signature that was encrypted by his own private key. The program starts
creating a second message digest of the received communication and then compares it
with the decrypted message digest. If the two messages match together then the recipient
34
knows that the communication was not altered or changed.
IV. The Reasons behind Choosing Digital Signature as the Sole Model of Electronic
Signature under the Egyptian Law:
1. Assuring the Identity of the Signer of the Electronic Record:

This could be performed through public key cryptography. As the recipient who already
owns the public key - which is derived from the private key - of the website uses the
public key to decrypt the code of the electronic record.
2. Assuring the Security of the Electronic Record:

This could be achieved via public key infrastructure as it has been discussed before that
the electronic record could be altered or modified while being transferred through the
electronic medium. To ensure the validity of the document, the recipient can create a
message digest out of the decrypted document digest he received and compares each of
the decrypted document digest and the message digest together, and if they are identical
then the recipient can verify the integrity of the document.
3. Assuring the Identity of the Electronic Record Signer:

The identity of the signer of the electronic record could be ensured via public key-private
key pair, as the signer of the communication used his own private key to sign the
communication digitally, and by using the public key - which is derived from the private
key - the communication could be decrypted which validates the signature of the one who
34 Thomas J. Smedingoff, (June 14-15, 1999). Electronic Contracts & Digital Signature: An Overview of law and Legislation.
Patents, Copyrights, Trademarks, and Literary Property Course Handbook Series
21
35
ones both the private and public key.
The Egyptian Electronic Signature Law No. 15/2004 mentioned under Article (1) (c) that
the legislature determined various types of electronic signature that could be letters,
digits, symbols, signals, or anything else, as long as it enables identifying the signer, and
at the same time differentiates him from others in compliance with the technical aspects
mentioned in the regulations of the Ministerial Decree No.109 of 2005. The Egyptian
Electronic Signature Law No. 15/2004 Article (18) entails a link between the electronic
signature and the public key so as to gain authenticity. In addition, Article (9) of the
regulations of the Ministerial Decree No.109 of 2005 stated that signing in a certain
website cannot be fulfilled unless there is a secure public key infrastructure and a
certification authority. As a result, the Egyptian legislature accredited digital signature as
a sole model of electronic signature, because the electronic signature will not be
authorized until it is linked to the website that the signer is aiming to sign in to. Besides,
this link will not be achieved until there is a public key infrastructure. 36
V. Problems with Digital Signature:
1. Determining the Nature of the Signature:

Telling the difference between a forged and authentic digital signature is almost
impossible. Digital signatures mainly are built around public key ciphers. These
ciphers are considered very strong that it is infeasible to break by modern technology.
The security of public key ciphers relies on that the holder of the private key which is
used to create a digital signature is the sole holder of it. In case that key is stolen or
lost then the person who stole or found it can use it to forge signatures on behalf of
the legitimate holder, then the signature will be considered authentic with no doubt
from any outsider.
35 Prof. Mohamed Elmorsy Zahra, The Civil Protection of Electronic Commerce, (2008), P.239-240
36 Prof. Mohamed Elmorsy Zahra, The Civil Protection of Electronic Commerce, (2008).238-239
22
2. Claiming Forgery of the Signature:
The signer can claim at any time that the signature is forged to avoid any obligations
or duties caused by his signature. In standard contracts, if someone argues that his
handwritten signature is genuine then he has to prove so. On the other hand, if a party
in a contractual agreement claims that his signature has been forged, then the other
party has to give evidence that the signature is authentic, genuine, and has been
signed by the pleading party. In electronic contracts, despite it could be possible to
show that the signature has been created through the private key, but it is
inconceivable to prove that the private key was only in possession of the legitimate
holder.
3. Digital Signature is coherent to person‘s rights:

Digital signature relates to the total rights and duties of person not just individual
rights and duties. Some view digital signature as an electronic version of the
handwritten signature, consequently the person should posses a private key for
electronic transactions. Others view would relate digital signature to rights and
obligations of individual not individual persons themselves. According to this
approach, the privacy of the person would be kept secure as he will not be identified
37
by name.
VI. Solutions:
1. Developing Secure Storage for Digital Signatures:

In order to provide security for digital signatures and prevent it from getting stolen, a
secure storage for private keys should be developed. Hence digital signature
technology is considered really complex, then letting an average individual to be
responsible for securing storage of private keys is a bad idea. A great solution for
37 Kiril Kesarev, Digital Signatures and Encryption in the European Union, (22 November 1998), Department of Computer
Science and Engineering, Helsinki University of Technology
23
securing private key storage could be delivered through smartcard technology which
is capable of signing digitally, as the private key is being installed on it. Besides,
smartcards are accessible to the outside world even their own legitimate users. 38
2. Authenticity of Signature Via Third party:

To avoid denying signature by claiming it is forged or not authentic, an active trusted
third party could be used to ensure authenticity and validity of a signature. Electronic
transactions and deals are to be signed by a trusted third party or what is also known
as Certification authorities which would validate the identity of the parties to the
contractual agreement to prevent any dispute that might arise regarding the identity.
Significance behind depending on a trusted third party is ensuring the safety of
private keys and keeping it away from getting stolen or lost. On the other side, a
trusted third party may lead to some privacy issues, as this third party may register all
transactions and create an accurate image about a person‘s own life.39
3. Creating a Portfolio for the Owner of the Signature:

The current trend in digital signature is that it relates to a certain person individually
the same as a handwritten signature, and not linked to his rights and obligations.
Switching the direction of these regular regulations regarding digital signature should
be carried out, and to make it related to the individual‘s own rights and obligations.
By developing such kind of a signature would help in creating a portfolio of different
private keys related to the person himself which he can use with various parties in
concluding lots of deals and transactions, and at the same time securing his own
identity.40
38 Report of Day 1 of the European Expert Hearing on Digital Signatures and Encryption (Copenhagen, April 23, 1998)
39 Kiril Kesarev, Digital Signatures and Encryption in the European Union, (22 November 1998), Department of Computer
Science and Engineering, Helsinki University of Technology
40 Ibid
24
D. The Dilemma of Privacy and Data Protection:
Technology has played a great role in enhancing the capacity of internet companies to
collect and analyze huge amounts of data relating to customers who merely visit their
web sites, which raises concerns about how this data is treated. Many businesses around
the world collect a variety of information on a regular basis about their own customer in
order to understand their clients better, improve their business processes, and target
special offers. Before finding the internet, companies used to track the purchases made by
individuals, while now there is more to take care of, as a company can also record pages
of websites that grabs customers‘ attention. This information can form a great
compilation with other data sources to constitute a profile of customers. The increase in
the way of collecting and using data has lead to raising public awareness and consumer
cautions about internet privacy. Such worry made governments respond by using various
approaches that includes establishing new laws and regulations, as well as inquiring
regulating businesses. Meanwhile, these contrasting approaches have led to diverse
municipal standards and may create predicaments for companies that transfer personal
data between operations located in different jurisdictions.41
I. Consumers’ Privacy Concerns:

Surveys demonstrate that consumers are so highly concerned about their own privacy,
and that they are very aware about the capability of electronic commerce systems of
invading their own personal information and privacy. In addition, unauthorized people
are able to steal these information for certain usages by penetrating these databases. This
is considered a crucial element in resisting consumers to take part in electronic commerce
transactions.42
1. Surveys Concerning Consumers Privacy:

Generally, consumers are concerned about their information when engaged in any deals
or transactions with financial institutions and specifically when it comes to electronic
41 United States General Accounting Office, International Electronic Commerce, (March 2002), Report to the Ranking Senate
Minority Member of the Joint Economic Committee
42 Mark E. Budnitz, Privacy Protection for Consumer Transactions in Electronic Commerce: Why Self-Regulation is Inadequate,
(Summer 1998), South Carolina Law Review
25
ones. 89% of consumers are worried about threats to their privacy when concluding
monetary services. 81% have lost control over determining how personal information is
being circulated and used by companies and businesses. 25% of individuals prefer to
keep their own personal information in private and not even willing to trade information
in return for money or benefits. 20% have no strong believe in safeguarding their own
information, while the remaining 55% are willing to trade their privacy information
depending on the benefits that might be given in return for their information, the
protection policy of the company that is willing to use these information, and whether the
company is a trustworthy to keep it‘s privacy promises. Consumers highly value medical
or financial information possessed by credit card companies and banks. 43
A Harris surveys in 1997 found that the majority of consumers engaged in online
activities and electronic transactions are concerned about threats to their confidentiality
and protection of these systems even when it comes to purchasing goods. Consumers do
not trust online services and the voluntary terms and conditions of these companies.
Consumers affiliated in these surveys assert that they will not get involved in electronic
commerce deals unless privacy rules are strengthened.
According to a survey conducted by the Boston Consulting group, about 86% of
consumers aim to get control over their own personal data, and 81% believe that web
sites do not have the right to use or resell consumers‘ information to third parties.
Further, 70% of consumers said that privacy concerns were the primary reason that they
do not register information on websites. Moreover, 70% are concerned about giving their
own information online than giving it over the phone or by mail; also 75% are highly
concerned about companies that monitor consumers‘ browsing on the internet. Besides,
27% of consumers provide false information because of privacy and data protection
concerns. These surveys findings are significantly important in the field of electronic
commerce, as the internet presents a huge market. As long as consumers do not trust
companies to protect their information, companies will suffer to generate the volume of
consumers needed to make electronic commerce seriously profitable. As a matter of fact
43 Prepared Testimony of Dr. Alan F. Westin, Publisher Privacy and American Business Before the House Banking and
Financial Services Committee, Financial Institutions and Consumer Credit Subcommittee, Electronic Payment Systems,
Electronic Commerce, and Consumer Privacy, (Sept. 18, 1997), Federal News Service, available in LEXIS, News Library,
Federal News Service File
26
this could lead to another result that government regulation is almost irrelevant because
companies will accept self regulation for the sake of assuring the continuation of their
electronic commerce ventures.44
2. Facts Supporting Consumer Concerns:

Setting consumer concerns aside, legislation is not justified if it is meant to just calm
down consumers‘ fears. Consequently, it is substantial to examine whether any rational
basis exists for consumers‘ privacy concerns. Nevertheless, personal information and
consumers‘ privacy is being invaded by ―insiders‖ or the individuals working for
legitimate companies but through gaining unauthorized access to company‘s information
system, also ―outsiders‖ who break into computer systems operated by legitimate
companies. Furthermore, scammers invade consumers‘ privacy by creating websites and
fraud; they can obtain money and information. Even legitimate companies sometimes
invade consumers‘ information by using certain programs to gain data that could help in
marketing, usually without consumers‘ knowledge or assent.
A favorite device used by legitimate companies in order to obtain marketing information
is cookie. Cookies are used to collect information as the user surfs the internet and feeds
the information back to a certain server. A website sends a cookie to computers, and acts
as a digital tag that notifies the website at each time the user uses the internet. The
information collected can be used for obtaining passwords used for websites‘
subscriptions or collecting information about internet shopper‘s preferences so as to
target it through offers. In spite of the fact that a 1997 survey of the hundred most
frequently visited websites found that twenty four of them used cookies, also none of
these sites exposed that cookies were installed in the consumer‘s computer.
In relation to the invasions of personal information and privacy is the security of
electronic commerce systems, as these systems lack adequate security, that leads to
vulnerability of privacy invasion. Hackers pose a frequent threat to electronic commerce
websites. Netsolve Inc. performed a study which analyzed 556,464 security alarms from
27
the beginning of May till September of year 1997, and found that each electronic
commerce customer faced at least one serious attack monthly.
As disclosed above, privacy concerns are considered extremely decisive factor
influencing consumer reluctance to take part in electronic transactions. In addition, the
studies and surveys mentioned along with its findings provide abundant justification to
consumers‘ fears regarding privacy and data protection. 45
3. Types of Privacy and Information Invasions:

Due to the vulnerability of electronic transactions systems, there are several sorts of risks
that consumers suffer from invading their own information. One type is what is called
―identity theft‖ when a thief gains access to personal information of a consumer which
lets him impersonate the consumer and starts buying whatever goods and services which
are to be billed to the consumer.46
Another type of privacy invasion in contrast to the identity theft is the conduct by
legitimate electronic commerce companies which gain access to information about
consumers‘ purchasing habits. For instance, lots of companies request their customers to
register with the company through websites by providing personal information. However,
some websites decline to provide their services to those who reject registering, as well as,
consumer who register may mistakenly believe that the information will be just used by
the company solely for the current transaction. In fact, the company may sell the
information to third parties or use it for any other purposes. Companies may collect
information also from every time a consumer visits a website through the cookie tags,
which is an electronic device that tracks consumer‘s activity on the internet. By targeting
those activities, a company can start selling this information to third parties who might be
interested in expanding their market by determining users‘ preferences. Furthermore,
usage of credit cards, debit cards, and smart cards can lead to recording, tracking, and
selling consumers‘ shopping and banking practices.
45Ibid
46 FRB Report (Mar. 1997) Board of Governors of the Federal Reserve System, Concerning the Availability of Consumer
Identifying Information and Financial Fraud 18 n.14
28
Advance in technology motivated companies leads to establishing broad databases of
consumers, aggregating data in unique classifications, and collecting from brand sources
never used before. On the other side, consumers do not know that their personal
information is being collected, to whom it is sold, and how it is used. Consequently,
consumers‘ privacy is invaded without their, consent, control, or knowledge. 47
II. The United States Approach to Foster Protection of Privacy and Personal Data:
The United States has mainly promoted industry self-regulation by governmental laws
and regulations in specific departments, which would be considered the best trend to
assure data protection and privacy in an evolving environment like electronic commerce.
The United States privacy laws supply protection specifically for personal healthcare,
personal information about children, and financial information. Nonetheless, there are
different interests in the American society including businesses, consumer groups, and
Federal Trade Commissioners that have debated the need for a quite comprehensive
legislation.
In some judicial systems, laws are considered comprehensive and act on an extensive
level to cover various issues. In other judicial systems such as the United States, laws are
acting intensively and focus on specific matters.48
1. Well-known US Laws Governing Privacy and Personal Information:

a) Fair Credit Reporting Act (1970):
This act covers communication of individuals‘ personal information via consumer
reporting agencies such as credit bureaus. This was considered the US‘s first major
privacy protection law as it aims to set a balance between privacy and protecting
consumers‘ personal information on one side, and allows disclosure of information by
consumer reporting agencies under specific purposes on another side.
29
b) Health Insurance Portability and Accountability Act (1996):
According to this act, consumers are provided with certain rights in terms of using their
personal health information.
c) Identity Theft and Assumption Deterrence Act (1998):

Through this act, the (FTC) Federal Trade Commission will act as a clearinghouse for
identity theft complaints which happens when there is a fraud act performed by using
individual‘s personal information to create new financial accounts.
d) Children’s Online Privacy Protection Act (1998):

This act prevents collecting personal information from young children without obtaining
their parents‘ consent.
e) Gramm-Leach-Bliley Act (1999):

According to this act, certain rights are provided for consumers in terms of using their
own personal financial information, as financial institutions are required to notify
customers about their privacy practices, also permits consumers to opt out of any act that
would expose their nonpublic personal information to nonaffiliated third parties.
Although the above mentioned laws are not specific to online privacy rules or
international electronic commerce, yet these laws do highlight how personal information
is treated including transferring data electronically.
Furthermore, the Federal Trade Commission can furnish more protections to consumers
under the 1914 FTC Act when a business violates its own stated privacy statement. In
fact, the FTC, consumer groups, and many businesses motivates posting such privacy
statements so as to render consumers with information in relation to their practices.
According to the General Accounting Office‘s privacy statement posted on the internet; if
30
a business violates its stated practices, then the FTC will have the right to challenge that
business for using deceptive practices. 49
In addition, the FTC has brought a law enforcement action against a company that did not
stick to its privacy and security policies.50
III. The EU Approach to Foster Protection of Privacy and Personal Information:

The European Union approach regarding data protection and privacy legislation is
specified as comprehensive, as it covers how any kind of a company in any field should
store, collect, and process personal information.
The European Union issued a data protection Directive in 1995, which became effective
in 1998.51This directive set a milestone in the history of protecting privacy and personal
data among the European Union. It triggers two of the oldest targets of the European
Union which are protection of the fundamental freedoms of individuals, and the basic
right of data protection on one side, and the development of internal market and the free
flow of personal data in this trend on the other side. Data protection directive stipulates
that in case a company transfers personal information of an individual outside the
European Union, then the country where the receiving company is situated or the
company itself must have adequate data protection in its own privacy statement. 52
The concept of data protection is one of the bases for protecting individuals under the
current EU data protection instruments, and enacts the application of the obligations
linked to data controllers. Personal data covers all information relating to an identified
person either in a direct or indirect way, and to determine whether an individual is
identifiable, it should be taken into account all the manners reasonable to be used by the
controller or any other person to identify the individual. This approach adopted by the EU
legislator is considered flexible and comprehensive as it could be applied to different
49 Retrieved March 1st 2011 from the Federal Trade Commission Site
Website: http://www.ftc.gov/os/1999/07/pt071399.htm
50Retrieved March 1st 2011, In the Matter of Eli Lilly, File No. 012 3214 (2002
Website: http://www.ftc.gov/opa/2002/01/elililly.htm
51 Directive 95/46/EC of the European Parliament and of the Council of 24.10.1995 on the protection of individuals with regard
to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31)
52 European Commission, Brussels, (4.11.2010) Communication from the Commission to the European Parliament, the Council,
the Economic and Social Committee and the Committee of the Regions
31
developments and situations affecting basic rights including those not detected at the time
of adopting this directive. 53
Transparency is a fundamental condition which enables individuals to control their own
data and to assure protecting it. Consequently, under the Directive 95/46/EC, individuals
must be clearly informed in a transparent way by data controllers about who is collecting
54
their data, how, what are the reasons, and for how long. In general, basic elements of
transparency require that privacy information should be easy to understand, accessible,
clear and in plain language. This is more relevant in the internet environment, as most of
the privacy statements are vague, non-transparent, and difficult to access.55
Two major prerequisites for assuring that individuals are supplied with a high level of
data protection are the limitation of the data controllers in relation to its purposes, and the
retention by data owners of an effective control over their own data. Individuals should
always be given the ability to access, delete, block, or rectify their own data unless there
is a specific legitimate reason by law for preventing such act. 56
IV. International Principles for Ensuring Data Protection and Privacy:

On the international scale, there is the Organization for Economic Co-operation and
Development (OECD), which is an international economic organization of 34 member
states that was founded in 1961 for the stimulation of economic progress and
international trade. In 1980 the member countries of the OECD agreed to the principles in
the OECD‘s Guidelines Governing the Protection of Privacy and Trans-border Flows of
Personal Data.57
1. Basic Principles of Data Privacy and Protection Laws in the OECD:
53 Recital 26 of Directive 95/46/EC
54 Articles 10 and 11 of Directive 95/46/EC
55 A Euro barometer survey carried out in 2009 showed that about half of the respondents considered
privacy notices in websites ‘very‘ or ‘quite unclear‘
56 European Commission, Brussels, (4.11.2010),Communication from the Commission to the European Parliament, the Council,
the Economic and Social Committee and the Committee of the Regions
57 Retrieved March 2nd 2011, History of the OECD

Website: http://www.oecd.org/pages/0,3417,en_36734052_36761863_1_1_1_1_1,00.html
32
a) Notice or Awareness Principle:
Data collectors, for instance: websites should provide consumers conspicuous and clear
notice regarding any practices of their information. This is to include what kind of
information they collect, how they collect it, how they make use of it, and how they
provide consumers with access, choice, and security.
b) Choice or Consent Principle:

Data collectors should be presenting various choices to consumers about how their
personal identification information could be used beyond the level of use for which the
information is intended to be used for, for example: to perform a certain deal or
transaction. Generally, consumers should be given the choice of whether their own
personal information could be used internally, also whether it could be exposed to a third
party.
c) Access or Participation Principle:

Data collectors should afford reasonable access to consumers concerning the information
that a website has obtained about them, including supplying them with a reasonable
opportunity to take a thorough look at the information, correct inaccuracies, or delete
information.
d) Integrity or Security Principle:

Data collectors should guarantee reasonable steps to protect the security of the
information they collect from consumers.
e) Enforcement or Redress Principle:

There should be a certain entity with enough authority to enforce the above mentioned
principles, as well as, furnishing particular avenues for consumers to redress any issues
58
regarding their information when these principles are violated.
58 The U.S. Federal Trade Commission‘s summary of the basic principles embodied in the OECD guidelines
33
Specific legislations may differ from one country to another in the way of implementing
the OECD general principles. For instance, according to the Gramm-Leach-Bliley Act in
the United States, certain rights are provided for consumers in terms of using their own
personal financial information, as it permits consumers to opt out of any act that would
expose their nonpublic personal information to nonaffiliated third parties. Referring to the
principle of Consent or Choice, if the individual does not respond to the opportunity to
opt out of having his personal information shared with third parties, therefore the
company may share the individual‘s personal information.
Furthermore, the Children‘s Online Privacy Protection Act requires internet companies to
obtain the consent of the child‘s parent at first before commencing the collection of
information. This requirement is a more strict privacy prerequisite than an opt out,
because an individual should not be taking any steps or procedures to prevent third
parties from collecting his information, and it‘s clear in the Children‘s Protection Act, as
parents‘ approval is a must for the validity of collecting information from a child.
34
E. Security as a Predicament in Electronic Contracting :
There are several security perils to consumers when concluding business transactions on
the internet. As there are criminals all over the world who are targeting online banking
transactions, internet purchases, electronic cards information, and much more. However,
criminals in some foreign countries were successfully able to penetrate computer systems
of United States headquarters of financial institutions, countless cases of credit, debit, and
ATM cards fraud, intellectual property rights infringements and piracy, and telemarketing
fraud which have caused noteworthy losses for United States corporate and individual
victims. These sorts of crimes are determined critically important as the well known
cyber crimes committed via internet, such as: fraud, money laundering, identity or
information theft. Moreover, some of the notable challenges that law enforcement faces
on the international arena is to enhance cooperation in identifying and locating inter
borders perpetrators, to obtain electronic evidence of their committed crimes so as to be
brought before courts, and to prevent distinctions between countries‘ criminal provisions.
Taking into consideration other aspects of international electronic commerce, issues
related to security are remarkable ones.59
Security is conceived as both an end and the means to reach the aim. The end in security
is a document that meets commercial and legal requirements of authenticity, integrity,
non-repudiation, writing, and signature. The measures for providing security vary
according to the nature of the document. In paper documents, security is ensured by
handwritten signatures, writing, sealed envelopes, ink, and couriers. In electronic
documents, security is acquired by including digital signatures, acknowledgement
procedures, encryption, and controlling access. These security steps will supply
significant commercial and legal benefits if they are implemented properly. 60
60 Thomas J. Smedingoff, (June 14-15, 1999). Electronic Contracts & Digital Signature: an Overview of law and Legislation.
Patents, Copyrights, Trademarks, and Literary Property Course Handbook Series
35
Security measures usually take two levels for implementation in the field of computing:
System security level and Information security level.
I. Levels of Security Measures:
1. System Security:
The term system security refers to the measures that could be taken by a company itself
in order to protect its own records and computer systems or any other information that
might be attacked from outside, such as: any sort of damages that could be caused by
viruses, hackers, and sometimes natural disasters; and inside, such as: damages that could
be caused by snooping and dishonest employees. Besides, systems security measures
include controllers for access which are designed to determine and authenticate the user
of the system, also it helps in limiting users‘ access to databases, files, systems, as well
as, auditing any activity occurred on the system.
Further, there are system security controls that are used traditionally to combat
unauthorized access, such as: passwords and biometric tokens like eye pupil or
fingerprints scan. In spite of the superior effect of these methods, yet systems are
increasingly getting connected to networks from all over the world, which urges the need
for additional access controls that are specifically designed for protecting systems from
outsiders.
Firewall is conceived as one of the best access controls, as it is software that supplies a
barrier between two networks, an internal and external one, the same as in internet.
Firewall controls all incoming and out coming communications within the network, so
when a user from inside the network wants to communicate with another user outside of
the network, the user communicates with the firewall, and then the firewall forwards the
message to the outside user. Equally the same with the outside users or servers, they all
need to communicate with the firewall, then the firewall forwards the communication to
the user in the internal network.
It has to be denoted that there are plenty system security measurements that can be set in
addition to password, biometric tokens, and firewalls; yet such security systems can be
employed on computer systems or networks that are under control only. In other words,
36
these security systems cannot have control on any outside users or networks, such as: the
internet.61
2. Information Security:
System security level ends when digital information leaves a computer system, as the
system security cannot protect the digital information when it resides on a computer that
is out of the boundaries of the sender‘s network. Accordingly, protecting the information
is extremely important even the most crucial security strategy, as digital information
security ensures that it is authentic and no one has edited or modified it, although it could
have been accessed.
Security procedure is the mean for protecting digital information, as it is a methodology
or procedure used for verifying that an electronic document is owned or sent by a specific
person, or detecting alteration or error in the electronic record, content, or storage. In
addition, a security procedure of protecting digital information may acquire using codes,
identifying words or numbers, algorithms, encryption, passwords, security questions,
identification procedure, or any other security measure.62
II. Deception on the Internet:

The internet is a broad medium where investors can be victims of fraud, as internet
trading presents a dichotomy. Traders are provided by unlimited access to information
through the internet and help in making wiser decisions of investments, though they
might be subject to fraudulent schemes and misleading information.63
1. The Complication of Anonymity on the Internet:

The internet is impressively favorable to the investor not just because its news is more
recent that the daily morning‘s papers, but also it is more dependable for confirmations,
61 Ibid
62 Illinois Electronic Commerce Security Act, 1997 Ill. H.B. 3180, at Section 5-105
63 David M. Cielusniak, You cannot Fight What You Cannot See: Securities Regulation on the Internet, (December, 1998),
Fordham International Law Journal
37
updates, forums, and trades. Unfortunately, internet investments aren‘t desirable in all
matters, because not all that could be accessed on the internet is true and authenticated.
One of the tensest barriers facing securities regulators on the internet is the case of
anonymity of numerous communications. Reliance on internet information is getting
more complicated to measure, even when it comes to boiler room brokerage trying to sell
people commodities, stocks, or lands under high-pressure or illegal tactics, there are still
physical locations to track, while online fraud acts is more difficult to trace and almost
impossible to track or find the exact real source. When internet security regulators are
unable to discover who is behind the fraud, or from where it originates, prosecutions most
likely will fail.
2. Securities Fraud Online:

Investors can use the internet as a source for gaining advice, opportunities, and
information, but it has also become a deep medium for fraud and deception. According to
some estimates, internet investors and traders are defrauded about US $100 million every
year. This occurs for a variety of purposes, the internet is conceived as an ideal tool for
committing fraud, as the cost of setting up an internet website is decreasing and
sometimes individuals don‘t even have to pay for it by posting advertisements on its
pages. These aspects lower the obstacles of using the internet for investments, and make
it much more cheaper way for scammers to hunt down their victims rather than using old-
fashioned techniques, for example: cold-calling and mass mailing.
Internet is widely used worldwide and it‘s getting accepted as a legitimate mean in
commercial transactions. The ways of tricking and trapping investors on the internet are
not new ones, as scammers are recycling scams that have been used previously in other
media. Security regulators are facing a tough problem which is the internet‘s ability to
hide identities and to validate scam artists to appear and then suddenly disappear on the
internet. In general, investors who are familiar with amateur and professional websites
will be facing a problem in determining whether the website is fraudulent or legitimate.
The reason behind internet scam artists success is that the internet security industry by the
second party‘s information given to the investors, for instance: internet newsletter, may
be considered as an advertisement by a scam artist investment.
38
There is no more need for brokers to hamper by hours of phone calls and sales pitches, as
scammers nowadays can pay a few amount of money to a certain internet service
provider, and then create a single sales pitch, send the information to hundreds of
thousands of people around the world by the click of a mouse button. Consequently, the
internet creates an ideal boiler room for brokers who would make around 150 to 200 cold
call pitches each day, to expand this number to make it thousands every minute.
Moreover, internet provides a great advantage for scam artists as developing a fraudulent
website is not just a simple trap that can be created while staying at home comfortable
with few costs, but it can also be effective against victims by creating a more convincing
webpage with much more effort and value that would give it a sophisticated preview as
fortune companies. Besides, scam artists use some common tactics for reassuring the
legitimacy of the website. Scammers provide hypertexts on their webpage by a security
regulator agency so as to falsely give an implication of the secure environment of the
website which is approved by such a regulator. Another form of false guarantee is to add
hypertext to a certain newsletter that is praising the website and concluding deals with it.
This would motivate suspicious eyes that the website is safe and encourages investors to
do business with.
Another method of defrauding investors online is the pump and dump tactic, as scammers
begin to enter chat rooms where investors are discussing their business, then stock
promoter enters the chat rooms encouraging buying stocks that they own by claiming that
they have some late breaking news or inside information related to the company. The
promoters work on spreading these words, and finally sell the stocks that they own while
the prices rose for the fake rumors they spread. This technique is similar to what is being
done in boiler rooms, as brokers make their own market by manipulating the stocks and
shares prices through spreading rumors between clients and for benefiting themselves. 64
39
III. Chosen Security Challenges for Electronic Commerce:
1. The Issue of Cooperation:

Cooperation between nations is vitally of an urgent need in the field of combating
security challenges on the internet, as national laws apply to global networks and
specifically the internet, but when it comes to enforcing and enacting national criminal
laws, this is determined as a national responsibility of the home country itself and no
other nations can intervene into its application.
The nature of the internet and the various modern communications networks makes it
almost impossible for any state acting on its own to handle or address these cybercrime
problems. For instance, a computer hacker who is situated in Paris on the right bank of
the Seine River successfully disrupted a certain company‘s communications network
which is situated in Paris also but on the left bank of the Seine River, but before the
hacker gains access to the victim company‘s communications network he routes his own
communication through certain internet service providers in Egypt, Italy, and Greece.
According to this scenario, the French police in order to track that criminal will have to
seek assistance from law enforcement authorities in Cairo, Rome, and Athens.
Further, it has to be signified that the perishable nature of evidences, and the mobility and
easy movement of people to travel from one place to another, proofs and evidences
should be gathered immediately in order to reduce the opportunities that this data might
be lost or unavailable, and this could be only achieved via international cooperation
between the municipal law enforcement authorities in all countries. 65
2. The Issue of Legislation:

Although it is almost universally agreed that piracy, intellectual property rights
infringements or hacking financial information…etc are all considered as crimes that
should be punishable by law, yet the failure of a nation to criminalize such cybercrimes
or crimes related to computers and the internet is considered a hard obstacle.
40
Moreover, it has to be acknowledged that criminal laws contradict from one country to
another, yet when a certain country‘s national criminal law considers a certain activity as
a crime that should be punished, while on the other side, another country‘s national
criminal law does not criminalize the exact activity. Therefore, effective international
cooperation between nations to face such crimes and prosecute the perpetrator is
challenging and sometimes impossible.
―Love Bug‖ which is an email virus that was distributed in an email with the subject ―I
love you‖ caused almost US $10 billion in losses in 20 countries66 is a good instance to
illustrate the situation. When that virus spread in different countries and damaged a lot of
computer systems and networks causing huge losses for various countries, the United
States investigators started working closely with the Philippines investigators in order to
reach the computer programmer who designed this computer virus. Although cooperation
occurred between the two countries and at the end they were able to capture the criminal,
yet international coordination could have been achieved faster and effectively if there was
an already set common criminal law encompassing the two countries, so as to coordinate,
follow procedures, and stick to its laws. 67
IV. Security Arrangements for International Electronic Commerce:
1. Council of Europe:
Basically, the Council of Europe (COE) was established in 1949 and consists of 47
member states. It includes all the member states of the European Union and some other
states. The reason behind establishing this council is to strengthen and uphold human
rights, promote democracy and the rule of law in the European countries. 68
66 Mike Ingram, "Love-Bug" virus damage estimated at $10 billion, (10th May 2000) Retrieved March (8th 2011) Website:
http://www.wsws.org/articles/2000/may2000/bug-m10.shtml
68 Council of Europe, Retrieved March 8th 2011, Website: http://www.coe.int/aboutCoe/default.asp
41
There are many international bodies that are concerned about cybercrime and computer
related crime. The United States government is cooperating with some of these
international channels in order to handle global threats that are linked to computer
networks. The Council of Europe drafted a Convention on Cybercrime with the
participation of the United States since the beginning of the project in 1997. In particular,
the United States Department of Justice, State, and Commerce, along with consulting
other US governmental organs, has participated in the negotiations and drafting of the
COE Cybercrime Convention. There were other states who were nonmembers of the
COE who participated also in the drafting and negotiations, such as: Japan, Canada, and
South Africa. For their participation in the drafting of the convention, these nonmembers
of the COE would be granted the right to become parties of the Cybercrime Convention if
they willed to do so. In June 29th 2001, the Council of Europe issued the final draft of the
Cybercrime Convention, which is deemed to be the first international instrument
addressing the complications imposed by crimes committed in the field of computer
networking. The most elementary requirements made by the Convention were:
a) The duty of the signatory states to set punishments for offenses perpetrated in the
plane of computer networks crime.
b) The parties are required to establish procedural laws for investigating cybercrimes.
c)
Ensure the presence of international law enforcement authorities to cooperate in
69
prosecuting and combating computer networks crimes.
2. The Organization for Economic Co-operation and Development (OECD) Security

Guidelines:
In 1992 the OECD has chosen experts group for reviewing the Guidelines for the
Security of Information Systems. These experts are convened to review the Security
Guidelines set by the OECD, and then suggest certain recommendations to the working
party specialized in information security and privacy (WPSISP) of the OECD. There will
be delegations from the member states of the OECD who will be a part of the experts
group including governmental representatives in the field of consumer protection and
industry. It has to be mentioned that these Security Guidelines were adopted by the
69 Ibid
42
OECD in 1992, which means before the tremendous growth of the internet and electronic
commerce.70
V. The Requisite of an International Resolution:

As it‘s well known that the internet is a global activity that is hard to fall under a certain
country‘s laws, as this would seem in adequate to regulate such practice on a municipal
level. Securing transactions that are being carried out on the internet affects lots of
international arenas which motivate the demand of a multilateral agreement instead of
distinct, potentially conflicting, provisions and orders. This means that police internet
activity on individual basis will not gain its fruit, so international scale is more preferable
even operative, as individual national level will only further the confusion of security
issues in jurisdiction and applying municipal laws. 71
Furthermore, the private sector also plays a great role in supporting the international
efforts in providing security to internet activities. This is being achieved through the
usage of security enhancing technologies, for instance: Secure Socket Layer technology
which supplies the advantage of encrypting information that is being exchanged on
certain web pages. Besides, there are software solutions for addressing security crisis
including computer programs that follow patterns of specific questionable behaviors or
other activities that are recognized as irregular. As well as, Address Verification Services,
which are performed by payment performers, as this helps assuring that the payment by
whether a debit or credit card holder‘s billing address is the same as the shipping address.
Visa Payment card company launched a new service to its United States customers that
permits adding personal passwords to verified Visa cards. In addition, there are smart
cards that have a built-in microchip with saved data on; also some companies started
introducing disposable card numbers that can be used only for one time.72
43
F. Consumer Protection Guidelines in Electronic Commerce:
Building an environment that is attractive and safe at the same time is the key for success
in electronic commerce. To achieve this goal, a set of certain alliances is required
between governmental and private interests, in addition to computer technology
specialists, attorneys, and business people. As consumer protection is the true essence for
trust and confidence in the field of electronic commerce. In fact, electronic commercial
transactions raise various issues related to consumers‘ interest, such as: determining the
identity of the online vendor, also technological tools in fulfilling the electronic contract
like e-signature. Moreover, the internet environment makes it easier for scam artist to
defraud electronic consumers and may be abusing consumers‘ information or selling it to
third party. Accordingly, it would be of an extreme difficulty for governments,
businesses, consumers to deal with such predicaments using traditional consumer
protection standards for deterring criminals in the internet medium.73
I. The Difference between the US and the EU Approach in Consumer Protection:
1. The United States:

The American policy toward consumer protection in e-commerce basically tends to be
pro-business and self-regulatory. Hence, the United States aims to focus on issues as
fraud and cybercrime, and at the same time bringing cybercriminals to justice. In
addition, the United States provides incentives for electronic businesses who offer dispute
resolution procedures instead of promulgating high standards for protecting consumer
rights. There are many consumer complaints, calls from the Federal Trade Commission,
and the American Bar Association on the urgent need for better consumer protection, but
the United States still abstains from regulating electronic commerce disputes methods.
Referring to statutes, case laws decisions, and documents like the Uniform Commercial
Code, the United States government will be able to stipulate adequate protection to
consumers.
Moreover, the American system of electronic commerce leaves the burden of proving and
finding additional terms and conditions in standard contracts directly to the consumer,
73 Asia-Pacific Economic Cooperation (APEC) Ecommerce Steering Group, Voluntary Online Consumer Protection Guidelines
44
also it does not obligate transparency and complete disclosure by electronic companies in
the sale of goods contracts, as any sale of good contract will be conceived as final.
Consequently, this could be deemed as an extension to the American approach of contract
law principles which is pro-business in commercial transactions.
Further, as several scholars mentioned that the best way to raise the level of electronic
commerce transactions is to boost consumers‘ confidence in the electronic environment.
As a result, the American government in order to notice continued growth in electronic
commerce rates, it should lay down more incentives to adopt more consumer protection
measurements. 74
2. The European Union:

The European Union is way more concerned about protecting its own consumers than the
United States. The EU seeks to increase the rate of commercial activity by setting balance
between electronic businesses and consumers through stipulating more protection laws
and policies. Moreover, the EU requires full exposure and transparency as to contractual
terms and conditions in consumer contracts, also requires specifying all terms and
conditions like hidden terms within the fine print of the contract before finalizing the
agreement. In addition, the EU initiated a policy which simply extends the principles of
consumer protection laws in non-electronic face to face transactions to be adopted in
internet contracts. 75
The Electronic Commerce Directive which was adopted in 2000 situated unique rules
concerning electronic contracts for ensuring consumer confidence in the electronic
commercial medium and provide legal certainty.76One of the most significant
contributions created by the Electronic Commerce Directive to the field of electronic
contracts within the European Union is encouraging the member states of the EU to
expand the range of electronic commercial activity. Further, the European Union has
implemented various procedures and initiatives for ensuring utmost fairness in settling
74 Paul Stylianou, Online Dispute Resolution: the Case for a Treaty Between the United States and the European Union in
Resolving Cross-Border E-commerce Disputes, (Fall 2008), Syracuse Journal of International Law and Commerce
75 Ibid
76 European Council Directive 2000/31, 2000 O.J. (L 178)
45
disputes, also allowing consumers to use such dispute settlement mechanisms for suing
electronic businesses. Furthermore, the European Union has adopted several
recommendations for safeguarding dispute resolution operations, as well as standards of
transparency, independence, effectiveness, legality, representation, and liberty in legal
proceedings that could be rose before arbitral tribunals. Nevertheless, the European
Union established a program named EEC-Net which encourages the circulation of any
information related to the mechanisms of dispute resolution, and make it available to
consumers to benefit from it. Besides, the EEC-Net supplies services for dispute
resolution through many premises located in each member state of the EU. 77
II. Consumer Protection under the Egyptian Law:

Although the Egyptian legislature did not stipulate specific provisions for protecting
electronic consumer in person, yet the provisions of the Law Number 67 of year 2006
where broad, so as to include both traditional and electronic consumer.
The Egyptian legislature intended to set certain rules that would accommodate consumer
protection in general, and this would be developed through compelling the manufacturer
or the importer by particular obligations, and at the same time furnishing specific rights
for the consumer, for instance:
 According to Article (3), the manufacturer or the importer must place a label on the
commodities in Arabic language indicating the specifications required under the
Egyptian law standards, any other law, or the executive regulations to this law in a
clear and legible form.
 Referring to Article (4), the supplier must place on all correspondence the data
identifying his identity, documents, and any other written instruments that the
supplier issues in the course of dealing or contracting with the consumer. Besides, to
include electronic materials, documents, identification data, commercials registration,
and trademarks.
77 Paul Stylianou, Online Dispute Resolution: the Case for a Treaty Between the United States and the European Union in
Resolving Cross-Border E-commerce Disputes, (Fall 2008), Syracuse Journal of International Law and Commerce
46
 Regarding Article (5), the supplier must handle the consumer an invoice in case of
request concerning the transaction or agreement related to the product, including the
principal information related to the commodity.
 Coherent to Article (6), the supplier and advertiser must provide the consumer with
correct information related to the nature and characteristics of the product, and
prevent anything that would cause misleading impression to the consumer or make
the consumer fall into confusions or mistake.
 Pertaining to Article (7), if the supplier discovered or became aware of the existence
of a defect in a product, the supplier must inform the Consumer Protection Agency of
this defect and the potential prejudice that it may cause within seven days from the
date of discovery.
 Relating to Article (8), the consumer will be entitled to exchange or return the
commodity and receive a refund without any additional cost if it was defective or
didn‘t conform with the purpose of use agreed upon within fourteen days from
receiving the commodity.
 According to Article (9), the service provider is obligated to pay a refund or cover the
diminution in the service or provide the consumer with it again for the defect or fault
that appears referring to the nature of the service, the contractual conditions, and
commercial norms.
 Pertaining to Article (10), any condition appears in a contract, document, or any other
similar item regarding the agreement concluded with the consumer relieves the
importer of the commodity or the service provider of his obligations will be
considered null and void.78
It is clear from the abovementioned articles‘ discussion that the Egyptian legislature is
highly concerned in the field of protecting the consumer about obliging the supplier or
the service provider to inform any defects in the commodity of the service if found. As
well as, the supplier should provide all the needed information about the commodity, also
to refrain from defrauding or misleading the consumer. Besides, the legislature gave the
consumer the right to return or exchange the commodity under particular circumstances,
78 The Egyptian Consumer Protection Law Number 67 of year 2006
47
and finally considering any relieves from responsibility will be conceived as null and
void. 79
Although there is an Egyptian Draft Law on E-commerce, but it has not been
implemented yet. However, pertaining to Article (17), any authority that has the ability to
obtain financial or personal data of any client is not permitted to keep these data after the
fulfillment of the transaction, use it for any other reason than the one agreed upon, or
conclude any deal with it.
The Egyptian legislature showed appreciable anxiety about consumers‘ privacy interests
which include banking and personal information, as there must be an explicit assent from
the customer himself to declare his approval for letting the supplier use the information
given for concluding the transaction. Besides, this information could be used by the
supplier or the service provider himself, or selling it to a third party who would make a
benefit out of it by any mean.
III. The Approach of the Private Sector Towards Consumer Protection:

Several businesses and corporations initiated actions in response to the daily challenges
in consumer contracts, and the common issues in electronic commerce. One of the best
instances is the Electronic Commerce and Consumer Protection Group (E-commerce
Group), which comprises elite companies in the field of electronic commerce, online, and
internet business.80
The E-commerce Group issued basic guidelines for regulating transactions concluded
with consumers in June 2000. Here are the most remarkable issues:
 Ease of Accessing Information and Accuracy:
According to the guidelines, all the information about the merchant should be
exposed in a clear, accessible on the internet, accurate, and obvious on the homepage
of the website or at the page of concluding the transaction.
 Displaying Contact Information of the Vendor:
79 Prof. Mohamed Elmorsy Zahra, The Civil Protection of Electronic Commerce, (2008), P.95-97
80 Electronic Commerce and Consumer Protection Group (E-commerce Group) includes America Online, AT&T, IBM,
Microsoft, Network Solutions, Dell Computer Corporation Time Warner, Inc., Visa U.S.A. Inc.
48
Consumers should be given easy and effective means for contacting the vendor; also
the vendor should disclose his full name, the name used for conducting the business,
the principal address or the address of his agent, email, telephone, or any other
available contact information. Besides, there should be a mean for contacting the
organization that is affiliated to the merchant‘s business for any inquiries from
consumers.
 Refrain from Any Suspicious Activities:
Vendors should not engage in any activity that would be considered misleading,
deceptive, or fraudulent.
 Vendors Should Obviously Disclose the Following:
a) All the Main Features of the Goods or Services.
b) Price, Type of Currency of Payment, and Expected Costs.
c) Terms and Conditions of the Contractual Agreement.
d) Return, Refund, or Cancellation Policies.
e) Scope, Means of Exercising, Duration of Warranty if Present.
f) Availability of Customer and Technical Support.
g) Shipping Terms.
 The Right to Review the Agreement:
Vendors should give consumers an opportunity to review the terms of the contractual
agreement, and not to take further steps in the transaction until it becomes binding on
the parties.
 The Usage of Appropriate Language is a Must, in Order to prevent any Ambiguity.
 Recording the Agreement. Vendors should provide adequate record of the transaction
and make it available for the consumer.
 Privacy:
Vendors must stipulate privacy policies within its contractual terms and conditions
that match legal requirements and industry standards.
 Security:
Vendors should also exert efforts for assuring secure transactions with consumers via
security measurements in consistency with updated industry standards.
 Adopting Self-regulatory Programs:
49
Vendors must expose any contact information if they are participating in any kind of
self-regulatory programs.
 Means of Dispute Settlement:
Vendors must accommodate consumers with affordable, easy, timely, and fair
methods for resolving disputes and redress. This should be including third-party
dispute settlement programs that are classified as reputable and independent.
 Enforcing Participation in Self-regulatory Programs:
Vendors are required to participate in effective self-regulatory programs, so as to
prove their adherence to these programs principles and guidelines. 81
IV. An Example of Protections Given to Consumers: Electronic Contracts on eBay:

Ebay which is an online auction website designed its consumer protection standards on
its own user feedback. As both the purchasers and sellers are given the opportunity to rate
each other at the end of concluding the transaction, and then these rating will be available
for other users to benefit from. The more rating a user gets, the more his trustworthiness.
This rating system has been upgraded and comprised more detailed rules for determining
power sellers or those vendors with high volume of sales, and providing high quality
customer service.82 However, eBay has been improved further by greater set of protection
standards to its users, and these are worth noting:
 Fraud insurance for buyers which is estimated up to US$ 200 for every purchase.83
 Using escrow service that allows purchasers to examine the product before paying the
seller, and this service is furnished via a third party. 84
 Identity verification service as both the seller and the buyer are allowed to carry
certain symbols that prove that their identities have been fully identified and verified
by a trustworthy third party.85
82Ibid
83 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/protection-programs.html
84 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/pay/escrow.html
85 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/account/id-verify.html
50
 Providing a resolution center for resolving transactions and ensuring that sellers are
committed to high standards.86
 Authenticating and grading the quality of the item through a third party.87
 VERO program also known as verified rights owner program. This is a program
which allows the owner of an intellectual property rights to report any kind of
infringement to their rights.88
 Outage policy for covering all transactions in case the service goes down for any
purpose or at any time.89
 Nonpaying bidders‘ policy, as sometimes a seller may not receive payment for the
item that he sold, through this policy a final fee is permitted to the seller.90
 Protecting sellers against unauthorized use of credit card through third party
programs. 91
These protection services and policies shows that purchasers and sellers who are users of
eBay are covered with proper protection measurements. Despite the fact that eBay is
facing problems in regard of enforcing some of its policies, yet it may cooperate with
other parties to combat fraud and cybercrimes committed while concluding business on
its network.92
V. Conclusion:
As we have seen, electronic commerce is one of the fastest growing retail channels in the
entire business market; though this emerging technology offers promise and hazard: the
promise of accessing global market, enhancing economic efficiency, and ease of doing
business, as well as the hazard of several obstacles that may barrier gaining the fruit out
86 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/resolving-problems.html
87 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/authentication.html
88 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/tp/vero-rights-owner.html
89 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/policies/everyone-outage.html
90 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/sell/unpaid-items.html
91 Retrieved March 15th 2011, Website: http://pages.ebay.com/help/pay/paypal.html
51
of this intelligent new system of commerce. One of these main hazards is to manifest the
assent of the client or the user of website, as this varies from an online vendor to another,
as a result this contrast in the way of proving assent has made courts consider some as
valid and binding while other are not. However, another challenge is privacy and
customers concerns about their financial and personal data, since this information could
be abused by the parties contracting with customers and selling it to beneficiary third
parties. Further, security is another hurdle that may sophisticate electronic commerce, as
there are several security perils when concluding business on the internet such as:
criminals who intervene in computer systems of banks and financial institutions, fraud
electronic cards, and infringing intellectual property rights. As well as, electronic
signature is one of the means used in accommodating security, despite the fact that it is
considered as an issue in the field of electronic commerce in itself because it might be
forged, or the signer may claim that this is not his own signature.
Given the doubt and uncertainty that surrounds electronic commerce and technology may
affect individuals‘ interest, additionally this means that laws need to be appropriately
reformed and should directly focus on increasing accountability and transparency in order
to assure self-confidence to consumers in electronic transactions, and expand its range on
the municipal and international level. It might sound complicated to start reforming laws
and keeping norms of electronic commerce parallel to law and public policy, however
delaying such reform might lead to other problems that might rise in the future.
Consumer protection which is the core of electronic commerce and the only way to
combat the various challenges facing it, then more efforts are needed from governments
and legislators on the national and foreign scale. This is for determining methods for
managing the relation between the law and technical aspects that would secure the
jurisdiction of legal authorities, and at the same time harnessing the global expansion of
technology for the sake of public interest.
52
Bibliography:
I. Articles and Contributions to Edited Works:

1- Bashar H. Malkawi, E-commerce in Light of International Trade Agreements: The WTO
and the United Sstates-Jordan Free Agreement, (Summer 2007), International Journal of
Law and Information Technology
2- David M. Cielusniak You Cannot Fight What you cannot See: Securities Regulation on
the Internet, (1998), Fordham International Law Journal Vol. 22, pp 612-616
3- Paul Stylianou, Online Dispute Resolution: the Case for a Treaty Between the United
States and the European Union in Resolving Cross-Border E-commerce Disputes, (Fall
2008), Syracuse Journal of International Law and Commerce
4- David M. Cielusniak, You cannot Fight What You Cannot See: Securities Regulation on
the Internet, (December, 1998), Fordham International Law Journal
5- Mark E. Budnitz, Privacy Protection for Consumer Transactions in Electronic Commerce:
Why Self-Regulation is Inadequate, (Summer 1998), South Carolina Law Review
6- Kiril Kesarev, Digital Signatures and Encryption in the European Union, (22 November
1998), Department of Computer Science and Engineering, Helsinki University of
Technology
7- Aristotle G. Mirzaian, Electronic Commerce: This is not your Father‘s Oldsmobile, (May
16th 2002), Rutgers Law Record
8- Toby Brown, an E-signature Primer, (May/June 2004), Rhode Island Bar Journal
9- Biometric Scanning, Law & Policy: Identifying the Concerns—Drafting the Biometric
Blueprint, 59 U. Pitt. L. Rev. 97, 99 , (1997)
10- Christina L. Kunz, Click Through Agreements: Strategies for Avoiding Disputes on
validity of Assent, (November, 2001), The Business Lawyer vol.57
11- Christina L. Kunz, Working Group on Electronic Contracting Practices, within the
Electronic Commerce Subcommittee of the Cyberspace Law Committee of the Business
Law Section of the American Bar Association (ABA), ―Browse-wrap agreements:
validity of implied assent in electronic form agreements‖, (2003), Business Law 59, 279
12- Legal Architecture of Virtual Stores: World Wide Websites and the Uniform Commercial
Code, (1997), San Diego L. Rev. 1263, 1354
13- Casamiquela, Ryan J., Contractual Assent and Enforceability in Cyberspace, (2002),
Berkeley Technology Law Journal
14- Michael H. Dessent, Digital Handshakes in Cyberspace Under E-sign: ―There‘s a New
Sheriff in Town!‖, (January2002), University of Richmond Law Review
15- Donnie L. Kidd, Jr., William H. Daughtrey, Jr., (2000). Adapting Contract Law To
Accommodate Electronic Contracts: Overview and Suggestions, Rutgers Computer and
Technology Law Journal
16- Study from WTO Secretariat Highlights Potential Trade Gains from Electronic
Commerce, (13 March 1998), PRESS/96
17- Dotty about dot commerce, (February 26, 2000), The Economist
18- Anniversary lessons from eBay, (June 11, 2005), The Economist
i
19- Report of the United Nations Commission on International Trade Law on the Work of its
Twenty-Ninth Session, United Nations General Assembly, 51st Session, Supplement No.
17, at United Nations Document A/51/17 Annex I (1996), reprinted in 36 I.L.M. 200
(1997).
20- Richard Raysman & Peter Brown, Contract Law and Business Practices in the
Information Age, Computer Law: Drafting and Negotiating Forms, (2004)
21- The UCITA Revolution: The New E-Commerce Model for Software and Database
Licensing, Moving with Change: Electronic Signature Legislation as a Vehicle for
Adavacning E-commerce, (April-May 2000)
22- Janet K. Winn, “The Emperor's New Clothes: The Shocking Truth About Digital
Signatures and Internet Commerce,‖ (revised draft) (March 9, 2001)
23- European Commission Guidelines on Encryption, ―Towards a European Framework For
Digital Signatures and Encryption‖, (October 8, 1997)
24- Report of Day 1 of the European Expert Hearing on Digital Signatures and Encryption
(Copenhagen, April 23, 1998)
25- United States General Accounting Office, International Electronic Commerce, (March
2002), Report to the Ranking Senate Minority Member of the Joint Economic Committee
26- Prepared Testimony of Dr. Alan F. Westin, Publisher Privacy and American Business
Before the House Banking and Financial Services Committee, Financial Institutions and
Consumer Credit Subcommittee, Electronic Payment Systems, Electronic Commerce,
and Consumer Privacy, (Sept. 18, 1997), Federal News Service, available in LEXIS,
News Library, Federal News Service File
27- FRB Report (Mar. 1997) Board of Governors of the Federal Reserve System, Concerning
the Availability of Consumer Identifying Information and Financial Fraud 18 n.14
28- European Commission, Brussels, (4.11.2010),Communication from the Commission to
the European Parliament, the Council, the Economic and Social Committee and the
Committee of the Regions
29- The U.S. Federal Trade Commission‘s summary of the basic principles embodied in the
OECD guidelines
30- Asia-Pacific Economic Cooperation (APEC) Ecommerce Steering Group, Voluntary
Online Consumer Protection Guidelines
II. Books and Independent Publications:

31- Thomas J. Smedingoff, Warwick Ford, and Michael Baum. Secure Electronic Commerce ,
Ed. Online Law ch.3, 4, 31, (1996)
32- Ian C. Ballon. Privacy, Security, and Internet Advertising Chapter 27, Internet, Network
and Data Security, Part IV: Encryption, Cryptography and Biometrics E-Commerce and
Internet Law, (2010-2011 update)
33- Thomas J. Smedingoff, (June 14-15, 1999). Electronic Contracts & Digital Signature: An
Overview of law and Legislation. Patents, Copyrights, Trademarks, and Literary Property
Course Handbook Series
34- Prof. Mohamed Elmorsy Zahra, The Civil Protection of Electronic Commerce, (2008)
ii
III. Websites:
35- Professor Amelia H. Boss, Electronic Contracting: Legal Problems or Legal Solution.
Retrieved: March 12th 2011, Website:
36- Restatement of the Law-Contracts, Restatement (Second) of Contracts, (August 2010),
Chapter3 Formation of Contracts-Mutual Assent, Topic 3 Making Of Offers, Retrieved:
January 4th 2011,
Website http://caseandcontroversy.com/Statutes/restat.pdf
37- Retrieved March 1st 2011 from the Federal Trade Commission Site Website:
http://www.ftc.gov/os/1999/07/pt071399.htm
38- Retrieved March 1st 2011, In the Matter of Eli Lilly, File No. 012 3214 (2002 Website:
http://www.ftc.gov/opa/2002/01/elililly.htm
39- Retrieved March 2nd 2011, History of the OECD Website:
http://www.oecd.org/pages/0,3417,en_36734052_36761863_1_1_1_1_1,00.html
40- Mike Ingram, "Love-Bug" virus damage estimated at $10 billion, (10th May 2000)
Retrieved March (8th 2011) Website: http://www.wsws.org/articles/2000/may2000/bug-
m10.shtml
41- Council of Europe, Retrieved March 8th 2011, Website:
http://www.coe.int/aboutCoe/default.asp
42- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/protection-
programs.html
43- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/pay/escrow.html
44- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/account/id-verify.html
45- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/resolving-
problems.html
46- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/buy/authentication.html
47- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/tp/vero-rights-
owner.html
48- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/policies/everyone-
outage.html
49- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/sell/unpaid-items.html
50- Retrieved March 15th 2011, Website: http://pages.ebay.com/help/pay/paypal.html
IV. Table of Cases:

51- ProCD, Incorporated, Plaintiff-Appellant, v. Matthew ZEIDENBERG and Silken
Mountain Web Services, Inc., Defendants-Appellees, No. 96-1139, Argued May 23, 1996,
Decided June 20, 1996
52- Pollstar v. Gigmania, Ltd., 170 F.2d 974 (E.D. Cal. 2000)
53- Specht v. Netscape Communications Corp., 150 F. Supp.2d 585, 593-94 (S.D.N.Y. 2001),
aff‘d 306 F.3d 17 (2d Cir. 2002
54- Hotmail Corporation, Plaintiff v. Van$ Money Pie Inc.; ALS Enterprises, Inc.; LCGM,
Inc.; Christopher Moss d/b/a the Genesis Network, Inc.; Claremont Holdings Ltd.;
iii
Consumer Connections; Palmer & Associates; and Financial Research Group; and
Darlene Snow d/b/a Visionary Web Creations and/or d/b/a Maximum Impact Marketing,
Defendants. No. C-98 JW PVT ENE, C 98-20064 JW. April 16, 1998
V. Table of legislative Acts:

55- United States Code § 230 (e) (1) (Supp. 1998)
56- California Code of Regulations Title 2 Administration Division 7, Secretary of State,
Table of Contents, ch10, Digital Signatures
57- Illinois Electronic Commerce Security Act, 1997 Ill. H.B. 3180, at Section 5-105
VI. EC Documents and Texts:

58- Articles 10 and 11 of Directive 95/46/EC
59- Recital 26 of Directive 95/46/EC
60- European Council Directive 2000/31, 2000 O.J. (L 178)
61- Directive 95/46/EC of the European Parliament and of the Council of 24.10.1995 on the
protection of individuals with regard to the processing of personal data and on the free
movement of such data (OJ L 281, 23.11.1995, p. 31)
iv

Electronic Contracts and Consumer Protec

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Electronic Contracts and Consumer Protec

Uploaded by

Copyright:

Available Formats

Master Thesis

Electronic Contracts and Consumer

submitted on 23rd April 2011

Indianapolis, 23 April 2005 Khaled Saad

B. The Issue of Assent in Contractual Agreement Terms and Conditions 7

C. The Impediment of Electronic Signature as a Cornerstone in Electronic

D. The Dilemma of Privacy and Data Protection 24

E. Security as a Predicament in Electronic Contracting 33

ATM Automated Teller Machine

I. Background to the Study:

2 47 United States Code § 230 (e) (1) (Supp. 1998)

II. Stating the Problem:

5 Dotty about dot commerce, (February 26, 2000), The Economist

6 Anniversary lessons from eBay, (June 11, 2005), The Economist

IV. Significance of the Study:

E-commerce is characterized by a worldwide coverage, as there is no country or

The broad question that this dissertation addresses is as follows:

VI. Literature Review:

Electronic contracting is facing certain spheres that might be considered problematic in

VIII. Scope and Limitations of the Study:

In fact, it is hard to determine a certain scope of a specific category of people or time to

IX. Outline of Chapters:

II. Types of Transactions in Electronic Contracting:

11 Casamiquela, Ryan J. (2002), CONTRACTUAL ASSENT AND ENFORCEABILITY IN CYBERSPACE, Berkeley

III. Fundamental Strategies for Ascertaining Assent:

17 Pollstar v. Gigmania, Ltd., 170 F.2d 974 (E.D. Cal. 2000)

I. Electronic Signature vs. Digital Signature:

II. Types of Electronic Signature:

4. Digital Certificates or Signatures:

III. Substantial Elements of Digital Signature:

2. Private and Public Keys:

4. Verifying a Digital Signature:

1. Assuring the Identity of the Signer of the Electronic Record:

2. Assuring the Security of the Electronic Record:

3. Assuring the Identity of the Electronic Record Signer:

V. Problems with Digital Signature:

1. Determining the Nature of the Signature:

3. Digital Signature is coherent to person‘s rights:

1. Developing Secure Storage for Digital Signatures:

2. Authenticity of Signature Via Third party:

3. Creating a Portfolio for the Owner of the Signature:

I. Consumers’ Privacy Concerns:

1. Surveys Concerning Consumers Privacy:

2. Facts Supporting Consumer Concerns:

3. Types of Privacy and Information Invasions:

1. Well-known US Laws Governing Privacy and Personal Information:

c) Identity Theft and Assumption Deterrence Act (1998):

d) Children’s Online Privacy Protection Act (1998):

e) Gramm-Leach-Bliley Act (1999):

III. The EU Approach to Foster Protection of Privacy and Personal Information:

IV. International Principles for Ensuring Data Protection and Privacy:

1. Basic Principles of Data Privacy and Protection Laws in the OECD:

53 Recital 26 of Directive 95/46/EC

54 Articles 10 and 11 of Directive 95/46/EC

57 Retrieved March 2nd 2011, History of the OECD

b) Choice or Consent Principle:

c) Access or Participation Principle:

d) Integrity or Security Principle:

e) Enforcement or Redress Principle:

I. Levels of Security Measures:

II. Deception on the Internet:

1. The Complication of Anonymity on the Internet:

2. Securities Fraud Online: