Berkman Center for Internet & Society.

Using ICANN's UDRP Harvard Law School > Berkman Center > Open Education > E-Commerce: An Introduction


-




Syllabus
Discussion
Reference
Discussion
Discussion
Search

Session 3: Transactions

Teaching Fellows: Raheemah Abdulaleem, Len Kardon

Guest Panelists:

Stephen Y. Chow, Esq.
Commissioner, National Conference of Commissioners on Uniform State Laws
Perkins, Smith & Cohen, LLP
Boston, MA
www.pscboston.com/attorneys/chow_s.html

Jorge Contreras, Esq.
Senior Partner, Vice Chairman Internet Practice
Group
Hale & Dorr LLP
Boston, MA
www.haledorr.com/attorney/bio.asp?ID=C382000149

Linda Hamel, Esq.
General Counsel, Information Technology Division
Commonwealth of Massachusetts
www.state.ma.us/itd/

TRANSACTIONS - TABLE OF CONTENTS

I. Introduction

II. Digital Signatures

III. Clickwraps

IV. Terms of Service

V. Payment Technology

VI. Taxation

VII. References

VIII. Additional Materials

I. Introduction

This segment of the class will cover transactions in the broad sense of the term, generally referring to all interactions between the website owner and the website users. We will first discuss the rapidly evolving concept of digital signatures. Then we discuss the terms of service or "clickwrap" user agreement, which governs the users use of the website. We then move on to an overview of the major online payment systems. Finally, we briefly discuss legal issues related to the sale of goods online.

II. Digital Signatures

One of the first elements addressed in e-commerce transactions is how to guarantee that a valid contract has been entered between the parties. Assessing the validity of contracts is complicated in the Internet environment because the contracts are paperless. Digital signatures are therefore essential in helping to promote e-commerce because they ensure that all parties have entered in a binding contractual agreement.

Going Digital 2000- "the use of digital signature technology clearly establishes the necessary evidence for the integrity of the electronic contract. If any part[y] changes any aspect of a digitally signed document then the digital signature verification process will identify that the document has either been changed since it was signed or that it was not signed by the party who is attributed as being the signatory" (Fitzgerald).

A. OVERVIEW

The issue of digital signatures is an essential consideration for an online enterprise because it allows for both consumers and businesses to enter binding agreements over the Internet (Website) (Tutorial1). How one identifies oneself over the Internet is of critical concern because an online enterprise needs to ensure the authenticity, integrity and confidentiality of the signature of signers who use the online enterprise. Assessing the validity of contracts or agreements entered online is complicated due to the paperless nature of the transaction so it is essential that there are standards developed to ensure the security and reliability of digital signatures.

How does a digital signature work?

The Electronic Signatures in Global and National Commerce Act broadly defines an electronic signature as "an electronic sound, symbol, or process, attached to or logically associated with a contract or record and executed or adopted by a person with the intent to sign the record" (Act). Under this law an electronic signature would have the same force of law as its handwritten equivalent. Digital signatures, in contrast, are narrowly defined to only include those types of signatures that involve encryption or cryptography. Unlike a traditional signature a digital signature would not involve the fixing of someone's name in ink on a piece of paper. Typically, digital signatures would involve the use of encryption technology.

One type of encryption technology that could be used for digital signatures is asymmetric public key and private key encryption. This type of "double key" encryption entails the following steps:

Step One - The signer who seeks to enter an agreement with an online enterprise will affix his or her "private key" to a particular document. The private key can be stored on the user's computer and accessed by password. The "signature" produced by this private key is a number that has been generated by numerical algorithms.

Step Two - The signer will also have a "public key" which is widely available to anyone who wants to authenticate the documents that have been signed by the signer. The public key is then used to verify that the private key belongs to the same person. It may also be used to verify that the message received is exactly the same as the message that was sent. Throughout this identification process the actual identity of the signer is not revealed, the only concern is that the public and private key correspond.

Step Three - To ensure the accuracy of the public and private keys, a certification authority may be used. The role of the certification authority is to authenticate the keys. The certification authority issues a certificate that guarantees that the holder of the public key is the same person who holds the private key. The certificate is digitally signed and date stamped by the certification authority to ensure its enforceability (Website) (Tutorial2). Certificates may be issued at different levels of authentication. They may be issued with no effort to establish whether the key holder is indeed the person that the keyholder claims to be, or keys may be issued at a level where extensive background identification is required in which case the identity of the keyholder is also being certified.

See the memo on Encryption for more information.

Although the use of public and private key encryption is one of the more commonly discussed types of digital signatures there are other methods of signatures that could be used. These other types are often distinguished by referring to them as electronic signatures as opposed to digital signatures. These signatures do not involve the use of public and private key encryption. Some examples of electronic signatures are, 1) a smart card that is swiped through the user's computer (the smart card contains verifiable information about the user), 2) passwords, 3) emailed pictures of handwritten signatures and 4) signatures on digital pads using biometric technology (Website) (Jacobus). The use of these technologies would also be useful for an online enterprise because it helps to ensure the integrity of the transaction. The specific technology chosen may often depend on the specific legislation that has been passed in the state selected in the choice of law provision. This is because many of these statutes limit their applicability to certain types of digital signature technology.

B. WHAT ARE THE TECHNICAL/LEGAL LIMITATIONS OF DIGITAL SIGNATURES?

There are both technical and legal limitations regarding the use of digital signatures. Some of the technical limitations involve ensuring that the encryption technology used is safe from hackers and forgery. Public keys may not be posted in a convenient central location, but be scattered among different certificate authorities. Certificate authorities may not be licensed or otherwise regulated for consumer protection. Also, moving to a system of digital signatures may require both time and resources on the part of both the signer and the recipient. In many instances the signer would be a consumer who would need to invest in some encryption software and enter an agreement with a certification authority. If the costs of these services are too expensive then the widespread adoption of digital signatures that involve encryption technology may be slower then the use of other types of electronic signatures that involve smart cards or passwords.

The year 2000 served as a milestone in eliminating many of the legal limitations of digital signatures. With the passage of the Electronic Signatures in Global and National Commerce Act on June 30, 2000, the legal status of electronic signatures was recognized as binding under US law (Website) (E-Sign). Although the importance of the federal law cannot be understated it is also important to recognize the different laws that have been passed by state legislatures that involve electronic signatures. Addressing the differences present is state laws is important because many states impose different requirements on the applicability of electronic signatures.

C. CURRENT STATUS OF THE LAW REGARDING DIGITAL SIGNATURES

Uniform Electronic Transactions Act (UETA)

The National Conference of Commissioners on Uniform State Laws ("NCCUSL") adopted the Uniform Electronic Transactions Act ("UETA") in 1999. NCCUSL adopted UETA and recommended it to states for adoption in order to establish uniformity in the law regarding transactions in e-commerce. Under UETA an electronic signature is defined as "an electronic, sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record." As of April 6, 2001 UETA has been adopted by 28 states and bills have been introduced in 15 states to adopt UETA. (Website) (UETA).

Many states have modified their existing digital signature laws and replaced them with UETA provisions. Illinois has introduced a bill that inserts UETA provisions into their existing Electronic Security Act. Missouri has similarly introduced a bill to repeal the Missouri Digital Signatures Act and replace it with UETA provisions. According to NCCUSL, "the objective of UETA is to make sure that transactions in the electronic marketplace are as enforceable as transactions memorialized on paper and manual signatures, but without changing the substantive rules of law that apply . . . UETA is procedural, not substantive. It does not require anybody to use electronic transactions or to rely upon electronic records and signatures." (Website) (NCCUSL).

An important aspect of UETA is that it is voluntary. According to NCCUSL,

UETA applies only to transactions in which each party has agreed by some means to conduct them by electronically. Agreement is essential. Nobody is forced to conduct to electronic transactions. Parties to electronic transactions come under UETA, but they may also opt out. They may vary, waive or disclaim most of the provisions of UETA by agreement. . . The rules in UETA are almost all default rules that apply only in the event the terms of an agreement do not govern. (Website) (NCCUSL).

The NCUSSL also emphasizes the fact that UETA should not be considered a digital signature statute because digital signature legislation only refers to one particular type of encryption technology and UETA allows for various types of electronic security technology outside of encryption.

United States Federal Law

In June of 2000 President Clinton signed the Electronic Signatures in Global and National Commerce Act ("Electronic Signatures Act") into law (Website) (E-Sign). The Electronic Signatures Act became effective October 1, 2000 and was meant to provide a framework for the acceptance of electronic signatures in a range of transactions where a signature is required by law.

The Electronic Signatures Act defines electronic signatures broadly to include not only digital signatures but also other types of electronic signatures which are "adopted by a person with the intent to sign the record" [Electronic Signatures Act § 106(5)]. The Electronic Signatures Act does not apply to all contracts, "contracts for the sale of goods would be governed by [the Act], but other UCC contracts and documents would not be" (Website) (Inman1). Commentators have stated that the intent behind the Electronic Signatures Act was,

to provide a national standard for electronic commerce until all states have adopted UETA. The lack of state uniformity in the area of state laws governing electronic signatures and records prompted the Act. Thus, in order to clarify the role that electronic signatures and records are to play in e-commerce, E-Sign also contains important provisions designed to preempt state laws which create barriers to e-commerce or which are inconsistent with E-Sign (Website) (Inman2)

An important issue with regard to the Electronic Signatures Act is the fact that the Act is designed to preempt state laws that are inconsistent with the Act's provisions. Most importantly, this refers to those state laws that only give legal effect to a narrower range of electronic signatures than those proscribed under the Act. Section 102(a) of the Electronic Signatures Act provides the instances in which a State statute can modify, limit or supersede the Act (Website) (E-Sign).

(a) IN GENERAL- A State statute, regulation, or other rule of law may modify, limit, or supersede the provisions of section 101 with respect to State law only if such statute, regulation, or rule of law--

(1) constitutes an enactment or adoption of the Uniform Electronic Transactions Act as approved and recommended for enactment in all the States by the National Conference of Commissioners on Uniform State Laws in 1999, except that any exception to the scope of such Act enacted by a State under section 3(b)(4) of such Act shall be preempted to the extent such exception is inconsistent with this title or title II, or would not be permitted under paragraph (2)(A)(ii) of this subsection; or

(2)(A) specifies the alternative procedures or requirements for the use or acceptance (or both) of electronic records or electronic signatures to establish the legal effect, validity, or enforceability of contracts or other records, if--

(i) such alternative procedures or requirements are consistent with this title and title II; and

(ii) such alternative procedures or requirements do not require, or accord greater legal status or effect to, the implementation or application of a specific technology or technical specification for performing the functions of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures ; and

(B) if enacted or adopted after the date of the enactment of this Act, makes specific reference to this Act.

In order to avoid preemption, the above-mentioned provisions of the Electronic Signatures Act need to be considered by any state before enacting electronic signature legislation.

Utah

Utah was the first state to enact legislation concerning electronic signatures. The statute enacted by Utah in 1995 is entitled the Utah Digital Signature Act (Website) (§ 46-1-6). The purpose was to provide uniform standards for the acceptance of digital signatures in order to facilitate e-commerce (Website) (§ 46-3-102). The Utah Act was seen as essential in helping to reduce fraud and forged digital signatures. During the 2000 General Session, the Utah Legislature adopted the Uniform Electronic Transactions Act.(Website) (§ 46-4-101).

California

California originally passed digital signature legislation in 1995 (Website) (§ 16.5). The California legislation granted digital signatures the same legal effect as written signatures as long as the digital signature: "(1) is unique to the person using it, (2) is capable of verification, (3) is under the sole control of the person using it, (4) is linked to data in such a manner that if the data were changed the digital signature is invalidated and (5) it conforms to regulations adopted by the Secretary of State."

The legislature passed the digital signature regulation in 1995 and required the promulgation of regulations in order to facilitate e-commerce and communication with public entities. The California Digital Signature Regulations were approved in June of 1998 and they provide guidelines for digital signatures that define the coverage of the law, the acceptable technologies for digital signatures, and the process for adding new technologies to the acceptable technologies (Website) (CA Regs). In January of 2001, California Senate Bill 97 was introduced to repeal Division 3, Part 2, Title 2.5 of the Civil Code on electronic transactions and replace it with a version that conformed to the Uniform Electronic Transactions Act.

D. ARE DIGITAL SIGNATURES NEEDED?

Digital signatures are essential to protect the authenticity, integrity and privacy of online transactions. Online enterprises need to ensure that they receive accurate and verifiable information regarding the person who attempts to use their services. One of the largest problems for online enterprises is fraud. (Website) (Ecommerce) and (Website) (Ackman). Various studies have shown that in the year 1999 Internet businesses estimated loses at over $230 million due to credit card fraud (Website) (Terrence). By utilizing some type of digital signature technology these enterprises can seek to protect their services or goods from being fraudulently acquired. Although it is debatable whether asymmetric cryptography is the best or most feasible way to achieve this security, online enterprises need to investigate and invest in some form of digital or electronic signature technology in order to protect themselves. Digital signature technology also protects the consumer because it provides them with heightened security so that their information is protected by a private key (or some other technology) that is only known to the signer thereby preventing consumers from being victims of identity theft.

Back to TOC

III. Clickwraps

A. OVERVIEW

An e-commerce site, and probably any website, should contain some form of user agreement or a listing of the terms and conditions of use of the website (commonly called terms of service or TOS). The TOS grants the user a license to use the website under the terms specified or simply states that by using the website, the user is agreeing to be bound by the provisions of the TOS. Just as in a bricks-and-mortar store, there are many reasons why an online proprietor may wish to establish rules of behavior such as prohibiting the further reproduction of proprietary data or banning abusive language in a chat room.

Terms of Use agreements are generally established through the use of clickwraps. These agreements have their origins in software license agreements, which traditionally were contained with the software inside a box shrink-wrapped with clear cellophane. In the U.S., these agreements have been found to be enforceable in ProCD v. Zeidenberg and other cases (Website) (ProCD). On the Internet, the same type of agreement is shown to the web user who then must click an "agree" or "I accept" button to access to website. Thus, these agreements are called "click-through" or "web-wrap" or, most commonly, "clickwrap."

B. ENFORCEABILITY

In the landmark ProCD case, the Seventh Circuit Court of Appeals held that the defendant was bound by the terms of the shrink-wrapped license prohibiting commercial use of the software. The license was only inside the box but there was a notice on outside referring to the license. The Court held that by using the software after opening the shrink wrap, the defendant had manifested assent to the contract as is required under the Uniform Commercial Code.

This precedent has been extended to the Internet and clickwraps in a series of cases. In Hotmail Corporation v. Van Money Pie, Inc. (Website) (Hotmail) the court upheld the validity of a clickwrap agreement that prohibited the use of Hotmail e-mail accounts for transmitting unsolicited mass e-mail. In Groff v. America Online, Inc. (AOL) (Website) (Groff) the court upheld a forum selection clause contained within AOL's clickwrap user agreement. See also Caspi v. The Microsoft Network (Website) (Caspi) (upholding forum selection clause in Microsoft Network subscriber agreement which the user was required to click "I agree" next to the scrollable window containing the agreement.)

Although clickwraps can be enforceable, courts may require that users be given adequate notice of what the terms and conditions of use are and that they clearly manifest their assent. See for example, Ticketmaster v. Tickets.com (Website) (Ticketmaster) (holding that there was no breach of contract by Tickets.com because there was no evidence that users were bound by the clickwrap which was buried in Ticketmaster's website). But see, Register.com, Inc. v. Verio, Inc. (Website) (Register) (holding that Register.com's Terms of Use created a binding contract with Verio notwithstanding the fact that the user was not asked to click on an icon agreeing to the terms). It is interesting to note that many major websites (Yahoo, Lycos, Amazon) allow nonregistered users access without requiring a click-through, but do require one (although Amazon does not) for the user to register and have access to full services such as e-mail or message posting.

A recent case to discuss the enforceability of clickwrap agreements was Williams v. America Online, Inc, (Website) (Williams), decided by a Massachusetts Superior Court in 2001. The plaintiffs claimed that AOL version 5.0 caused unauthorized changes to their computers. The defendants brought a Motion to Dismiss since the forum selection clause in the Terms of Service agreement stated that Virginia was the forum selected for all AOL consumer suits. The court denied AOL's Motion to Dismiss based on two factors. First, the plaintiffs were only presented with the terms of service after AOL version 5.0 was installed on their computers. Even if the plaintiffs attempted to uninstall the program and decline the terms of service their computers were already reconfigured. Second, the court held that it was against Massachusetts public policy to force consumers whose individual claims were only a few hundred dollars to pursue litigation against AOL in Virginia.

There are at least three main ways to display such agreements when a user is first registering to use a site or download software or submit an order. The agreement can be displayed on a screen with the "I accept" button appearing at the bottom, requiring the user to scroll down the webpage to get to the button. This is not considered user friendly as a new web user or an inpatient one may not realize they can only continue by scrolling down to the bottom. The agreement can be placed in a scrollable window within the webpage screen with the "I accept" button to the side or below that window. This appears to be the setup in the Microsoft Network case referenced above, but does leave some question about the user's manifestation of assent. It easy to skip reading the agreement and just click the "I accept" button and the user could argue that the part of the agreement not scrolled through was not agreed to. Finally, the "I agree" button could be located at the bottom of the agreement within the scrollable window, or preferably, could be outside the window but would only be activated once the user as scrolled through the full agreement. This would seem to result in the clearest manifestation of assent, although clear directions to the user in all three setups may be enough to demonstrate assent. Under UCITA, which is discussed below, a safe harbor of sorts is created for agreements that require the user to click twice that she is agreeing.

Although assent is the biggest issue in putting these agreements on the Internet, it is important to note that the provisions in the Clickwrap Agreement still must conform to traditional contract law. As stated by the ProCD Court, "shrink-wrap licenses are enforceable unless their terms are objectionable on grounds applicable to contracts in general."

As discussed in a recent Wired article, clauses that overreach beyond what is considered reasonable by courts for these type of "take it or leave it" contracts will probably not be enforced (Website) (Manjoo). Anything that would be unconscionable in a shrink wrap agreement could also be unconscionable in a clickwrap, although the context could make a difference and courts have not yet addressed such a situation. For example, in Tony Brower v. Gateway 2000, Inc., (Website) (Brower), the court allowed ProCD but found that a clause requiring that disputes be arbitrated under the rules of the International Chamber of Commerce were unconscionable ($4000 filing fee of which $2000 is nonrefundable even if consumer wins) and therefore unenforceable. See also Williams v. American Online, Inc., above.

Keys for structuring clickwrap agreements:

  1. The online enterprise should ensure that users clearly assent to the conditions of their website.
  2. The terms used in the agreement should be in clear, simple language that can be understood by the lay reader.
  3. Users should be required to take an affirmative step that indicates that the user has read and agrees to the rules of the website.
  4. An example of an affirmative step would be to require that users click an "I Agree" or an "I Disagree" button.
  5. Terms of use should be displayed in a central location. Online enterprises should refrain from locating their terms of use on the bottom of the homepage, where users would have to scroll down and link to another page in order to read the terms.

C. UNIFORM COMPUTER TRANSACTIONS ACT (UCITA) PROVISIONS

Clickwraps are also affected by the passage in the states of Virginia and Maryland of the Uniform Computer Information Transactions Act (Website) (UCITA). This law was proposed in 1999 by the National Conference of Commissioners on Uniform State Laws, a panel of expert lawyers and law professors (Website) (NCCUSL2). See also the UCITA news site. (Website) (UCITA news). UCITA is a model uniform law that applies to "computer information transactions." Therefore "if a transaction includes computer information and goods, this [Act] applies to the part of the transaction involving computer information, informational rights in it and creation or modification of it." [Uniform Computer Information Transactions Act § 103 (1999)] The Official Comment to UCITA § 112 provides examples of clickwrap agreements as evidence of "manifestation of assent" to the terms of a contract. It also states that retention of the information by the website user is not by itself sufficient to establish "manifestation of assent." This may go beyond what is required under the current caselaw of some states.

In addition to passage in Maryland and Virginia. UCITA has been introduced in Arizona, District of Columbia, Illinois, Maine, New Hampshire, New Jersey, Oregon and Texas. Maryland adopted an amendment to its UCITA provisions, exempting open source software which does not charge license fees from the implied warranty of merchantability. Enactment of UCITA may be limited as it has come under strong criticism from various consumer groups due to the fact that it appears to have a strong bias toward licensors.

Opponents of UCITA argue that the provisions contained in UCITA provide little protection for consumers who receive defective computer software. Allowing software vendors to disclaim all liability for damages caused by the software this leaves consumers with little recourse when they receive poor software products. (Website) (Simons).

Proponents of UCITA argue that it provides a new common body of law to govern computer information transactions. Prior to the development of UCITA there was no uniform body of law to address transactions in software, instead courts had to rely on the Uniform Commercial Code provisions that governed transactions in goods. In addition, proponents argue that UCITA provides clear support for the enforceability of shrink-wrap and click-wrap agreements. Proponents argue that before UCITA it was unclear as to what standard shrink-wrap and click-wrap agreements had to meet in order to be enforceable. (Website) (SIIA).

For a more detailed review of Clickwraps, please see the following articles:

Kimberly M. Inman, Clickwraps And Electronic Signatures: Creating An Enforceable Web Site Contract, (Website) (Inman)

Jorge Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap Agreements, (Website) (Contreras2)

D. INTERNATIONAL ENFORCEMENT

In the EU and other nations where traditional shrink-wrap agreements are likely to be enforced, click-wrap agreements should also be enforced. Although only China appears to refuse to enforce click-wrap agreements outright, other countries may also make enforcement difficult due to a combination of factors, including local language requirements and variations in consumer protection laws. For more information, see the discussion in Jorge Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap Agreements, (Website) (Contreras1).

Back to TOC

IV. Terms of Service

Since clickwraps will likely be enforced, it is important that the website owner take some time to specify the terms of service of the website. Like software licenses and terms and conditions on tickets, general contract law governs these provisions and different practitioners have different preferences on how legalistic the terms need to be.

A. SAMPLE TERMS OF SERVICE

See Elements That Are Generally Included in Terms of Service Agreements for more information.

B. CUSTOMER SERVICE CONSIDERATIONS

In addition to issues of enforceability, practitioners should be aware of customer service issues when drafting a TOS. The Wired article discussed above was written after customer outrage forced Microsoft to change a clause in the TOS for its Passport site which granted the company ownership to users' personal data.

Consumer protection laws in each state and regulation by the Federal Trade Commission may also come into play, particular for sites selling merchandise. Internet sellers are bound by the FTC's Mail or Telephone Order Merchandise Rule - see A Business Guide to the Federal Trade Commission's Mail or Telephone Order Merchandise Rule, (Website) (FTC). The FTC brought civil penalty actions against e-tailers for allegedly violating the rule during the 1999 holiday season, and the companies paid more than $1.5 million in total penalties. See TooLate.Com: The Lowdown on Late Internet Shipments (Website) (FTC Release).

Some websites may wish to participate in the Better Business Bureau's BBBOnLine Reliability Program [http://www.bbbonline.org/businesses/reliability/index/html] or at least follow program's guidelines (Website) (BBB). See Ethical Principles for more information.

Back to TOC

V. Payment Technology

A. AVAILABLE SYSTEMS

The vast majority of e-commerce payments are done by credit card. There are two general types of payment systems available. For an e-commerce site of any significant size, the Operator will need to open Merchant Account and choose an online payment processing service such as CyberCash (Website). For a smaller site, a third-party system such as PayPal (Website) or MoneyZap (Website) may be more cost effective. The third party collects the funds for the website operator using its own merchant account and then deposits the funds into the website operator's account.

It will cost $400-600 to open a merchant account plus yearly account maintenance fees. Because of pervasive fraud, new websites may not even be able to obtain a merchant account. The online processing service will also charge fees for each transaction as will the financial institution that manages the merchant account. The website will need off-the-shelf or customized software which can interact with the online processing service. This will allow the website to know within seconds whether the charge has been approved. The website will also need to have a secure server for transaction processing, or it can lease server space from a service provider such as Itransact.com.

Third-party systems can have little or no upfront account opening fee and can be setup with just a few lines of HTML code. While some may offer an instant approval or rejection response, others will only send the website an e-mail with the transaction details. To use one of these services, the website operator will have to sign a nonnegotiable user agreement or terms of service. The agreement is of course unfavorable to the website operator, but like the website users themselves, there is no choice but to accept the nonnegotiable terms.

American Express has also introduced a new type of payment technology in its one-time-use credit card numbers. This new option would allow American Express cardholders to enroll in its Private Payments program. This new program allows AmEx cardholders to use their Private Payments number (instead of their actual AmEx card number) whenever they enter an online transaction. This Private Payment number could be used at any site that accepts AmEx because the Private Payment number is linked to the card holder's actual AmEx account (Website) (AmEx). For an overview of different payment technology systems like digital cash, anonymous credit cards and electronic checks visit (Website) (Robotics).

Micropayments offer an additional form of payment technology for those transactions that are for small amounts. Qpass Inc, an online payment firm has teamed up with Trivnet, Inc. to develop a micropayment system where users can purchase goods from a Qpass merchant partner and have that transaction appear on the users Internet service bill or telephone bill (Website) (Collett). These different forms of payment technology offer consumers increased privacy and security in their e-commerce transactions.

B. FRAUD CONCERNS

Internet Credit Card fraud is an increasing concern. Meridien Research estimates online credit card fraud costs 24 million dollars per day in bogus charges. For information on fraud prevention, please go to the Worldwide E-Commerce Fraud Prevention Network (Website), a website developed by Amazon.com, American Express, buy.com and others to help e-commerce merchants protect themselves from e-commerce fraud. As discussed above, digital signatures may be one answer to the fraud problem.

See Payment System Reference Materials for more information.

Back to TOC

VI. Taxation

In Quill Corp. v. North Dakota, (Website) (Quill), the Supreme Court affirmed that a physical presence in a state was required for a corporation to have a "substantial nexus" to the state. Under the Courts dormant commerce clause cases, states cannot require out of state corporations to collect sales taxes for them unless they have a substantial nexus to the state. Thus remote sellers, such as an Internet retailer, are not required to collect sales and use taxes for sales made to purchasers located in states where the seller does not have a physical presence.

Supporters of an Internet sales tax argue that the current system discriminates against bricks and mortar retailers who must collect taxes in most states. They argue that it will drain vital revenue from state and local governments as more commerce shifts to the internet. See, e.g. E-fairness.org (Website) (E-fairness). Opponents either oppose taxes in general, or argue that applying taxes to the Internet will stifle ecommerce. Some point out that Internet business do not use the same level of local government services as local retailers. Critics also note that state and local tax systems are so complex that national collection is next to impossible. As a response, 31 states are working together on sales tax simplification.

Detailed summaries of state activity in the area of Internet taxation is available at:
(Website) (Cybertax). In April 2000, the Advisory Commission on Electronic Commerce issued its report to Congress. (Website) (Commission) The required 2/3 majority was not able to agree on an answer to the Internet sales tax issue. For an overview of the internet tax debate, see Patrick Thibodeau, (Website) (Thibodeau).

Back to TOC

VII. References

Edited by Anne Fitzgerald [et al], Going Digital 2000: Legal issues for e-commerce, software and the Internet, St. Leonards, Australia: Prospect Media, 2000, p. 200 [Back to text]

Digital Signature Tutorial, available at <http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html> [Back to text 1][Back to text 2]

Electronic Signatures in Global and National Commerce Act, Pub. L. No. 106-229, § 106, 114 Stat. 464 (2000) [Back to text]

Jacobus, Patricia, "Digital Signatures prepare to wipe away ink," CNET News.com, available at <http://news.cnet.com/news/0-1005-200-2894498.html> [Back to text]

Electronic Signatures in Global and National Commerce Act, available at <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106> [Back to text]

http://www.uetaonline.com for more information about UETA [Back to text]

http://www.nccusl.org/uniformact_summaries/uniformacts-s-ueta.htm [Back to text]

Electronic Signatures in Global and National Commerce Act, 2000 Senate Bill 761 reconciliation of H.B. 1714 and S.761) available at <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106> [Back to text]

Inman, Kimberly, "Clickwraps and Electronic Signatures: Creating an Enforceable Web Site Contract," available at <http://www.husch.com/showpage.phtml?name=corpjul1> [Back to text 1][Back to text 2]

Electronic Signatures in Global and National Commerce Act, 2000 Senate Bill 761 reconciliation of H.B. 1714 and S.761) available at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106 [Back to text]

Utah Digital Signature Act, Utah Code Ann. § 46-1-6 et seq, at <http://www.le.state.ut.us/~code/TITLE46/46_03.htm> [Back to text]

Utah Digital Signature Act, Purposes and construction, Utah Code Ann. § 46-3-102, at <http://www.jmls.edu/cyber/statutes/udsa-1.html> [Back to text]

Uniform Electronic Transactions Act, Utah Code Ann. § 46-4-101  (2000), at <http://www.archives.state.ut.us/recmanag/46-4-101.htm> [Back to text]

Use of digital signature, Cal Gov Code § 16.5,  at <http://www.ss.ca.gov/digsig/code165.htm> [Back to text]

California Digital Signature Regulations, Final Text Approved By Office of Administrative Law on June 12, 1998,  at <http://www.ss.ca.gov/digsig/regulations.htm> [Back to text]

See Ecommerce-guide.com, "Eliminating Some Credit Card Risk for E-Business," available at http://ecommerce.Internet.com/solutions/ec101/ [Back to text]

See Dan Ackman, Forbes.com, "Equifax, eHNC Join Forces to Fight Online Fraud," available at http://www.forbes.com/2000/06/21/mu6.html [Back to text]

See Terrence, Verifyfraud.com, "Internet Merchants Bear Higher Cost of Credit Card Fraud," available at http://www.verifyfraud.com/merchantsite/highercost.asp (visited March 14, 2001) [Back to text]

ProCD v. Zeidenberg 86 F.3d 1447 (7th Cir. 1996) available at http://www.law.emory.edu/7circuit/june96/96-1139.html [Back to text]

Hotmail Corporation v. Van Money Pie, Inc., 47 U.S.P.Q.2d 1020 (N.D.Cal. 1998) available at http://cyber.law.harvard.edu/h2o/property/alternatives/hotmail.html [Back to text]

Groff v. America Online, Inc. (AOL) 1998 WL 307001 (R.I. Super. May 27, 1998) available at http://legal.web.aol.com/decisions/dlother/groff.html [Back to text]

See also Caspi v. The Microsoft Network 743 A.2d 851 (N.J. 1999) available at http://legal.web.aol.com/decisions/dlother/caspi.html [Back to text]

See for example, Ticketmaster v. Tickets.com, 54 U.S.P.Q.2d 1344, (C.D.Cal. 2000) available at http://www.gigalaw.com/library/ticketmaster-tickets-2000-08-10-p1.html (holding that there was no breach of contract by Tickets.com because there was no evidence that users were bound by the clickwrap which was buried in Ticketmaster's website). [Back to text] But see, Register.com, Inc. v. Verio, Inc., 126 F.Supp.2d 238, (S.D.N.Y. 2000) available at http://pub.bna.com/eclr/00cv5747.htm (holding that Register.com's Terms of Use created a binding contract with Verio notwithstanding the fact that the user was not asked to click on an icon agreeing to the terms). [Back to text]

Williams v. America Online, Inc, 2001 WL 135825 (Mass. Dist. Ct.. 2001) available at http://www.socialaw.com/superior/000962.html [Back to text]

Farhad Manjoo, Fine Print Not Necessarily in Ink, WIRED, Apr. 6, 2001, available at http://www.wired.com/news/business/0,1367,42858,00.html [Back to text]

Tony Brower v. Gateway 2000, Inc., 246 A.D.2d 246, (N.Y.App. Div. 1998) available at http://www.law.seattleu.edu/chonm/cases/brower.html [Back to text]

See also Williams v. America Online, Inc., 2001 WL 135825 (Mass. Dist. Ct.. 2001) (Holding it would violate Massachusetts public policy to require Massachusetts consumers with small individual damages (few hundred dollars) to litigate in Virginia.) [Back to text]

Uniform Computer Information Transactions Act (UCITA) at <http://www.law.upenn.edu/bll/ulc/ucita/ucita1200.htm> [Back to text]

National Conference of Commissioners on Uniform State Laws at <http://www.nccusl.org/> [Back to text]

See also the UCITA news site. at <http://www.ucitanews.com/> [Back to text]

Barbara Simons, Shrink-Wrapping Our Rights, Inside Risks 122 CACM 43, 8 August 2000, available at http://www.acm.org/usacm/copyright/ucita.cacm.htm [Back to text]

Software & Information Industry Association, Summary of Benefits - Uniform Computer Information Transactions Act, May 11, 2000 available at http://www.siia.net/sharedcontent/govt/issues/ucita/summary.html [Back to text]

Jorge Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap Agreements, available at http://www.haledorr.com/practices/prac_pubsdetail.asp?ID=1322111092000&areaID=17&TypeID=1 [Back to text1]

Yahoo at <http://docs.yahoo.com/info/terms> [Back to text]

Lycos at <http://www.lycos.com/lycosinc/legal.html> [Back to text]

Student Advantage at <http://studentadvantage.com/terms> [Back to text]

Federal Trade Commission's Mail or Telephone Order Merchandise Rule, at <http://www.ftc.gov/bcp/conline/pubs/buspubs/mailordr/index.htm> [Back to text]

TooLate.Com: The Lowdown on Late Internet Shipments, FTC Release, available at http://www.ftc.gov/bcp/conline/features/toolate.htm [Back to text]

BBBOnLine Reliability Program at <http://www.bbbonline.org/businesses/reliability/index/html> [Back to text]

BBB has published ethical guidelines at <http://www.bbbonline.org/code/code.asp> [Back to text]

Clickwraps And Electronic Signatures: Creating An Enforceable Web Site Contract, available at http://www.husch.com/showpage.phtml?name=corpjul1 [Back to text]

Jorge Contreras & Kenneth H. Slade, The Origin of Click-Wrap: Software Shrink-Wrap Agreements, available at http://www.haledorr.com/practices/prac_pubsdetail.asp?ID=1322111092000&areaID=17&TypeID=1 [Back to text2]

See http://www26.americanexpress.com/privatepayments/info_page.jsp [Back to text]

For an overview of different payment technology systems like digital cash, anonymous credit cards and electronic checks visit <http://robotics.stanford.edu/users/ketchpel/ecash.html> [Back to text]

Collett, Stacey, New Online Payment Options Emerging, available at http://www.cnn.com/2000/TECH/computing/02/03/pay.online.options.idg/ [Back to text]

For more information on payment systems:
Good reference cite (Hal Varian, leading Internet economist) at
http://www.sims.berkeley.edu/resources/infoecon/Commerce.html#cash [Back to text]

http://www.transaction.net/payment/index.html (summarizes categories) [Back to text]

http://ecommerce.internet.com/resources/library/paysolutions/ (vendor products) [Back to text]

http://www.w3.org/ECommerce/roadmap.html (older article, but authoritative) [Back to text]

Quill Corp. v. North Dakota, 504 U.S. 298 (1992) available at http://supct.law.cornell.edu/supct/html/91-0194.ZO.html [Back to text]

Detailed summaries of state activity in the area of Internet taxation is available at:
http://www.vertexinc.com/taxcybrary20/CyberTax_Channel/taxsum_73.asp [Back to text]

Advisory Commission on Electronic Commerce available at http://www.ecommercecommission.org/report.htm]. [Back to text]

See, e.g. http://www.e-fairness.org/ [Back to text]

Patrick Thibodeau, New bill kicks off battle over Internet tax moratorium extension, Computerworld, February 12, 2001 available at http://www.computerworld.com/cwi/story/0,1199,NAV47_STO57636,00.html [Back to text]

Back to TOC

VIII. Additional Materials (Optional Reading)

A. ELEMENTS THAT ARE GENERALLY INCLUDED IN TERMS OF SERVICE AGREEMENTS (TOSs)

  • Introduction / Acceptance of terms - The user agrees to be subject to the TOS, or website grants user license to use site subject to these terms.
  • There may be a brief description of service, i.e. "provide online information and services"
  • Registration information - The user agrees to provide complete and accurate information and update as needed.
  • Privacy Policy - Most websites will link to separate document.
  • Fees - If charging membership or access fees, the following should likely be included to insure the collection of the fees:
    • The user agrees to pay or certifies that she has paid all fees and charges.
    • Use of the registered user name and password is limited to one person.
    • Use of information is limited to personal and not commercial use and no resale is permitted.
  • Member conduct - The website should fully describe its rules governing user submissions, posts, use of chat rooms, etc. General language, (insert example) appears to be okay but there should also be the following specific provisions as appropriate:
    • All postings must be lawful.
    • User grants a license (royalty-free, nonexclusive, and maybe call it irrevocable) for Operator to use, modify, adapt, etc. such materials.
    • User indemnifies operator for information that user submits, posts, transmits through the Service.
    • No solicitation is allowed.
    • Operator reserves right to investigate TOS violations and report unlawful activity to law enforcement.
  • International use - User also agrees to follow local laws. This probably will not help the Operator much if the user violates local laws and the Operator does not prevent it (see Part 4, Section II B, Yahoo and the French ban on Nazi memorabilia), but it's one of those provisions that couldn't hurt so long as the Operator is not overly concerned about the length of the TOS.
  • The Operator should describe its general practices regarding use and storage - if applicable
  • Modifications to TOS - Operator may make them at any time with or without notice (some states may require some form of notice).
  • Termination - Operator retains right to terminate access at any time for any reason.
  • Advertising - Operator is not responsible for advertising content or user dealings with advertisers.
  • Links - Operator is not responsible for availability and does not endorse linked sites and is not responsible for any loss from any content of linked sites.
  • Proprietary rights - Operators ownership of all data collected and rights to use it.
  • DISCLAIMER OF WARRANTIES - Often in ALLCAPS.
  • LIMITATION OF LIABILITY - Also in ALLCAPS.
  • Exclusions and limitations - Yahoo gives notice that parts of 14 and 15 may not be allowed in all jurisdictions.
  • Intellectual property.
  • Trademark information.
  • Copyrights and copyright agents.
  • Entire agreement - Standard contract term making the TOS and documents it refers to (Privacy Policy) the only enforceable agreement between the Operator and User eliminating claims of any different agreement on any of the terms.
  • Choice of law and jurisdiction - User agrees that TOS will be interpreted under the laws of the chosen state and that action can only be brought in the chosen jurisdiction. See full discussion of jurisdiction issues in dispute section.
  • Limitation on time to file claim.
  • No waiver.
  • Severability - Standard contract term that states that each provision is separate and still valid even though another provision is declared unenforceable.
  • Sale of goods - If the website will be selling goods, it will also need to have a order fulfillment system as well as specific policies regarding delivery or merchandise and merchandise out-of-stock and policies regarding returns.

Back to TOC

B. PAYMENT SYSTEM REFERENCE MATERIALS

Back to TOC

C. ETHICAL PRINCIPLES

Principles of the ethical guidelines for online merchants and advertisers published by the Better Business Bureau. BBBOnLine, Code of Online Business Practices, http://www.bbbonline.org/code/code.asp.

Principle I: Truthful and Accurate Communications.
Online advertisers should not engage in deceptive or misleading practices with regard to any aspect of electronic commerce, including advertising, marketing, or in their use of technology.

Principle II: Disclosure.
Online merchants should disclose to their customers and prospective customers information about the business, the goods or services available for purchase online, and the transaction itself.

Principle III: Information Practices and Security.
Online advertisers should adopt information practices that treat customers' personal information with care. They should post and adhere to a privacy policy based on fair information principles, take appropriate measures to provide adequate security, and respect customers' preferences regarding unsolicited email.

Principle IV: Customer Satisfaction.
Online merchants should seek to ensure their customers are satisfied by honoring their representations, answering questions, and resolving customer complaints and disputes in a timely and responsive manner.

Principle V: Protecting Children.
If online advertisers target children under the age of 13, they should take special care to protect them by recognizing children's developing cognitive abilities.

Back to TOC

 

-


Please send all inquiries to: Diane Cabell

Home | Introduction | Setting Up | Transactions | Privacy | Disputes | Reference | Search

The Berkman Center for Internet & Society

Design by: Robert Ditzion and Grethe Thilly