An Overview of Legal Issues when Doing Business on the Internet

by: A. Paul Mahaffy

Introduction

Now that the predicted surge in electronic commerce is finally here, business lawyers are recognizing that Internet law is part of mainstream business law. Yet adjusting to the legal realities of the wired world isn't easy. The principles lawyers have used in a commercial world based on paper aren't readily applied to a commercial world based upon electronics, computers, and telecommunications. The system they have studied and practised under, which conveyed tangible messages read by humans and bearing pen and ink signatures, is being replaced by a system of intangible messages read by machines and comprised of binary digits.

Their business clients aren't having an easy time either. Clients who once used closed and protected physical environments to conduct frequent, one-on-one trading with familiar partners, now conduct hundreds, if not millions, of isolated transactions among complete strangers in an open Internet environment. As a result, clients are constantly searching for new business models, aggressively competing in new markets, reducing prices to solidify market share and responding to the demands of informed and empowered consumers. As some of the barriers to competition continue to fall, the number of potential competitors climbs dramatically. For some goods or services which can be described as commodities, profit margins have disappeared completely, caused by a buyer's market with instant information about the best price available to every buyer. Some clients even give their products and services away for free. In other words, the Internet is an entirely new way of doing business.

The speed at which these changes have taken place has caught most clients by surprise. Although the Internet's precursor the ARPANET was created by the United States Department of Defense in 1969, the commercial potential of the Internet wasn't recognized until the mid 1990's with the emergence of the World Wide Web. Since that time, commercial development on the Web has been so rapid that "Internet years" are now measured as "dog years".

One significant effect of the Internet on business has been a reduction in the number of middlemen, or disintermediation. Many clients are already experiencing it, no longer able to add any value to consumers and business users who now deal directly with manufacturers and service providers. In fact, some of their stiffest competition comes from their own suppliers. Travel agents, clothing retailers, stock brokers, publishers, car dealerships, even law firms are feeling these pressures.

With all of this change and uncertainty, it's no wonder that some clients haven't moved beyond just having an informative Web site. While that Web site may contain in electronic form an identical copy of their glossy printed product catalogue, they still take orders just by telephone, fax or regular mail. Many haven't taken the next step of actually selling on-line. Compared to American retailers, Canadian retailers have generally been found to be 12 to18 months slower in commencing on-line sales. Given this slowness, it's not surprising that the majority of Canadian consumers have been found to make their on-line purchases from US sites.

Consumer concerns over the lack of privacy and security have been cited as reasons for the slow adoption of Internet business. But big money is being made today on the Internet in the business-to-business market. Wholesalers are using the Internet to sell everything from farm supplies to corporate computer systems. Manufacturers are going on-line to find raw materials. Telecommunications companies are sending electronic invoices to business customers. And contractors are logging on to the Internet to download tenders for government jobs. When all of the suppliers and purchasers in a particular industry and region are on-line, there are tremendous opportunities for competitive bidding as well as for collaboration, allowing them all to trade seamlessly with each other on-line. Customers can link directly into a company's inventory system through its Web site, and inquire whether particular products are in stock. They can call up a purchase order through the site and interact with the company's accounts receivable and order entry system to buy products, using their own staff to process the order.

But doing business on the Internet means more than just increasing revenue through on-line sales. It's also about building brands, strengthening business relationships, improving customer loyalty, reducing costs through better purchasing or more efficient inventory turnover, and even increasing shareholder value.

New Markets, Distribution Channels, and Transaction Methods

The Internet is creating businesses that may not need to own production facilities, inventory or real estate. Their real value is found in their strategic relationships, customer data, brand recognition and other intellectual assets. With the Internet, they have immediate access to global markets without the limitations of great physical distance. Their on-line delivery of targeted product information can replace mass advertising. Their creation of specialized goods uniquely tailored to each customer can replace mass production. A virtual storefront on their Web site can complement and even replace the bricks and mortar of their physical premises.

The Internet not only provides companies with potential access to more markets, but also affords them the opportunity to focus on specific market niches. Companies have the ability to make their Web site open to everybody who has access to the Internet, or just to certain persons with specific authorization. If a company wishes to limit access, it can assign specific user names and passwords as a condition to gaining access.

The distribution channels of these on-line businesses are different as well. Distribution in general has shifted away from channels that in the past were almost always owned or controlled by the sellers. Since the Internet provides a direct conduit between producers and buyers, on-line exchanges can cost less than what traditional distributors take, thereby shifting the balance of power from seller to buyer. By plugging suppliers directly into the distribution chain, tiers of middlemen and intermediaries are being stripped away.

Even business-to-business Internet commerce has largely superseded traditional electronic data interchange. Unlike traditional EDI systems which usually had only limited information about orders and were operated over a seller's proprietary network, today's Web based procurement systems enable businesses to obtain products faster and more cheaply.

It is possible that all aspects of an on-line purchase transaction can be completed during one site visit, from initial inquiry as to product availability and specification, through product order, and eventually to payment, and for certain intangible products and services, to fulfillment and final delivery .

Advantages of Doing Business on the Internet

Generally speaking, the Internet allows a company to reduce its information costs, both external and internal. Whether such costs are incurred in exchanging information with customers or suppliers, or with employees and consultants, the savings can be significant. It is the ease of information delivery made possible through the Internet which permits smaller companies to compete on an equal footing with larger ones.

At the very least, the Internet allows a company to inform potential customers visiting its Web site about its goods and services, or to solicit purchases. The Internet is an easy and inexpensive way to reach a large audience. The costs to start-up and operate a Web site are significantly less than the costs incurred to advertise through more traditional media, such as television, radio, newspapers and magazines, thereby making on-line marketing available to even the smallest companies.

Although many companies which engage in on-line marketing question how to measure its effectiveness, most recognize that on-line marketing and the use of Web sites are an essential component of any marketing strategy. Consumers no longer simply identify product brands according to their promotion on television. For relatively little cost, a company can reach a potential audience of millions, frequently update its message to them, and even develop a relationship with some through repeat visits to and interactivity with a Web site.

Whether it means targeting particular Usenet groups for an e-mail campaign because they represent a company's market niche, or using a chat group as a focus group to obtain consumer feedback on proposed or existing products, or just placing a few banner ads on some popular Web sites, a number of marketing goals can be achieved on the Internet. If nothing else, brand value can be increased through the maintenance of an attractive or informative Web site which has strong traffic, easily calculated by the number of "hits" it receives. Given the ability of Web sites to capture demographic information about visitors, Web site owners can direct specific types of advertisements to visitors having a particular demographic characteristic.

Through the linking of various pages on the Web, a user can be guided to other sources of information about a company doing business. Since the links may lead to a different location in the same document, or to different documents on the same or different Web sites, the Web can be a very effective vehicle for sharing all kinds of information, without concern for the type of computer or software which each user might have. Users can browse catalogues on the Internet, locate product information, place orders, have their credit validated and trace shipments through to delivery.

Web based procurement systems can link the company's computerized inventory and accounting systems with a list of all the goods and services that the company has approved for purchase, so that its purchasing department can order new supplies on-line as soon as it learns from the computer program that stocks are running low. In some cases, items in the company's approved purchase list are electronically linked to its suppliers' computer systems, so that it is possible to check on availability and delivery times, completing all aspects of the purchase over the Internet. Depending on how many suppliers are on-line, these systems can be very cost-effective and, as referred to above, preferred substitutes to expensive, inflexible and complex EDI systems.

Because orders can flow directly from a customer to a warehouse without any further human intervention, labour costs and human errors can be eliminated. Catalogues are easily updated, avoiding the need to send out letters or flyers to every customer about product changes or price changes, and special promotions and sales can be advised immediately on-line.

Disadvantages of Doing Business on the Internet

The economics of the Internet continue to defy logic. Some companies are doing almost anything to gain market share, on the basis of "lose money now or lose your business later". The list of free products like browsers, e-mail, music players, even PCs, grows daily, and some computer makers, Internet portals and various service providers give free Internet access to attract consumers to their sites which then become more valuable to advertisers and retailers. The catch to consumers in return for the freebies is that the bargain hunters have to look at advertisements, give up personal information to marketers, and possibly pay for related products.

Mobilizing for e-commerce isn't easy. Channel conflicts, brand management across different media, and product-pricing strategies aren't readily resolved. Should products sold on-line be priced to include costs associated with the bricks-and-mortar side of the operation, and should flexible pricing policies and product bundling presented by the Internet relate to traditional pricing strategies? Measuring results of Internet business by traditional measures of profitability isn't always appropriate. E-commerce market share, "eyeball counts", web site "stickiness" or site performance have become new measures of performance.

Not all on-line strategies are cheap. It takes money to build a brand, whatever the medium. On-line stores have huge costs. Usually large advertising and marketing costs are necessary to develop users. Newspaper and radio advertisements and outdoor billboards may have to be used to let consumers know the site is open for on-line business. Furthermore, pick-and-pack fulfillment capabilities as well as warehouse and distribution facilities may have to be acquired if the company isn't already a multi-channel, bricks-and-mortar business.

Despite the potential effectiveness of such multi-channel marketing efforts, customer service is still seen as the main way to keep customers coming back. The use of toll-free numbers, which customers use to contact a call centre for quick answers to their problems, or use of frequently asked questions on a company's Web site, as well as electronic chats, e-mail and even Internet telephony, all help to provide consumers will quick answers to their inquiries, but at considerable additional cost to the company.

Some studies have revealed that the majority of on-line consumers abandon their electronic shopping carts just before completing transactions. Often the registration procedure is cumbersome, and the hidden costs of taxes, shipping and handling further scare consumers away.

Returns, refunds and recourse represent potential problems for both buyers and sellers on-line. Buyers ordinarily buy on-line having seen only a product's picture, but not having examined the actual physical product itself. If they're disappointed when the product finally arrives, they have to go through the hassle of returning it, often at their own expense and within restrictive time frames to be eligible for a refund. Granted, such problems exist for traditional catalogue customers who place their orders by telephone, fax or mail, often with sellers located in different countries. But the physical location of those sellers is generally known, who often have local branches or use local distributors or agents.

On-line buyers often have only a domain name as the seller's address. Knowing who the seller really is, and where the seller resides, and what law and what courts have to be used if recourse against the seller becomes necessary, is obviously very important for the buyer ready to submit an on-line order and make an on-line payment. But it is very difficult for buyers to verify the identity of the seller they are dealing with, where the seller is physically located, and whether the seller is a legitimate seller. Just as it is easy and inexpensive to set up a virtual storefront, it is just as easy for a Web site to disappear. This can cause buyers to deal only with well-established brands, and thereby create a smaller market and thwart the development of new businesses.

For on-line sellers, the risk of fake addresses and fake orders from buyers can be a potential problem, as well as not knowing what jurisdiction the buyer resides in. Again, with only a domain name to go on and without an actual address, knowing who the buyer is, where the buyer resides, and what laws and what courts need to be used for recourse, is crucial. Without certainty as to the buyer's residence, it is difficult to determine which consumer and investor protection, packaging and labelling, unfair business practices, language and other local laws protecting the buyer have to be complied with by the seller.

In addition, a seller has to figure out which taxes have to be collected and remitted, and in which jurisdictions the seller might have to register as carrying on business, thereby creating further complexity and a potentially huge administrative burden. General unfamiliarity with all these "foreign" laws, in other words, can create huge risks for the on-line seller.

For both and sellers, there is the risk that the contracts they enter into on-line are unenforceable, since their contracts aren't signed in the traditional sense. Most on-line contracts involve simply an exchange of e-mails, the filling out of an on-line order form posted on a Web site, or presenting a number of contractual terms on a Web site which a buyer scrolls through and "clicks" to accept.

There is also the risk that whatever information either buyers and sellers have stored on their computers or contained in their e-mails will be learned, tampered with, stolen, misused or infected by a virus by hackers intruding into their systems. Furthermore, in the absence of specific privacy legislation, buyers run the risk that sellers in most industries will use and sell information about their personal spending behaviour.

Every party in the Internet content transmission chain, including access providers, Web page designers, proprietors of cybermalls, proprietors of electronic bulletin boards, other system operators, as well as Web site owners, faces potential liability for the content of a site under numerous laws in areas of copyright and trade-marks, privacy and defamation, obscenity, child pornography and hate literature. Any person involved in the Internet content transmission chain may be found to be committing an illegal act, depending on the extent of their involvement, and the degree of their control over the material being transmitted. Distributors having physical control over material being published should inquire as to its accuracy or potential harm, and if they learn of its inaccuracy or potential harm, they are under an obligation to withdraw it from circulation. Those e-commerce businesses which maintain customer chat groups as a feature of their Web site to build up visitor traffic run the risk of being liable for the messages which are being exchanged.

While printed material is generally assumed to be accurate as of the date of its publication, material placed on the Internet is often assumed to always be current. This need for currency of information imposes an additional cost upon on-line businesses for constant updating of the material which they put on their Web sites.

Limitations of Current Legal Structure The Internet is not a single computer network with a central administration but a collection of thousands of independent computer networks scattered around the world. While this may make the Internet seem anarchic, it is certainly not unregulated. Some of the perceived anarchy is due not as much to the absence of a statute dealing specifically with the Internet or e-commerce, as it is to the confusion created by the existence of too many applicable laws. There are numerous laws of general and special application which are difficult to reconcile when applying them to e-commerce. A company can become subject to the uncoordinated rules and regulations of jurisdictions which the company never intended to reach and which it may even have been unaware it was in fact reaching.

Much of the difficulty in attempting to apply the current legal structure flows from the difficulty in deciding whose laws should apply in the first place. In traditional commerce, the jurisdictions of the place of origin and place of destination were often the same. The Internet now often puts them in different jurisdictions.

Even if all jurisdictions had specific e-commerce legislation, such legislation couldn't stand alone, and they would still have to adapt all of their other legislation to accommodate the various privacy, intellectual property rights, taxation, contracts, consumer protection, conflicts of laws, dispute resolution and other issues which arise in connection with e-commerce. For example, deciding what is "written", "signed" or "delivered" when attempting to apply traditional contract law to electronic exchanges between parties is not straightforward. Deciding "where" the contract is entered into is even more challenging. For parties wishing to use only electronic communications in carrying on their business, it is difficult to comply with those statutes which require certain types of notices, consents and contracts to be in writing, or which require the filing of certain documents in prescribed form.

Some intellectual property issues aren't any easier to resolve. It's not always clear whether the downloading of a Web site should be "copying" for the purposes of the Copyright Act, or whether linking to another's Web site might constitute copyright infringement, or perhaps even passing off or trade-mark infringement. It's also not entirely clear how to resolve disputes arising when the owner of a trade-mark is denied use of that mark as a domain name because another party has already obtained a domain name registration for the mark.

The concerns of business clients over the privacy of information on the Internet aren't easily addressed. When it comes to information in the private sector, the current privacy laws aren't sufficiently helpful. The federal Privacy Act and freedom of information and protection of privacy acts of the various provinces cover only the public sector, although Quebec legislation covers the private sector as well. Outside of the Canadian Standards Association Model Code for the Protection of Personal Information and other industry codes which private sector companies can voluntarily comply with, there isn't a Canadian legislative regime in place other than Quebec's which affords clients suitable rights and remedies for invasion of their on-line privacy.

Taxing authorities have become particularly concerned over the adequacy of existing tax rules in dealing with the exchange of goods and services over the Internet, especially given the intangible nature of many of the products sold, and the direct, borderless nature of the system used to distribute them. While most jurisdictions tax on the basis of a taxpayer's residence or source of income, determining either is difficult when applying the traditional rules to Internet transactions.

The lack of consistency among international consumer protection and business practices laws and alternative dispute resolution procedures represents a huge obstacle to adequate consumer redress. A consumer with a legitimate claim against a foreign seller is currently expected to go to another country, hire lawyers and wait for his case to work its way through the system there, incurring high costs and risking an unfavourable outcome.

Some have argued that these kinds of limitations in the laws and regulations of many jurisdictions have created a trade barrier to electronic commerce. In an effort to remove some of these limitations in the current legal structure, the federal government is attempting to bring into law Bill C-6 (the Personal Information Protection and Electronic Documents Act) and the Uniform Law Conference of Canada has proposed the Uniform Electronic Commerce Act. Yet legislative reform is needed in a number of areas, not only in laws covering specific industries such as banking, pharmaceuticals and securities, but also in laws of general commercial application. In the meantime, without such reform, some assistance in coping with the current situation has been coming by way of proactive efforts of expert working groups and volunteer compliance by business, rather than reactive efforts from the courts and legislators.

Legal issues generally

The remainder of this paper will attempt to summarize some of the more significant commercial law issues relating to Internet commerce. Reference should be made to the other papers presented at this programme which discuss the following issues in much greater breadth and depth than is possible in this paper. These commercial issues include the kinds of agreements which on-line companies enter into with various Web site and content providers and the kinds of notices found on Web sites, as well as the various issues relating to jurisdiction, trade-marks, copyright, contract, privacy, security, marketing, payment, tax and employees which all on-line companies should address.

Because this programme is designed for business lawyers who want to help their clients do business on the Internet, and focuses on issues relating to buying and selling of goods and services, it overlooks a number of important legal issues with which every client as a user of the Internet may wish to be familiar. Such issues include defamation, criminal acts, free speech and censorship, pornography and hate speech, sexual harassment, electronic evidence, discovery and privilege. Furthermore, despite its commercial focus, this programme has not attempted to address the many legal issues that are of concern to only specific industries, such as banking, pharmaceuticals, insurance, and securities.

Agreements with Web Site and Content Providers

Before any material is posted on a company's Web site, a license should be obtained from anyone having an intellectual property interest in such material covering its use by the company as well by any user having access to the site. The license should be broad enough to cover all possible uses of the material, including the right to reproduce the material, create derivative works from it, perform the material in public and communicate the material to the public by telecommunication.

The rights given to the company under the license may be different than those given to a site user. The company may be permitted to digitize the material, convert it from one format to another, reproduce or modify it, or combine it with other works. Users of the site, on the other hand, may be only allowed to reproduce the material by viewing it through their Web browser, storing it on their hard drive, or printing it.

When retaining someone to develop a Web site, the company should specifically determine who has ownership rights in the content created for the site, the site's graphics and interfaces and overall "look and feel", and the software underlying the site. Any content contributed by the company or specifically developed for the company should be made the property of the company. Any components of such content which the developer wishes to use for other clients should be clearly defined.

The agreement with the Web site developer should also require the developer to provide the company with a back-up copy of the Web site and of any updates which it may undertake thereafter, and should require the developer to obtain a license from any party having an interest in any material being incorporated into the site. Appropriate indemnities, non-competition and confidentiality covenants, and requirements to use only specified personnel, which are often found in other commercial service arrangements, might also be imposed on the Web site developer in the agreement.

In arranging for the hosting of its Web site, the company should determine not only whether its site will be hosted on a dedicated or shared Web server, but also how much bandwidth will be available between the hosting server and the Internet backbone, to ensure that a satisfactory level of service for the site can be maintained during peak periods. As discussed in Security of Information below, adequate firewall or other security devices for the site should also be in place to allow for on-line payments.

Many Web sites have a legal notice and disclaimer on the home page dealing with intellectual property rights, restrictions on the use of the material posted on the site, and an exclusion of liability for errors, omissions and viruses. Those sites which have non-public portions or have product ordering features often contain conditions of use which a user is required to scroll through and acknowledge as having read and accepted before being allowed to proceed to the rest of the site.

Jurisdiction Issues

Ordinarily a state attempts to assert jurisdiction over activities which take place within or are substantially connected to its own territory, or over those persons who are resident there. Unfortunately it is often difficult to ascertain where commercial activities actually take place when they are conducted on the Internet, or where persons participating in such activities should be deemed to reside. Many people carry on Internet businesses through Web sites which are hosted on servers located in countries far away and which are accessible by users located in countries even farther away.

As a result, more than one state can often claim than an Internet activity took place or affected persons resident within its boundaries. Transactions carried on the Internet which cross political or geographical boundaries may comply with the laws of one jurisdiction while at the same time run afoul of the laws of another.

Even for a purely Canadian, inter-provincial on-line transaction, one province may assume jurisdiction despite difficulty in ascertaining a real and substantial "electronic" connection with the transaction. While the transmission of e-mail to persons resident in a particular province may be sufficient for that province to assert jurisdiction, the hosting of a Web site which is accessible to persons of that province but which is hosted elsewhere may not be sufficient. Some action which is directed at the residents of that province may be necessary for that province to assert jurisdiction over the party maintaining the Web site, reflecting a distinction between information which is "pushed" to residents and information which is "pulled" by them. At least some degree of interactivity between the residents and the Web site may be necessary. The tests that may be used in determining jurisdiction include how interactive the site is, whether any on-line contracts are entered through it, whether there is any reaching out to non-residents, and whether there is any limitation made on the target audience.

Narrowing down the number of jurisdictions which might have a rightful claim over an Internet activity can be accomplished by reducing the interactivity of a Web site, restricting site access to the residents of a certain jurisdiction by means of blocking software and posting notices on the site of such restrictions, and specifying the choice of law and forum in any on-line agreements and in the terms of use to the site itself. The site might also state the company operates the site from offices in Canada, that no representation is made that the site's content is appropriate for, or complies with the laws of, any other jurisdictions, that compliance with local laws is the responsibility of the user, and that the site will decline business and restrict access from certain jurisdictions.

Some business organizations have been advocating a universally legislated rule that would allow business-to-business dealings to be governed by the particular law the parties choose, but would require business-to-consumer dealings to be governed by the law of the place where the on-line sale originated. Under this "rule-of-origin" approach, on-line businesses would not have to familiarize themselves with the laws of every jurisdiction where every potential consumer may reside, and avoid having to develop a number of jurisdiction specific Web sites and selling procedures. While large, established businesses are often familiar with setting up and paying for operations complying with local laws in many jurisdictions, smaller and newer ones aren't, and the "rule-of-origin" approach is supposed to encourage them to get going on-line. From a consumer perspective, however, such an approach could effectively deny recourse against those sellers too far away to sue.

One issue related to jurisdiction involves the possible application of export controls. Certain items or buyers may be on the federal list of restricted technologies or embargoed countries, requiring an export permit to be obtained before a foreign sale may be completed.

Domain Name and Trade-mark Issues

Although the owner of a trade-mark registered in Canada has the exclusive right to use the trade-mark for a particular category of goods or services, more than one person is permitted to use the same trade-mark so long as the trade-marks aren't used for the same product or service or might otherwise cause confusion in the marketplace. Yet when a company wants to establish a Web presence by including its registered trade-mark in its Internet site address or domain name, problems arise when other parties with the same trade-mark wish to do the same, if they haven't already done so. A domain name has to be unique, and only one person can have a specific domain name. So while two companies can use the same trade-mark, only one can use the trade-mark as part of its domain name.

Part of a domain name is a "top level" domain name, containing either a "country-code" (such as ".ca" for Canada) or "generic" (such as ".com", ".net" or ".org") name, and the other part is a "second level" domain name, often a unique identifier of a business such as its trade-mark. While the criteria to obtain a "country-code" top level domain may vary from country to country, generic top level domains, which up until recently were given out only by Network Solutions Inc., have been given out on a "first come, first served basis". NSI registered almost any domain name requested so long as the exact name hadn't already been registered. However, having a .com top level domain doesn't prevent a .net or .org top level domain name being assigned for an identical name intended to be used by an unrelated party.

There is less likelihood of confusion with different registered domain name users with a .ca top level domain name than there is with .com and .net top level domains, but a .ca top level domain may prove limiting if the company moves or carries on most of its business outside of Canada. Until recently, .ca domains have been difficult to get, since only one address was available per company, and applicants had to show that they were federally incorporated or provincially incorporated and carrying on business in more than one province, with a name or trade-mark the same as the requested domain name.

The disputes which have arisen between domain names and trade-marks have generally involved "name napping" or "cybersquatting", and "reverse name napping". With name napping, a company's unique trade name or trade-mark is registered by another person as a domain name and used by the other for commercial purposes to trade on the former company's goodwill or offered for sale to the former company at a healthy profit.

Reverse name napping occurs when a person is legitimately using a business name as a domain name and the owner of a similar or identical trade-mark, usually for quite unrelated goods or services, comes along afterwards and, alleging trade-mark infringement, lays claim to the domain name. While the company which first secured the domain name should be entitled to keep it so long as there is no confusion with the registered trade-mark, the dispute resolution policy previously followed by NSI gave precedence to the holders of U.S. federally registered trade-marks over unregistered trade-marks.

Proposals brought out by the World Intellectual Property Organization (WIPO) to reconcile the competing approaches in this area include making available the contact details of registrants over the Internet and providing a uniform and mandatory dispute-resolution system involving panels of experts to address bad faith. The proposals would also deter abusive registrations or cybersquatting, and allow owners of globally famous trade-marks to obtain exclusions prohibiting others from registering such marks as domain names. The Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the Internet naming system, has adopted a dispute resolution policy that will allow people to take their complaints over domain names to a mediation panel, administered by WIPO and other organizations.

In light of the potential for disputes in this area, client companies should be encouraged before registering a domain name to search not only the Internet for similar domain names, but also for similar or identical trade-marks and corporate names in those jurisdictions where the company intends to carry on business. Since domain name registration doesn't protect against any third party disputing the registration, obtaining trade-mark protection for the second level domain name in those jurisdictions where the company intends to carry on business is prudent, particularly a U.S. trade-mark registration if a company chooses a .com or .net top level domain. An owner of a U.S. trade-mark asserting rights over a generic top level domain name may be able to assert priority over a Canadian trade-mark owner who lacks U.S. trade-mark rights.

However, not all registered domain names are registrable as trade-marks in Canada or elsewhere. They may be too descriptive or generic, or may not be used or sufficiently well known, to be eligible for registration as a trade-mark. Obtaining multiple registrations under all top level domains using the same second level name may be desirable in order to avoid the confusing use of the same second level name by an unrelated party by way of a different top level domain.

A couple of other practices in this area are recommended. When using a service provider to initially reserve a domain name, a company should ensure that it nonetheless can control the domain name and move it to another service provider if it so chooses. Also, when a company's Web site refers to a trade-mark as being registered, the jurisdiction of registration should be disclosed.

Copyright Issues

Because the digital form of text, graphics, and other material placed on the Internet allows them to be easily downloaded and modified by users at any time and from any location around the world, the copyright issues relating to them seem more complicated than if they were in traditional "hard" form. Yet when a work is "digitized", a new work is not created, and ascertaining the copyright in it requires ascertaining the copyright in the original work.

To be entitled to copyright protection, a work must be an original literary, dramatic, musical or artistic work. Since these categories are broadly interpreted, all of the text, graphic images, databases, computer programs, sound recordings, musical recordings, photographs, and audiovisual works which reside on the Internet are all subject to copyright law. An owner of copyright in a work is allowed, among other things, to reproduce it, publish it, perform it in public, translate it to another language, adapt it for another medium, and communicate it by telecommunication.

Although no requirement is imposed upon a copyright owner to register his copyright interest, or to even place a copyright notice on the work itself (at least in those countries which are members of the Berne Convention), it is common practice to place a copyright notice on any work posted on the Internet indicating the name of the copyright owner and the year of first publication of the work. In addition to placing a copyright notice on a home page, Web site operators should also put copyright and any other notices recommended in this paper on all pages of a site, since a visitor to a Web site doesn't necessarily have to go though the home page to access any other page on the site. He can end up on a page directly from a link with a third party's site or as a result of a search conducted using one of the search engines.

Copyright vests in the author of the work, or the person to whom the author assigns copyright in the work. An important exception to this rule relates to employees, who may be authors of a work but who are not first owners of it under the Copyright Act; their employers are, so long as the work was created by the employees in the course of their employment. However, such exception does not apply to independent consultants, like those retained by a company to develop a Web site or to provide content to be posted on the company's Web site. It is therefore essential that the company obtain from these consultants an assignment of their copyright, and a waiver of their moral rights, in such work.

Since rights to use copyrighted material are often granted by the owner only for a limited purpose, for a limited time, and for a limited jurisdiction, a company should ensure that placing such material on a Web site will not constitute copyright infringement. Permission to place such material on the Web should be obtained from each person who has a copyright interest in it. However, determining who may have such an interest can be a challenge. Because even a single creative element may have been arrived at through a collaborative effort, with different persons with different skills providing input, clearance from each of them is required before posting such element on a Web site. For example, posting a musical work may require multiple permissions from the composer and lyricist, or the publishing company if they have assigned their rights in the work, and perhaps the recording company.

If permission to reproduce a copyrighted work which is placed on a Web site by the owner is not first obtained before it is viewed by anyone browsing the site (and loading of a site's pages onto a browser's software for viewing by the user technically constitutes copying), there is still an implied consent given by the owner allowing any Internet user to engage in incidental reproduction of the work for the purpose of browsing. However, such implied consent may not extend to printing the work out or storing it on a disk, and certainly doesn't extend to posting the work on other Web sites.

Yet the user may be entitled to exercise certain limited rights to use the downloaded copyrighted work under certain exemptions provided under copyright law. These exemptions include a right of fair dealing, which permits copying of the work for private study or research, or for criticism, review or newspaper summary, so long as the source of the work is revealed.

Some browser programs allow for a user's screen to split into multiple windows or frames, each incorporating material from the same or another Web site. The "framing" of material from another site should be with attribution to, and permission from, the owner of the other site to avoid allegations of infringement of copyright and moral rights, as well as trade-mark infringement and passing off.

Unlike framing which incorporates another site as part of a composite site, "linking" results in the linked site filling up the user's entire screen and the uniform resource locator or Web site address of the linked site then appearing at the top of the screen. However, linking to another site's pages can create similar confusion over copyright and trade-marks, if the linking is effected without going through that site's home page. Linking can also deprive the owner of that site of the advertising revenue that would have been earned if access had to be made through the home page. Furthermore, there is the possible inference made by some users that the owner of one site is endorsing the goods and services offered by a second site which is linked to the first. Consequently, some sites give notice to any users about to link to an external site that the originating sites are not affiliated with or responsible for, nor endorse, the external site.

Contract Issues

The legal requirements for a binding contract on the Internet aren't any different from the requirements for other contracts, namely that there must at least be communication of an offer and an acceptance, along with valuable consideration and enough certainty of the essential terms to indicate a meeting of minds. Offers may be communicated on-line by being placed on a Web site, posted to a Usenet newsgroup, or sent by e-mail.

Acceptance of an offer may generally be made by the same mode of communications as was used to make the offer, unless the offeror otherwise specifies. For on-line contracts, a customer is usually requested to scroll through the terms of the contract and accept by clicking on a particular button or link, or entering a specific word or symbol. The terms of such contracts ordinarily aren't capable of being amended by the customer and therefore, unlike paper documents, don't allow for a counter-offer instead of an acceptance to be made. Also, to avoid any possible application of the deemed acceptance rule "on mailing" which applies to paper documents, on-line contracts often provide for their acceptance only when the offeror has in fact received the communication containing the acceptance.

A contracting party should attempt to verify the identity of the other party. Having a party enter his name in a particular box or click on a button may be sufficient to show he intended to "sign" the electronic contract, just as a party's "x" on a paper contract may be sufficient. But such a practice isn't very reliable. Using confidential passwords and personal identification numbers may be preferable as a means of ensuring that a signature rightfully belongs to a particular contracting party.

As discussed in more detail under Security of Information, the concerns of one contracting party over the identity of the other can also be satisfied to some extent through the use of public key infrastructure. Under this system, each party to the contract has a public key which is shared with the other party (and with the on-line public generally) and which can be used to decrypt or encrypt messages, along with a private key which is not shared. Designated third parties can be made responsible for certifying the ownership of the keys used for the electronic exchanges. A party may attach a digital signature to the on-line contract, an electronic identifier which he intends to be just as effective as his own manual signature.

The requirements for digital signatures are expected to be laid out in the regulations to Bill C-6 and in the laws derived from the Uniform Electronic Commerce Act, thereby giving electronic documents with digital signatures the validity of paper documents with handwritten signatures. Also expected to be addressed in such laws are rules for determining when and where electronic documents are sent and received, and whether such documents constitute the "best evidence" of a contract between the parties.

Some of the concerns parties have about not actually receiving goods and services bought through on-line purchase agreements have been addressed by various escrow services. For a fee, an escrow holder acts as a middleman between on-line buyers and sellers. Money is placed in an escrow account until the buyer approves payment to the seller, normally when the goods are finally delivered or service performed.

For those contracts which must be in writing to conform to statute of frauds requirements, such as contracts for the sale of land or guarantees, or for those notices or consents which must be in writing, such as those required in certain consumer protection legislation, or for those filings which must be made with various regulatory agencies in prescribed form, electronic versions may not be safely used without legislative amendments being made. In the meantime, such versions will have to be printed out and hard copies retained.

Other contract issues are just as difficult to deal with in an Internet environment, especially those which might affect the future enforceability of a contract. Determining whether a contracting party has the mental capacity to contract, or has the actual authority to bind his corporation in making the contract, or is willingly entering into the contract, is more difficult when communications take place on-line rather than face-to-face.

Depending on the jurisdiction governing the parties to an Internet contract and the contract itself, a number of terms and conditions may be implied or required by applicable consumer protection legislation. Warranties as to fitness and suitability, rights of rescission, restrictions on disclaimer clauses, even the font size used, may be required for on-line contracts, possibly representing the standards imposed by two or more jurisdictions which may be in conflict with each other.

Privacy Issues

On-line companies have many uses for personal information derived from Web site visits, whether to refine their understanding of consumer needs, create data profiles, facilitate target marketing for later direct e-mail campaigns, or to quantify site visits and sell advertising on their sites. Sometimes the information is willingly provided by site users and sometimes it's simply transaction data. Other times it comes via "cookies" which users take away with them. Cookies are small pieces of data which are sent to a Web site user's hard drive by the Web server to track site usage, and which can be queried for information about the user the next time the user returns to the site.

Consumers, on the other hand, want some control over what is collected, by whom, and for what purpose, and they don't necessarily want their names being added to various mailing lists for direct marketing and other purposes. Furthermore, if they are prepared to provide confidential, personal information, they want, and usually expect, that it will be transmitted and stored in "secure form", perhaps by using some type of encryption.

As discussed under Limitations of Current Legal Structure, current privacy legislation in Canada except for Quebec's doesn't require the private sector to satisfy these consumer expectations and concerns. However, if Bill C-6 becomes law, personal data ranging from health records to shopping habits, could be disclosed only with the consent of the person from whom it was collected. The Bill, if enacted, will cover all companies within federal jurisdiction, and all companies within provincial jurisdiction within 3 years unless their respective province passes similar legislation in the meantime, which Quebec's law is deemed to be.

Based upon the Canadian Standards Association's Model Code for the Protection of Personal Information, Bill C-6 attempts to restrict the use, collection and disclosure of all personal information in the course of commercial activity, whether recorded in any form or merely oral, without the individual's knowledge or consent. The information doesn't have to be private or confidential to be personal, but simply information which is about an identifiable individual. It expressly applies to information from employees, customers and potential customers. It specifically provides that a person must agree to having information about him compiled or transferred, that his consent once given can be withdrawn, and that access must be available to him to check the accuracy of the information and correct it, if necessary. It also provides that the information collection must be limited to what is needed, that the purposes for the collection must be made clear, and that adequate safeguards must be in place to protect the information.

Businesses governed by Bill C-6 will be required to appoint compliance officers, establish internal guidelines covering the accuracy and retention of personal information, and properly train employees in maintaining its confidentiality. Individuals will be entitled to file complaints with the federal Privacy Commissioner, who will be empowered to audit the privacy practices of a business and even apply to the court for a hearing and remedies.

Instead of waiting for Bill C-6 to be proclaimed in force, many businesses are participating in certain self-regulatory privacy initiatives. Some follow the privacy guidelines or codes adopted by their industry association, whereas others become licensed under on-line "seal" programs such as TRUSTe or CPA WebTrust. In return for the right to display a seal, participating businesses must abide by prescribed on-line privacy practices and submit to ongoing monitoring and a complaints resolution process.

Any privacy policy which a business adopts should contain a privacy code outlining the basic privacy principles, a set of operational guidelines which employees can follow, and a statement of consumer rights which explains how consumers can correct personal data and register complaints.

Security of Information Issues

For those business clients who use, or have used, their own private networks to allow employees to communicate with each other and with select suppliers or customers, security of information hasn't been regarded as a big concern. Many have assumed that messages relayed on a private network are just as secure as voice and fax messages relayed on land-based telephone lines.

Yet when these messages are sent over the Internet, such assumptions of security are not as valid. Unlike a private network, the Internet transmits information in "packets" along unpredictable paths through interconnected networks of millions of computers. Since it was designed to be a fail-safe communication system to withstand a nuclear disaster, the security of messages sent wasn't its principal objective.

There are a number of technologies which can protect the digital information contained in a company's computer system. Determining who gets on-line access to the system and who doesn't can be accomplished by a "firewall". Some firewalls screen out incoming data by the Internet Protocol address and originating program of the sending computer, while others also screen by the kind of data itself. Either way, prohibited material won't be passed along to the intended receiving computer.

Preventing illicit copying of certain digital information can be accomplished by means of digital watermarks, which can be inserted into an image without noticeable effect. A digital code is hidden within the image and remains intact despite any cropping or other editing. When the image is opened, the viewer is given information about the author and copyright owner and how to license the image for use.

Protecting the company's digital information against infection from various "viruses" and "worms" can be accomplished through installation of certain anti-virus programs, and monitoring for any breaches in system security can be accomplished through automated review of the audit logs of the company's large computers. Having a communications server equipped with a firewall but lacking any data on its hard drive and which is kept separate from the company's main file server can also reinforce the security of company information.

However, despite the installation of sophisticated security devices, it may still be possible to gain unauthorized access to company information systems. As a result, users of the Internet face the possibility of losing the confidentiality of their messages. And if they buy things on the Internet, they also risk having their credit card, debit card or bank account personal identification numbers used by others for unauthorized transactions.

Yet unauthorized credit card use or loss of confidentiality are only two of the many security issues that arise when companies carry on business on the Internet. When a company deals on-line with a customer or supplier, the company is naturally concerned about whether someone else knows the contents of the messages being exchanged. But a company is also concerned about who is really sending the company messages and whether the messages have been tampered with, as well as whether any messages received can be denied as having been sent by the sender. The company, in other words, wants authentication of the sender and the message to protect against the message being repudiated later on.

One of the solutions to these concerns is a system of public key cryptography. Like any system for cryptography, messages are scrambled enough to make unscrambling them for viewing too time consuming or expensive. Unlike single key cryptography, like the personal identification number for a bank account, which requires both sender and recipient of a message to know the same secret key and therefore to have a certain amount of mutual trust, public key cryptography uses a pair of keys for each of the sender and recipient. Each has a private key and a public key. To send a confidential message, the sender encrypts the message using the recipient's public key, and on receiving the message, the recipient uses his private key to decrypt it. In order to provide the recipient with a means to authenticate the origin of the message, the sender applies his private key to the message before sending, by what some call a "digital signature". The recipient, on receiving the message, will apply the sender's public key to authenticate the signature.

However, there is the possibility that an imposter could secretly substitute his own public key for the public key of another while having the same private key. To guard against this, certain institutions can be selected as "certification authorities" to certify that a named user actually owns a public key or confirm that a public key is no longer valid because its paired private key has been compromised.

Whether or not companies consider adopting some form of public key cryptography in carrying on their Internet business, they are still well advised to use other techniques to confirm the identities of their on-line customers and suppliers. Confidential passwords, personal identification numbers or access codes may still be assigned to individual users, and certain personal identification queries asked of message senders.

Although it is critical to have technology that can identify the person at the other end of an on-line transaction, companies shouldn't overlook the fact that many security problems take place internally through employee or contract workers. Anyone wanting to do serious damage to a company's information system doesn't need to come through the Internet. Training employees to realize the importance of security, and asking them to turn off their computers when they leave the office and to protect e-mail containing sensitive information, may help to deter "inside" information security breaches.

Advertising and Promotion Issues

Just as bricks-and-mortar stores can succeed because of things such as direct mail, telemarketing, contests, sidewalk sales, and local newspaper and radio advertising, there are similar techniques which on-line businesses can use to generate sales. Electronic coupons, deep discount pricing, air miles or affinity program rewards, banner ads, bulk unsolicited e-mail or "spam", or getting top billing on a number of search engines are all examples of how on-line companies can get their message across and motivate customers to buy on the Web. But unlike the advertising and promotional materials used by bricks-and -mortar stores which are usually directed at a local market, the advertising and promotional materials used by on-line stores can be viewed by a global audience, materials which can be legal in one jurisdiction and quite illegal in another.

For those on-line companies which restrict their marketing and sales efforts to Canadian buyers, they are nonetheless required to comply with numerous statutes and regulations which generally govern companies carrying on business in Canada. They may also be expected to comply with the many guidelines or codes imposed on certain businesses through industry associations, like the Canadian Direct Marketing Association or Canadian Advertising Foundation. And they may wish to respect Industry Canada's Principles of Consumer Protection for Electronic Commerce, proposed by the federal government as an alternative to introducing specific consumer protection laws for e-commerce.

Certain on-line marketing conduct invites civil causes of action and even criminal prosecution. In addition to the specific rules covering regulated products such as tobacco, drugs and alcohol, and regulated industries such as banking and securities, there are laws and regulations of general application which affect how Internet marketing is conducted. The sending of spam may result in the spammer not only being sued by its Internet Service Provider for breach of no-spamming prohibitions in its service contract, but also being charged under the Criminal Code for the unauthorized use of a computer system or mischief towards computer data.

False and misleading claims which a business makes on the Interent can result in charges under the Competition Act, provincial business practices legislation, or as fraud under the Criminal Code. Confusing links to other Web sites can result in actions under the common law or the Trade-marks Act for passing off or trade-mark infringement. For Quebec companies or companies with Quebec offices, any advertisement posted on their Web sites in only the English language could lead to charges under Quebec's Charter of the French Language.

Contests and sweepstakes involving too much chance and not enough skill, or failing to provide adequate disclosure of the chances of winning or the value of the prizes, or requiring the payment of money to participate, can result in charges under the Criminal Code and the Competition Act. Failing to register or post a bond to cover the value of promised prizes can cause lotteries and sweepstakes to run afoul of certain provincial laws.

Whether an offending advertisement or promotion appears on the company's Web site or any other site, or in cybermalls, electronic bulletin boards or e-mails, the foregoing potential liability for the company exists. But such liability may also extend to each on-line entity through which the advertisement or promotion may be communicated. Although the Competition Act relieves from misleading advertising liability those entities merely passing on ads sourced from a third party, their efforts to review or control ads before passing the ads along may deprive them of such relief.

In addition to complying with the above legislation dealing with misleading or fraudulent advertising and with contests and sweepstakes, an on-line company still has to comply with off-line consumer protection laws. For example, for a company conducting on-line business in Ontario, it must respect the product warranties implied by the Sale of Goods Act, honour the cooling-off period allowed by the Consumer Protection Act, and provide the level of disclosure prescribed in the Business Practices Act, as well as adhere to the labelling standards of the federal Consumer Packaging and Labelling Act, Textiles Labelling Act, and Hazardous Products Act.

Electronic Payment Issues

Without the ability to reliably process payments, a company wanting to conduct on-line transactions can't really succeed. Although there is no single payment method for on-line transactions, the most frequently used method is the transmission of credit card information, whether given over the Internet through an encrypted or unencrypted channel, by voice over the telephone, or by fax. The credit card information is sent to the on-line company for processing like a mail order or phone order transaction

Yet one of the problems faced by an on-line company in accepting credit card payments is the higher than normal "merchant discount" or transaction fee, along with the requirement imposed on the company by the financial institution taking the deposited payments to post collateral, and the risk of being charged back for transactions denied by cardholders. Financial institutions take the position that on-line card payments are riskier than in-store card payments and treat them within the "card-not-present" or "mail order, telephone order" risk category which doesn't involve presentment of a physical card. Fortunately for the cardholders, their liability for unauthorized card use is generally limited by contract to $50.

As an alternative to the usual way credit card payments are handled, the financial institution can participate in the transaction, thereby avoiding the need to give credit card information to the merchant. The information is instead transmitted directly in encrypted form via the merchant's system to the financial institution which in turn transmits an electronic confirmation of the payment to the merchant. This alternative approach is facilitated by the Secure Electronic Transaction (SET) protocol which creates a multi-layered encrypted communication channel between a purchaser and merchant based upon the public key infrastructure discussed above under Security of Information.

There are many variations on this substitute for the traditional credit card payment, although most are based upon public key encryption and create digital data which can be used as money. Generically called "e-cash", this electronic money is digitally signed by the issuing institution's private encryption key, and usually involves the institution charging its customer for the amount electronically transmitted.

Some systems reveal the identity of the person paying the money issued by the financial institution, and may allow the tracking of this "identified" electronic money as it is transferred from one party to the next. Other systems involve "anonymous" electronic money which can be spent or transferred without leaving a trail. Some permit transfers to anyone, while others allow transfers only from a consumer to a merchant pursuant to an on-line sale. Some require access to an on-line network when the money is transferred, while others allow for transactions to be off-line. Some systems using a tokenized format to transmit "real" electronic money can result in a "real" loss to the owner if the digital representation is lost, whereas other systems using a notational or record format can simply return the money in the event of loss or destruction of the digital representation.

Another form of electronic money or digital cash includes stored value "smart cards" which can be used for both on-line and off-line transactions. The "cash" can be downloaded on-line from a financial institution onto a card-shaped computer disk. Smart cards can be used in an "open system" to buy goods and services from a number of suppliers, or simply to transfer money from one cardholder to another. They can also be used in a "closed system" as single purpose cards or for purchase from only one or a select number of suppliers. Either way, although the initial withdrawals from the financial institution are recorded, subsequent transactions completed with the card can be as untraceable as cash. However, the $50 limit for unauthorized use enjoyed by credit card holders is not generally made available to smart card holders.

Since electronic money represents only an issuer's promise to pay and is not a medium of exchange authorized or backed by the government, it should not be accepted as "legal tender", even though contracting parties can agree to treat it as money for the purpose of their transaction. The inapplicability to electronic money of the Currency Act to deem it legal tender and of the Bills of Exchange Act to address issues of holder in due course and stop payment creates some uncertainty for those wishing to accept electronic money as a form of proper payment. For companies issuing electronic money which are not financial institutions, the current regulatory system which protects depositors and other financial institution customers may not serve to protect their customers, especially if the issuing company does not hold any funds on behalf of its customers for transfer to third parties.

Given that many on-line consumers abandon their purchases because the current registration process is so complicated, the process can be simplified through the use of an electronic wallet, which securely stores their address, personal information and credit card number on their Web browser software and makes it easier and quicker for them to make purchases. They don't have to waste time typing in loads of information every time they want to buy something, leading to "one-click buying".

It may take a while before a comprehensive electronic payment infrastructure is widely deployed. Financial institutions and merchants will have to become willing to accept payment tokens through the Internet, and a critical mass of buyers with private keys and a significant number of trusted certificate authorities will have to be put in place. Allocating risk among these various participants, including liability for fraud, unauthorized access and trafficking in stolen keys and forged tokens, will have to occur before electronic payments become commonplace.

Tax Issues

Income tax authorities generally assert jurisdiction on the basis of a taxpayer's residence or source of income, but the traditional rules for determining either aren't easily applied to some on-line companies. The ability of a company to conduct a worldwide business using a server and relating to customers located almost anywhere, far away from the company's head office, strains the residency and source of income basis for taxation. While the sales of tangible products delivered by mail or courier to fill a company's Web initiated orders may fit relatively easily within the traditional rules, sales of intangible products and services, such as software, digital images or music files, or on-line newsletters which are delivered over the Internet, don't.

For those on-line companies resident in countries without a tax treaty with Canada, they may be liable to pay Canadian income tax if they "carry on business" in Canada, often deemed to occur if they make offers or enter into binding contracts. However, the mere placing of a home page on the Web which is accessible to Canadian residents, just like advertising in general, is not in itself considered sufficient to be carrying on business in Canada. For those on-line companies resident in countries which have a tax treaty with Canada, they may be liable to pay Canadian income tax only if they have a "permanent establishment", but not simply carry on business, in Canada. For these companies, maintaining a server in Canada or conducting on-line sales with Canadian residents without also occupying a Canadian office or warehouse may allow them to avoid liability for Canadian income tax.

Even if an on-line company is subject to Canadian income tax, characterizing all of the sources of the income it earns can be problematic, especially when the sources of income are taxed differently. Under existing international tax treaty rules, the tax treatment of income from sales is derived from the seller's country of residence, but the treatment of income from services is derived from the country where the services are performed, and the treatment of income from royalties is derived from where the intellectual property is used. Yet, for a company providing on-line information services, for example, the fees it receives from subscribers can be viewed as comprising business income, service income and royalty income, thereby bringing into question in which jurisdiction should the fee income be taxable.

In addition to those issues relating to the assessment of income tax, there are specific issues relating to the application and enforcement of GST to the sale of products and services from Web sites. In determining whether a business is liable to withhold and remit GST, regardless of whether it's a resident or non-resident of Canada, reference can be made to not only where the Web server is located, but also where each on-line sale contract is made and where payment is accepted. Determining the latter is not easily accomplished.

Similar issues arise in connection with the imposition of applicable duties and customs charges. While physical goods being imported into Canada may allow for easy collection, there is no easy way to identify or levy charges on intangible goods or services.

And to complicate things, there may appear to be multiple taxes payable with respect to a single on-line sale, levied by the jurisdiction of the seller and of the buyer.

In addition to the difficulty experienced by taxing authorities in determining whether they have jurisdiction over on-line company taxpayers, they have difficulty in collecting the taxes they are rightfully owed. On-line commerce definitely frustrates the ability of the tax authorities to verify and audit electronic transactions. Electronic cash and payment systems obviously don't leave a "paper trail". Furthermore, the Internet's disintermediation or reduction of the number of middlemen discussed above removes a number of the tax compliance and collection points which exist in the traditional distribution system.

Employee Issues

Allowing employees to use their employer's Internet facilities creates a number of issues for the employer. In addition to using the Internet during regular working hours for their own personal and business purposes, employees can use the Internet to transmit their employer's confidential information and trade secrets, and subject their employer to liability for their own illegal on-line activities.

Since employers can be made liable for the acts or omissions of their employees, defamatory statements and hate messages, discriminatory comments and sexual harassment, copyright and other intellectual property infringement, and distribution of pornography can all be attributed to the employer through an employee's sending of e-mail or Usenet posting. Because an employer's name or trade-mark is often part of the employee's e-mail address, the employer is easily implicated in an employee's misconduct.

Consequently, employers should attempt to deter any of these things from taking place, through an education program, the imposition of an employee Internet use policy, and the ongoing monitoring of employee Internet use.

Since most employees expect that their Web searching and e-mails will be kept private despite being carried out over their employer's Internet facilities, any efforts by their employer to intercept or spot-check their Internet usage raise obvious privacy concerns. A broadly distributed Internet use policy of which employees are frequently reminded may help to reduce or remove their privacy expectations in the workplace.

An employee Internet use policy is specifically intended to deter improper employee use of e-mail or the Internet, as well as provide a defence against employees alleging invasion of privacy. The policy ordinarily states that the employer owns the workplace Internet system, that the system is to be used by employees for employer business only, and that the employer will monitor the employee's use from time to time.

The policy usually prohibits not only the transmission of confidential information or inappropriate content but also the improper use of copyrighted material. It also requires that employees keep their passwords secure and avoid downloading files or opening e-mail attachments from unfamiliar sources in an effort to deter viruses from entering the system. Participation by employees in on-line discussion groups is usually prohibited, or allowed only if the participating employee clearly disclaims any authority to speak on behalf of the employer. Failure by an employee to observe the policy can result in disciplinary action, including dismissal.

It is preferable to have the employee consent to the policy in writing, either before starting to work for the employer or before accepting a promotion, in order to establish sufficient consideration for being bound by it.

Conclusion

It's difficult to predict which of the foregoing issues will cease to be a concern, or which parts of Internet commerce will really take off. Some relate more to the business-to-consumer market, whereas others relate more to the business-to-business market.

For the consumer market, there may be an important distinction to be made between shopping for tangibles and shopping for intangibles. Shopping for clothes, furniture and other tangibles reflecting personal fit or taste will remain for many people a "hands-on" exercise if not a kind of social activity, leaving the shopping malls not particularly threatened for the time being. After all, Internet shopping is just another form of mail order, and not everyone wants to shop by mail order. The creation of "petting zoos" for potential buyers to sample tangible products evidences the "clicks and mortar" convergence of in-store and on-line shopping. The replenishment market, made up of those consumers wanting to simply re-order what they already know will fit, may be the best market for on-line retailers of these kinds of tangible products.

But shopping for intangibles is another matter. Travel agents, insurance brokers, and real estate agents have all been faced with the transfer of their business first to telephone call centres and then to the Internet. The banks are creating user-friendly on-line interfaces, albeit with passwords, codes and other forms of security protection, to reduce dependence on their physical branch systems. Once further breakthroughs take place such as mobile telephones that connect easily to the Internet, and standard television sets with Internet facilities, on-line shopping for intangibles may increase dramatically.

Yet, in order for companies to fully realize the benefits of going on-line in carrying on their businesses, they need to have reasonable certainty as to which laws will apply to their activities.

Much of the challenge in law reform is trying to keep pace with technological change, since technology has the capacity to quickly render legislation and regulation obsolete. More voluntary codes of conduct may be needed to fill the technological gap, since private sector initiatives are often faster than government initiatives. Also, in relying on strictly government initiatives, there is always the fear that instead of facilitating e-commerce by providing certainty and predictability and encouraging freedom to contract, they might dampen it by imposing highly restrictive standards and conditions, or by being too broad or vague in application.

And because the technology is transnational, there remains the need for harmonized laws, policies and self-regulations covering on-line commerce in the major trading countries to make law enforcement and compliance easier. National e-commerce laws should conform to each other as much as possible, since lack of uniformity amongst such laws may be the biggest barrier to e-commerce.

© 1999 A. Paul Mahaffy. All rights reserved. A. Paul Mahaffy practises business law with Bennett Best Burn LLP of Toronto, with particular emphasis on purchase and sale agreements, technology transfers, Internet commerce, joint ventures and financing. He can be reached by e-mail at pmahaffy@bbburn.com, and his recent publications can be viewed on-line at http://paulmahaffy.com