ECW9

Office Futures

Home page > Reference pages > eComWatch archive > ECW9

ECW9

Issue 9, February 24, 2000

+++ Convergences, bottlenecks and blockages

+++ Some aspects of consumer protection on-line

+++ About eComWatch

+++ Convergences, bottlenecks and blockages

A large part of what happens with e-commerce over the next few years will depend on several convergences taking place. It will also depend on whether, for reasons of greed or stupidity, those convergences are built right into the principal blockages or bottlenecks that have afflicted the Web since day one.

The most interesting convergence taking place is the one so neatly symbolized by the AOL-TIME Warner merger: that among network computing, telephony and broadcast. At a functional level, many of the convergences are taking place in your pocket or handbag. Your digital 'phone is rapidly becoming a narrowband access point to the Internet. At the same time, your PDA has probably overtaken the power of the PC you had on your desktop five years ago. And for a mere couple of hundred quid you can equip it with a modem.

Fifteen years ago, an earnest young salesman sat in my office demonstrating an online database. He arrived equipped with a portable computer and a modem with an acoustic coupler. Memory tells me the thing fired itself up to 2,400 bps and a fairly awesome cps (character per second) rate. Of course, it was rendering basic ASCII, but the performance really wouldn't be put to shame by the machine sitting under my desk today. And for a basic keyword search of a flat database, it would probably outperform most systems delivered over the Web.

You can pull most of the components of convergence together on a e-commerce site if you want to. Internet telephony has taken a major leap forward with the compression and quality of the HearMe(http://www.hearme.com) voice system. With a reasonable modem and decent traffic conditions, Microsoft's NetMeeting and others will deliver quite acceptable voice/video systems. A little bit of fiddling with code makes it possible to provide the visitor to the site with most of the functionality of a call centre.

That same Web site -- at a somewhat higher server and line overhead -- can deliver quite acceptable broadcast-type goodies, such as streaming radio or video. A bit Heisenberg-like, you shouldn't really try to do both at once unless you know your users are on high bandwidth DSL or better.

Bandwidth is definitely bottleneck one. It was when we connected at 75/300 bps, and at 2,400, at 9,600, at 14,000 and so on. At each step, it seems, we are doomed to lag behind the demands of the neat stuff people want to send us.

And just as we finally have acceptably-priced broadband coming down the pike towards us, the industry is telling us that what most of us really really want to do is participate in an eBay auction or buy some shares on eTrade through our portable phone. Back to the joys of narrowband.

One of the great hidden benefits of narrowband was that it drove the need for tight compression and fast slick code. Client software got fatter, which probably contributed to beating off the challenge of the Network Computer -- the dream of returning to a 1950s model of centralized computing with a world of dumb terminals.

The drive to wireless and the dream of fully converged wireless networking are as ancient as the prophecies of Negroponte. And that dream shall doubtless be fulfilled by broadband in the fullness of time. Indeed, some developers are actually worried that the sustained throughput of the PCI bus will be a limiting factor in the enjoyment of wireless broadband on your personal PC. You should be so lucky as to have such a problem.

Sadly, wireless continues to be driven primarily by telcos, whose main interest lies in competing with additional premium services.

This is bottleneck number two. Whether over wire or wireless, the telcos' buried assets are strangling convergence. They should be concentrating on mobility. The developments in operating hardware are all coming from there; just look at Nokia, Psion (+ IBM!), Ericsson and Motorola.

I have cheerfully been writing off a third model for convergence, this one fairly static. I have always argued that WebTV tried to mix oil and water, but since my much venerated auntie has started sending me e-mail from her television (knocked out while they rack up the balls for the next frame), I have been forced to reconsider. And surely the driving force of DotCom advertisers, for whom TV-internet interactivity is as manna in the desert was to the Israelites, is not likely to be ignored. Only a foolish person would ignore both his auntie and the Saatchi brothers.

So convergence is all about us, yet it is ignored by perhaps 99% of e-commerce sites. Their owners persist in the belief that e-commerce is direct mail online.

E-commerce development, sadly, moved from the hand of graphics retreads, who charged huge sums to plaster an online brochure with enormous animated GIFs, to the equally guilty hands of database developers who charged even huger sums to move catalogues online and hook them into back office systems. Where on earth were sales directors or PR chiefs while all these millions were being spent?

Chalk up blockage three at the same time you rack up another key convergence. Theoretically (all the annual reports say this is true, so it must be), all of a company's resources, skills and functions are converging and focusing on the customer. E-commerce provides the theoretical vehicle for this to happen. The blockage is the lack of vision of developers, designers and consultants who believe that an online mail piece or catalogue offers a new and more fulfilling level of shopping experience.

The final area of convergence and blockage is financial. Over the last decades of the last century and millennium [both yet to expire - Roger], the world's myriad systems of exchange tumbled before humble slices of plastic with the magic names 'MasterCard' and 'Visa'. So armed, an ordinary person could travel much of the world, never having to trouble himself with mundane cash. A simple, universal and almost instant means of exchange is a key convergence to enable e-commerce, and in turn be driven by e-commerce.

Yet that same system is a major blockage. High commission rates are a major disincentive. We particularly enjoyed a visit to Web Transaction Services ( http://www.wtsbank.com/ ), whose terms of engagement bring a tear of gratitude welling into one's eye. Add to these transaction costs the mulcting a customer will receive if the purchase involves a foreign currency, and the financial costs may well exceed 25% of the cost of the transaction. The absence of a safe and reliable microbilling system holds back a tidal wave of new business models for content delivery.

In each case, key technologies already exist to propel the expansion of e-commerce forward. In each case, the desire of incumbents to protect legacy systems and revenue models imposes major blockages.

None of this is new. Think railways and roads, or telegraph and telephone. Better yet, get copies of the Financial Times for this date in 1970, 1980 and 1990. Look up the top 100 technology companies. Compare, contrast and comment.

Then please do drop us a note.

-oOo-

+++ Some aspects of consumer protection on-line

(This is a somewhat longer article than we normally provide, but it's a big topic and Roger tries to give it a fairly extensive survey. This is an edited extract from his forthcoming book, 'E-strategy: Transforming your organization into an e-business', to be published by Kogan Page in the spring. He's promised me I can review it - CO)

++ The customer's predicament

Buying goods over the 'Net has much in common with buying by mail order:

the customer cannot inspect the goods beforehand

he usually has to pay before they are despatched

he must trust the company to supply the goods B on time, and as described

the terms of the contract and the customer's remedies in case of trouble are not always spelt out

the customer has to send his personal and financial details to an unknown entity, without knowing what will happen to them.

There is, however, one big difference, in that mail-order purchasing is an established way of doing business. Statute and case law (the one decided by governments; the other by judges) have grown up around it and the credit card companies provide some protection in case of default or other difficulty. Also, the catalogue companies and periodical publishers run various self-regulation schemes, controlling their members' performance, use of personal data and so on. Above all, people are familiar with the routine of mail-order buying and with the main firms offering it. There is a level of trust, in other words.

Many of these elements are lacking or are at an immature state of development in e-commerce. Statute law is still being defined, especially internationally, and there are few test cases upon which to base precedents. Data and privacy protection schemes for consumers are finding their feet, being handled differently sometimes within the same national jurisdiction. Trust is still in short-supply, sometimes even with Web manifestations of established brands.

++ Legal protection

In England, consumer sales from Web sites fall within the scope of the Sale of Goods Act 1979, just as much as if they had been sold over the counter or by mail order. The goods themselves must therefore be:

as described

fit for the purpose

and of satisfactory quality.

The contract for the sale of the goods or services must be based on four elements:

both parties must make clear that they are willingly entering into a binding agreement

all the terms of the agreement have to be set out beforehand

there should normally be some 'material consideration' changing hands, some quid pro quo. Usually this is of a monetary nature but not necessarily. (Completely one-sided contracts are rarely enforceable in law.)

it should be clear under which jurisdiction the agreement is being made.

This last point is where a particular problem arises. If someone in Germany, say, buys something off a Web site run on a server in Italy but on behalf of a retailer in England, where does he seek legal redress if the transaction turns out to be unsatisfactory?

Under one piece of impending EU law, the answer will be Germany. A piece of proposed legislation known informally as 'The Brussels Regulation'(1) stipulates that a consumer can bring breach of contract proceedings where he is domiciled, wherever the vendor is situated. This regulation is an attempt to update some 1968 legislation on the matter, to take account of electronic commerce from Web sites.

Part of the draft says:

"The Commission has noted that the wording of Article 15 has given rise to certain anxieties among part of the industry looking to develop electronic commerce. These concerns relate primarily to the fact that companies engaging in electronic commerce will have to contend with potential litigation in every Member State, or will have to specify that their products or services are not intended for consumers domiciled in certain Member States."

"Certain anxieties" is something of an understatement. As this proposal stands, any company from anywhere in the world that trades over the Web within the EU must do one of two things. It must either set up separate Web sites for exclusive use within each EU country in which it trades or create one 'mega site' with contract terms that meet the consumer protection rules of all EU member states. Either way will involve difficulty and expense; the first negates the very idea of a World Wide Web. Naturally, Web traders are unhappy at this idea, especially those from the USA.

++ Other legislation

Consumer protection, and the governance of electronic commerce overall, are also the subject of some broader EU legislation. For example, the 1997 Distance Selling Directive (2) governs the establishment and performance of business-to-consumer contracts that are "negotiated at a distance" and involve the use of "one or more means of distance communication". This applies to selling within and between EU member states and includes telephone and mail order business (but not financial services or food or drink).

More recent is the proposed Electronic Commerce Directive, an amended version of which was agreed on 7 December 1999 by the Council of Ministers. At the time of writing, this had yet to receive its second reading in the European Parliament but is unlikely to change much, if at all, before it becomes law. Like all EU Directives, it will then become obligatory for member states to enact legislation to meet its stipulations.

Among its provisions is this, pertaining to electronic contracts:

"Member States shall ensure that their legislation allows contracts to be concluded electronically. Member States shall in particular ensure that the legal requirements applicable to the contractual process neither prevent the effective use of electronic contracts nor result in such contracts being deprived of legal effect and validity on account of their having been made electronically."

There are exceptions, such as in countries where contracts require the involvement of a notary, or must be registered with a public authority. Neither of these is normally the case in Britain, for instance, so the making of consumer contracts on the Web will in due course be recognized by statute. (See The role of government, below.)

This does not mean that Web contracts are presently unlawful or unenforceable. Numerous other pieces of legislation apply, including, in some circumstances, long-standing conventions for the creation of EDI contracts. Legislation arising from the Directive will regularize the situation, especially between states, so that judicial decisions will not need to be made ad hoc.

The place of formation of an online contract is another topic covered by the Directive. This will be the "place of establishment" of a trading company. In our example above, the contract would be deemed to have been made in the United Kingdom, even though the Web site was in Italy.

It looks from the foregoing as though the operators of the Italian Web site will be only people unaffected by this legislation. If they are an ISP, they will be treated as a 'common carrier', much as PTTs are. The press release (3) about the Council of Ministers' decision says this:

"the Directive would establish an exemption from liability for intermediaries where they play a passive role as a 'mere conduit' of information from third parties and limit service providers' liability for other 'intermediary' activities such as the storage of information."

This does not, however, mean that the EU is leaving the ISP with nothing to do. Again, see The role of government, below.

++ OECD

Another body having its say on e-commerce is the Organisation for Economic Cooperation and Development. The OECD was set up in 1961 to promote economic progress and world trade. It currently has 29 members, including most European countries, the USA, Canada, Mexico, Japan, Australia and New Zealand.

In its Guidelines for Consumer Protection in the Context of Electronic Commerce, published on 9 December 1999, the OECD set out what it sees as the basic rules of behaviour for businesses engaged in electronic commerce with consumers. Such business should, it says:

present any information about themselves or what they sell, in a "clear, conspicuous, accurate and easily accessible manner"

take account of the regulations in any markets they target

not use the Internet to disguise their identity or location, or to avoid compliance with standards

not use unfair contract terms

make advertising and marketing clearly identifiable as such

allow consumers easily to choose whether or not they wish to receive unsolicited commercial e-mail messages, and respect that choice

take special care in advertising or marketing aimed at children, the elderly, the seriously ill and people with reading or comprehension difficulties.

There are several other recommendations, dealing with matters such as privacy, the provision of information about the business, processes for confirming transactions, payment mechanisms and security.

One especially notable item in the OECD framework is the intent that governments institute mechanisms for dispute resolution that are "fair, timely and inexpensive". Another is that they, with business and consumer representatives, should educate consumers about electronic commerce, "to foster informed decision-making by consumers".

Although, as the OECD, says, these guidelines are not legally binding, "there is a strong moral obligation for the member countries to utilise and implement these policy recommendations, which they themselves have jointly drafted." In other words, if usual practice is followed, these suggestions will become law in all or most of the OECD's 29 member countries within the foreseeable future.

Reaction to these proposals has, so far, been generally favourable. One international organization, Consumers International (CI), worked on them with the OECD. CI, which has 250 members in 111 countries, had earlier published its own proposals, "Consumers@Shopping" (4) . It does not seem altogether pleased with the result, its vice president, Louise Sylvan, calling the proposals "an acceptable compromise", which is scarcely a resounding endorsement. Unfortunately, at the time of writing, no one from CI was available to elaborate on that comment.

++ Still more bodies

Even wider-reaching efforts to regulate international e-commerce have come from the United Nations Commission on International Trade Law (UNCITRAL). In 1996, this created a model law that member nations are expected to use in formulating their own legislation. The USA has thrown its weight behind it, as has the EU.

The model law (5), as revised in 1998, describes its objectives as:

the fostering of economy and efficiency in international trade, by helping "an enacting State" to create "a media-neutral environment", and

the removal of obstacles to international trade arising from inadequate legislation at the national level.

An important element of the UNCITRAL model is its encouragement of countries to create what it calls 'functional-equivalence'. This is the removal of handicaps to the use of modern communication techniques by making them legally comparable to older methods, such as paper, Telex and fax ('telecopy').

An example of this comes in the area of contract formation, in which it says: "unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of data messages. Where a data message is used in the formation of a contract, that contract shall not be denied validity or enforceability on the sole ground that a data message was used for that purpose."

++ Damn' Yankees

It may seem, by now, that the old expression about too many cooks spoiling the broth would find apt application here. Things are not, though, as confusing as this succession of official documents might suggest. These various organizations consult with each other extensively and base their deliberations on each other's work.

That's the theory, anyway. A difficulty arises with the USA, which has been banging a drum labelled "free trade". As interpreted by its enforcers in the World Trade Organization (WTO), this appears to have meant giving American business interests the right to create the cliche 'level playing field' simply by driving a steam-roller over the interests of smaller and weaker nations and of consumers everywhere.

As events at the WTO summit in Seattle, in November 1999, showed, not everyone agrees that this is the fairest way or that genuine free trade (that is, equally free either way) results. The growing resistance to such tactics is evidenced by the European Parliament's response to the USA's proposals for consumer data protection (6). Here is part of the European response:

"The Working Party notes that some progress has been made but deplores that most of the comments made in its previous position papers do not seem to be addressed in the latest version of the US documents."

Such strong language is unusual and suggests exasperation at the USA's behaviour. Contrast that with the joint press release, dated 16 December 1999, on the activities of the EU and Canada on electronic commerce matters. This is a warmly-worded document, full of expressions like "recognise the importance of working together', "share a vision" and "actively work".

The key is this paragraph:

"EU and Canada consider that legislative frameworks for the protection of privacy and personal information are a vital component of electronic commerce strategy and beneficial to the evolution of an information society."

In other words, Canada has shown itself willing to use legislation, specifically legislation acceptable to the EU, to ensure consumers' data is protected (7). It has aligned itself with the EU Directive on Data Protection (8), which became effective on 25 October 1995. Part of this requires that "transborder dataflows" to outside the European Economic Area (the EU plus Iceland, Liechtenstein and Norway) take place only to countries that provide an "adequate" level of privacy protection (9).

The USA will not legislate for this, at least for now. Instead, it proposes a voluntary scheme called a 'safe harbour'. In this, companies wishing to trade electronically with the EU will simply undertake to comply with the EU's principles. This, so the US Department of Commerce maintains (10), will allow "a presumption of adequacy" that should satisfy the EU. The European Parliament clearly disagrees and, as the extract above indicates, feels that the USA is dragging its feet on the matter.

The point at issue is the USA's preference for self-regulation. This not only reflects the national character but might also be taken as an indication of how much its government is beholden to big business. Whatever the cause, the US government takes, as its proposals say, "a sectoral approach that relies on a mix of legislation, regulation, and self regulation".

++ The business view

That American view is reflected in yet another organization's contribution to the debate about consumer protection on-line. The Alliance for Global Business (AGB) is a group of over a hundred trade bodies from around the world, including trades councils and chambers of commerce. It has produced a report called A Global Action Plan for Electronic Commerce (11), with the subtitle of Prepared by Business with Recommendations for Governments. (AGB is nothing if not presumptuous.)

This document is, in effect, a 25,000-word exercise in finding different ways of saying "self-regulation is best". Among the jewels to be found in it is this:

"Government intervention, when required, should promote a stable, international legal environment, allow a fair allocation of scarce resources and protect public interest. Such intervention should be no more than is essential and should be clear, transparent, objective, non-discriminatory, proportional, flexible, and technologically neutral."

One might wonder about the sequence of objectives set out in that first sentence. One could also spend a week or two debating the exact meaning of the entire second sentence.

Lovers of politically-freighted weasel words would also enjoy the judicious selection of one adjective in this paragraph from the report:

"Governments should recognise that the Internet is a new medium providing new opportunities and challenges. Existing regulatory systems must provide consumers with useful protection of their personal data and at the same time guarantee the free flow of information needed for the information society to produce the anticipated benefits."

Not "trustworthy" or "reliable" or even "adequate" protection, you will notice, but "useful". Time to hold on to your holiday money, by the sound of it.

The final selection from this wondrously one-eyed discourse deals with educating consumers, a topic that the OECD says should be done "with business and consumer representatives":

"Governments have a major role in educating and empowering the public to enhance awareness of their responsibilities and ability to exercise choice with respect to their protection as consumers."

Obviously, as AGB sees it, business has a minor role to play in this. Whoever does it, though, will be charged with "empowering the public to enhance awareness of their responsibilities". And what of their rights, and what of business's responsibilities, you may ask? No wonder the EU is chary of the American approach to privacy and data protection.

All this brings to mind some words of Adam Smith, darling of laissez-faire capitalists and author of An Inquiry into the nature and causes of the Wealth of Nations, from which this passage comes:

"It is not from the benevolence of the butcher, the brewer, or the baker that we expect our dinner, but from their regard to their self-interest. We address ourselves, not to their humanity, but to their self-love, and never talk to them of our necessities, but of their advantages."

Quite so.

++ Trust

At the beginning of this piece, I mentioned that trust is still in short-supply in electronic commerce. In the appendices of the AGB report is a summary of about forty schemes ("industry self-regulatory initiatives", in AGB-speak) for trying to engender and maintain this.

Probably the best-known of those listed is TRUSTe, an American-based organization set up in 1997. Its green and black rectangular logotype is to be seen on many trading Web sites. TRUSTe itself reckons that, by October 1999, over 750 Web sites displayed it, more than a tenth of them being overseas. According to a 1999 survey by Nielsen//NetRatings, it is "the most visible symbol on the Internet". (Nielsen must mean "logo": the most often seen symbol on the Web is an hourglass!)

TRUSTe is backed by CommerceNet, a trade organization, and the Electronic Frontier Foundation, a 'non-profit', like TRUSTe itself (12). Among its activities is investigating complaints against registered sites. The organization says it dealt with about 375 these in 1999, of which roughly a fifth were found to be valid.

Details of "a selection" of investigations and resolutions are posted on the Web site. There were 5 listed at the time of writing. If the foregoing statistics are correct, this suggests that about 70 of the 1999 batch of miscreants were omitted. This is scarcely 'naming and shaming' but is not contrary to its declared policy.

Criticisms of TRUSTe are not hard to find, despite most major search engines being clogged with entries for its Web site. (I wondered whether TRUSTe's Webmaster had been engaging in some 'spamdexing', or keyword stuffing, but the home page, at least, had only a few metatags.)

The first site found, at http://www.privacy-policy.com , belongs to Russell Wilson, who operates a series of sites and pages on privacy matters (13). What he says appears to be true, although long in the tooth, but he could be seen as having an axe to grind because of his commercial activities. Also, he is just one person.

More serious were the reports in three widely-read publications, Slashdot, CNN and Wired. The latter two covered more or less the same ground as the first, but in less detail. Slashdot is an online-only publication, mainly dealing with Linux matters. Two articles in it by Jamie McCarthy, on 8 and 16 November 1999 (14), relate how TRUSTe had failed, in his opinion, to deal adequately with complaints of data misuse by Microsoft and by RealNetworks. Both companies had used GUIDs (Global User IDs) in their software to secretly download information about users.

Since this data was not actually gathered via the companies' Web sites, TRUSTe argued that these companies' behaviour was outside the terms of the agreement to license the use of its logo on their sites. It therefore did not remove them from the scheme, even temporarily.

McCarthy's view, echoed in several of the comments posted by readers in the associated online discussion, was that TRUSTe had failed to meet its ostensible purpose of ensuring that its licensees gave effectual protection to personal data gathered on-line. He feels that because TRUSTe is financially beholden to its licensees and sponsors, who include Microsoft, it is "all carrot and no stick".

Ironically, Microsoft announced in 1999 that it would withdraw its advertising from Web sites that do not have a published privacy policy. Others, including IBM, Disney and Intel have done likewise. This appears little more than a PR exercise in most cases, the companies' stipulations on wording typically being laxer than TRUSTe.

None of them, one could reasonably bet, would be as stringent as those suggested by the OECD. A visit to its Web page at http://www.oecd.org/scripts/PW/PWHome.asp brings one face to face with "The OECD Privacy Policy Statement Generator". This the beta test of a proposed service, consisting of a lengthy series of forms. When you have completed them, the program disgorges the appropriate wording to put on one's Web site.

++ In Britain

A scheme that appears to have at least a small stick is the one operated in Britain since June 1999 by the Consumers Association (C), lobbyists on consumer matters and publishers of the Which? series of magazines. This currently has 300 firms registered with it.

Called Which? Online (15), this is different in scope than the TRUSTe programme. For example, it creates no extra protection for consumers' data or privacy. Instead, it simply reminds traders that they must comply with the UK Data Protection Act 1984, which all companies must do anyway.

This legislation is being replaced by the 1998 Act, in compliance with the 1995 EU data protection directive (see above). It comes into force on 1 March 2000. This Act applies to all companies and traders 'established' in the United Kingdom, using data processing equipment there or, in effect, exported to them from the UK. (By October 2001, it will apply also to paper records, closing a loophole in the old act.)

The Which? scheme does, though, make stipulations with regard to:

pricing, payment methods, delivery and refunds

the appropriateness of any advertising and sales promotions

company and address details

contract terms and guarantees, and

dispute resolution.

In addition, Which? undertakes to reimburse consumers with the first ,50 of any loss arising from credit card problems. Credit card issuers must repay the rest (they are not always as cooperative or as speedy a people would like, but that's another debate).

CA is itself an Internet Service Provider, which might put it in an anomalous position if, inadvertently or otherwise, it were to breach its own rules. Users of its Internet services enjoy the extra privilege of free legal help in the case of dispute with a registered trader. People who use another ISP can buy this assistance, at GBP51 a year or GBP39 if they are Which? subscribers ("members").

There is no fee to traders for inclusion in the scheme -- they just have to demonstrate compliance with the criteria -- so CA is unlikely to find itself in the kind of quandary that TRUSTe is in with Microsoft and RealNetworks. Indeed, it has already acted to remove certification from one trader, Jungle.com, which had failed to attend to a series of customer complaints. CA reinstated the company a fortnight later, which predictably led to raspberries from some of the UK computer press.

++ The role of government

The Which? scheme looks to be a productive combination of governmental and self-regulation. Trust, like security, is a matter of perception as much as it is one of actuality. The Consumers Association has an established reputation for championing consumers' rights, one which it has a fair chance of transferring to the online world.

It may have competition, though. The British government announced a much-amended Electronic Communications Bill in November 1999, designed to ease the way to e-commerce. It had removed from the bill controversial earlier proposals for compulsory escrow of encryption keys, making it more likely to gain general acceptance. Among its contents are:

the giving of explicit legal recognition for electronic signatures (obviously an important element in verifying the identity of both seller and buyer on-line)

the removal of insistence on the use of paper in many existing laws, and

setting a "kitemarked" self-regulatory e-commerce approvals scheme, called the 'T-Scheme'.

Like much the present Government does, this last element looks to be based on the American model. In an echo of the basis for TRUSTe, it will be set up in collaboration with an e-commerce trade association, the Alliance for Electronic Business (AEB).

AEB consists of five organizations:

Computing Services and Software Association (CSSA)

Confederation of British Industry (CBI)

Direct Marketing Association (DMA)

e-centre UK (a merger of the Electronic Commerce Association and the Article Number Association, both of them specialists in business-to-business dealings))

Federation of the Electronics Industry (FEI).

It appears to draw its pay and rations from the CBI, on whose Web site it squats (see http://www.cbi.org.uk ), seemingly not having one of its own. One wonders how quickly the scheme itself will take to get going.

Until then, or until such time as the OECD guidelines are put into practice by the British government, the Which? Web Trader scheme is as good as British online shoppers will get. Indeed, it gives comes close to giving them better protection than they enjoy in the 'real' world.

But it can only come close, because there is one user of consumers' data that neither an ISP nor the customer can deny access to: the government. Amid the flurry of model agreements, guidelines, directives and laws described earlier, the governments of the world have quietly been arranging to spy on all their citizens online, not just shoppers.

Such behaviour is not new, of course. For many years, most Western governments have participated in the Echelon network. This is a system led by the National Security Agency in the USA for intercepting all kinds of traffic carried by satellite, whether telephone, fax or email (16). The United Kingdom, Canada, Australia and New Zealand are major Echelon partners, with other NATO countries being 'third-party' partners.

This snooping is being extended into other areas of electronic communication. Europe's police forces, under the prompting of the American FBI (Federal Bureau of Investigations), are intending to require ISPs and telecommunications network operators to install monitoring equipment or software on their premises.

These plans were hatched during a seven-year series of FBI-hosted meetings, innocuously entitled the International Law Enforcement Telecommunications Seminar (ILETS). An EU police working party agreed the ILETS proposals in March 1999, as Enfopol 19. This has subsequently been adopted as EU policy. (Similar schemes exist in Russia and in China but do not, as far as is known, involve the FBI.)

Some of the ILETS thinking is understood to lie behind the British Government's Regulation of Investigatory Powers (RIP) bill, which was also announced in November 1999. This updates the existing Interception of Communications Act, will regulate covert surveillance and provide powers to decrypt coded e-mail. RIP is meeting intense resistance from groups such as the Foundation for Information Policy Research, who believe its provisions to be both unconstitutional and in breach of the European Convention on Human Rights (17).

++ Conclusion

A visiting Martian might find all this confusing. On the one hand, the European Union is fighting the USA over the principle of legislated versus self-regulated control of the use of consumers' data. At the same time, those same two bodies are collaborating to covertly read that same data, pass it to each other and collate it in ways that would be forbidden commercial organizations.

Out of this come one fact and one question. The fact is that whatever form of consumer protection is put in place for online shoppers, it will be incomplete and less than they enjoy off-line.

The question is the one framed by the Roman satirist, Juvenal, nearly 2,000 years ago: Sed quis custodiet ipsos custodes? -- "But who will guard the guardians themselves?" It looks as though nobody but one of the main international courts can do so. The ordinary consumer is unlikely to pursue a grievance that far.

This does not mean the situation is as desperate as it may appear. The average citizen seems endlessly tolerant of official spying. In Britain alone, for instance, there are something like a million outdoor closed-circuit television cameras in operation, with the Government having recently set aside ,140 million to help local councils install more. Yet, there have been no mass protests against this.

It is likely, therefore, that the citizenry will stay this phlegmatic when on the Web, or using its cellphones or interactive televisions, despite any evidence of snooping put before it. If that is the case, it does still matter how business goes about establishing trust in its use of data. Not only will that involve the matters gone into in this short review, it will also bring in topics like security, fraud and payment for personal data. Above all, it will be about perception management. Like creating a good brand, that cannot be done in a hurry, even by the hottest new dot.com.

*****

Footnotes

1. And more formally as COM (1999) 348 final: proposal for a Council regulation (ECU) on jurisdiction and recognition and enforcement of judgements in civil and commercial matters.

2. This is Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the Protection of Consumers in respect of Distance Contracts, available at http://www.europa.eu.int/comm/dg24/policy/developments/dist_sell/dist01_en.html

3. See http://europa.eu.int/comm/dg15/en/media/eleccomm/99-952.htm

4. See http://www.consumersinternational.org/publications/index.html

5. Available from the excellent Lex Mercatoria site, at http://www.jus.uio.no/lm/toc/x.00-electronic.commerce.html

6. This is, formally, an Opinion of the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, number 5146/99, date 3 December 1999. It is available at: http://europa.eu.int/comm/dg15/en/media/dataprot/wpdocs/wp27en..htm

7. The Personal Information Protection and Electronic Documents Act, of 26 October 1999 (see http://www.parl.gc.ca/36/2/parlbus/chambus/house/bills/government/C-6/C-6_3/C-6_cover-E.html

8.) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, available from http://europa.eu.int/comm/dg15/en/media/dataprot/law/index.htm

9.) The wording is as follows: "Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data." (Source: The UK Data Protection Registrar, at http://www.dataprotection.gov.uk/transbord.htm

10.) See its Draft International Safe Harbor Privacy Principles, dated 15 November 1999, at http://www.ita.doc.gov/td/ecom/Principles1199.htm

11.) 2nd edition, October 1999, available on the Web site for the International Chamber of Commerce http://www.iccwbo.org/home/menu_electronic_commerce.asp

12.) TRUSTe's Web site, at http://www.truste.org , gives details of its aims, backers and activities.

13.) Including a useful test page, at http://privacy.net/analyze/ , that provides a listing of the information revealed away when one visits a Web site. A related site is similarly enlightening about cookies.

14.) See http://slashdot.org/yro/99/11/05/1021214.shtml and http://slashdot.org/yro/99/11/12/1144210.shtml

15.) See http://www.which.net/webtrader/index.html .

-oOo-

About eComWatch

eComWatch is edited and published by Roger Whitehead and Christopher Ogg. Copyright Roger Whitehead and Christopher Ogg, 2002. eComWatch may be circulated freely in its original format with copyright notice intact. For permission to reproduce any article,