Chapter Five ACG 5458 The Regulatory

607 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
607
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Chapter Five ACG 5458 The Regulatory

  1. 1. Chapter Five ACG 5458 The Regulatory Environment
  2. 2. The Regulatory Environment <ul><li>Primary International and Legal Issues </li></ul><ul><ul><li>Cryptography Issues </li></ul></ul><ul><ul><li>Privacy Issues </li></ul></ul><ul><ul><li>Web Linking </li></ul></ul><ul><ul><li>Internet Sales Tax </li></ul></ul><ul><ul><li>Electronic Agreements and Digital Signatures </li></ul></ul><ul><ul><li>Spam Mail </li></ul></ul><ul><ul><li>Online Auctions and Content Filtering </li></ul></ul><ul><li>Implications for the Accounting Profession </li></ul>
  3. 3. Cryptography <ul><li>Cryptography is a mathematical encoding that transforms readable messages into unreadable formats (cyphertext). </li></ul><ul><li>Key length (size) determines the difficulty to crack the code. </li></ul><ul><li>Encryption is the coding </li></ul><ul><li>Decryption is the decoding </li></ul><ul><li>40-Bit Key-3 hours to break code </li></ul><ul><li>56-Bit Key-22 hours to break code </li></ul><ul><li>64-Bit Key-30 days to break code </li></ul><ul><li>128-Bit Key-2,000 years to break code </li></ul>
  4. 4. Cryptography <ul><li>Regulatory Issues: </li></ul><ul><li>Domestic use, Importation and Exportation rules </li></ul><ul><ul><li>Rules differ by country </li></ul></ul><ul><ul><li>US is “looser” than China, Belarus, Kazakhstan and Pakistan </li></ul></ul><ul><li>Use of encryption by criminals, terrorists, and money launderers. </li></ul><ul><li>Ability of law enforcement to obtain decrypted forms of encrypted messages, either through a key recovery or a key escrow system. </li></ul>
  5. 5. Cryptography <ul><li>Key escrow systems involves a central repository that contains all encryption keys. </li></ul><ul><li>Key recovery systems have some mechanism that will provide authorized law enforcement agencies the ability to recover and use the key (e.g., trusted third party). </li></ul><ul><li>Issues: </li></ul><ul><li>How will sufficient controls be created and maintained to protect citizens from law enforcement abuse of authority? </li></ul><ul><li>How is it possible to enforce internationally? </li></ul><ul><ul><li>INTERPOL prefers a key recovery system. </li></ul></ul>
  6. 6. Privacy of Private Citizens <ul><li>Information Privacy: the right to have one’s personal or business data be kept confidential. </li></ul><ul><li>Privacy Groups: </li></ul><ul><li>Center for Democracy and Technology </li></ul><ul><li>Electronic Frontier Foundation </li></ul><ul><li>Electronic Privacy Information Center </li></ul><ul><li>Privacy International </li></ul><ul><li>Privacy Rights Clearinghouse </li></ul><ul><li>Online Privacy Alliance </li></ul>
  7. 7. Figure 5-1: Percentage of US Sites That Post Privacy Policies and Link From Home Pages Source: FTC, 2000 0.62 0.97 0.76 0.94 Random Sample Most Popular Sites Post a Privacy Policy. Links the Privacy Policy from the Home Page
  8. 8. Privacy of Private Citizens <ul><li>Federal Trade Commission (FTC) Five Core Principles of Privacy Protection: </li></ul><ul><li>Notice </li></ul><ul><li>Choice </li></ul><ul><li>Access </li></ul><ul><li>Integrity and Security </li></ul><ul><li>Enforcement </li></ul><ul><li>Regulatory Issues: </li></ul><ul><li>Self-regulation or government regulation? </li></ul><ul><ul><li>If government regulation, which one? Differences exist between countries, US “looser” than European Union </li></ul></ul><ul><li>How do we protect children’s privacy? </li></ul>
  9. 9. Figure 5-2: Percentage of US Sites That Collect Personally Identifiable Information and Utilize the FTC Principles Source: FTC, 2000 55% 89% 50% 67% 43% 83% 55% 74% 20% 42% 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 Notice Choice Access Security All 4 to some extent Random Sample Most Popular
  10. 10. Figure 5-3 Percentage of US Sites That Collect Personally Identifiable Information and Implement Choice Options Source: FTC, 2000 Random Sample (detail of the 50% who offer choice) Opt-In 25% Opt-Out 71% Unclear 4% Most Popular Opt-Out 75% Opt-In 16% Unclear 9% (detail of the 67% who offer choice)
  11. 11. Privacy and Security <ul><li>From the FTC’s 2000 study: </li></ul><ul><li>Only 39% of the random sample (54% of the most popular sites) take steps to provide security during transmission. </li></ul><ul><li>Only 29% of the random sample (48% of the most popular sites) take steps to provide security after receipt. </li></ul><ul><li>Only 8% of the random sample (45% of the most popular sites) display some sort of privacy seal from an independent third party. </li></ul>
  12. 12. Children’s Privacy Regulation <ul><li>FTC’s 1998 study found that 89% of children’s sites were collecting private information on children: </li></ul><ul><ul><li>Email and postal addresses </li></ul></ul><ul><ul><li>Telephone numbers and Social security numbers </li></ul></ul><ul><ul><li>Age, date of birth, and Gender </li></ul></ul><ul><ul><li>Education </li></ul></ul><ul><ul><li>Interests and Hobbies </li></ul></ul><ul><li>Enticements such as prizes, raffles or contests are used often. </li></ul>Children's Online Privacy Protection Act (COPPA) passed in 2000
  13. 13. Adults’ Privacy Rights and the EU’s Directive <ul><li>1998 European Union Privacy Directive states that personal data on the Internet must be: </li></ul><ul><ul><li>Collected only for specified purpose </li></ul></ul><ul><ul><li>Processed fairly and lawfully </li></ul></ul><ul><ul><li>Kept accurate and current </li></ul></ul><ul><ul><li>Destroyed after stated purpose is fulfilled. </li></ul></ul><ul><li>Users have the right to access their information for correction, erasure or blockage, choose to opt in or out, oppose automated decisions, and have judicial remedy and compensation. </li></ul>
  14. 14. EU Privacy Directive Affects US Companies doing Business with the EU <ul><li>EU citizens have greater privacy rights than US citizens </li></ul><ul><li>US and the EU developed a “safe harbor” for US businesses in 2000: </li></ul><ul><ul><li>Notice </li></ul></ul><ul><ul><li>Choice </li></ul></ul><ul><ul><li>Transfers to third parties </li></ul></ul><ul><ul><li>Access </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Data integrity </li></ul></ul><ul><ul><li>Enforcement </li></ul></ul>
  15. 15. More on Privacy: Past and Current Events <ul><li>Toysmart.com selling its customer list </li></ul><ul><li>More.com passed customer’s prescription information to HealthCentral </li></ul><ul><li>Carnivore: FBI’s Internet sniffing code </li></ul><ul><ul><li>Argument with Earthlink.com exposed a high level of citizen monitoring. </li></ul></ul>
  16. 16. Web-Linking <ul><li>Legal problems occur when: </li></ul><ul><li>Inappropriately referencing a linked site </li></ul><ul><li>Not referencing the site from which you copied information to your site </li></ul><ul><li>Displaying another site’s information without the original advertisements </li></ul><ul><li>Unauthorized use of trademarks in metatags </li></ul><ul><li>Unauthorized display of registered trademarks </li></ul>
  17. 17. Web-Linking and Defamation <ul><li>Defamation occurs when an individual makes a false statement about another individual or business that is damaging to their reputation. </li></ul><ul><li>The issue: whose rights prevail? </li></ul><ul><li>The right to free speech? </li></ul><ul><li>The right to be safe from harassment? </li></ul><ul><li>It’s often not clear: </li></ul><ul><li>Can opinions be separated from facts? </li></ul>
  18. 18. Web linking without Proper Referencing <ul><li>Linking using framing involves: </li></ul><ul><li>Not carrying the original site’s advertisements to the new site </li></ul><ul><li>TotalNews case of copyright and trademark infringement, unfair competition, and wrongful interference </li></ul>
  19. 19. Web linking using Metatags <ul><li>Corporations attempt to increase the visits to their sites by putting well-recognized trademarks in the HTML metatags that are labeled as keywords for search engines </li></ul><ul><li>Trademarks include words, names, symbols, logos, and graphical designs </li></ul><ul><li>Federally registered trademarks bear an ® </li></ul>
  20. 20. Trademark Infringement <ul><li>Trademark is displayed on the website without explicit permission granted by the owner of the trademark, and </li></ul><ul><li>Trademark display causes either </li></ul><ul><ul><li>A likelihood of confusion </li></ul></ul><ul><ul><ul><li>Similarity to something else, malicious intent, actual evidence of confusion </li></ul></ul></ul><ul><ul><li>Or tarnishes the value of the trademark </li></ul></ul><ul><ul><ul><li>Association with inferior quality, alteration of the trademark, or representing the trademark in an attack . </li></ul></ul></ul>
  21. 21. Linking to Illegal Files <ul><li>Downloading of copyrighted materials, such as music, increases your risks of litigation: </li></ul><ul><ul><li>Napster cases </li></ul></ul><ul><ul><li>MP3.com cases </li></ul></ul>
  22. 22. Domain Name Disputes <ul><li>Top level domains (e.g., .com, .org) </li></ul><ul><ul><li>Internet Corporation for Assigned Names and Numbers (ICANN) – nonprofit organization </li></ul></ul><ul><ul><ul><li>Many domain name registrants, such as Network Solutions, Inc. </li></ul></ul></ul><ul><li>1999 Anticybersquatting Consumer Protection Act </li></ul><ul><ul><li>Does not allow domain names to be held hostage or used if they are established trademarks. </li></ul></ul><ul><ul><li>Does not allow similar or identical trademarks to share a domain name. </li></ul></ul><ul><ul><li>Changed the domain name assignment from “first come, first served” to “who utilized the name for business purposes first” </li></ul></ul>
  23. 23. Internet Sales Taxes <ul><li>It is an interstate taxation problem: which jurisdiction applies? There are over 30,000 tax jurisdictions in the US alone. </li></ul><ul><li>2001(1998) Internet Tax Freedom Act </li></ul><ul><ul><li>No state/local sales taxes on Internet services provision or use. </li></ul></ul><ul><ul><li>Does not apply if the buyer and seller are in the same state and the seller has a corporate presence (if no corporate presence, then a use tax applies). </li></ul></ul><ul><ul><li>A future federal sales tax may be the only solution in the future to this problem. </li></ul></ul>
  24. 24. International Tax Issues <ul><li>Different countries have different opinions and tax systems: </li></ul><ul><li>European Union prefers a value-added tax, but still has to resolve different rates in different countries within the EU. </li></ul><ul><li>China prefers sales taxes on Internet transactions. </li></ul><ul><li>Corporate presence: </li></ul><ul><li>Differing definitions between countries. </li></ul><ul><li>Global infrastructures: what if company building is in one country, and web server is in another? </li></ul><ul><li>Organization for Economic Cooperation and Development (OECD) is working on a global definition of physical presence </li></ul>
  25. 25. Electronic Agreements and Digital Signatures <ul><li>American Bar Association (ABA) details important aspects of digital signatures: </li></ul><ul><li>Signature and document authentication </li></ul><ul><li>Affirmative act </li></ul><ul><li>Efficiency </li></ul><ul><li>2000 Electronic Signatures Act (E-Sign) </li></ul><ul><li>Allows but does not require electronic signatures for contracts for international and interstate contracts </li></ul><ul><li>Electronic record should accurately reflect the written document information and stay accessible to all parties. </li></ul><ul><li>Wills, trusts, family matters such as divorce, transportation of hazardous materials, recalls of products, cancellation of insurance do not apply. </li></ul>
  26. 26. 1999 Uniform Electronic Transactions Act (UETA) <ul><li>National Conference of Commissioners on Uniform State Laws (NCCUSL) </li></ul><ul><li>22 states have adopted this attempt at a common standard, similar to E-Sign </li></ul><ul><li>Provides standards for electronic contract acceptance, accuracy and integrity, enforcement, and electronic agents. </li></ul>
  27. 27. 1999 Uniform Computer Information Transactions Act (UCITA) <ul><li>National Conference of Commissioners on Uniform State Laws (NCCUSL) </li></ul><ul><li>2 states have adopted this attempt at a common business transactions standard </li></ul><ul><li>Clarifies the UCC law in terms of computer information transactions </li></ul><ul><li>Makes the law uniform among various jurisdictions </li></ul>
  28. 28. International Digital Signature Environment <ul><li>Many countries have passed digital signature laws: </li></ul><ul><ul><li>Argentina, Australia, Austria, Canada, Columbia, Estonia, European Union, Finland, Germany, Hong Kong, Ireland, Japan, Malaysia, Philippines, Singapore, Switzerland </li></ul></ul><ul><li>Many more are currently in process. </li></ul>
  29. 29. SPAM e-mails <ul><li>Spam mail is the mass sending of unsolicited e-mail advertisements. </li></ul><ul><li>E-mail addresses may be purchased lists or may be retrieved from intelligent agents. </li></ul><ul><li>Cost of sending SPAM is very low </li></ul><ul><li>Costs to recipients is high on network loads </li></ul>
  30. 30. Online Auctions and Content Filtering <ul><li>What does an e-marketplace do when found to be supporting “unethical” transactions? </li></ul><ul><li>Filter (censor) incoming packets </li></ul><ul><li>Filter (censor) outgoing packets depending on the recipient (IP information such as country code) </li></ul><ul><li>Who should determine the limits? </li></ul><ul><li>Web site owners? </li></ul><ul><li>Web site users? </li></ul><ul><li>Government regulation? </li></ul>
  31. 31. Implications for the Accounting Profession <ul><li>Expansion of legal skill sets, resources and services are warranted from: </li></ul><ul><li>Increased liability exposures </li></ul><ul><ul><li>Taxation, privacy, intellectual property, cryptography, digital signatures, acceptable business practices </li></ul></ul><ul><li>New liability exposures </li></ul><ul><li>More complex risk assessments </li></ul><ul><li>Changing legal and regulatory environments </li></ul><ul><li>Increased opportunities for new services : </li></ul><ul><li>Consulting in system design </li></ul><ul><li>Certificate authority role in society </li></ul>

×