Copying and falsification are easier in the world of electronics than in the real world. To achieve the same level of confidence as in the real world, it may be necessary to develop new mechanisms to determine the source of data, the identity of the recipient and the integrity of information.
A variety of new technologies are being developed to support electronic signatures and authentication. These include not only encoding techniques but also biometrics, which involves the digitization of personal characteristics, such as iris color or fingerprints. These technologies will enhance security and improve the reliability of transactions in the digital society. They are also expected to lead to the creation of new businesses, such as electronic certification services. If we are to realize these goals, companies and individuals will need to have access to a wide range of affordable electronic signature and authentication systems.
The Code of Civil Procedure contains provisions for determining the validity of a handwritten signature or seal placed on a document by the author of the document. There are also precedents for assuming that the impression of a person's seal on a document indicates the will of that person. Moreover, since certificates of seal impressions are used to verify that a seal is indeed that registered for a particular person, it is relatively easy to show that an agreement has been established where documents bear seals that have been verified by means of seal certificates.
The new technologies of electronic signing and authentication can now fulfill the same functions as handwritten signatures or seals, and it would be reasonable, therefore, to apply the same assumptions to electronic signatures. To facilitate the development and use of a wide variety of low-cost electronic signature and authentication systems and encourage the growth of electronic commerce, government and industry should work together in close communication to create infrastructure that allows electronic signatures to be accepted in the same way as written signatures. This will require efforts to overcome the concerns listed in (a) through (d) below and to prevent legal systems from lagging behind actual business practices and trends in technology development.
To ensure the success of the electronic authentication business in the private sector, certification authorities will need above all to raise user awareness of the importance of security measures and the effectiveness of certification services. To enhance the convenience and reliability of electronic authentication, authorities will need to establish mutual certification systems. There will also be a need for peripheral businesses, such as rating and insurance services for certification authorities.
In the field of international electronic commerce, there is now an increasingly need for mechanisms that allow an electronic signature from one country to be recognized in other countries. This will require international cross-border certification systems under which a certificate issued by a certification authority in another country could be treated in the same way as certificates issued by local certification authorities. International cross certification systems could be established in the private sector. Alternatively, mutual recognition could be based on agreements between governments or regions to give equal domestic legal status to electronic signatures from other countries or regions. The establishment of private-sector systems would basically require the acceptance of the certification practice statement of certification authorities on both sides.
With regard to government-level mutual recognition systems, Japan must step up its lobbying efforts to ensure that mutual reconition agreements among private companies are respected and that the legal system is not used to exclude foreign certificates on the grounds that they were issued by foreign certification authorities or because there is no equivalent legal system in the country of origin. One approach would be to sign an agreement under which a valid certificate issued in one country would be treated as equally valid in the country where the certificate was received. In international commerce, problems relating to the validity of electronic signatures and certificates could be solved through the establishment of prior agreements concerning the jurisdiction and laws to be applied to contracts.
The need to establish electronic signature and authentication systems is greater in the public sector than in the private sector. To improve the efficiency and speed of public services and reduce the cost to the public and businesses, the government should introduce electronic systems in such areas as the processing of applications, declarations, and procurements, so that government formalities can be completed via information networks. The use of electronic signatures and authentication by the government will raise awareness of these systems among the public and in the business sector. In addition, since electronic signatures and authentication would be used at the interface between the government and the private sector, private-sector use of the systems would also increase.
Accordingly, the government should move without delay to create an environment in which electronic signatures and electronic authentication can be used. To minimize costs for both the government and the private sector, the government should also establish common standards for all ministries and agencies.
As authentication requirements vary in the public sector, the standards should offer a range of options, such as verification of identity or authenticity and levels of security, that can be selected by entities providing public services according to the requirements of their particular activities. Obviously, the standards should also be highly transparent, and there should be no discrimination between domestic and foreign users. In areas where fair access to public services is a particular priority, care should be taken to create systems that are easy to use.
Actual certification services should be out-sourced, in principle, to private businesses that have the required specialized knowledge.
Steps must be taken to ensure that personal information collected as a consequence of electronic commerce is handled properly. This is essential to ensure that consumers can engage in electronic commerce with confidence, and to facilitate further growth for the various enterprises that use electronic commerce.
To expand electronic commerce, enterprises (business owners) must first of all eliminate consumer misgivings by taking their own initiatives to adopt countermeasures and respond technologically to ensure the proper handling of personal information.
Enterprise initiatives should be based on observance and implementation of the eight privacy principles of the Organization for Economic Cooperation and Development,* set down in the Recommendation of the OECD Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (1980).
The government should work to raise public awareness concerning the handling of personal information and encourage consumer initiatives in this area. It should also establish the minimal public sector infrastructure required to eliminate consumer fears. However, care should be taken to ensure that the rules set down by the government are framed in terms that are easy to understand and apply to actual situations. Otherwise the rules could impose an excessive burden on businesses, ultimately limiting the use of electronic commerce.
* The eight principles are the (1) collection limitation principle, (2) data quality principle, (3) purpose specification principle, (4) use limitation principle, (5) security safeguards principle, (6) openness principle, (7) individual participation principle, and (8) accountability principle.
Formulation and Publication of Policies on Handling of Personal Information
Companies should establish personal information policies based on the eight OECD privacy principles and publish them on their Websites and through other media. They should also observe these policies. To encourage consumers to take greater initiative, companies should continuously disclose information about the formulation and publication of their personal information policies and their procedures for handling personal information. It is also necessary to provide consumers with information on which to base their decisions. Companies should choose options that suit their business activities and are cost effective, such as the acquisition of privacy protection marks or seals under systems currently in operation or compliance with Japan Industrial Standard requirements concerning management systems for personal information protection programs.
Companies will also need to ensure that their personal information protection policies are being implemented by establishing compliance programs and designating officers responsible for the implementation of those programs. In addition, compliance levels will need to be monitored, checked, and improved. One option would be to seek third-party assessments.
Stating the Purpose of the Use of Personal Information and Obtaining Individuals' Consent
When companies gather, use, or supply personal information, their basic principle should be that the purpose for which the personal information is being used is disclosed directly to the individuals concerned and that their consent is obtained. In addition to this, companies should also disclose the consequences that may arise if the information is not supplied. In the area of electronic commerce, a variety of technologies can be used to gather information automatically. If personal information is gathered in ways that allow identification of the individual, the individuals concerned should be advised in advance of the information that will be gathered and the purpose for which it will be used, and their consent should be obtained. If such information is to be transferred to a third party, consent should be obtained either at the time of collection or before the information is transferred. Prior consent will not be necessary, though, in the case of action relating to the execution of contract terms or preparations for such execution, since agreement to a contract can be construed as automatic agreement to the use of information.
Responding to Requests from Individuals for Disclosure, Amendment, or Deletion of Information
In principle, companies should, within reasonable limits, accommodate requests from individuals for the disclosure, amendment, or deletion of information provided by individuals in connection with electronic commerce. Companies should establish procedures and systems for this purpose.
Establishment of Interfaces for Complaints
To raise consumer confidence, companies need to establish structures to accept views and requests from consumers and ensure prompt implementation of remedial action. Obviously, such systems should be established by individual companies. However, there is also justification, in terms of the impact on personal lives, consumer convenience, knowledge accumulation, and cost, for the establishment of industry or cross-industry efforts.
Even when companies voluntarily take steps to ensure that personal information is handled properly, there is still a possibility that such information will be misused by persons with malicious intent. Individual companies or industries are limited in their ability to take effective steps to prevent such contingencies and control the actions of outsiders. Apart from defamation suits, the remedies available for the misuse of personal information are at present limited to general provisions concerning illegal activities. If consumers suffer from the misuse of information by persons with malicious intent, consumer confidence in electronic commerce as a whole could be compromised. To promote the use of electronic commerce and to allow consumers to participate in it without concern, public institutions are needed to thwart maliciously minded persons and to provide a safety net for those injured by such persons.
Establishing a Minimal Legal Framework
In many cases, personal information held by companies is likely to be classed as commercially sensitive information, which means that protection under the Unfair Competition Prevention Law Could be available in some cases. If the information cannot be classified as commercially sensitive, then it may not be possible to safeguard the rights of individuals. In addition, only enterprises are allowed to seek injunctions or other remedies under the Unfair Competition Prevention Law.
However, companies could face unnecessarily high costs and may be discouraged from using electronic commerce if regulations are put in place without clear definitions of what constitutes actions likely to jeopardize the interests of individuals. Information that is clearly confidential is handled by only a limited range of industries. The imposition of prior limitations on corporate behavior in other industries would not only be ineffective against malicious persons but could also impose a heavy cost burden on law-abiding businesses and limit the flexibility of corporate activities.
For these reasons, voluntary company initiatives should remain the first line of defense for the time being. Such initiatives could be supplemented by regulations against behavior that is likely to lead directly to consequences that would harm the interests of individuals.
At present, the greatest area of concern for consumers in relation to the handling of personal information is the growing risk of problems resulting from the repeated transfer of information without the knowledge of the individuals concerned. Any regulatory action is likely, therefore, to focus on behavior that is clearly malicious, such as (1) the theft or fraudulent acquisition of personal information and the use or disclosure of such information or its transfer to third parties and (2) the acquisition, use, or disclosure of personal information while knowing that it was obtained through theft or fraud.
Legal approaches in such cases include appeal to criminal, civil, or administrative regulations. Where problems can be settled through civil actions, such as injunctions or damage suits, the use of administrative regulations, which involve greater government intervention than civil ones, will probably be unnecessary. Even if criminal penalties are introduced, they should be reserved for extremely malicious actions, such as deliberate, continuous, or organized illegal activities designed to inflict serious damage on specific individuals.
Establishment of Remedial Systems
The government should establish a mechanism to provide prompt and effective protection for the rights of individuals in situations where a company and an individual are unable to reach agreement about the disadvantages suffered by the individual or where a dispute cannot be resolved by the parties concerned, such as when a third party is involved.
Raising Awareness of Personal Information Issues
Access to convenient services must be reconciled with the protection of personal information. This goal can best be achieved if consumers possess and apply knowledge and skills that enable them to protect their personal information, such as the practice of checking in advance the purpose for which information will be used. The government should actively provide consumers with adequate education so that they can learn the habit of guarding their own information and acquire the knowledge and skills needed to protect themselves. Information-related education for children and students should include training in the use of companies' personal-information-handling policies as decision-making criteria. Some people, such as the very young or very old, may lack the ability to make decisions about the provision of personal information. Measures should be considered to counter possible risks to the personal information of such people and their families.
Those participating in electronic commerce should be entitled to the same protection that applies to real-world commerce. Stringent prosecution of illegal activities, such as network-related crimes and fraud, is especially important. Such measures should not be allowed to compromise the convenience and diversity of electronic commerce, however, and for this reason companies should basically take their own steps to avoid such problems.
Companies can best avoid problems by disclosing information so that consumers are aware in advance of the level of risk involved. The types of information that should be disclosed will vary depending on the industry and the type of activity and goods. However, the minimal requirement for companies is the provision of easy access for consumer inquiries and confirmations. When soliciting sales or making offers, companies must help consumers to make informed decisions by providing accurate information. Specific aspects about which consumers should be informed are likely to include the total cost to the consumer, including tariffs and taxes, the currency to be used, application deadlines, delivery lead times, payment methods, services provided, conditions for after-sales service, cooling-off periods and conditions for returns, exchanges, and cancellations. Consumers also need to know which countries' laws and courts will apply in the case of disputes, and the specific laws that apply to transactions. In addition, consumers should be offered processes that allow them to understand and consider the significance of their consent before they give it.
In addition to these efforts by businesses, consumers should also take responsibility for the avoidance of problems by basing purchasing decisions on a careful consideration of benefits, costs, and risks. For example, if the information provided is not adequate, consumers should seek confirmation before making any decision. The government and the private sector should encourage consumers to exercise caution, and awareness of the risks involved in this type of transaction should also be promoted through school education.
It is hoped that risks faced by consumers participating in electronic commerce will also be reduced through the emergence of support businesses. Services provided might include third-party assessments or ratings of provider reliability and insurance against unforeseen losses.
The regulations that currently govern commercial transactions are designed primarily to protect consumers and ensure the stability of transactions. Because the regulations assume that business will be carried out either face-to-face or through documents, they contain requirements covering such aspects as the exchange of documents stipulating terms of contracts or the provision of explanations on a face-to-face basis. Laws containing such requirements include the Travel Business Law, the Door-to-Door Sales Law, the Installment Sales Law, and the Securities and Exchange Law. For the sake of user convenience, it should be possible to provide contract details, manuals and other information by electronic means.
Enhanced convenience and low prices are the factors that make electronic commerce attractive to users. Regulatory reforms should be accelerated, therefore, to permit a wide variety of providers to participate and compete freely. These changes should include the prompt abolition of supply-demand adjustment requirements for the sale of liquor, the abolition of restrictions on the types of liquor that can be sold by mail, and a review of resale systems for books and other items.
Existing Civil Code contract rules cover such items as the point in time when a contract or statement of intent takes effect, the validity of contracts and statements of intent, the protection of parties to contracts when a contract is signed by a person without authority, such as when impersonation takes place, and the treatment of errors in the transmission of data. There is currently a debate over whether the existing rules should be interpreted and applied to electronic commerce or whether new rules should be formulated. Until this matter is settled, there is a risk that parties to contracts will be affected by uncertainties regarding the signing and implementation of those contracts. The government should clarify its position without delay.
The global expansion of electronic commerce could lead to increasing conflict between national tax jurisdictions. Japan should play an active role in the development of international taxation rules by the OECD and other organizations.
Electronic commerce should not be subjected to discriminatory taxation systems, such as so-called Internet tax. Goods and services that are not taxed in the real world should not become subject to new taxes simply because they are traded electronically. We need to be aware that electronic commerce is still in its infancy.
Japan will need to develop internationally compatible taxation rules. As with taxation in the real world, taxation of electronic commerce should be subject to principles of fairness, transparency, and neutrality.
Internet transactions in digital content are currently exempt from tariffs. To ensure the healthy development of electronic commerce, Keidanren fervently hopes that the next round of trade negotiations under the World Trade Organization will produce an international agreement providing for continued tariff exemption.
While it will be necessary to clarify the dividing lines between electronic transactions in services and goods, there should be no generalized classification of electronic transactions into goods and services. Tariff and liberalization negotiations within the frameworks of the General Agreement on Tariffs and Trade or the General Agreement on Trade in Services should be based on comparisons of each transaction with those with conventional methods, and decisions should be made after transactions have been classified according to the type of good or service involved and according to the type of service in the case of service transactions. New rules should be considered for transactions that do not fit into these categories.
Electronic commerce has made it possible for digital content to be distributed internationally through networks. Problems are starting to arise because it is impossible to deal with situations under existing systems relating to intellectual property rights, which assume that such rights will basically be distributed domestically in tangible goods. Unless these problems are resolved, they could become a barrier to the use of digital content.
One of the new problems that has arisen relates to the emergence of digital networks, which allow copies to be produced quickly and distributed in vast quantities without any deterioration in quality. This situation is reducing the effectiveness of copyright systems with a focus on the right to reproduce materials. As a result, creators of digital content are becoming afraid to distribute their work via network out of concern that it may be copied illegally, while users are unable to use content obtained via networks safely, since they cannot determine whether or not it is genuine.
Another problem is the growing ease with which copyrighted material can be distributed across national borders via networks. Legal restrictions based on national borders are becoming meaningless as a result of this change.
We need to solve these problems so that digital content can be distributed reliably. That will require changes in legal systems, including copyright laws, to reflect the new environment.
There is a growing need for a fundamental rethinking of the protection provided by copyright laws. The key considerations in this context should be the sound development of the industries that will be the key players in the world of electronic commerce and the creation of systems that will allow creative work to be distributed reliably and efficiently so that it can be used by everyone. The following aspects require urgent attention.
In view of the international scope of electronic commerce, Japan should take initiatives in the following areas through international organizations such as the World Intellectual Property Organization and WTO. It should also participate more actively in the development of international systems.
As we work to enhance the convenience of network-based electronic commerce, it will be necessary also to deal with the closely related issue of security. Compared with many countries, the use of electronic commerce is not widespread in Japan, and the incidence of network crime that takes advantage of electronic commerce also appears to be low. For these reasons, there seems to be little awareness of security issues. When crimes or incidents do occur, therefore, the resulting losses could be extremely serious. There is also a risk that the use of electronic commerce will be limited by a lack of accurate knowledge about security issues. There is a limit to what can be achieved in this area through the efforts of individual companies, and the government should take steps to inform and educate the public.
There is considerable interest in encoding technology as a way of ensuring security. Encoding methods should be selected according to the purpose and the cost. However, governments restrict exports of encoding technologies and products under the Wassenaar Arrangement, which is an international system concerning security. Japan has also adopted a permit system according to the Arrangement. Following the revision of the Arrangement in December 1998, the government has narrowed the scope of the regulations. Changes include the reduction of the scope of the scope of limitations is accordance with the strength of cryptography, the exemption of products used for authentication or signature encoding, the expansion of the list of exempted items, the exemption of commercial encoded products (64-bit or lower) on a joint-key system, and the removal of the restriction on exporting products manually for personal use. The government has also simplified export formalities through changes that include the introduction of a blanket approval system and the simplification of inspection procedures for reexported items. The regulations should be reviewed flexibly to reflect rapid advances in technology and the growing use of encoding.
The global spread of electronic commerce has been paralleled by active efforts to create international frameworks. In Japan, too, there has been considerable activity, led by the private sector, relating to the development of international frameworks for electronic commerce in the areas of trade and finance. These efforts should be intensified, and enterprises should take the initiative by participating in efforts to create global frameworks in other areas as well.
The OECD, the WTO, the United Nations and other organizations are also involved in the development of international frameworks for electronic commerce. Companies that wish to engage in electronic commerce in response to market needs should participate in the development of frameworks of their own initiative. However, the government has an important role to play as well, since the global expansion of business activities will also require the international damageonization of legal and government systems. Both government and industry, therefore, should exchange views and information and respond flexibly to international debate in this area. For example, a permanent government-industry liaison group could be established to exchange views and information about various issues, including electronic commerce, in preparation for the next round of WTO negotiations.
The availability of a wide variety of low-cost telecommunications services is a vital prerequisite for the widespread use of electronic commerce. Telecommunications regulations, including the Telecommunications Business Law, should be reviewed to create a system that will protect user rights while ensuring free and fair competition in terms of services and facilities. Fair competition must also be promoted in local telecommunications markets. This will require improvements to the conditions that affect network development, including the provision of public cable installation spaces, the easing of regulations concerning the exclusive use of roads and other infrastructure, and the establishment of rational and nondiscriminatory rules for the use of ducts. Further improvements are also needed in rules governing the fair use of essential facilities and interconnection.
The economy and society of the future will need highly creative people who are able to act independently and who have a strong sense of individual responsibility. One of the abilities that will be required in such people is information literacy.
Information literacy is the ability to use information networks effectively and apply information technology to private life, business activities, and government administration. It is a basic skill that enhances the productivity of individuals and enables them to enjoy a variety of lifestyles. It will also be the fundamental driving force for national prosperity. However, efforts to improve information literacy vary from company to company, while in the public sector, which is not subject to market forces, there is little incentive to introduce information technology or raise information literacy standards.
As the use of electronic commerce increases, there is concern that employment mismatching will result in shortages, in both the public and private sectors, of workers capable of using information technology. The improvement of information literacy on a national scale is therefore an urgent priority as part of measures to support employment shifting. As a first step, the government should promote the use of information technology in education by providing IT resources in staff rooms and Internet connections in all classrooms. IT education should also be expanded and enhanced. Another priority, in terms of improving information literacy, is the creation of an environment, including an IT-equipped public sector, in which the Internet can be used on a day-to-day basis. The government should also provide increased support for the introduction of information technology and the improvement of information literacy among small and medium-sized enterprises.
We will also need to focus on the development of a healthy market in which information can be appropriately valued and selected. The use of electronic commerce will not grow if insurance and litigation costs and other burdens become excessive. It will be necessary, therefore, to provide protection for consumers and implement appropriate technical countermeasures, including electronic signatures and authentication. To enjoy the full benefits of cheaper, more convenient products and services, consumers themselves will need to improve their information literacy and acquire skills that enable them to avoid risks. Especially, since electronic commerce will give consumers a window to the global society, they need to improve their ability to understand and assess a variety of information relating to their transactions, including foreign cultures.
Enterprises will need to step up their own efforts to foster information literacy. Under traditional information systems based on mainframe computers, information literacy was restricted a small number of computer experts. In the future, information literacy will become a part of the basic knowledge required for all employees. Companies will also need to insist that their business counter parts achieve information literacy. Within companies, the achievement of such literacy will be especially important for managers and executives. These people must recognize the importance of information literacy and work to promote it throughout their organizations and their business counter parts.
The spread of electronic commerce will transform industrial structures by weeding out unnecessary intermediaries. Obviously, this process will also change employment patterns. According to one forecast, IT-related manufacturing and services will account for over one-half of corporate jobs in the United States by around 2006. The development of human resources capable of using information technology is an urgent priority, and it will be necessary to improve related education and training systems and implement support measures that allow companies to adopt more flexible employment systems.