Comment: No Need to Rush on Internet Regulation

The Internet is wild, largely unregulated territory. Bank-intermediated business-to-business commerce is heavily regulated.

Because of this stark contrast, compelling legal and policy questions arise as companies, sponsored by their financial institutions, increasingly go on-line to find corporate customers and suppliers.

Who should regulate business-to-business Internet commerce?

How closely? What should be left to the free market or to parties who have arrived at a good-faith meeting of the minds? What is the role of government? What international bodies, if any, should set rules?

And there is one more nitty-gritty question with potentially far- reaching implications: Who should be authorized to create and manage the cryptography-based electronic identities on which most business-to-business Internet commerce models rely?

The right decisions will give companies the best chance to flourish on the Internet. The wrong decisions will stifle opportunities for millions.

Too much regulation by too many regulators will eliminate the enormous efficiencies of business-to-business electronic commerce. Too little regulation will make unwitting companies prey for e-commerce money machines.

These tensions are particularly compelling for financial institutions that are beginning to facilitate e-commerce by extending their commercial trust services to the Internet.

The good news is that, at least for the time being, the right balance between regulation and freewheeling on-line commerce has been reached by default. Existing contract law, banking regulation, and market forces already create an e-commerce environment that protects users from fraud while allowing commerce to thrive.

The bad news is that lawmakers and policymakers are threatening to change course in a way that might upset the balance created by these legal and commercial forces.

Over the last four years, for example, a number of domestic and international efforts have struggled with the issue of how to define the legal framework for authenticating electronic commercial transactions and the parties who conduct them. These efforts have yielded widely varied and novel approaches.

These approaches range from myriad U.S. state-based digital authentication initiatives to several federal U.S. and non-U.S. efforts to legislate or regulate a still-emerging, digital-signature-based commercial framework. Though there is some commonality in these efforts, existing legislative work suggests that a lack of uniformity is emerging among digital authentication techniques-a potential legal Tower of Babel for those who want to participate in e-commerce, particularly internationally.

Perhaps more troubling, a number of U.S. jurisdictions also seem to be leaning toward a larger-than-necessary state role in the emerging digital authentication infrastructure.

At first glance, mandatory state licensing or accreditation requirements for certification authorities, or CAs (the entities that issue and manage electronic credentials) are a great idea. The unintended result, however, may end up being a non-uniform international legal regime that may actually create conflicting substantive and procedural requirements for transacting parties. Trading partners would need legal advice every time they try to do business with a counterpart certified by a CA in a different state.

The most unfortunate aspect of this government-driven activity is that it counters the significant and highly responsible treatment of digital authentication by the private sector.

Existing credit card systems and new e-commerce-oriented bank initiatives provide good examples of how the private sector is adequately addressing legal and regulatory issues without the need for new laws and regulations. These initiatives tend to be based on large, legally "closed" networks of system participants, in which sound contracts bind all participants to uniform system rules and business practices.

These mechanisms protect system users (for example, trading partners, credit card users, and banks) within established and well understood legal frameworks, risks, and liabilities.

A merchant accepting a Visa card knows how the system works. Digital certificates for e-commerce can work the same way.

Other attributes of a viable bank-backed e-commerce system include:

Legal enforceability of digital signatures. Contractually binding digital signatures are essential for e-commerce to thrive. Consistent contracts among all members of these bank-based systems provide an environment whereby users are bound to the messages they digitally sign. Unless pursued prudently and cautiously, significant legislative or regulatory-driven changes to this model might jeopardize the integrity of contractual agreements underpinning the system.

Government oversight. In a bank-backed e-commerce system, governments should and will continue their important role of regulating participating financial institutions and protecting the rights of their customers. Because financial institutions issuing digital certificates within these systems are already regulated, local governments and policy authorities have an ongoing mechanism to oversee activity within these contractually closed e-commerce environments. Local authorities will also preserve their existing legal jurisdiction to enforce contracts between member financial institutions, and between financial institutions and their customers.

Dispute resolution. Bank-backed e-commerce systems protect participants by dispute-resolution and claims-processing mechanisms that are dictated by common system rules, contracts, and business practices.

These frameworks assure that companies using these systems will have access to an internationally enforceable and efficiently managed method for quickly recovering losses.

These attributes strongly suggest that lawmakers and regulators would best serve their constituencies by promoting the freedom of digital- identity service providers and customers to enter into contracts.

The alternative-legislating novel solutions to legal problems that don't yet exist-creates a whole new level of complexity on top of the already complex business of Internet commerce.

Freedom of contract will also preserve the right of trading partners to select the amount of risk they wish to bear in a transaction - just as they do in traditional business environments-depending on their comfort levels for risk and their desire for efficiency.

The ability of these legally closed systems to solve policy issues associated with electronic authentication techniques makes a case for, at the very least, a measured, conservative and cautious approach to adding new laws and regulations. Policymakers can and should make refinements as the emerging market demands, but it would be folly to make them before the market takes shape.

Policymakers have another important role in advancing e-commerce: They should give their constituent financial institutions every competitive advantage as those institutions extend their legacy of trust to the Internet. Ted Barassi is vice president and legal counsel of Certco Inc., a New York- based digital certification company.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER