THE VULNERABILITY OF ELECTRONIC COMMERCE

BY

PRAVEEN DALAL*

 The aim of this article is to analyse the trade off between the benefits and risks associated in the engagement of e-commerce activities. The discussion though is covering all those who are engaged in the e-commerce activities, but a special emphasis has been laid down on the rights and liabilities of the Network Service providers and the web-site owners.  

I. Introduction 

             The expression e-commerce means buying and selling goods and services over the Internet. It encompasses all the activities that a person or organization performs for selling and buying products and services using computers and communication technologies.  It is a business methodology that addresses the needs of organizations, traders and consumers to reduce costs while improving the quality of goods and services and increasing the speed of service delivery. E-commerce builds on traditional commerce by adding the flexibility offered by computer networks and the availability of the Internet.  By generating and delivering timely and relevant information through computer networks, e-commerce creates new opportunities for conducting commercial activities on-line, and thus it fosters easier cooperation among different groups

 II. Types of e-commerce

 The major categories of e-commerce in use today can be classified, on the basis of nature of transactions, as following:

(1) Business to consumer (B2C)

(2) Business to business (B2B)

(3) Consumer to consumer (C2C)

(4) Consumer to business (C2B)

 (1) Business to consumer (B2C): The B2C kind of e-commerce refers to a company selling its products or services to the customers using the Internet as the communication medium. Thus, in B2C e-commerce, businesses sell directly to the consumers.

 (2) Business to business (B2B): B2B involves electronic transactions among and between businesses. This method has been around for many years through “EDI”[1]   and electronic fund transfer (EFT). In recent years Internet has significantly increased B2B transactions and has made B2B the fastest growing segment within the e-commerce environment. The reliance of all businesses upon other companies for supplies, utilities and services has enhanced the popularity of B2B e-commerce.

(3) Consumer to consumer (C2C): The C2C category involves business transactions among individuals using the Internet and web technologies. Thus, in C2C the consumers sell directly to other consumers. 

(4) Consumer to business (C2B): C2B e-commerce involves individuals selling to businesses. This may include a service or product that a consumer is willing to sell. In other cases an individual may seek sellers of a product and services.   

 III. Advantages of e-commerce

 The use of e-commerce has the following advantages as compared to traditional businesses:

 (1) Uninterrupted business activities: The use of e-commerce facilitates continuous and uninterrupted business activities at all times. The external factors like holidays, after hours, etc do not pose any problem and interference.

 2) Expansion of market: E-commerce helps in the expansion of existing market by using various tools such as cookies, e-mail, etc which helps in gaining additional knowledge about potential customers. The market can be restructured and expanded as per customer preferences, shopping habits, gender, age group, and so forth.

 (3) Innovative customer participation: In the e-commerce environment, customer participation and involvement could be significantly achieved and improved. Their opinions and feedbacks can help in providing personalized and better services.

 (4) Convenience and flexibility: Increased flexibility and ease of shopping is a significant advantage of e-commerce. The problems associated with real space shopping like commuting, parking, etc, do not have an existence in e-commerce. 

(5) Increased demand: The use of e-commerce increases its potential customers as customers from remote locations and those outside of the business’s geographical boundaries can purchase products and services from the e-commerce site without even leaving their homes.

 (6) Reduced costs: The use of e-commerce reduces costs of operation of a business activity as it is much economical to use Internet for business activities as compared to traditional methods of business doing.

 (7) Facilitates healthy competition: The use of e-commerce facilitates healthy competition among the product suppliers or service providers since the customers have the option to purchase products or avail services from a wide range of product suppliers or service providers. This availability of wide options to the consumers helps in reducing unfair trade practices by the product suppliers or service providers.

 (8) Generate valuable foreign exchange: E- commerce opens the availability of products or services to world at large and it is not confined to the geographical boundaries of a particular country. This helps in generating valuable foreign exchange for the country providing services of e-commerce[2].

 IV. Vulnerabilities of e-commerce

             The concept of e-commerce is not a golden path to advantages and profit making. It may attract the wrath of law, both civil as well as the criminal, where it is not conducted properly. It must be noted that none has a right to carry on the business in a wrongful, immoral or/and illegal manner. An idyllic business activity must be not only morally sound but it must equally be legally justified. Thus, the parameters of all e-commerce activities are well defined and they must be appreciated in their true perspective. The liability of the web-site owners and NSPs may be categorised under the following categories:

 (1) Liability for privacy violation,

(2) Liability under the Information Technology Act (ITA), 2000, and

(3) Liability for the violation of various Intellectual Property Rights (IPRs). 

(1) Liability for privacy violation:  The law of privacy is the recognition of the individual’s right to be let alone and to have his personal space inviolate. The term ‘privacy’ denotes the rightful claim of the individual to determine the extent to which he wishes to share of himself with others and his control over the time, place and circumstances to communicate with others. It means his right to withdraw or to participate as he thinks fit. It also means the individual’s right to control dissemination of information about himself as it is his own personal possession. Privacy primarily concerns the individual. It, therefore, relates to and overlaps with the concept of liberty. The most serious advocates of privacy must confess that there are serious problems of defining the essence and scope of the right. Privacy interest in autonomy must also be placed in the context of other rights and values[3]. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognised. This right has two aspects which are but two faces of the same coin: (1) the general law of privacy which affords a tort action for damages resulting from an unlawful invasion of privacy, and (2) the constitutional recognition given to the right to privacy which protects personal privacy against unlawful governmental invasion. The first aspect of this right must be said to have been violated where, for example, a person’s name or likeness is used, without his consent for advertising or non advertising purposes or for that matter, his life story is written whether laudatory or otherwise and published without his consent. In recent times, however, this right has acquired a constitutional status[4]. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury[5]. The development of media in modern times has a special relevance to the evolution of the law of privacy. The media has made it possible to bring the private life of an individual into the public domain, thus exposing him to the risk of an invasion of his space and his privacy. Advances in computer technology and telecommunications have dramatically increased the amount of information that can be stored, retrieved, accessed and collected almost instantaneously. In the Internet age, information is so centralized and so easily accessible that one tap on a button could throw up startling amounts of information about an individual. In terms of electronic information, a person should be able to keep personal affairs to himself. Advances in computer technology are making it easy to do what was impossible not long ago. Information in many databases can be cross-matched to create profiles of individuals and to even predict their behaviour. This behaviour is determined by individual’s transactions with various educational, financial, governmental, professional and judicial institutions. Major uses of this information include direct marketing and credit check services for potential borrowers or renters. To the individual, the result of all this information sharing is most commonly seen as increased ‘junk mail’[6]. A NSP shall be liable for violation of privacy of a third party if he makes available any third party information or data to a person for the commission of an offence or contravention. A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, childbearing and education among other matters. None can publish anything concerning the above matters without his consent, whether truthful or otherwise and whether laudatory or critical. If he does so, he would be violating the right to privacy of the person concerned and would be liable in an action for damages[7]. However, a network service provider will not be liable if he proves that the offence or contravention was committed without his knowledge or he had exercised all due diligence to prevent such commission[8]. Where a company/web-site owner infringes the privacy rights of a person, every person who at the time of contravention was incharge of and was responsible to the company for the conduct of its business as well as the company shall be guilty of the contravention and liable to be processed against and punished accordingly. However, such person shall not be liable if he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention[9].

 (2) Liability under ITA:  The world has witnessed a sea change and today the dealings of big corporations are not confined to traditional methods of business. They have started to utilise information technology for an efficient, profitable and convenient business administration. But every coin has two sides and similar is the case of use of information technology. The information technology is a double edge sword, which is benign and deleterious at the same time. This process becomes more complicated, cumbersome and harsh when it is supplemented by an indifferent attitude towards law dealing with cyberspace. It must be noted that ignorance of law cannot be pleaded as a ground for proving innocence, but a careful, timely and dedicated effort can save all the troubles and harassment. Thus, it becomes very important to dedicatedly, judiciously, and religiously follow the requirements of cyber law applicable in India[10]. The web-site owners and NSPs may feel the heat of the Act due to the following acts or omissions on their part:

(1) If they have contravened the provisions of section 43 of the Act. For instance, if a web-site owner or NSP charges the services availed of by a person to the account of another person by tempering with or manipulating any computer, computer system, or computer network, they will be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. 

(2) If they have contravened the provisions of section 44, which deals with failure to furnish information, returns, etc.

(3) If they have contravened any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, they will be liable to pay a compensation not exceeding twenty-five thousands rupees to the person affected by such contravention.

(4) If they have violated the provisions of section 67, 79 and 85 of the Act, they will be liable for obscenity and pornography. The mandates of “constructive knowledge” and “due diligence” require the web site owner and an NSP to take immediate action by removing the offensive material from the source, as soon as he/it becomes aware of the same. If he/it fails to do so, he/it can be booked under the provisions of the Act. The “designated authority” can also block the contents on the web site or server. It must be noted that the Indian Computer Emergency Response Team (CERT-In) has been designated as the single authority for issuing of instructions in the context of blocking of web sites[11]. CERT-In has to instruct the Department of Telecommunications to block the web sites after verifying the authenticity of the complaint and satisfying that action of blocking of website is absolutely essential. There is no explicit provision in the IT Act, 2000 for blocking of websites. In fact, blocking is considered to be censorship; hence it can be challenged if it restricts the freedom of speech and expression. But websites promoting hate, contempt, slander or defamation of others, promoting gambling, promoting racism, violence and terrorism, pornography and violent sex can reasonably be blocked since all such websites cannot claim the Fundamental Right of free speech and expression. The blocking of such website may be equated to “balanced flow of information” and not censorship[12]. The business of running and maintaining a web site or server has its own legal challenges, which may have serious penal ramifications. Thus, web site owners and ISP should be well versed with the consequences of posting offensive material on their sites/servers. The definition of “intermediary” u/s 2(1) (w) makes any person who receives, stores or transmits a message or provide any service with respect to that message liable for punishment if the same is obscene or/and pornographic in nature[13]. They must be very cautious while dealing with materials containing obscene and pornographic contents; otherwise they may find themselves in the clutches of law[14].  

(3) Liability for violation of IPRs:  The web-site owners and the NSPs are also liable for the infringement/violations of various Intellectual Property Rights (IPRs). Their liability may arise under the following laws:

 (i) Liability under the Trade Marks Act, 1999: The liability of web-site owners and NSPs, for violation of trade mark, may arise when they are responsible for providing illegal and unlawful facilities of “linking”, “framing”, “meta-tagging”, etc of other web-sites, which may be prohibited by any law for the time being in force. Similarly, if a “domain name” has been ordered by an authority or court to be surrendered to the person who is legally and equitably entitled for the same, by non-compliance of the same they may violate the trademark of the concerned person. Further, if a trademark holder has, by way of a formal or legal notice, bring to the notice of the web-site owner or NSP the fact of violation of the trademark, then allowing such continued violation may put them in trouble.

 (ii) Liability under Copyright Act, 1957: Traditionally there was only one copyright infringement theory known as “primary infringement”, which made the person infringing the copyright personally liable for his acts. Thus, the concept of third party liability or secondary liability was not recognized by the legal systems of various countries all over the world, including the United States. As the society progressed, need was felt to develop new theories to meet the challenges thrown by it. While there were no express provisions, which talked about infringing acts of another, third party liability theories were evolved in the courts over the years. The courts derived these theories from the traditional tort law and patent law theories of contributory and vicarious liability. The U.S Supreme Court articulated the rationale for incorporating “third party liability” into the copyright law in Sony Corporation of America v Universal Studios, Inc[15]. The court specifically noted patent law’s explicit statutory prohibition against inducing infringement and against contributory infringement, and held that the absence of express language in the Copyright Act did not preclude third party liability. Moreover, the court reasoned that “ vicarious liability is imposed in virtually all areas of law, and the concept of contributory infringement is merely a species of the broader problem of identifying the circumstances in which it is just to hold one individual accountable for the actions of another.” Thus, the web-site owners and NSPs may be liable for “direct”, “contributory” or/and “vicarious” infringement of copyright.

 (iii) Liability under Patents Act, 1970: The patent laws of various countries, including USA, provides for the protection of “business methods” as well. This essentially evolves the protection of the “manner” in which ideas of doing business are created and accumulated by the use of intelligence. Thus, a person holding a “business method patent” in another country may bring before the notice of web-site owners and the NSPs that his patent is violated by the sharing of the same through the web-site. The present law of India do not recognise business method patents, but it do recognises the “process patent” that protects the process through which the patented product may be made. Thus, keeping in mind the comity of nations and various reciprocal arrangements, there is a “potential liability” for the violation of “business method patents” by the web-site owner(s) and NSPs.

 (iv) Liability for violation of Trade secrets and confidential information: The web-site owners or NSPs may also be liable for the violation of trade secrets and undisclosed information of a third party. This may happen when the “information” is posted on the web site or is circulated through the server of the service provider. It must be noted that the TRIPS Agreement, to which India is a signatory, requires the member countries to make laws for the protection of trade secrets and undisclosed information. Thus, if they fail to remove the information despite the notice, they may be liable for the violation of trade secrets and undisclosed information.

 V. Conclusion

             The benefits of e-commerce are numerous and its liabilities are few. Those liabilities are arising out of the reasonable and equitable requirements of “accountability”. A right without limitations cannot be visualised in a civilised and democratic country like India. Similarly, it would not only be unjust but also unreasonable to ask for a “blanket protection” from the rigours of the law, while enjoying the fruits and benefits of the same. The requirements of “accountability” are not only sub-minimum but also essential for a sound, systematic, transparent and genuine business functioning.

 Law courts exist for the society and ought to rise up to the occasion to do the needful in the matter, and as such ought to act in a manner so as to sub serve the basic requirement of the society. The greatest virtue of the law is its flexibility and its adaptability; it must change from time to time so that it answers the cry of the people, the need of the hour and the order of the day. The law regulates the social interests, arbitrates conflicting claims and demands security of persons and property of the people and is an essential function of the state. It could be achieved through instrumentality of criminal law.

Undoubtedly, there is a cross cultural conflict where living law must find answer to the new challenges and the courts are required to mould the sentencing system to meet the challenges. The contagion of lawlessness would undermine social order and lay it in ruins. Protection of society and stamping out criminal proclivity must be the object of the law, which must be the object of the law, which must be achieved by imposing appropriate sentence. Therefore, law as a corner stone of the edifice of “order” should meet the challenges confronting the society. In operating the sentencing system, law should adopt the corrective machinery or the deterrence based on factual matrix. The sentencing process should be stern where it should be, and tempered with mercy where it warrants to be. The facts and given circumstances in each case, the nature of the crime, the manner in which it was planned and committed, the motive for the commission of the crime, the conduct of the accused, the nature of weapons used and all other attending circumstances are relevant facts which would enter into the arena of consideration.

The undue sympathy to impose inadequate sentence would do more harm to the justice system. It is, therefore, the duty of every court to award proper sentence having regard to the nature of the offence and the manner in which it was executed or committed, etc. The imposition of sentence without considering its effects on the social order may be in reality a futile exercise. The social impact of the crime, e.g. where it relates to offences against women, dacoity, kidnapping and other offences involving moral turpitude or moral delinquency which have great impact on social order and public interest, cannot be lost sight of and per se require exemplary treatment[16]. Thus, the web-site owners and NSPs cannot agitate and claim immunity from the rigours of the law when they have not taken the “sub-minimum precautions” as provided by the law. The law courts cannot be pressurized or influenced in this regard. In fact, Indian Judiciary by formulating the “Doctrine of Basic Structure” has shown its positive and justice oriented approach toward the society. It is guaranteed that the “Executive”, “Legislature” and the “ Judiciary” will not succumb to any pressure tactics in this regard from any segment of the society.  

Other Articles of Praveen Dalal