Secure Commerce in the Age of Cloud Computing

Network systems work on an exponential growth curve. Things are exponentially less expensive each year and incrementally more powerful. This will drive applications and uses that people have not even thought of. The following are ideas that are just a few years from deployment:

  • Disposable communication tablets – Basically these could be dropped in places such as Iran or North Korea and allow for communications no matter what the incumbent government tries to filter – think $1 devices.
  • Milk, Coke cans and more in supermarkets with IP addresses and RFID – Why? Well, first as they can integrate this with smart appliances, but more importantly, merchandising and stock control. Who needs to do stock take when the store tells you what it contains?
  • Light bulbs with web and IP addressing – Well, actually these are already available.

There are many reasons why IP addressing will be used up quickly and these are but a few and more reasons why we will start to move towards distributed and hence cloud based systems. It is also one reason why we will move to IPv6. Mobility and security is another.

The catch-cry of the 21st century will be, Anytime, Anywhere.

Done correctly, IPv6 can make for extremely secure networks. It is already possible to make a secure mobile network. It is more difficult under IPv4 due to the constraints on the protocol. What we need to think of in this endeavour is how this will enable and change the business dealings that have driven the growth of the web.

One major component of this growth will be electronic transactions and commerce. In this article, we look at the foundations and basis of contractual dealings in a cloud based world.

The nature of online contracting

Technological developments and the advent of the internet have led to new paradigms in international as well as local commercial activity. These changes have reduced the certainty of contractual negotiations leaving a commonly held belief that the law of offer and acceptance does not readily apply to such transactions when conducted online[1]. We have already created islands of clouds in our dealings and now these clouds are becoming finer. What was once a set of connected clouds and islands is fast becoming a nebulous web of connected systems.

The increased use of international commercial transactions using the internet is something no company can escape. In the past, international commercial transactions were generally restricted to negotiations between commercial entities. The internet has increased the scope of business to consumer dealings, and even consumer-to-consumer transactions across jurisdictional borders[2]. For this reason, the formation of contract using the internet creates segregation into two initial categories. These categories include both those negotiations that occur strictly within a single jurisdiction, and next, those negotiations that involve multiple legal jurisdictions. Where the cloud is involved, security can be seen to encompass many localities and hence jurisdictions even when dealing within a single organisation.

Another concern for cloud based systems focuses on the relationship of parties. Many web-based transaction engines already act as third parties during the process of offer and acceptance. This interaction can complicate the formation of contract. Because of this, it is necessary to determine the legal standing of the third party[3]. The third party could be a party to the contract, an agent or one of the two contracting parties, or may just be an ancillary facilitator or medium, across which, and through whom the contractual bargaining occurs[4].

What is an “Electronic Contract”?

When contrasting contractual principles, it is clear that where a contract is not required to be in writing[5], that little additional uncertainty could be created where the contract is completed electronically.  In fact, it is clear that electronic evidence must hold greater weight than verbal evidence[6].  What is not clear is the extent of the weight attached to the various forms of electronic evidence.  The strength of a digital signature algorithm and the security surrounding the mechanisms used to sign an electronic document will respectively influence the weight associated with any piece of electronic evidence.

It has been argued that the digital contract may appear on the computer screen to consist of words in a written form but merely consist of a virtual representation[7]. An electronic contract has a twofold structure. Thought of electronically, the contract is a sequence of numbers and code saved to some electronic or magnetic medium. Alternatively, the contract becomes perceptible through a transformation of the numeric code when broadcast to a computer output device such as a printer or screen[8]. Establishing offer, acceptance and the terms of a contract remains the same whether the form is in writing, orally, or implied though the conduct of the parties in the same manner as existed prior to the rise of ecommerce over the internet.

Contractual formation is inherently uncertain in and of itself[9]. Being that electronic contracts form a logical subset of the contractual superset and that there is uncertainty within contract formation in general; it must naturally follow that there are areas of uncertainty, which will remain in the formation of electronic contracts. The formation of contracts on the internet and with “cloud” providers will suffer from the nexus of jurisdictional issues. The question as to whether contracts performed electronically are legalistically equivalent to writing comes more to a question of evidential weight and the application of the parole evidence rule[10].

A contract is not required to be in writing[11]meaning that there is little additional uncertainty created when the contract is completed electronically.  In fact, it is clear that electronic evidence must hold greater weight than verbal evidence[12].  What is not clear is the extent of the weight attached to the various forms of electronic evidence.  The strength of a digital signature algorithm and the security surrounding the mechanisms used to sign an electronic document will respectively influence the weight associated with any piece of electronic evidence. That stated, we still come back to the issue of jurisdiction and also in the case of intermediary agreements,

An electronic contract has a twofold structure. Thought of electronically, the contract is a sequence of numbers and code saved to some electronic or magnetic medium. Alternatively, the contract becomes perceptible through a transformation of the numeric code when broadcast to a computer output device such as a printer or screen[13]. This dichotomy exasperated the uncertainty contiguous with whether an electronic contract can be regarded as being a contract in writing in the past, but has been settled in most western jurisdictions through a combination of legislation and judicial review..

At the most fundamental level, the existence of an offer and an acceptance is one of the primary requirements for the creation of a contract. The set of laws used to determine whether there has been a valid offer and an acceptance created across the internet or a mere invitation to treat have their lineage in the case law concerning postal and telex communications.

As an offeror may stipulate the method of acceptance[14], it would be wise for parties to agree to the form of acceptance prior to the conclusion of the contractual negotiations.

A further important issue that surrounds internet contracting is the general rule of law that, for an acceptance of an offer, it must be “communicated” to the offeror[15]. Under normal circumstances, the offeror must actually receive the acceptance before a contract will come into existence.

Amazon.com[16] provides an example of this practice. Amazon has a page defining the terms and conditions associated with the site. Terms designed to protect the seller from entering into a unilateral offer consisting of an agreement that it did not intend to make link to the site for general download. This feature helps ensure that both parties understand the point at which the close of negotiations occurs and forms a binding contract.

Electronic agency issues

The inclusion of electronic agents makes the traditional requirement for a “meeting of minds” more difficult to prove. With many smaller vendors, hosting and creating their own e-commerce enabled web site requires the interaction of a third party. Often, this involves the use of an external service provider, which offloads the internet shopping trolley function. In this way, smaller vendors can create an e-commerce enabled site quickly and simply.

The issue, which arises in this instance, is in determining the contracting parties. Many small vendors provide little more than billboards style advertising through their web site. The complex task of maintaining the databases, transaction processing, and the shopping cart function becomes simplified when outsourced to another provider. In some instances, a redirection takes the customer to a completely new site or domain.

In such cases, it may be necessary to investigate whether a contractual arrangement has resulted between the client browsing a web site and the transaction agent or if indeed the transaction facilitator is a contractual agent for the Web store vendor[17]. Agency has become a specialised area of contract law in itself. As such it will not be covered in any depth in this paper, though it is an area that does require due consideration and may influence the process of offer and acceptance.

What can now be done is to create logical islands in place of what was once a set of isolated systems. These isolated systems can allow us to treat pockets of cloud based systems as if they were physically isolated and not simply logically created pockets.

Conclusion

The formation of electronic contracts subsists as a subset of all contractual formation.  By their very nature and as it is expressed in a large number of contractual disputes which occur every year without dispute as to the content of the contract, contracts are uncertain.  Thus it must logically follow that there will always remain a level of uncertainty in electronic contract formation.  At best, if all uncertainty associated with the electronic nature of a contract was removed leaving no dispute between the natures of formation whether written, verbal or electronic; there remains room for uncertainty.

A number of offer and acceptance issues that had not been completely resolved remain. The question of online software downloads generates its own difficulties. For instance, does the downloading of software constitute acceptance, installing the software, etc? Many software vendor licenses for instance state that the “loading of the software onto a computer indicates your acceptance of the following terms[18]” The terms of the agreement are likely to be enforceable if the software company is able to demonstrate that the user had an opportunity to view the terms prior to installing the software.

Cloud based systems for ecommerce do not mitigate the issues of contractual formation and dispute. In the creation of a contract there is always the need to ensure that offer and acceptance have been fulfilled. This is an opportunity for business with the ability to log and store transactions on the cloud leaving less room for error and doubt than we have seen in verbal contracting. What needs to be remembered is that any computer system has flaws and these need to be patched and the system maintained. When run well, the underlying system is a sound basis for transacting in the online economy.

References:


[1] Rasch, 2006

[2] Department of Communications, Republic of South Africa “Discussion Paper on Electronic Commerce Policy” (1999)

[3] Debenhams Retail Plc v Customs and Excise Commissioners [2004] EWHC 1540

[4] McKendrick [1], 2005 (pp163-164)

[5] Columbia Law Review, (Apr., 1929), pp. 497-504; Columbia Law Review (Jun., 1907), pp. 446-449; McKendrick, E, (2005), p 184

[6] Lord Justice Auld (Sept 2001), Cpt 11

[7] Allison et al (2003)

[8] Bainbridge (2000); Reed (2004); Brownsword (2000)

[9] Gamage & Kedem, (Nov, 2006)

[10] Durtschi (2002); Lim (2002)

[11] Columbia Law Review, (Apr., 1929), pp. 497-504; Columbia Law Review (Jun., 1907), pp. 446-449; McKendrick, E, (2005), p 184

[12] Lord Justice Auld (Sept 2001), Cpt 11

[13] Bainbridge (2000); Reed (2004); Brownsword (2000)

[14] Eliason v Henshaw (1819) & Manchester Diocesan Council for Education v Commercial and General Investments (1970).

[15] McKendrick [1], 2005; p43 – 44

[17] Lim, 2002

Leave a Reply

Your email address will not be published. Required fields are marked *

PowerRetail Extra Enewsletter