Internet Governance


Introduction This paper examines issues related to "Internet Governance" from the perspective of the major forces that may strongly impact the present essentially open and minimally regulated global communications network of networks. It focuses on what can be considered the two most menacing forces: (1) intrusion by law enforcement and national security agencies and (2) monitoring/reporting obligations flowing from tax (fiscal and customs) authorities with a mandate to collect revenue from transactions of value over the Internet. Indeed there are other constrictions over the content of messages, websites and other information resources operating over the Net. Some of these relate to intellectual property, personal information, pornography and other restrictions on content. These are not specifically addressed here. "The Internet is rapidly becoming the principal infrastructure for electronic communications of all kinds including electronic commerce." This recognition of the growth and dynamism of the Internet was part of the EU-US Statement on Electronic Commerce in 1997. The scope and value of economic impacts of the Internet has far surpassed predictions of only a year or two ago. So, too, have the vulnerabilities of the Internet to hacking by distributed denial of service (DDS) or destructive computer viruses, whether instigated by criminals, political terrorists or casual acts by students. The most recent dramatic virus attack on the Internet, the now-infamous Love Bug, seems to have its origins with some Philippine computer students. The Love Bug is reported by the Financial Times to have brought down some 45 million personal computers in many countries with damage estimated to be US$ 10 billion. It hit Internet users of all types, from small businesses to the White House and Defense Departments in Washington. Even before this recent computer attack, last year’s Melissa viral episode has had security experts in government and industry hard at work designing preventive solutions. Because of the dependency of millions of individuals, businesses and government on secure, reliable, and uninterrupted use of the Internet, security systems have been widely introduced. Preventing destructive computer viruses and apprehending those responsible for perpetrating them also is moving at a fast pace. This paper presents the personal views of the author and does not necessarily reflect the positions of the GIIC on the Internet and related matters. To date, most of the attention given to Internet Governance has been directed to issues of assigning blocks of numerical addresses to regional registries; managing the root of the domain system and the creation of new top level domain names; and managing the allocation of Internet protocol parameters. At present, there continues to be intense interest in the creation, jurisdiction, membership, and functions of the Internet Corporation for Assigned Names and Numbers (ICANN), as was demonstrated at its recent conference in Yokohama, Japan. It is clear, however, that Internet Governance has far wider implications. This paper focuses on two powerful "governance" authorities -- law enforcement and tax agencies – which with rather wide legal authority, can significantly impact the Internet, its users and applications. Internet Surveillance Center in the U.K.* Internet security has become a high priority problem for ISPs, corporate and individual users of the Internet around the world. Strong evidence now points to trends in a number of national governments to establish laws and regulations on the Internet and its users and applications for a variety of public policy reasons. Given the seeming simplicity of hacking, whether malicious or not, as well as threats from criminals and terrorists, law enforcement agencies and national security are now moving aggressively to make the Internet their "domain" of responsibility. Cyber-cops are being recruited and trained. On July 29 the Parliament adopted the Regulation of Investigatory Powers Bill that gives MI5, Britain’s domestic espionage agency, extensive authority to trace/track organized crime and other forms of wrongdoing, by gathering vital evidence as well as to prosecute cyber-crimes. The U.K government now has the to access all e-mail and web-sites in the country. This is the first country to have secured legislative authority to conduct what some believe may be "massive surveillance" or the Internet. The Home Office is building a new surveillance center to monitor all e-mail and Internet messages sent and received in Britain. The center will cost about US$40 million and have as one of its main functions unscrambling coded messages on the Internet. It also may be used to tap telephones and intercept e-mails. According to press reports, "the government will require Internet service providers, such as America Online, to have secure hard-wired links to the new computer links so that messages can be traced," according to the Sunday Times. The site, to be called Government Technical Assistance Center (GTAC), would be used in conjunction with three types of monitoring, "passive interception" of all communications with Internet providers would be tapped off by the state "collector system." According to the director of a private computer research organization, Foundation for Information Policy Research, "With this facility, the government can track every Web site that a person visits, without a warrant, given rise to a culture of suspicion by association." The Home Office insists there will be limits placed on interceptions, with warrants needed before they can be carried out. However, the legislation introduced in Parliament to establish GTAC would require Internet users hand over the keys to decode encrypted messages to the new authority. Internet service providers (ISPs) have expressed concerns about the cost to the industry of complying with the new regulations, estimated to cost $32 million, due to the vagueness of the rules. Civil liberties groups, such as Cyber-Rights and Cyber Liberties, have called the legislation to authorize cyber-snooping to be "an outrageous piece of legislation." Expectations of confidentiality and privacy are among the most cherished values of the Internet, but these may be compromised if the threat of blanket police surveillance of e-mail traffic and Web-access were announced in the U.K. is implemented. In the name of national security and domestic law enforcement objectives, the Attorney General of the United States approved the creation of Carnivore, the FBI’s controversial Internet wiretap system. The Internet in its short existance, is considered by many to overshadow the telephone in its vital social, economic and economic impacts. Therefore, gaining access to Internet messages and transactions in a number of countries is considered to be essential tool for maintaining national defense and civil order. Consequently, monitoring for these reasons is now under serious consideration in other countries, China and Singapore in particular. What do these developments mean to the heretofore largely laissez-faire operation of the Internet? The U.K. initiative is certain to put a strong chill over the belief the use of the Internet is to remain largely ungoverned. It is already suspected that surveillance techniques are employed by governments to selectively intercept Internet messages. However, the U.K project exposes electronic messages originating in any country to surveillance. The more pervasive implications over the growth and utility of the Internet can be expected to be extremely significant, but are as yet unknown. Imposing Taxes on E-Commerce Proposals to impose taxes on electronic transactions via the Internet have been widely condemned, in particular by the U.S., Europe and other members of the World Trade Organization (WTO). The WTO in 1998 agreed that a moratorium on e-commerce over the Internet (so-called Bit Taxes). This applies to the introduction of special charges imposed on Internet engaged in e-commerce. The moratorium does not extend to payment of taxes, excises, duties or other fees that already apply domestic or cross-border sale of goods and services. Unfortunately, the failure of the Seattle Summit meant that no resolution to continue temporarily or permanently, the moratorium. This is a key issue to be addressed in WTO council meetings during 2000, however. Most countries where tax authorities have considered how to deal with E-Commerce seem to conclude that the critical issue is to collect presently existing taxes, as value-added taxes (VAT) and customs duties presently applied to cross-border sale of many goods and services. The first and most pronounced example of concerns by tax authorities is electronic sale of software and music. "Invisible goods" are seen as highly troublesome to the effective collection of VAT. As E-Commerce expands to many business and professional services that are delivered, invoiced and paid for electronically, the concerns of tax collectors undoubtedly will increase as will calls for new national and perhaps international legislation. The OECD has been studying this issue for several years but no international convention proposed or concluded. The Commission of the European Communities (EC) in June announced a proposal that would require foreign companies to levy value-added taxes (VAT) on services delivered via the Internet, television or radio to customers in the European Union. According to press reports, this action is designed to create a "level playing field between the EU and US companies for services like compact disks, software, or computer games supplied over the Web." If approved by Ministers of Finance of the 15 member countries, the proposal would require American companies with sales via the Internet of over Euros 100,000 (about US$96,000) inside the EU to register in at least one EU country and level VAT at that country’s rate, between 15% and 25%. There has been a quick negative reaction from US companies, and the US Department of the Treasury announced it has "serious concerns about the substance and process of the EU proposal. The head of Intel bluntly called the plan e-protectionism. Thailand The following are important national examples of how taxes on E-Commerce may be applied. The Government of the Kingdom of Thailand has announced an end to a tax-free period granted on buying and selling on the Internet. In February, the government introduced penalties for evading taxes when using the Internet to purchase goods and services across internally and across its borders. The Department, a division of the Finance Ministry, is working on how to effectively collect taxes due from Internet sales, but those who avoid the tax will be taxed equal to the amount evaded. But in those cases, evaders can face prison terms of up to 10 years. The Thai Revenue Department has indicated that it is close to solving how to ensure tax is paid on E-Commerce transactions, both domestic and foreign. Presently, all "tangible" products bought and sold online are subject to tax. "Intangible" goods and services, such as music and other downloaded products are difficult to tax. Unless vendors of intangible goods and services declare sales to the Revenue Department, it will be unable to levy appropriate taxes. However, the Department has decided that the VAT will not be levied on companies trading online with an annual turnover of less than 1.2 million Thai Baht (about US$32,000). In order to reduce products and services escaping from domestic VAT, venors will have to provide the Customs Department with proof of sale and proof of the value of the transactions, to receive benefit of an exemption. Imports will be subject to duties, but not VAT, and many books and computer products can be imported duty-free. The Department already recognized the difficulty of keeping track of E-Commerce for tax purposes, and has sent representatives to the U.S. and Australia to learn possible solutions. The department is now preparing procedural guidelines for tax officers and E-traders. It believes that bank transactions and credit card records would be one avenue for stopping tax evasion, Thai officials have reported. Two E-Commerce laws were implemented in March 2000 but tax and customs E-Commerce must be codified. The Revenue Department is not immediately concerned about tax collection because of the value of E-Commerce in Thailand is small – the value estimated to reach Thai Baht 1 billion (US$27 million) this year. The Thai example is certainly an early manifestation of national government’s assertion of their obligations to enforce existing tax and customs laws on transactions involving buying and selling of goods and services across national borders over the Internet. Extending taxation to E-Trade, as it has become known, may be seen by some as nothing unusual, but how tax decrees can be enforced is likely to be a daunting challenge. Traditionally, tax authorities have used reporting and inspection as the means to carry out their responsibilities. How will the Internet be impacted by reporting and inspection requirements? The complexities in assuring that VAT and other taxes are paid by buyers and sellers resident in two countries, whether B2B, B2C or B2G, are likely to involve far more intrusive procedures than have traditionally existed. The imposition of intrusive reporting requirements by tax authorities may seriously moot notions that Internet Governance is to be limited and gently applied. China A senior official in the State Administration of Taxation (SAT) recently stated that the country must maintain its taxation sovereignty and level the playing field between e-business and brick-and-mortar merchants. It is the SAT view that "the electronic form of e-commerce does not change its nature of trade." Although E-Commerce is still in its infancy in China, the SAT will not allow "a tax exemption" for E-Commerce. However, no plan has been established for how to tax Internet sales in China, it has been reported. But a special tax force to handle E-Commerce taxation issues, including how to prevent tax evasion in cyberspace, has been created. Intellectual Property, Content, Privacy and Consumer Protection Issues Internet Governance is not only expected to be subject to regulations of law enforcement and tax authorities but also by a number of other fields of public policy, including intellectual property, content regulations, and privacy and consumer protection measures.. Each are receiving considerable attention debate and the full implications are far from clear. Electronic transactions over the Internet is prompting revision of commercial law such as contracts but also re-defining the rights of consumers for protection/redress for defective products and services. One of the key issues is "jurisdiction" where laws apply in cross-border transactions, especially where three of more countries or states may be involved. Another dimension of the Internet that is impacting national laws and practices governing content/messages that can be accessed on websites anywhere in the world. Co-Regulation and Alternative Dispute Resolution (ADR) Initiatives Key operational factors that have made the Internet such a success today and must be preserved if its future is not jeopardized are: (1) infrastructure and costs that provide wide accessibility; (2) trust of business and consumers; (3) reasonable but not intrusive or excessive regulation. Two approaches designed to ensure moderate and reasonable governance of the Internet and its applications have been proposed. Each emphasizes private sector leadership in future Internet management. They are Co-Regulation and Alternative Dispute Resolution (ADR). Co-Regulation has become popular in Europe where officials of national governments and the European Commission seek to divide Internet Governance into two zones of responsibility – those where government action is considered required and those where the private sector can initiate self regulatory actions. The initial measures considered within the zone of government are legislation creating digital signatures, authentication authorities and some security (encryption) measures. Personal information privacy and other consumer protection issues are considered appropriate for co-regulation. However, the European Union directive on data protection places comprehensive legal requirements on the handling of personal data and calls for regulatory authorities to supervise public and private sector compliance. The United States, on the other hand, prefers sectoral legislation with enforcement by the Federal Trade Commission and self-regulatory codes of practice. ADR is intended to forgo legislative and judicial remedies to problems/disputes and introduce techniques of mediation and arbitration. It is being promoted by corporations and trade associations in OECD countries as both reasonable and effective means to deal with problems raised by Internet. There may be two forms of ADR, one following more the traditional process of submitting documents for review by an independent panel for mediation of arbitration, and a far more relevant and possibly rapid process known as "online ADR." The latter is becoming more central with the growth of E-Commerce and the need to ensure consumer and business trust in cross-border and domestic electronic transactions. The International Chamber of Commerce (ICC) is considered to be an ideal forum to address B2C online ADR mechanisms. According to a statement by the U.S. Council for International Business "efforts should be made to identify issues that are of importance to business and to help promote mechanisms that are business-friendly and provide credible consumer online redress options. The ICC can leverage the expertise it has gained through the International Court of Arbitration and as the world business organization, can offer a truly international solution."