The Internet Files

The network is the story: News on the latest Internet standards and struggles

June  1998
[Next story]
[Table of Contents]
Sun's Site

Mail this
article to
a friend
Internet Files index

Commission strives for a common position on Internet taxation

Brussels (June 17, 1998) -- Common principles regulating indirect taxation on the Internet are necessary to the development of electronic commerce, the European Commission said in a position paper issued today.

The document, "E-Commerce and Indirect Taxation," urges industry and business to help the Commission come up with solutions for taxation, a Commission official who asked not to be identified told IDG News Service.

There is growing concern within the European Union and elsewhere about the impact of the Internet -- specifically electronic commerce -- on tax revenues, and recognition that it has become increasingly difficult to ensure compliance with existing rules.

For the Commission the basic principle governing taxation is that the same regulatory framework that applies off-line must apply on-line. "But this is easier said than done," the official said. "We are looking for businesses to come up with solutions."

The document released today sets out six fundamental principles which the Commission wants all member states to respect. Most notably, it states that no new taxes should be introduced specifically for business conducted over the Internet.

Other principles include neutrality to ensure that products and services whether sold in the EU or exported are treated in the same manner.

In the interests of simplicity and clarity another principle would require treating all transactions on the Internet as the provision of services even if the transaction involved the purchase of goods.

The Commission hopes to win support for these principles from the 15 member states in time to present the document as the European Union's position on taxation to the OECD Ministerial Conference "A Borderless World: Realizing the Potential of Electronic Commerce" which will take place Oct. 6-8 in Ottawa.

--Elizabeth de Bony, IDG News Service

Legislation to change U.S. encryption policy given long odds

Washington (June 8, 1998) -- Legislators and encryption policy experts meeting at a cryptography and privacy conference here today expressed little optimism that Congress will pass legislation to change U.S. encryption policy this year.

Bills backed by computer industry organizations and privacy advocates that would loosen U.S. encryption policy are moving through the House and the Senate, but continue to meet resistance from the Clinton administration and powerful Democrats in Congress, according to officials who spoke at the conference.

Supporters of a change in the policy and administration allies are in a position of "balanced terror," said David Banisar, senior policy analyst for the Electronic Privacy Information Center [EPIC] in Washington, D.C., and there appears to be scant hope of reaching consensus this year.

The stalemate has raised concern among computer industry representatives, including those who argued at the EPIC-sponsored conference that the U.S. policy is causing lost business opportunities for U.S. technology companies overseas and stymieing broader acceptance of electronic commerce.

U.S. policy prohibits the export of any encryption software product above 56-bit keys without permission from the U.S. Commerce Department. Most vendors who seek approval to export strong encryption must also promise to develop key recovery systems that would enable law enforcement officials to obtain access to "keys," or code that would unlock the encrypted message.

The reason for the restrictions lies in the concerns of the Federal Bureau of Investigation that the government must maintain its ability to decode information for the purpose of conducting criminal investigations.

Two congressmen who spoke at the conference said progress on legislation to loosen the policy has been encouraging, but they also said chances of approval before the end of the current session are grim, especially given that members will have to spend time in their districts campaigning this year.

"It will cost this country dearly if we don't change [encryption policy]," said Representative Bob Goodlatte, a Virginia Republican, who sponsored the House bill, known as the Security and Freedom through Encryption bill, or SAFE.

The bill would require a change in export control laws to permit the export of strong encryption if comparable software is available elsewhere. It would also prohibit the federal government from implementing a mandatory key escrow policy that would require the code to unscramble the encryption to be deposited with a third party.

The bill has broad backing in the House -- 250 representatives have signed on as co-sponsors -- and it has passed the Judiciary Committee. But other House committees have modified the bill and it remains stuck in the Rules Committee waiting to advance to the House floor.

Goodlatte said the bill hasn't moved to the floor because the chairman of the Rules Committee, Representative Gerald Soloman, a Republican from New York, opposes it. The White House also has been using stall tactics, he said.

"We need to keep pushing this legislation forward," Goodlatte said. "The administration has continued to play a game of beat the clock."

A Senate bill sponsored by Senators Patrick Leahy, a Democrat from Vermont, and John Ashcroft, a Republican from Missouri, would prohibit government-compelled key escrow or key recovery encyption and make it a crime to use encryption to conceal incriminating communications. That bill awaits a full hearing by the Senate Judiciary Committee.

Robert Litt, principal associate deputy attorney general, told the conference he wanted to dispel the myth that the administration opposes strong encryption or is trying to stop its spread. But he also warned of dire consequences.

"It is going to have an adverse impact on the government's effort to protect you, your business, and our nation as a whole," said Litt during a panel discussion. "I don't want to sound alarms, but I think we can count on the fact that as a result of the spread of strong encryption lives are going to be lost."

He defended the administration's approach, saying nothing it has proposed would alter the conditions that a law enforcement agency must meet to obtain a court's permission to conduct a wiretap.

"Today court-approved wire taps are a big part of our arsenal," he said.

The government, for example, relied partly on stored data to build the case against the terrorist who bombed the World Trade Center in New York in 1993. Prosecutors found evidence about the bombing and plans for other terrorist attacks stored in unencrypted data files on the bomber's laptop computer, Litt said.

According to his estimation, the administration has been trying to work with industry to "use the same genius that made the country a leader in technology" to find a solution that would both preserve the investigative powers of law enforcement, and allow for the export of strong encryption.

"There are people out there who can come up with solutions better than we can," he said.

William Reinsch, undersecretary of commerce for export administration, said the administration recognizes that electronic commerce is being held back by encryption policy issues. But he said the marketplace appears to be moving toward accepting key recovery, which would ensure that an encryption product would have the capability of recovering a key to decode encrypted material.

He also said the administration has shown flexibility during a two-year period expiring in December that allows for the export of 56-bit key encryption technology under certain conditions. So far, Reinsch said 50 plans submitted by U.S. companies for using 56-bit key encryption outside the United States or Canada have been approved by the Commerce Department and more are being considered.

Litt and Reinsch were joined on the panel by Jeffrey Smith, a lawyer representing Americans for Computer Privacy. Smith pressed the government officials on why the White House has not responded to a letter he sent in May calling for the presidential pledge not to push key escrow, to temporarily lift encryption export restrictions and to set up an arbitration center to resolve disputes between industry and the government.

Litt said it is not surprising that the White House has not responded to a request that essentially says, "Give us what we want today, and we'll set up a committee to resolve issues later."

--Margret Johnston, IDG News Service


U.S. FTC blasts Web sites for inadequate privacy policies

Boston (June 4, 1998) -- Those who worry about their privacy while online had their worst fears confirmed today with the release of a U.S. Federal Trade Commission (FTC) report that found most commercial Internet sites have failed to adopt practices that inform visitors how personal information about them will be used.

Until these privacy issues are addressed, Internet commerce will not reach its full potential as a mass market business, FTC Chairman Robert Pitofsky said in a written statement accompanying the report.

"The Commission's survey of over 1,400 Web sites reveals that industry's efforts to encourage voluntary adoption of the most basic fair information practice principle -- notice -- have fallen far short of what is needed to protect consumers," said the report.

The FTC is recommending now that the U.S. Congress develop legislation requiring parental notification and consent when World Wide Web sites collect personal information from children. Additional recommendations regarding privacy policies at sites not aimed at children will be released in the next few months.

Some 85 percent of the commercial sites reviewed collect personal information, but only 14 percent notify consumers of the site's personal information practices. Just 2 percent provide consumers with a comprehensive privacy policy.

The findings likely will be particularly chilling for parents concerned about the privacy and safety of children online. Of the 212 children's sites surveyed, 89 percent were found to collect personal information about youngsters, with 54 percent providing details of information collection practices.

"Few sites take any steps to provide for meaningful parental involvement in the process," the report said. "Only 23 percent of sites even tell children to seek parental permission before providing personal information."

The FTC has been reviewing online privacy issues for three years and the report is part of an ongoing attempt to assess the U.S. policy of allowing the Internet industry to self regulate. The report looked at four information practice principles -- notice, choice, access, and security.

"The Commission's survey of Web sites tells us that industry efforts to encourage voluntary adoption of these principles have not met with great success," Pitofsky said in a written statement.

"More incentives are necessary to encourage self regulation and to ensure consumers that their personal information will be protected online," he said. "In fact, the online marketplace is unlikely to reach its full potential until consumers are confident that adequate protections are in place to protect their personal information."

The report, submitted to Congress, found that development of e-commerce is at "a critical juncture" and that growth will be stymied if commercial Internet sites fail to self regulate. The administration of U.S. President Bill Clinton has taken a hands-off approach to Internet regulation. Today's report, however, already has touched off debate about that policy.

In an attempt to stave off a push for legislation, 12 high-technology trade associations have banded together to announce a self-regulation plan regarding privacy issues. The group has worked on its proposal for four months and yesterday sent a letter to Clinton outlining the plan, which calls for adoption of a unified set of privacy protection standards and an action plan for broader adoption of privacy policies by Internet sites.

Copies of the FTC report, a consumer publication regarding online safety and privacy and the FTC's "About Privacy" Web page can be accessed from the Commission's Internet site.

--Nancy Weil, IDG News Service


Magaziner outlines U.S. Internet policy; white paper expected soon

Cambridge, MA (May 29, 1998) -- The U.S. Department of Commerce next week will release its White Paper on Internet Governance, which establishes a private non-profit group headed by an international board to oversee domain name management, Ira Magaziner, U.S. Presidential Advisor on the Internet, said today.

Besides offering that tidbit of news, Magaziner outlined U.S. President Bill Clinton's Internet and technology policies at the Harvard Conference on Internet & Technology here and also held an impromptu press conference where he discussed a range of topics, including progress on the international front regarding Internet regulation and policy.

Magaziner told reporters that he could not offer specifics about what changes have been made in the paper, which has gone through some 17 drafts and is posted on the Internet. The administration also sought e-mail comments on the draft proposal and those, too, have been posted.

"The preponderance of opinion is what we followed," to prepare the White Paper, he said.

Attorneys from the U.S. departments of Justice and Commerce are reviewing the final version to make certain that the legal basis of the document is clear and that it can withstand any court challenges. If the document is legally weak, then court challenges could lead to judicial decisions that wind up establishing a legal framework that subverts the administration policy, he said.

Another major stumbling block has been that U.S. tax dollars have been used in the the domain-name registration process, which was established through government contracts. The government has stringent regulations in place regarding the transfer of programs established with tax dollars to a private entity, such as the organization that will oversee domain-name management. The transfer to the new organization, expected to occur by Oct. 1, has to follow those stipulations, Magaziner said.

In his remarks to the conference, he also delivered a reprise of a recent Department of Commerce report showing that more than one-third of real growth in the economy has been from IT, largely driven by Internet growth. IT has further helped to keep the inflation rate low and continues to provide jobs that pay more than the average in other industries.

The private sector must take the lead because "the digital economy...moves too fast and requires too much flexibility" for the slow, bureaucratic nature of government to be effective. The administration also is committed to respecting the nature of the Internet and the need for policies that are technology neutral and decentralized.

International issues remain
The leadership position of the U.S. has not pleased some nations and the Green Paper that preceded the upcoming release of the White Paper on Internet Governance raised calls for more international input on such matters.

At the press conference, Magaziner said he believes that the U.S. and other developed nations are no longer far apart when it comes to a cluster of important issues, including domain-name management and privacy concerns. If the Internet can be pushed into "effective self regulation" in the next few months, then the U.S. can appeal to the European Union to make a case that such regulation can succeed.

Because of that, Magaziner isn't terribly worried about what might happen come October, when the European Privacy Directive is to take effect, particularly because the various nations involved will administer and enforce the directive differently.

"How they do it in Denmark is different from how they do it in France," he said.

Encryption policy and key recovery technology continue to be sticking points, but Magaziner said those areas also are being worked on and the administration is confident that there will be resolution to those issues -- though precisely how such matters will be resolved remains uncertain.

The recent World Trade Organization (WTO) decision to keep the Internet duty free for at least one more year is yet another indication that accord is being reached on key points, Magaziner said.

"We think we made substantial progress," he said, calling the agreement, "very significant."

Developed nations that want a duty-free Internet will continue the education process with developing countries to encourage their support. At the end of the duty-free period, Magaziner said he believes the WTO will have a difficult time reversing its position and imposing Internet tariffs.

"We don't view these international discussions we're having as trade negotiations where we're trying to tell them what to do," Magaziner said.

As for U.S. turf, a bit of a tussle seems to be emerging between the administration's hands-off policy on Internet regulation and the U.S. Federal Communications Commission (FCC), which in a recent report to Congress left open the possibility of imposing regulations on Internet telephony.

Asked about the FCC's regulatory authority and the whether or not it remains a relevant body given the fast pace of technological change and the convergence of voice and data communications, Magaziner politely backed away from the issue, noting that he wouldn't want to say that the FCC is no longer necessary.

Instead, he offered this: "I think they're going to have to evolve...I think they're going to realize (regulation) is not the right way to go."

--Nancy Weil, IDG News Service



Clinton takes steps to guard U.S. against cyber attacks

San Francisco (May 22, 1998) -- U.S. President Bill Clinton told a group of U.S. Naval Academy officers today that the nation needs to takes strong measures to guard against cyberattacks.

Clinton also signed a directive establishing the offices of National Coordinator for Security, Infrastructure Protection and Counterterrorism, which will oversee a variety of policies and programs. Those will cover counter-terrorism and the protection of critical infrastructure, which includes communications networks.

"As we approach the 21st century, our foes have extended the fields of battle -- from physical space to cyberspace; from the world's vast bodies of water to the complex workings of our own human bodies," said Clinton, according to a transcript of the speech he gave at the U.S. Naval Academy in Annapolis, Maryland. "Rather than invading our beaches or launching bombers, these adversaries may attempt cyberattacks against our critical military systems and our economic base."

Pointing to the satellite failure earlier this week, which disabled most of the nation's paging networks and broadcasting and data services, Clinton said the incident highlights the country's dependence on technology and the vulnerability of communications networks.

"Intentional attacks against our critical systems already are underway. Hackers break into government and business computers. They can raid banks, run up credit card charges, extort money by threats to unleash computer viruses," he said.

In order to be better prepared, Clinton called for the establishment of an early warning system to be operational by 2003. The system should be capable of detecting and defending against attacks on critical infrastructures such as power systems, water supplies, air traffic control, financial services, telephone systems, computer networks, and police, fire, and medical services.

"Just 15 years ago, these infrastructures -- some within government, some in the private sector -- were separate and distinct," Clinton said. "Now, they are linked together over vast computer-electronic networks, greatly increasing our productivity, but also making us much more vulnerable to disruption. ...If we fail to take strong action, then terrorists, criminals, and hostile regimes could invade and paralyze these vital systems, disrupting commerce, threatening health, weakening our capacity to function in a crisis," he warned.

The president appointed National Security Council adviser Richard Clarke, to head a new office on infrastructure protection and counterterrorism. Also, former U.S. Senator Sam Nunn and Jamie Gorelick, formerly the U.S. Justice Department's number-two official and now the Federal National Mortgage Association's vice chairwoman, will lead a private industry advisory group, the Dow Jones news service reported.

Today's moves follow an October 1997 recommendation by the President's Commission on Critical Infrastructure Protection that the government create a real-time warning capability modeled upon the military's air defense and missile-warning system.

While the commission found no evidence of an impending cyberattack on the nation's infrastructure, its members warned that the capability to exploit weaknesses in the country's power, telecommunications, transportation, and financial segments does exist.

In addition, U.S. Attorney General Janet Reno announced in February an interagency effort to track and analyze electronic threats to the nation's critical infrastructures, such as communications, transportation, and energy networks.

The National Infrastructure Protection Center will include the Computer Investigations and Infrastructure Threat Assessment Center of the U.S. Federal Bureau of Investigation, and will add real-time intrusion-detection capabilities for cyberattacks directed at various national, electronic infrastructures.

--Torsten Busse, IDG News Service

What did you think of this article?
-Very worth reading
-Worth reading
-Not worth reading
-Too long
-Just right
-Too short
-Too technical
-Just right
-Not technical enough

[Table of Contents]
Sun's Site
[Next story]
Sun's Site

[(c) Copyright  Web Publishing Inc., and IDG Communication company]

If you have technical problems with this magazine, contact

Last modified: