for the International Sale of Goods, 1980. Where a state has ratified the EC Convention and is a contracting state or is to become a contracting state to the listed conventions, the expectation is that the courts of the state will apply the EC Convention in relation to the electronic communications used in dealings that attract the application of the listed conventions. For instance, if two parties have entered an agreement to which the Vienna Convention applies and they enter into electronic communications in respect of, say, failure to deliver and the forum state is also a party to the EC Convention, then Art 20 enables its application to those electronic communications. According to the Explanatory Note (para 290):

These provisions aim at providing a domestic solution for a problem originating in international instruments. They are based on the recognition that domestic courts already interpret commercial law instruments. Paragraphs 1 and 2 of article 20 of the Electronic Communications Convention ensure that a Contracting State would incorporate into its legal system a provision that directs its judicial bodies to use the provisions of the Convention to address legal issues relating to the use of data messages in the context of other international conventions (see A/CN.9.548 para 49).

Conclusion

The initiatives considered in this chapter address only part of the issues relating to the facilitation of electronic transactions. Electronic signatures have emerged as an important tool in boosting the authenticity and authentication of a message with the result that UNCITRAL, as well as the EU, have drafted instruments to bring about harmonisation in their use in electronic transactions. Chapter 4 focuses on the legislative initiatives alongside developments in respect of protecting the electronic medium from external threats.

Further reading

Abbott and Snidal, ‘Hard and soft law in international governance’ (2000) 54 International Organisation 421.

Bennett and Raab, The Governance of Privacy: Policy Implication in Global Perspective, 2003, Ashgate. Braithwaite and Drahos, Global Business Regulation, 2000, CUP.

Dickie, Internet and Electronic Commerce Law in the European Union, 1999, Hart Publishing. Froomkin, ‘Of government and governance’ (1999) 14 Berkeley Technology LJ 32.

Froomkin, ‘Habermas@discourse.net: toward a critical theory in cyberspace’ (2003) 3 Harvard LR 751. Koops, Prins and Hijmans (eds), ICT Law and Internationalisation: A Survey of Government Views,

2000, Kluwer.

Kralingen and Prins, ‘To regulate or not to regulate: prevalence and impact of a virtual law society’ (1997) 4(2) The EDI LR 91.

Krcmar, Bjørn-Andersen and Callaghan (eds), EDI in Europe, 1995, John Wiley. Lessig, ‘The zones of cyberspace’ (1996) 48 Stanford LR 1408.

Mayer, ‘Europe and the Internet: the old world and the new medium’ (2000) 11 European Journal of International Law 149.

Ogus, ‘Rethinking self-regulation’ (1995) 15 Oxford Journal of Legal Studies 97.

Perritt, ‘Economic and other barriers to electronic commerce’ (2000) 21 University of Pennsylvania Journal of International Economic Law 563.

Reams, Kutten and Strehler, Electronic Contracting Law, 1992–93, Clark Boardman Callaghan. Reich and Smith (eds), ‘Special issue: implementing the consumer-supplier dialogue through soft

law?’ (1984) Journal of Consumer Policy, at pp 111–321.

Reidenberg, ‘Governing networks and cyberspace rule making’ (1996) 45 Emory LJ 912.

Shapiro, The Control Revolution, 1999, Public Affairs.

Stephan, ‘The futility of unifi cation and harmonisation in international commercial law’ (1999) 39 Virginia Journal of International Law 743.

Van Klink and Prins, Law and Regulation: Scenarios for the Information Age, 2002, IOS. Walden (ed), EDI and the Law, 1989, Blenheim Online.

Walden, ‘Proving the electronic trade instrument’ (1994) The EDI LR 239.

Chapter 4

The Electronic Transaction

and Security Issues

Chapter Contents

Introduction

It is trite to extol the virtues of the IT (information technology) revolution, its ability to shrink space and time, to bring people together without traversing long distances, to create new marketplaces and to contribute to global economic growth. The positive effects of electronic commerce (e-commerce) for the economy have been rehearsed and voiced in the policy documents of states1 and regional groupings,2 eagerly welcomed by the commercial community and enthusiastically celebrated by the media. Peculiarities of the digital medium (e.g., its intangibility) pose problems. Authenticity, integrity and authentication of electronic messages are open to doubt. Numerous questions arise in relation to electronic messages. Among them: can the electronic message be trusted? Does it originate from the person claiming to send it? Can the message be relied on? How secure is the message, given that electronic documents can be easily manipulated? Is the received message the same as the message sent? What legal status does an electronically signed message have? Can a sender be held to his electronically communicated message should a dispute arise? Is it enforceable? Do electronic messages and electronic signatures meet the legal requirements of writing and signature?

Vulnerability of the electronic medium from external threats, such as hacking,3 the introduction of viruses4 and worms,5 the use of computers for committing fraud and blackmail and manipulation of computer-held material, causes untold economic harm6 and adds a further layer of uncertainty. It has the potential to undermine the effectiveness and reliability of the medium. There is no doubt that commercial transactions are fraught with risks, more so when they involve an international element. Although businesses are mindful of these dangers and take steps to reduce their level of risk, it would be foolhardy to use a medium, regardless of its advantages, that greatly increases the level of risk – legal or otherwise. These vulnerabilities and legal uncertainties are sufficiently potent to act as a barrier to e-commerce7 with the result that policy makers both at the regional and international level have tried to address the problems through legislation. Whether the legislative steps are adequate to cope with the vulnerabilities of the medium is debatable.

This chapter focuses on security aspects from two angles: first, making an electronic transaction secure through the legal recognition of emerging technology that boosts the integrity and reliability of electronic messages and, second, the increased protection of the electronic medium from external threats through criminal legislation.The first half of the chapter concentrates on electronic signatures used both for establishing the authenticity of the message and authentication of a message and considers, for the most part, the Model Law on Electronic Signatures drafted by the United Nations Commission on International Trade Law (UNCITRAL).8 A brief account is also provided of

3Unauthorised entry into a computer site. It often also involves unauthorised obtaining of information from that site. For instances of hacking and computer fraud, visit www.usdoj.gov.

4Literally, it is nothing more than a program that copies itself but is usually a malicious code that prevents or slows down the operation of a computer system. Note that this is a device intended to cause harm and should not be confused with a bug, which may cause many problems but is an unintentional fault in a computer program, a result of a human error on the part of the programming team.

5 A ‘chain letter’ that propagates through a network. It may cause enormous problems and often carries a virus.

6See Hi-Tech Crime:The Impact on UK Business, 2003, National Hi-Tech Crime Unit. Also see ‘The risk of computer crime to small and medium sized enterprises’, available at www.nhtcu.org.

7 E-commerce is commonly defined as trade that takes place over the Internet with a buyer visiting the seller’s website and includes business-to-business (B2B); business-to-customer (B2C), consumer-to-business (C2B) and customer-to-customer (C2C) trade. Many of the events and factors associated with a contract, such as pre-contractual negotiations, offer, acceptance, terms of the contract are conveyed and stored electronically. See ‘E-commerce survey’ (2000) The Economist, 26 February, at p 6.

8 United Nations Commission on International Trade Law, at www.uncitral.org.