John Beukema, Solicitor
15th Floor HongkongBank Building
673 Nathan Road, Kowloon
Table of contents
Introduction 3Computer Networking 3The Internet 3Service Providers 5Commercial Services 5Internet Service Providers "ISP" 5Internet Services 5Hong Kong Regulation of ISP's 6Telecommunications Ordinance 6IVANS/PNETS License 6Public vs. Private Services 7The ISP and the Internet 7Internet Backbone Access 7CIX 7HKIX 8USENET News Feed 8The ISP and its Customer 8The Subscriber Agreement 8WWW Host Agreement 8Domain Name and IP Numbers 9IP Number 9Virtual Domains 9The Customer's Right of Privacy 10ISP's Right to Inspect 10Commercial Subscribers Rights 10Misconduct by the Customer 10Unauthorised Access to Data 10'Spamming' News groups 11The ISP and Third Parties 11Copyright Violation 11Hacking 12Defamation 13Pornography 13Hosting vs. Providing Access 14Commerce on the Internet 14Security 14Security of Information 14Identity of Correspondent 15Encryption Techniques 15Public Key Encryption 15Impediments 15Digital Signatures 16Future Directions 16Securities 16Banking 16Gambling 16
The Internet, virtually unknown outside of academia several years ago, has become a topic of conversation and interest throughout the business world. It is easy to see why this is so. It offers world wide networking and communications at low fixed prices. It has become a major research resource, a convenient method of publishing information, communicating by electronic mail, advertising and, increasingly engaging in commerce. It is no wonder that the new medium presents novel legal and regulatory challenges.
The Internet is a network of computer networks.
A computer network consists of two or more computers running
compatible network software which are connected by direct cabling,
leased or switched telecommunications lines, or other communications
techniques. The computers are then able to share or transfer
files, exchange electronic mail and generally have facilities
for remote login and remote execution of programs.
A network connected by direct, high speed cabling is known as a Local Area Network ("LAN") and one connected by telecommunications lines as a Wide Area Network ("WAN"). Early networks were based on mainframe computers and used proprietary communications protocols, restricting connectivity to compatible equipment. More recently, the UNIX operating system has come into wide use in networking. UNIX uses a protocol suite known as TCP/IP which is now available for a number of other operating systems including MSDOS, Macintosh, Windows and NT, allowing dissimilar computers to communicate over a network.
The Internet is a network of computer networks communicating using TCP/IP and linked by communications lines ranging in speed from ordinary telephone lines to fibre optics operating at Gigabit/s speeds. The network is based on the a series of communications protocols and programs associated with the UNIX operating system. Internet has its origins in a system developed by the US Department of Defence called the ARPANET Originally ARPANET linked universities, research establishments and defence contractors and permitted sharing research and data. The network has now been extended to the general public and is experiencing a period of explosive growth through low cost modem access for individuals and small companies and higher speed access using new telecommunication products such as ISDN and frame relay. Much of the recent growth has been through the emergence of common carriers and indirectly via common carriers known as Internet Service Providers ("ISP'S").
In its present form, the Internet consists of a number of high speed backbone networks, mostly of fibre optics cabling capable of transmitting many million bits per second which are connected to switching computers known as routers. Each serves as a gateway to individual computers and other networks.
Every computer or host connected to Internet must have an address which is a unique number assigned by a central authority which identifies the network it is on, the sub-network and the machine. Most users also register a name which is associated with the number. The result is a gigantic, privately operated web of computers connected together which can exchange data of all sorts at high speed.
Data is sent from any one computer connected to the network to any other in small packages called packets. A packet has a destination address, a sequence number and a body of raw data. Packets are switched and transferred by specialised computers known as routers. Each router maintains tables of network information providing various routes to any of the major networks. Once in the major networks, other routers direct the packet to its destination where the packets are assembled in order and checked for accuracy. The formal series of procedures for handling the transmission, routing, checking and assembling of packets is known as a protocol. Internet is based at present on the TCP/IP protocol.
Packets can and are used to transmit data of all types such as electronic mail or e-mail, computer files such as word processing files, spread sheets, programs, pictures and even voice and video. Essentially all of the relaying, routing and retransmission of information in the form of packets is processed only by machine, without human intervention.
There are estimated to be 40 million users who have access to the Internet at this time and the number of users is increasing at exponential rates. Although two thirds of the current users are US residents, there are now hosts in nearly every country of the world from China, South America to the former Soviet republics. The number of users outside the US is growing at a more rapid rate than the usage in the US, although from a much smaller base.
Internet is continuing to evolve. It forms the inspiration for a variety of proposals dubbed the 'Information Superhighway'. Independent of any governmental plans, new telecommunications products such as ATM (Asynchronous Transmission Mode) offering switched transmission at hundreds of megabits to several gigabits a second at a modest cost are rapidly being incorporated into the net. On the user side, ISDN and frame relay service now offers up to 128 Kbs dial up service which can be used for subscriber connections to the Internet at a modest US $ 30 per month in many areas of the United States. Interactive business use of portions of the net, once frowned upon, are now accepted practice. High speed connections via cable TV systems, satellites, cellular and other wireless systems are multiplying.
The newest personal computers are now routinely equipped with modems, communications software and multi-mode subsystems permitting images, video, voice and data to be manipulated and combined in a single document and transmitted to other computers. The higher speed Internet of the near future will carry such documents permitting new services which cannot even be imagined at the present.
Traditionally, access to the Internet has been through UNIX type character based programs which are 'user unfriendly'. This also is rapidly changing with the development of windowing system based interfaces such as Netscape and Windows 95. The majority of Internet users until recently had a connection or account with a university, research laboratory, or major corporation. The cost of equipment and telecommunications made it nearly impossible for an individual or small company to connect to the net.
Major transnational corporations have long
used private networks based on mainframe or mini-computer technology
for internal services.
Within the last five years, however, service providers have sprung up, initially in the US and lately abroad which offer network connections on a subscription basis. The first service providers operated proprietary networks such as CompuServe, Bixnet, Genie net and several others. These offered parallel networks which were either not connected to Internet or were connected in a severely limited way. For example, CompuServe allowed mail to cross to and from Internet but until recently had limited access to the other services.
In many ways the Internet is becoming the smaller company's equivalent of the private network. Since Internet services became widely available around the world, companies which cannot afford a private network have begun to obtain nearly equivalent performance for a fraction of the cost using service providers.
As the full range of Internet services becomes better known to the general public, service providers began offering the user a connection to the Internet. Such a connection can take one or two forms:-
The list of services offered over Internet is rapidly growing with the number of users and the increased transmission speeds of the network:
In Hong Kong telecommunications networks and services are regulated by the Telecommunications Ordinance, its subsidiary legislation and the Telephone Ordinance. Under the Telecommunications Ordinance, no person shall operate any public telecommunication networks or services unless and appropriate license from the Governor in Council or the Telecommunications Authority (TA) is first obtained. The Regulations provide for a Public Non-Exclusive Telecommunications Service (PNETS) License. The TA has determined that Internet service providers are considered International Value-Added Network Services (IVANS) which are permitted under the PNETS license. It is mandatory to obtain a PNETS license to provide Internet services as these fall within the scope of IVANS.
The TA and the government are not restricting the number of licenses available the application seldom takes more than three weeks to be approved. The requirements for PNETS application are listed below:
A service provider who offers International
Value Added Network Services (IVANS) to the public via
the dial up public network must use special telephone numbers
beginning with the prefix 300 and pay an interconnection charge
of HK$5.40 per hour to Hong Kong Telcom for use of the international
The TA has stated however that a private network such as a University, large corporation or association or even a commercial customer connected to a service provider by a direct connection or leased line is not considered a public user and would not be liable for the PNETS interconnection charge even if its students, members, or employees used the public telephone network to connect to the private system.
The CIX is the commercial backbone of the
Internet and is located in the United States. An ISP must obtain
a direct or indirect connection to a switching point of the CIX
to be able to offer reasonable Internet service and of course
the faster and more direct , the better. Although previously
Hong Kong Telcom held a monopoly position on international leased
lines, there are now many competitive offerings including dedicated
lines to the US with CIX connections and, in many cases USENET
news feed offered by major overseas telecommunications groups
and recently, by Hong Kong Telcom itself.
The line and connection charge is a major operating cost of an ISP. Since many of the early ISP's in Hong Kong signed one to two year contracts for lines and connections at a time when prices were substantially higher than today, one can expect pressure from them to re-negotiate or attempt to avoid the contracts.
The HKIX is a local Hong Kong interconnection backbone operated by a consortium of ISP's and users to take some of the load off the transpacific connection. Previously, a message from one Hong Kong ISP to another would do a round trip to the US backbone which could take up to several seconds and load the costly link to the US. Communications between local ISP's on the HKIX are now rapid. Obtaining an HKIX connection involves a local leased line to Hong Kong Chinese University and a router and a subscription to the HKIX.
The USENET news groups are an important part of any Internet service. A full feed of all 14,000 groups involves the transfer, essentially one way, of about 200 Mbytes of data per day, day in and day out. A 15 day expiry policy for postings will result in about 10 Gigabytes of news on the ISP's disk storage. Most of this data is not copyrighted and is often included in the price of the backbone package, either to CIX or to HKIX. Copyrighted news is available at additional charge.
The subscriber agreement is the basic contract between the ISP and its customer. The agreement will vary depending on the type of service and the class of customer, individual or corporate. It should contain at the very least:-
Hosting World Wide Web pages, either in a users directory or using a 'virtual server' can involve the ISP in the publication of materials and the sections concerning libel, copyright infringement and pornography should be taken into account in drafting such an agreement.
The basic protocol on which the Internet operates
is TCP/IP in which each computer, router and/or bridge has a unique
32 bit address generally expressed in a form such as 22.214.171.124.
A family of host devices in a location is a domain. A
portion of the IP number identifies the network and the remainde,
the domain. In this example, the number 202.76.19 is the network
number, and the balance is the number of a machine or host, in
In an active network, these numbers can and
frequently do change as the network grows. A system has evolved
of using domain names and a naming service instead of raw numbers.
Thus oln-law.com is the Oldham, Li & Nie domain, a
portion of which corresponds to 126.96.36.199 at the time of
writing of this article. However that number might change in
the future and the name service would simply assign the changed
number to the domain name.
Domain names are assigned by one of two authorities:
Global domains ending with mil, com, edu, net, or org
are assigned by internic.net in the US. Regional names
ending with country or state codes such as hk, uk, ru and
the US states such as ca, are assigned by designated regional
As the Internet becomes increasingly important, the ownership and protection of the domain name, both internationally and regionally becomes a concern. Internic has shown a desire to side-step ownership problems by providing that an applicant certity that it has the right to use the domain name it is applying for and specifying binding arbitration in the event of a dispute regarding the right to use the name. Nevertheless, initial registration is on the basis of 'first come, first served' with no justification required. Thus, a business may wish to apply for a domain name incorporating its trade name as a precautionary measure.
Given the widespread use of domain names, the actual IP numbers assigned to an Internet user is of lesser importance than the name. With the explosion of the Internet, there is now a concern that there will not be sufficient numbers to satisfy all users in the future. The obvious solution to this problem is to use larger numbers but this solution will raise enormous compatibility problems with existing software. Until larger numbers are in use on the Internet, the possession by an organisation of sufficient IP numbers may become a scarce resource.
A partial solution to the number scarcity
increasingly in use today is the virtual domain. A virtual
domain is method of assigning a domain name as an alias for a
specific user on a different machine. For example, a service
provider may offer to host world wide web pages for its customers,
each using its own domain name such as www.customer1.com, www.customer2.com
etc. but which correspond to IP numbers owned by the ISP.
Using virtual domains, www inquiries would be redirected to the same machine but to the customer's sub-directory. From the inquirers point of view, the query appears to have been directed to a stand alone machine dedicated to the customer's page and could at a later stage be moved to another machine or even network without changing the domain name. Virtual domains can also be used by extremely busy sites to have several machines share the load of a single host name.
Most service providers are using an operating
system derived from UNIX. In these systems, the super user or
supervisor can read, write, delete or modify any file in the system,
regardless of ownership or file rights. It is technically feasible
for any one possessing the supervisor password to read any customer's
mail or other confidential documents unless they are encrypted.
In Hong Kong, the Computer Crimes Ordinance generally forbids using telecommunication device to obtain unauthorised access to any program or data. A lack of authorisation is defined as a person who is not entitled to control access (i.e. is not the supervisor) and who has not been authorised. The system operator is not covered by the act since he is entitled to control access. Furthermore, the system operator does not generally use telecommunications to login the computers of a provider but logs directly in via the console. It is unclear whether a supervisor who abuses his position to read confidential customer documents is violating any Hong Kong law at this time.
Most ISP agreements reserve the express right of the ISP to monitor the customer's use of the account. Even in the absence of such a provision, the right to supervise a computer implies the right to monitor and inspect usage of the system. An ISP should be careful in exercising this right however unless there is evidence of abuse, particularly where the customer is also a content provider since editing a content provider may make the ISP responsible for the content itself.
A related question of privacy arises in the case of corporate Internet accounts where a company supervisor may have the right to read the mail and other documents in the individual accounts of its corporate users. This access also appears to be protected from the application of the Computer Crimes Ordinance in that the supervisor is entitled to control access of those users.
The access or attempted access by a customer
to another customer's account on the same machine or another machine
is regarded as a serious breach, both of the law and the rules
of the ISP. If the access or attempted access is not motivated
by gain and no harm is caused, it is a misdemeanour under the
Computer Crimes Ordinance, punishable by a fine of up to $20,000.
If the access is for gain (defined very broadly), it can be treated
under the Crimes Ordinance as a felony punishable by five years
The ISP would certainly be entitled to discontinue service to a customer attempting to access other computers or other customer accounts regardless of the terms of the service agreement.
The practice of 'spamming' news groups is
a violation of net etiquette consisting of sending unsolicited
material (usually commercial) to thousands of unrelated news groups.
One of the most infamous cases involved a firm of immigration
lawyers which send an advertisement for US immigration assistance
to all approximately 14,000 USENET news groups.
This practice, although not illegal as such,
is strongly resented by the Internet users community and
will result in retaliation and harassment against the spammer
and his ISP. In the immigration case, aside from thousands of
protests to the local bar association, the firm was sent 'mail
bombs' consisting of tens of thousands of computer generated mail
messages, swamping its mail box and bring its ISP and all its
other customers to a standstill. In addition, someone obtained
the business and home phone numbers of the partners of the firm
and posted them in the net, forcing the firm to change its ISP
and all its phone numbers.
Since 'spamming' is not illegal, the ISP, for its own sake, should specifically reserve the right to terminate the service agreement of a customer who engages in such practices. Very recently, the TA has called ISP's attention to their obligation not to permit the service to be used to disseminate unsolicited commercial material and presumably would be sympathetic to an ISP who terminated a spammer.
The mere copying of copyrighted material is
a violation of the author's rights but is almost impossible for
an ISP to prevent without examining the home directories of all
its customers periodically.
A customer may seek to use his account to
distribute copyrighted material to the public. If this is on
a sufficiently grand scale, it is likely provoke a reaction from
the owner of the copyright. There are conflicting US cases concerning
whether a service provider is liable as a publisher of copyrighted
or libellous material even if he does not know of or control its
use. In the case of libel, censorship or even monitoring of a
customers account may change the status of the ISP from a mere
communications facilities provider to that of a secondary publisher
like a news-stand, or even a primary publisher (e.g. an editor).
This is obviously undesirable but it does
not follow that an ISP should hear no evil and see no evil in
spite of signs or even express warnings that its customers are
violating the rights of others. The law is eventually influenced
by what is practical and reasonable and ISP's who ignore warnings
of infringement on the grounds that this improves their legal
position may suffer some rude shocks when they are held as aides
or abettors to the infringer.
An interesting aspect of copyright infringement
via publication on a web page is the determination of the location
where the infringement took place. In a pending Hong Kong High
Court case against a US ISP and its customer for infringing a
Hong Kong based magazine by placing portions of it on a web page
hosted in California but which could and was read by people in
Hong Kong, the Hong Kong court determined that there was alleged
sufficient publication in Hong Kong to justify service of process
out of the jurisdiction. Therefore the California defendants
will be forced to defend the case in Hong Kong.
Copyright infringement is risky for the perpetrator if he is known. However if an infringer can find an area of public access without password control or where many users share the same password, he can rely on not being caught since it may be impossible to prove who placed the infringing material in the public access area. An elementary precaution for an ISP to take is not to permit any access to the system such as a guest account or an anonymous ftp without individual password control and access logging.
Using a computer to gain unauthorised access
to other computers, or even information, facilities or files on
the same host computer but not intended for the recipient, is
sometimes known as 'hacking'. In Hong Kong, the Computer Crimes
Ordinance makes hacking an offence as a hapless student hacker
at Chinese University found out to his dismay.
However, the hacking statutes only forbid
unauthorised access to data. If a system has a guest account
or permits anonymous ftp which does not require a password, someone
who uses that account to access information not intended for them
(but otherwise unrestricted) is not violating the hacker statutes.
If system administrators are careless and allow sensitive information
to reside in directories which are world readable, or even world
writeable, a user who copies the information or edits it is "authorised"
in that his legitimate password or no password gives him access
to the material. Where the host computer is connected to the
Internet, such access is available to literally millions of users
all over the world.
Internet users who detect abuse are quick
to complain to the abuser's service provider, often by forwarding
a copy of the offending message or other evidence by e-mail to
firstname.lastname@example.org. Although there is as yet no case
law on the question, an ISP who had been warned that one of his
users was using the connection for hacking or other anti-social
purpose, who took no action to stop the abuse would appear to
risk liability for contributing to any future damage by the user.
Unfortunately, neither the Computer Crimes Ordinance nor the Crimes Ordinance as recently amended appear to cover a common hacking attack known as a 'denial of service attack'. In this attack, an authorised user sets a program in motion running in his own directory which uses all the resources of the machine and brings it almost to a halt. Since this attack involves an authorised user, it does not fall within the definition of most of the hacking statutes. ISP's should not tolerate abuse of the system however and illegal or not, promptly cancel the abuser's account.
Defamation is both a crime that can be prosecuted in Hong Kong either by the public prosecutor or by an individual and a tort upon which a civil action may be founded. Libel is defamation in a 'permanent' form such as writing, pictures or even recordings and slander is speech only. Although the law in this area is confusing, an ISP who does not monitor or edit the content of his users would be regarded as a common carrier if it was a mere conduit of a libelous message sent, for example by e-mail or posted to a news group hosted elsewhere. If the libelous message were posted on a BBS, web page or news group hosted by the ISP without its knowledge, there is considerable support that the ISP is an 'innocent' secondary publisher such as news vendor or distributor and as such should not be liable. Even if an ISP were held to be a primary publisher, he should be able to 'publish' a suitable retraction and avoid liability.
The storage and transmission of pornography
over the Internet has been blithely ignored by Hong Kong ISP's.
The pornography in both words, pictures and now full motion videos
available on the Internet is not just naughty pictures from Playboy
either. Child pornography, bestiality, snuff flicks and all manner
of perversion not permitted in other media in Hong Kong abound
on the Internet. Considering that the US, generally regarded
as much more liberal in such matters, has brought numerous prosecutions
against both content and service providers, it is naive of Hong
Kong ISP's to feel themselves immune.
What can or should a Hong Kong ISP do about
pornography? This question is easier to answer in the negative
- What cannot be expected of an ISP on technological grounds?
An ISP cannot prevent its subscribers from connecting to remote
sites which offer pornography and viewing, reading or downloading
such material. There is no program, filter or robot in existence
which can determine whether a compressed file contains a picture
of Bambi or Tammy and the Football Team. Filters looking for
words will and have eliminated messages from serious researchers
discussing the sex of fruit flies or the Rape of the Sabines.
In any event, all such efforts are frustrated by simple compression
Pornography must, however, reside on some
computer system, somewhere. In no reported instance has an ISP
been charged for not monitoring the connections his users make
over the Internet. For an ISP to serve as a storage and distribution
site for pornography is another matter. Pornography is stored
and distributed in three principal ways:- USENET news groups,
ftp sites and, recently, web pages.
There are over 14,000 news groups and all
ISP's have the option to take or not take specific groups. This
is not the equivalent of exercising editorial control over the
content of the groups taken, but merely the judgement that some
discussion groups are more appropriate for Hong Kong than others.
Groups that are taken by the ISP are usually continuously downloaded
and stored locally such that a search warrant will find them located
in Hong Kong. At the risk of sounding prudish, ISP's would be
well advised to choose carefully which of these groups to carry
and copy for the local audience.
For ftp sites and web pages distributing pornography, the advice is simple, let someone else host these sites.
As emphasised above, there are significantly
greater risks in providing a site for the distribution of material
than there is in a simple passive account such as a PPP which
merely connects the customer to the Internet. The ISP should
adjust its charges to take into account these greater risks.
In a PPP account, whatever is produced, stored, or down loaded
resides on the user's computer at home or office and not the ISP's.
Not only does this reduce the use of disk resources, but it insulates
the ISP from direct involvement of the users actions.
Hosting web sites and permitting file storage and distribution should, in my view, be accompanied by suitable rules and indemnities and higher charges.
The Internet has great potential for use in
international commerce. Its use still poses a number of technical
and legal problems to be solved before it becomes universal.
The principal commercial uses of the Internet
at present involve messaging and communications. E-mail and its
variants such as electronic mailing lists and USENET remain the
application most used in business for communications. Increasingly,
companies use e-mail technical support and product announcements
and communications with customers. Those companies whose products
have software elements or extensive technical documentation, may
also use the ftp protocol to disseminate technical documents and
software revisions over the Internet. The World Wide Web is of
course becoming increasingly important in disseminating information
and advertising products.
These uses are relatively low security risk. However, commerce implies firm contracts and payment, each of which present challenges in the present state of the art.
All commercial computer networks are inherently insecure and the Internet is the most insecure of the lot. Any node or relay point can intercept messages not intended for it and in certain circumstances, change the content or substitute a completely different message. The same can be said for any local area network - any machine on the network can be programmed to read all of the traffic on the wire, whether or not intended for it. Where the information intercepted, may be credit card and/or PIN numbers and the like, this is indeed a serious problem.
Just as it is easy to intercept messages, so it is also not difficult to assume the identity of a trusted correspondent, called 'spoofing' in hackers jargon. None of these problems are by any means new. Documents may be altered, signatures forged, faxes intercepted but with the Internet the perpetrator could be half way around the world and nearly undetectable.
Fortunately, the solution, encryption techniques, is both simple and elegant and can solve both the above problems with relatively few drawbacks. In the simple case, the body of the message (the address stays unencrypted) is first processed to add an elaborate checksum which will change if any character in the message is changed or moved. The message including the checksum is then encrypted with a secret key and sent. The intended recipient decodes the message using the secret key and verifies that the checksum matches the message as received. This gives the assurance that the message was sent by the person having the secret key and has not been altered. But how do you send the secret key?
The public key algorithm was developed to
solve this problem. It is the equivalent of the double lock on
a safety deposit box. Two keys are required to decode any text.
Each correspondent makes one key, the public key, widely available
by being published in print, on a well known web page or deposited
at a controlled depository. Each correspondent has a private
key which he keeps secret. The pairs of keys are mathematically
related in such a way that a message coded with one correspondent's
private key may only be decoded by his public key and visa versa.
As a result, a message encoded in one party's private key and send to a correspondent who can decode using the purported senders public key and checksum it correctly could only have originated from someone having the private key. It therefore can serve as a digital signature and authentication of the message. Similarly, a message coded in the public key of a correspondent can only be decoded using his private key. The method has one drawback , however. It is much slower to decode than single key encryption. For this reason, modern encryption systems such as the Netscape Commerce Server and client, use public key encryption to encode a one time large single key, send it to the other party and thereafter use the single for the transaction.
There are several impediments to the widespread
use of encryption in commerce. Firstly there is a variety of
systems and methods available on the market, some patented, some
not and no single system has yet won general acceptance. Needless
to say that correspondents can only communicate if each uses the
The second impediment is that certain governments,
notably the US and French, treat encryption software with the
same legislation that covers armaments and forbid its export,
in the case of the US, and export or import, in the case of France.
This is in spite of the fact that the source code of all major
encryption algorithms has been widely available on the Internet
It is now possible to obtain US export licenses for software using the DES algorithm with a key of no more than 40 bits.
Signatures affixed by printing, facsimile, cheque signing machines and the like are widely recognised in law as constituting a signature at least in the area of contract law. It is widely accepted that the presentation of a debit card accompanied by a PIN number constitutes the equivalent of a signature. Signatures in writing are of course susceptible to forgery and a mere typed name even more so. It will be some time before there is wide spread use of encrypted digital signatures. The first court cases are apt to arise out of the formation of contracts over the Internet using web servers such as the Netscape Commerce Server.
The range of future uses of the Internet and the legal and regulatory problems that these will create is mind-boggling. The following are some of the new uses introduced within the last six months alone.
The United States Securities and Exchange Commission ("SEC") already approved an original stock flotation over the Internet without a printed prospectus (the prospectus was on a web page) and without an underwriter. The issue raised US$1.6 million for a small brewery in New York with minimal costs. It is possible for individuals to buy and sell some shares traded on the NASDAQ through the Internet without intervention of a broker.
There are a number of bank offering a full range of banking services over the Internet.
Virtual casinos operating in a jurisdiction where gambling is legal are beginning to offer gaming in places where it is distinctly not legal.