Legal And Regulatory Aspects

of the


Service Provider Business

John Beukema, Solicitor


15th Floor HongkongBank Building

673 Nathan Road, Kowloon

Hong Kong

Table of contents

Introduction 3Computer Networking 3The Internet 3Service Providers 5Commercial Services 5Internet Service Providers "ISP" 5Internet Services 5Hong Kong Regulation of ISP's 6Telecommunications Ordinance 6IVANS/PNETS License 6Public vs. Private Services 7The ISP and the Internet 7Internet Backbone Access 7CIX 7HKIX 8USENET News Feed 8The ISP and its Customer 8The Subscriber Agreement 8WWW Host Agreement 8Domain Name and IP Numbers 9IP Number 9Virtual Domains 9The Customer's Right of Privacy 10ISP's Right to Inspect 10Commercial Subscribers Rights 10Misconduct by the Customer 10Unauthorised Access to Data 10'Spamming' News groups 11The ISP and Third Parties 11Copyright Violation 11Hacking 12Defamation 13Pornography 13Hosting vs. Providing Access 14Commerce on the Internet 14Security 14Security of Information 14Identity of Correspondent 15Encryption Techniques 15Public Key Encryption 15Impediments 15Digital Signatures 16Future Directions 16Securities 16Banking 16Gambling 16


The Internet, virtually unknown outside of academia several years ago, has become a topic of conversation and interest throughout the business world. It is easy to see why this is so. It offers world wide networking and communications at low fixed prices. It has become a major research resource, a convenient method of publishing information, communicating by electronic mail, advertising and, increasingly engaging in commerce. It is no wonder that the new medium presents novel legal and regulatory challenges.

Computer Networking

The Internet is a network of computer networks. A computer network consists of two or more computers running compatible network software which are connected by direct cabling, leased or switched telecommunications lines, or other communications techniques. The computers are then able to share or transfer files, exchange electronic mail and generally have facilities for remote login and remote execution of programs.

A network connected by direct, high speed cabling is known as a Local Area Network ("LAN") and one connected by telecommunications lines as a Wide Area Network ("WAN"). Early networks were based on mainframe computers and used proprietary communications protocols, restricting connectivity to compatible equipment. More recently, the UNIX operating system has come into wide use in networking. UNIX uses a protocol suite known as TCP/IP which is now available for a number of other operating systems including MSDOS, Macintosh, Windows and NT, allowing dissimilar computers to communicate over a network.

The Internet

The Internet is a network of computer networks communicating using TCP/IP and linked by communications lines ranging in speed from ordinary telephone lines to fibre optics operating at Gigabit/s speeds. The network is based on the a series of communications protocols and programs associated with the UNIX operating system. Internet has its origins in a system developed by the US Department of Defence called the ARPANET Originally ARPANET linked universities, research establishments and defence contractors and permitted sharing research and data. The network has now been extended to the general public and is experiencing a period of explosive growth through low cost modem access for individuals and small companies and higher speed access using new telecommunication products such as ISDN and frame relay. Much of the recent growth has been through the emergence of common carriers and indirectly via common carriers known as Internet Service Providers ("ISP'S").

In its present form, the Internet consists of a number of high speed backbone networks, mostly of fibre optics cabling capable of transmitting many million bits per second which are connected to switching computers known as routers. Each serves as a gateway to individual computers and other networks.

Every computer or host connected to Internet must have an address which is a unique number assigned by a central authority which identifies the network it is on, the sub-network and the machine. Most users also register a name which is associated with the number. The result is a gigantic, privately operated web of computers connected together which can exchange data of all sorts at high speed.

Data is sent from any one computer connected to the network to any other in small packages called packets. A packet has a destination address, a sequence number and a body of raw data. Packets are switched and transferred by specialised computers known as routers. Each router maintains tables of network information providing various routes to any of the major networks. Once in the major networks, other routers direct the packet to its destination where the packets are assembled in order and checked for accuracy. The formal series of procedures for handling the transmission, routing, checking and assembling of packets is known as a protocol. Internet is based at present on the TCP/IP protocol.

Packets can and are used to transmit data of all types such as electronic mail or e-mail, computer files such as word processing files, spread sheets, programs, pictures and even voice and video. Essentially all of the relaying, routing and retransmission of information in the form of packets is processed only by machine, without human intervention.

There are estimated to be 40 million users who have access to the Internet at this time and the number of users is increasing at exponential rates. Although two thirds of the current users are US residents, there are now hosts in nearly every country of the world from China, South America to the former Soviet republics. The number of users outside the US is growing at a more rapid rate than the usage in the US, although from a much smaller base.

Internet is continuing to evolve. It forms the inspiration for a variety of proposals dubbed the 'Information Superhighway'. Independent of any governmental plans, new telecommunications products such as ATM (Asynchronous Transmission Mode) offering switched transmission at hundreds of megabits to several gigabits a second at a modest cost are rapidly being incorporated into the net. On the user side, ISDN and frame relay service now offers up to 128 Kbs dial up service which can be used for subscriber connections to the Internet at a modest US $ 30 per month in many areas of the United States. Interactive business use of portions of the net, once frowned upon, are now accepted practice. High speed connections via cable TV systems, satellites, cellular and other wireless systems are multiplying.

The newest personal computers are now routinely equipped with modems, communications software and multi-mode subsystems permitting images, video, voice and data to be manipulated and combined in a single document and transmitted to other computers. The higher speed Internet of the near future will carry such documents permitting new services which cannot even be imagined at the present.

Traditionally, access to the Internet has been through UNIX type character based programs which are 'user unfriendly'. This also is rapidly changing with the development of windowing system based interfaces such as Netscape and Windows 95. The majority of Internet users until recently had a connection or account with a university, research laboratory, or major corporation. The cost of equipment and telecommunications made it nearly impossible for an individual or small company to connect to the net.

Service Providers

Commercial Services

Major transnational corporations have long used private networks based on mainframe or mini-computer technology for internal services.

Within the last five years, however, service providers have sprung up, initially in the US and lately abroad which offer network connections on a subscription basis. The first service providers operated proprietary networks such as CompuServe, Bixnet, Genie net and several others. These offered parallel networks which were either not connected to Internet or were connected in a severely limited way. For example, CompuServe allowed mail to cross to and from Internet but until recently had limited access to the other services.

Internet Service Providers "ISP"

In many ways the Internet is becoming the smaller company's equivalent of the private network. Since Internet services became widely available around the world, companies which cannot afford a private network have begun to obtain nearly equivalent performance for a fraction of the cost using service providers.

As the full range of Internet services becomes better known to the general public, service providers began offering the user a connection to the Internet. Such a connection can take one or two forms:-

  1. UNIX Shell Account which is the shared use of a UNIX computer connected to the Internet by a medium (64 Kbs) or high speed line (256 or greater Kbs). The customer accesses the provider via a dial up line using a personal computer, a modem and simple communications software. The customer's password allows him the use of a private directory and limited disk storage (1 to 5 Mbytes) as well as the communications facilities. Typically, the customer pays only for the connection time regardless of the resources used and can transfer data throughout the world for no extra charge.
  2. Alternately, the customer runs TCP/IP capable software such as Netscape Navigator or Windows 95 Internet Explorer on his own computer and connects to the service provider using a direct communications protocol rather than sharing the UNIX computer of the ISP. This has the advantage of offering a Windows style, user friendly environment and not requiring the user to learn the cryptic UNIX commands to operate a shell account.

Internet Services

The list of services offered over Internet is rapidly growing with the number of users and the increased transmission speeds of the network:

Hong Kong Regulation of ISP's

Telecommunications Ordinance


In Hong Kong telecommunications networks and services are regulated by the Telecommunications Ordinance, its subsidiary legislation and the Telephone Ordinance. Under the Telecommunications Ordinance, no person shall operate any public telecommunication networks or services unless and appropriate license from the Governor in Council or the Telecommunications Authority (TA) is first obtained. The Regulations provide for a Public Non-Exclusive Telecommunications Service (PNETS) License. The TA has determined that Internet service providers are considered International Value-Added Network Services (IVANS) which are permitted under the PNETS license. It is mandatory to obtain a PNETS license to provide Internet services as these fall within the scope of IVANS.

The TA and the government are not restricting the number of licenses available the application seldom takes more than three weeks to be approved. The requirements for PNETS application are listed below:

Public vs. Private Services

A service provider who offers International Value Added Network Services (IVANS) to the public via the dial up public network must use special telephone numbers beginning with the prefix 300 and pay an interconnection charge of HK$5.40 per hour to Hong Kong Telcom for use of the international gateway.

The TA has stated however that a private network such as a University, large corporation or association or even a commercial customer connected to a service provider by a direct connection or leased line is not considered a public user and would not be liable for the PNETS interconnection charge even if its students, members, or employees used the public telephone network to connect to the private system.

The ISP and the Internet

Internet Backbone Access


The CIX is the commercial backbone of the Internet and is located in the United States. An ISP must obtain a direct or indirect connection to a switching point of the CIX to be able to offer reasonable Internet service and of course the faster and more direct , the better. Although previously Hong Kong Telcom held a monopoly position on international leased lines, there are now many competitive offerings including dedicated lines to the US with CIX connections and, in many cases USENET news feed offered by major overseas telecommunications groups and recently, by Hong Kong Telcom itself.

The line and connection charge is a major operating cost of an ISP. Since many of the early ISP's in Hong Kong signed one to two year contracts for lines and connections at a time when prices were substantially higher than today, one can expect pressure from them to re-negotiate or attempt to avoid the contracts.


The HKIX is a local Hong Kong interconnection backbone operated by a consortium of ISP's and users to take some of the load off the transpacific connection. Previously, a message from one Hong Kong ISP to another would do a round trip to the US backbone which could take up to several seconds and load the costly link to the US. Communications between local ISP's on the HKIX are now rapid. Obtaining an HKIX connection involves a local leased line to Hong Kong Chinese University and a router and a subscription to the HKIX.

USENET News Feed

The USENET news groups are an important part of any Internet service. A full feed of all 14,000 groups involves the transfer, essentially one way, of about 200 Mbytes of data per day, day in and day out. A 15 day expiry policy for postings will result in about 10 Gigabytes of news on the ISP's disk storage. Most of this data is not copyrighted and is often included in the price of the backbone package, either to CIX or to HKIX. Copyrighted news is available at additional charge.

The ISP and its Customer

The Subscriber Agreement

The subscriber agreement is the basic contract between the ISP and its customer. The agreement will vary depending on the type of service and the class of customer, individual or corporate. It should contain at the very least:-

WWW Host Agreement

Hosting World Wide Web pages, either in a users directory or using a 'virtual server' can involve the ISP in the publication of materials and the sections concerning libel, copyright infringement and pornography should be taken into account in drafting such an agreement.

Domain Name and IP Numbers

The basic protocol on which the Internet operates is TCP/IP in which each computer, router and/or bridge has a unique 32 bit address generally expressed in a form such as A family of host devices in a location is a domain. A portion of the IP number identifies the network and the remainde, the domain. In this example, the number 202.76.19 is the network number, and the balance is the number of a machine or host, in the domain.

In an active network, these numbers can and frequently do change as the network grows. A system has evolved of using domain names and a naming service instead of raw numbers. Thus is the Oldham, Li & Nie domain, a portion of which corresponds to at the time of writing of this article. However that number might change in the future and the name service would simply assign the changed number to the domain name.

Domain names are assigned by one of two authorities: Global domains ending with mil, com, edu, net, or org are assigned by in the US. Regional names ending with country or state codes such as hk, uk, ru and the US states such as ca, are assigned by designated regional authorities.

As the Internet becomes increasingly important, the ownership and protection of the domain name, both internationally and regionally becomes a concern. Internic has shown a desire to side-step ownership problems by providing that an applicant certity that it has the right to use the domain name it is applying for and specifying binding arbitration in the event of a dispute regarding the right to use the name. Nevertheless, initial registration is on the basis of 'first come, first served' with no justification required. Thus, a business may wish to apply for a domain name incorporating its trade name as a precautionary measure.

IP Number

Given the widespread use of domain names, the actual IP numbers assigned to an Internet user is of lesser importance than the name. With the explosion of the Internet, there is now a concern that there will not be sufficient numbers to satisfy all users in the future. The obvious solution to this problem is to use larger numbers but this solution will raise enormous compatibility problems with existing software. Until larger numbers are in use on the Internet, the possession by an organisation of sufficient IP numbers may become a scarce resource.

Virtual Domains

A partial solution to the number scarcity increasingly in use today is the virtual domain. A virtual domain is method of assigning a domain name as an alias for a specific user on a different machine. For example, a service provider may offer to host world wide web pages for its customers, each using its own domain name such as, etc. but which correspond to IP numbers owned by the ISP.

Using virtual domains, www inquiries would be redirected to the same machine but to the customer's sub-directory. From the inquirers point of view, the query appears to have been directed to a stand alone machine dedicated to the customer's page and could at a later stage be moved to another machine or even network without changing the domain name. Virtual domains can also be used by extremely busy sites to have several machines share the load of a single host name.

The Customer's Right of Privacy

Most service providers are using an operating system derived from UNIX. In these systems, the super user or supervisor can read, write, delete or modify any file in the system, regardless of ownership or file rights. It is technically feasible for any one possessing the supervisor password to read any customer's mail or other confidential documents unless they are encrypted.

In Hong Kong, the Computer Crimes Ordinance generally forbids using telecommunication device to obtain unauthorised access to any program or data. A lack of authorisation is defined as a person who is not entitled to control access (i.e. is not the supervisor) and who has not been authorised. The system operator is not covered by the act since he is entitled to control access. Furthermore, the system operator does not generally use telecommunications to login the computers of a provider but logs directly in via the console. It is unclear whether a supervisor who abuses his position to read confidential customer documents is violating any Hong Kong law at this time.

ISP's Right to Inspect

Most ISP agreements reserve the express right of the ISP to monitor the customer's use of the account. Even in the absence of such a provision, the right to supervise a computer implies the right to monitor and inspect usage of the system. An ISP should be careful in exercising this right however unless there is evidence of abuse, particularly where the customer is also a content provider since editing a content provider may make the ISP responsible for the content itself.

Commercial Subscribers Rights

A related question of privacy arises in the case of corporate Internet accounts where a company supervisor may have the right to read the mail and other documents in the individual accounts of its corporate users. This access also appears to be protected from the application of the Computer Crimes Ordinance in that the supervisor is entitled to control access of those users.

Misconduct by the Customer

Unauthorised Access to Data

The access or attempted access by a customer to another customer's account on the same machine or another machine is regarded as a serious breach, both of the law and the rules of the ISP. If the access or attempted access is not motivated by gain and no harm is caused, it is a misdemeanour under the Computer Crimes Ordinance, punishable by a fine of up to $20,000. If the access is for gain (defined very broadly), it can be treated under the Crimes Ordinance as a felony punishable by five years imprisonment.

The ISP would certainly be entitled to discontinue service to a customer attempting to access other computers or other customer accounts regardless of the terms of the service agreement.

'Spamming' News groups

The practice of 'spamming' news groups is a violation of net etiquette consisting of sending unsolicited material (usually commercial) to thousands of unrelated news groups. One of the most infamous cases involved a firm of immigration lawyers which send an advertisement for US immigration assistance to all approximately 14,000 USENET news groups.

This practice, although not illegal as such, is strongly resented by the Internet users community and will result in retaliation and harassment against the spammer and his ISP. In the immigration case, aside from thousands of protests to the local bar association, the firm was sent 'mail bombs' consisting of tens of thousands of computer generated mail messages, swamping its mail box and bring its ISP and all its other customers to a standstill. In addition, someone obtained the business and home phone numbers of the partners of the firm and posted them in the net, forcing the firm to change its ISP and all its phone numbers.

Since 'spamming' is not illegal, the ISP, for its own sake, should specifically reserve the right to terminate the service agreement of a customer who engages in such practices. Very recently, the TA has called ISP's attention to their obligation not to permit the service to be used to disseminate unsolicited commercial material and presumably would be sympathetic to an ISP who terminated a spammer.

The ISP and Third Parties

Copyright Violation

The mere copying of copyrighted material is a violation of the author's rights but is almost impossible for an ISP to prevent without examining the home directories of all its customers periodically.

A customer may seek to use his account to distribute copyrighted material to the public. If this is on a sufficiently grand scale, it is likely provoke a reaction from the owner of the copyright. There are conflicting US cases concerning whether a service provider is liable as a publisher of copyrighted or libellous material even if he does not know of or control its use. In the case of libel, censorship or even monitoring of a customers account may change the status of the ISP from a mere communications facilities provider to that of a secondary publisher like a news-stand, or even a primary publisher (e.g. an editor).

This is obviously undesirable but it does not follow that an ISP should hear no evil and see no evil in spite of signs or even express warnings that its customers are violating the rights of others. The law is eventually influenced by what is practical and reasonable and ISP's who ignore warnings of infringement on the grounds that this improves their legal position may suffer some rude shocks when they are held as aides or abettors to the infringer.

An interesting aspect of copyright infringement via publication on a web page is the determination of the location where the infringement took place. In a pending Hong Kong High Court case against a US ISP and its customer for infringing a Hong Kong based magazine by placing portions of it on a web page hosted in California but which could and was read by people in Hong Kong, the Hong Kong court determined that there was alleged sufficient publication in Hong Kong to justify service of process out of the jurisdiction. Therefore the California defendants will be forced to defend the case in Hong Kong.

Copyright infringement is risky for the perpetrator if he is known. However if an infringer can find an area of public access without password control or where many users share the same password, he can rely on not being caught since it may be impossible to prove who placed the infringing material in the public access area. An elementary precaution for an ISP to take is not to permit any access to the system such as a guest account or an anonymous ftp without individual password control and access logging.


Using a computer to gain unauthorised access to other computers, or even information, facilities or files on the same host computer but not intended for the recipient, is sometimes known as 'hacking'. In Hong Kong, the Computer Crimes Ordinance makes hacking an offence as a hapless student hacker at Chinese University found out to his dismay.

However, the hacking statutes only forbid unauthorised access to data. If a system has a guest account or permits anonymous ftp which does not require a password, someone who uses that account to access information not intended for them (but otherwise unrestricted) is not violating the hacker statutes. If system administrators are careless and allow sensitive information to reside in directories which are world readable, or even world writeable, a user who copies the information or edits it is "authorised" in that his legitimate password or no password gives him access to the material. Where the host computer is connected to the Internet, such access is available to literally millions of users all over the world.

Internet users who detect abuse are quick to complain to the abuser's service provider, often by forwarding a copy of the offending message or other evidence by e-mail to Although there is as yet no case law on the question, an ISP who had been warned that one of his users was using the connection for hacking or other anti-social purpose, who took no action to stop the abuse would appear to risk liability for contributing to any future damage by the user.

Unfortunately, neither the Computer Crimes Ordinance nor the Crimes Ordinance as recently amended appear to cover a common hacking attack known as a 'denial of service attack'. In this attack, an authorised user sets a program in motion running in his own directory which uses all the resources of the machine and brings it almost to a halt. Since this attack involves an authorised user, it does not fall within the definition of most of the hacking statutes. ISP's should not tolerate abuse of the system however and illegal or not, promptly cancel the abuser's account.


Defamation is both a crime that can be prosecuted in Hong Kong either by the public prosecutor or by an individual and a tort upon which a civil action may be founded. Libel is defamation in a 'permanent' form such as writing, pictures or even recordings and slander is speech only. Although the law in this area is confusing, an ISP who does not monitor or edit the content of his users would be regarded as a common carrier if it was a mere conduit of a libelous message sent, for example by e-mail or posted to a news group hosted elsewhere. If the libelous message were posted on a BBS, web page or news group hosted by the ISP without its knowledge, there is considerable support that the ISP is an 'innocent' secondary publisher such as news vendor or distributor and as such should not be liable. Even if an ISP were held to be a primary publisher, he should be able to 'publish' a suitable retraction and avoid liability.


The storage and transmission of pornography over the Internet has been blithely ignored by Hong Kong ISP's. The pornography in both words, pictures and now full motion videos available on the Internet is not just naughty pictures from Playboy either. Child pornography, bestiality, snuff flicks and all manner of perversion not permitted in other media in Hong Kong abound on the Internet. Considering that the US, generally regarded as much more liberal in such matters, has brought numerous prosecutions against both content and service providers, it is naive of Hong Kong ISP's to feel themselves immune.

What can or should a Hong Kong ISP do about pornography? This question is easier to answer in the negative - What cannot be expected of an ISP on technological grounds? An ISP cannot prevent its subscribers from connecting to remote sites which offer pornography and viewing, reading or downloading such material. There is no program, filter or robot in existence which can determine whether a compressed file contains a picture of Bambi or Tammy and the Football Team. Filters looking for words will and have eliminated messages from serious researchers discussing the sex of fruit flies or the Rape of the Sabines. In any event, all such efforts are frustrated by simple compression techniques.

Pornography must, however, reside on some computer system, somewhere. In no reported instance has an ISP been charged for not monitoring the connections his users make over the Internet. For an ISP to serve as a storage and distribution site for pornography is another matter. Pornography is stored and distributed in three principal ways:- USENET news groups, ftp sites and, recently, web pages.

There are over 14,000 news groups and all ISP's have the option to take or not take specific groups. This is not the equivalent of exercising editorial control over the content of the groups taken, but merely the judgement that some discussion groups are more appropriate for Hong Kong than others. Groups that are taken by the ISP are usually continuously downloaded and stored locally such that a search warrant will find them located in Hong Kong. At the risk of sounding prudish, ISP's would be well advised to choose carefully which of these groups to carry and copy for the local audience.

For ftp sites and web pages distributing pornography, the advice is simple, let someone else host these sites.

Hosting vs. Providing Access

As emphasised above, there are significantly greater risks in providing a site for the distribution of material than there is in a simple passive account such as a PPP which merely connects the customer to the Internet. The ISP should adjust its charges to take into account these greater risks. In a PPP account, whatever is produced, stored, or down loaded resides on the user's computer at home or office and not the ISP's. Not only does this reduce the use of disk resources, but it insulates the ISP from direct involvement of the users actions.

Hosting web sites and permitting file storage and distribution should, in my view, be accompanied by suitable rules and indemnities and higher charges.

Commerce on the Internet

The Internet has great potential for use in international commerce. Its use still poses a number of technical and legal problems to be solved before it becomes universal.

The principal commercial uses of the Internet at present involve messaging and communications. E-mail and its variants such as electronic mailing lists and USENET remain the application most used in business for communications. Increasingly, companies use e-mail technical support and product announcements and communications with customers. Those companies whose products have software elements or extensive technical documentation, may also use the ftp protocol to disseminate technical documents and software revisions over the Internet. The World Wide Web is of course becoming increasingly important in disseminating information and advertising products.

These uses are relatively low security risk. However, commerce implies firm contracts and payment, each of which present challenges in the present state of the art.


Security of Information

All commercial computer networks are inherently insecure and the Internet is the most insecure of the lot. Any node or relay point can intercept messages not intended for it and in certain circumstances, change the content or substitute a completely different message. The same can be said for any local area network - any machine on the network can be programmed to read all of the traffic on the wire, whether or not intended for it. Where the information intercepted, may be credit card and/or PIN numbers and the like, this is indeed a serious problem.

Identity of Correspondent

Just as it is easy to intercept messages, so it is also not difficult to assume the identity of a trusted correspondent, called 'spoofing' in hackers jargon. None of these problems are by any means new. Documents may be altered, signatures forged, faxes intercepted but with the Internet the perpetrator could be half way around the world and nearly undetectable.

Encryption Techniques

Fortunately, the solution, encryption techniques, is both simple and elegant and can solve both the above problems with relatively few drawbacks. In the simple case, the body of the message (the address stays unencrypted) is first processed to add an elaborate checksum which will change if any character in the message is changed or moved. The message including the checksum is then encrypted with a secret key and sent. The intended recipient decodes the message using the secret key and verifies that the checksum matches the message as received. This gives the assurance that the message was sent by the person having the secret key and has not been altered. But how do you send the secret key?

Public Key Encryption

The public key algorithm was developed to solve this problem. It is the equivalent of the double lock on a safety deposit box. Two keys are required to decode any text. Each correspondent makes one key, the public key, widely available by being published in print, on a well known web page or deposited at a controlled depository. Each correspondent has a private key which he keeps secret. The pairs of keys are mathematically related in such a way that a message coded with one correspondent's private key may only be decoded by his public key and visa versa.

As a result, a message encoded in one party's private key and send to a correspondent who can decode using the purported senders public key and checksum it correctly could only have originated from someone having the private key. It therefore can serve as a digital signature and authentication of the message. Similarly, a message coded in the public key of a correspondent can only be decoded using his private key. The method has one drawback , however. It is much slower to decode than single key encryption. For this reason, modern encryption systems such as the Netscape Commerce Server and client, use public key encryption to encode a one time large single key, send it to the other party and thereafter use the single for the transaction.


There are several impediments to the widespread use of encryption in commerce. Firstly there is a variety of systems and methods available on the market, some patented, some not and no single system has yet won general acceptance. Needless to say that correspondents can only communicate if each uses the same protocol.

The second impediment is that certain governments, notably the US and French, treat encryption software with the same legislation that covers armaments and forbid its export, in the case of the US, and export or import, in the case of France. This is in spite of the fact that the source code of all major encryption algorithms has been widely available on the Internet for years.

It is now possible to obtain US export licenses for software using the DES algorithm with a key of no more than 40 bits.

Digital Signatures

Signatures affixed by printing, facsimile, cheque signing machines and the like are widely recognised in law as constituting a signature at least in the area of contract law. It is widely accepted that the presentation of a debit card accompanied by a PIN number constitutes the equivalent of a signature. Signatures in writing are of course susceptible to forgery and a mere typed name even more so. It will be some time before there is wide spread use of encrypted digital signatures. The first court cases are apt to arise out of the formation of contracts over the Internet using web servers such as the Netscape Commerce Server.

Future Directions

The range of future uses of the Internet and the legal and regulatory problems that these will create is mind-boggling. The following are some of the new uses introduced within the last six months alone.


The United States Securities and Exchange Commission ("SEC") already approved an original stock flotation over the Internet without a printed prospectus (the prospectus was on a web page) and without an underwriter. The issue raised US$1.6 million for a small brewery in New York with minimal costs. It is possible for individuals to buy and sell some shares traded on the NASDAQ through the Internet without intervention of a broker.


There are a number of bank offering a full range of banking services over the Internet.


Virtual casinos operating in a jurisdiction where gambling is legal are beginning to offer gaming in places where it is distinctly not legal.