| Myth | Fact |
| E-Business is different to normal paper based transactions. | Generally, the same rules apply to e-commerce as apply to paper based transactions. The concern is about the ability to change documents. The truth of the matter is that it is much easier to compare two electronic documents than two paper documents. |
A Legal point of view |
|
| General Concerns | The parties involved in electronic commerce
need to know that any communication sent reaches its target destination unchanged, and
without being read by anyone else. The use of digital signatures can prove the origin of a
message (authentication) and whether it has been altered (integrity). The use of
encryption helps to keep messages secure. Digital signatures and encryption are both
examples of cryptographic techniques. There are two basic types of encryption – symmetrical and asymmetrical – and many different applications. A symmetrical system, where the same key is used to code and de-code the message, is termed a "private key system" whereas an asymmetrical system, where two different keys are used to encrypt and decrypt data – one published and the other kept secret, is termed a "public key system". The latter types of system have now become almost standard offerings in the market place. One of the key aims of the draft Electronic Communications Bill was to build consumer confidence in the provision of cryptography services. This objective had to be balanced against the need for a system that was not unduly restrictive or unwieldy. The solution being put forward is that of a voluntary approval scheme with the Secretary of State maintaining a register of approved providers of cryptography support services. It is envisaged that the public will have access to this register and that any changes to the register will be publicised. It is important to note that this register will be voluntary and that a provider who is not on the register is still free to provide cryptography services. The Secretary of State is also obliged to draw up a system for granting approvals, handling complaints or disputes and modifying or withdrawing approval. The service to which this approvals scheme may be applied includes confidentiality services and authenticity and integrity services (Section 23 draft Electronic Communications Bill). Authenticity The implementation of digital certificates, PKI (public key infrastructure) systems and virtual private networks are designed to address the concern of authentication although the cost of implementing these systems has to be taken into account. Authorisation: Can the sender authorise the actions contained in the message? Officers of a company may have actual authority to act, thereby binding a company by their actions or they may bind the company by acts within their apparent (ostensible) authority. Ostensible authority may derive from holding a particular position within the company, or from representations made by persons having actual authority that a particular person holds a position which would enable him to act on behalf of the company. If a director of a company purports to act on behalf of the company but is acting outside the scope of his actual and apparent authority, then the company will not be bound by his/her actions. However, the innocent party will have a remedy against the relevant director or other agent for breach of warranty of authority i.e. he/she can claim against the director/other agent for any loss he’s suffered as a result of that persons lack of authority. |
| Interchange Agreements | Electronic Data Interchange is a valuable
method of exchanging information and data, whereby all messages which would have been
placed on paper are replaced by structured EDI messages which are processed automatically
with the relevant portions being copied to accounting and other computer systems. The time
saved in the ordering process can make just in time ordering possible and this can lead to
lower stock levels. In addition, EDI can result in manpower savings, by preventing
redundant manual processing of information in company’s stock control, purchasing and
accounts departments. Where EDI is provided via a value-added-network, there are several key issues between the user and the network provider: -
A distinction needs to be drawn between the interchange agreement (which only deals with the details of the communication process) and the underlying commercial transaction (for example, a sale of goods) which is entered into and performed using that communication process. There are several legal issues that arise between users: -
The main areas that an interchange agreement should cover include the following:
|
| Security and Confidence Digital Signatures and Certificates | The draft Electronic Communications Bill was
published on 23rd July 1999 and the consultation period on the draft Bill
expires on 8th October 1999. At the time of writing, the Government had decided
not to introduce a rebuttable presumption of validity in favour of electronic signatures.
The rationale behind this decision was that a rebuttable presumption of validity would
reverse the burden of proof in contractual disputes, thereby potentially undermining
confidence in electronic commerce if a means of forging electronic signatures was
developed. In addition, the technology, and its likely use in most situations is not
sufficiently developed to be able to set the necessary standards. Section 7 of the draft Bill states that all types of electronic signatures, irrespective of the jurisdiction where they were issued, will be legally admissible in Court and that the certification of an electronic signature will be admissible in relation to the question of the authenticity of the communication or its integrity. |
| Electronic Evidence | The Civil Evidence Act 1995 introduced a
system whereby all documents and copy documents, including computer records, can be
admitted as evidence in civil proceedings. The judge in the relevant proceedings would
have to be persuaded to treat the evidence as reliable and it is important to put in place
procedures to prove the authenticity and reliability of the record; Section 8 Civil Evidence Act 1995 8(1) Where a statement contained in a document is admissible as evidence in civil proceedings, it may be proved: -
There are various codes of practice in place, endorsed by the British Standards Institute, which give guidance as to procedures to implement in relation to electronic records: -
It should be noted that compliance with these codes of practice does not guarantee legal admissibility. The various Codes are merely statements of the current interpretation of best practice. |
| Insurance Concerns | (To be added by Paul) |
A practical and operational view |
|
| Myth | Fact |
| E-Commerce doesn't work. | It works well in other industries and there is no reason why it should not work in the Construction industry. |
| The use of e-commerce could be regarded as unfair practice. | Only if you treat the companies you deal with differently. It would be considered unfair if your requirements by their nature exclude certain parties. |
| E -Commerce is expensive. | It is often a lot cheaper than people
perceive. Getting started can be quite inexpensive. It all depends on the level at which
you wish to operate. It can be expensive if you wish to introduce highly modified software or develop your own software. Communications can be via the Internet. However if you carry out large volumes of trade or transfer large amounts of data you may wish to invest in a fixed link or use of a Value Added Network (VAN), which is a closed public network. It is important that you first decide what you want to do and with whom you want to do it. Talk to your partners and investigate the various methods available. |
| It is not cost effective. I won't get value for money. | Not true. Companies using Electronic
Information Exchange (EIE) very rarely go back to manual methods. Any process change you make within your business should be cost and value justified. Other industries have found it to be very cost effective. A recent report indicated that a paper-based transaction could cost up to £17. 00 to produce where as an EIE transaction can be as low as £4.00 (Worked examples required) |
| It will make people redundant. | It is possible. Restructuring of any business
processes can cause job losses and personnel may be made redundant. The Construction industry is facing a serve shortage of skilled people and the introduction of new working practices often just makes existing staff more efficient, allowing them to do the job they have been employed to do and not spending time on unnecessary administrative tasks. |
| I may not be able to read the information I receive. | You must agree standards before you start a
project or set up an exchange of information. Use a defined standard such as CITE. |
| I can't interface my software with E-commerce software. | This depends on what you are trying to achieve
Interfacing with e-commerce software may not be necessary, as you may link directly to a network, which carries out any interfacing required. In some cases you may require some mapping software which enables applications to interface with each other. |
| I can't create E-Commerce information. | You create E-Commerce information in the same
way as you create any other information. The difference is how you transfer it. At the simplest level you can start by using e-mail and attaching documents to the message. |
| My competitors are not using E-Commerce. | Electronic Information Exchange (EIE) is now
well established and has proved to be of advantage to partners on projects due to the
speed of turnaround. E-commerce is not yet as well established for commercial transactions in the construction industry as it is in other industries. |
| I am not at a disadvantage if I do not use it. | Potentially yes you are. In the future, if your competitors have lower cost bases, then you will become uncompetitive. Client perception may also disadvantage you. If a client believes your systems cannot communicate with theirs they may not wish to trade with you. |
| I need expensive equipment to start using E-Commerce. | All you need is:
|
| There are things I do that are not covered by E-Commerce. | Potentially every aspect of commercial and information transfer is covered. Any transactions you currently send on paper can be sent electronically. |
| I will end up paying bills too early and it will affect my cash flow. | You still retain business control over the
whole transaction, irrespective of how much is carried out electronically. If you use an
electronic payment instruction, all payments can be individually dated so that they are
made on the date you specify. In that way you can improve your cash flow information by
knowing the exact day the money will be withdrawn. The difference between BACS and EIE is
that you can add a lot more information about the payment if you are using an EIE message.
Of course, it may be possible to negotiate better discounts, if you can guarantee more efficient and prompt payment methods. |
| It has to be on the Internet. | No, it doesn't. You can set up your own private links between partners or you can use other closed networks such as VANs. |
| The Internet is not very secure. | Inherently, most communications media are not
secure. Letters can be intercepted and opened. Phones can be tapped. The Internet can be made more secure, as it is possible to add security such as encryption and auto acknowledgement. This subject needs to be considered in conjunction with the sensitivity of the information being transferred. |
| I cannot stop people changing the information I send them. | Strictly speaking you cannot but why would
people wish to. As stated earlier, it is easier to compare documents electronically than
on paper. It is also possible to send information in a read only format. It is also possible to add a digital signature to the document and have it authenticated by a third party who will confirm the information on the document that was sent. |
| People can intercept the information I send and read it. | Yes, this is true but any form of communication can be intercepted and read. However it can be made more difficult if you encrypt the message using one of the techniques mentioned. |
Other useful information
| Question | Answer |
| What is a digital signature? | A character string designed to prevent
possible forgery, which is used as a security feature when attached to an electronic
message. Can be used to verify the identity of the sender of an electronic message and may
be linked to the document contents so that changes invalidate the signature. Also see Public/private key cryptography |
| What is a digital Certificate (Dcert)? | Electronic certificate that can be used to convey a defined level of authorisation (e.g. ordering unit or payment guarantee) in support of an electronic message. These are controlled and provided by "Issuing Bodies" who may share the responsibility should misuse occur, a bit like using a cheque guarantee card to support payment. |
| What is Public/Private key Cryptography? | A method of encryption or decryption in which
the sender and the receiver each generate a public and private key pair. They exchange and
publish the public key.
|
| Which organisations can I contact for more information? | There are a number of organisations such as
CITE, CICA, the E-Centre UK and network providers. You may also wish to discuss the requirements with your major software provider. |