X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Electronic commerce has grown beyond its startup, dot-com infancy toward a more complicated maturity. Adulthood for e-commerce means that distinguishing between Internet companies and non-Internet companies — or between Web functions and non-Web functions of a single company — makes increasingly little sense. And it means that all businesses must consider the implications of technology laws. Further complicating the fate of e-commerce is the ongoing economic downturn and new legal concerns after Sept. 11. On Oct. 10, Legal Times brought together five corporate counsel and other experts for a breakfast roundtable entitled “E-Commerce: Issues and Opportunities for Every Business.” Excerpts from the discussion appear below. The event, which took place at the Tysons Corner Ritz-Carlton in McLean, Va., was sponsored by Covington & Burling, and Covington of counsel Douglas Phillips introduced the session. (The editors of Legal Times selected the panelists, chose the questions, and edited the transcript.) This was the fifth in the Legal Times 2001 Corporate Counsel Roundtable series. Evan Schultz, associate opinion editor, Legal Times: Good morning. The events of Sept. 11, in addition to literally changing the landscape, have some serious reverberations for e-commerce and Internet law. I’m going to ask Peter Swire to talk just for a couple of minutes about that. Peter Swire, visiting professor of law, George Washington University: When you think about e-commerce sites, the world we have been living in for most of the last 10 years has been, “Let’s get our applications up and running now as fast as we can, and we’ll come along and do security afterward when we get a chance.” I think that’s one of the changes after Sept. 11, and that’s going to be harder to justify to people. There is going to be more of an expectation that you have to build security in as part of putting up something on the Web. We are going to see security in the rollout of things much closer to the front end. Also, there is the Electronic Communications Privacy Act. It’s an awful statute because there is great complexity there. It has to do with when you are allowed, with the information that comes over your system, to turn it over. I’ll highlight one issue. Today, if you have a hack in your system, you can turn over the evidence of that crime to the police. And today, under the ECPA, you can monitor your own system against attacks. But today, you are not allowed to say, “Gee, we have been having a lot of attacks. FBI or police, could you come in and help us catch the burglar? We think they are coming back.” And the reason is until now we thought that would be a wiretap. There is a proposal in the Bush administration bill called the computer trespasser exception. Under this computer trespasser exception, if you have trespassers in your system, then you could ask the FBI to come in and camp, as long as all they are getting is information about those trespassers. The interesting thing, though, is that there is no statutory suppression rule for e-mail wiretaps. So if the FBI comes in and sees hundreds of things they are not supposed to see, they can then use those as the basis for later investigations, unless the Constitution limits it — and it probably doesn’t. So there is going to be potential for law enforcement to come to your Web site and say, “We want to camp here. We think there are hacker attacks. We think there are problems. We hope you are a patriotic American.” You want to share with police to stop the terrorists, but you don’t want to get sued by people whose communications are being seen. Schultz: Clint, at WorldCom, how is all this changing your life? Clint Smith, vice president and network counsel, WorldCom Inc.: I think lawyers have an important role in responding to network security incidents. I think lawyers can be taking useful steps now to prepare for handling an attack before an incident happens. On the technical side, I would urge you to go and meet with your client’s chief information officer and find out what components make up your company’s network security — fire walls, virtual private networks, desktop encryption software — find out what the components of your security strategy are. Inquire as to the firewall and server logging functions at your company. What logs are kept, for how long, what logging functions are turned on or off. Oftentimes, a company finds out after the fact that it’s not logging what it expected or it’s not archiving logs that are relevant to investigating an incident. Find out what the intrusion-detection capabilities of your company are. Find out about your employee monitoring capability. Can you monitor? Can you immediately monitor employee keystrokes? What is your policy about employee encryption on a desktop? Find out what security applies to the company’s crown jewels. If you are a consumer-focused company and you maintain consumer credit card numbers, find out what extra security applies to them. Also, I think lawyers should develop a network of contacts. First, a contact at your Internet service provider. Second, security contacts at your major suppliers of firewalls, servers, operating systems — make sure that you have contacts there. Build up your industry — specific contacts for reporting security breaches, and build your law enforcement contacts. Additionally, take a look at some of the major statutes. Peter mentioned the Electronic Communications Privacy Act. At the federal level, there’s also the Foreign Intelligence Surveillance Act and the Computer Fraud and Abuse Act. At the state level, there exists another layer of computer crime and surveillance law that is important to know. You may be surprised that laws that were written with companies in mind many years ago now apply to your e-commerce business. Schultz: Let me pick up on that and go over to Alex Joel. How easy is it to keep up with all these layers? Alex Joel, assistant general counsel for information resources and e-business, Marriott International Inc.: Right now the only constant is change, and we are seeing that in this very discussion. Just looking back over the events of e-commerce in the last couple of years, I like to think of it as the four B’s: Birth, boom, bust, and now we have gotten back to business. People were initially focused in the birth years on just getting started. And in the boom years, people were focused on getting rich, frankly, and trying to pour a lot of money into dot-coms, so lawyers had to become M&A specialists. In the bust years, people were focused on getting out, and so lawyers had to focus on bankruptcy and issues like that. And now after Sept. 11, we are focused on using e-commerce to get back in business. Part of that is security and working through the very complicated issues surrounding the criminal code and how it applies to Internet activities and electronic transactions. The other thing I would like to add is that I think people in the room were involved with Y2K. There are a lot of echoes from that experience with what we probably need to go through now. I like to think of this period as a sort of Y2K 01 — the Y2K of the current time. Schultz: Gina, what sorts of things do you find blurring together? You do intellectual property law, but at the same time, you still oversee e-commerce issues, and obviously now criminal law is coming into play more. Gina Hough, vice president and deputy general counsel, Fannie Mae: I think one of the things we are seeing is the complete integration of intellectual property and e-commerce issues into every aspect of the business. What we have seen in the past several years is an attempt to sort of draw boundaries around the Internet. We’re interested in how people will, in particular, seek patent protection for methods and processes and systems that are involved in the e-commerce world. It’s certainly going to set the stage for how companies compete using the Internet. That’s one issue. Another is the issue of domain name reclamation. We have had a number of experiences making sure that our trademarks and service marks are not used by others as domain names. We register them ourselves — even if we don’t use them all — to take prophylactic measures. Whether or not we want to use a particular mark as a domain name is one issue. But we don’t take kindly to others registering our trademarks, thus diverting traffic and implying endorsements. Schultz: Let me change gears a little bit. Swati, do you think that the legal industry is really ready for some sort of a strong commitment to e-commerce? Swati Agrawal, chief executive officer, Firmseek.com: I am a former attorney. I used to practice at Paul Weiss. We used to be very conscious of risk in our job. That plays out in e-commerce. I recently read an article about a company that ran into problems because law firms are very hesitant to keep information they have on someone else’s server rather than their own. We found it quite ironic because, at many law firms, their server systems are much less secure than the majority of outside service providers. To me, that’s a very scary thing. What that means is law firms are much more susceptible to viruses, hackers, all sorts of security issues. If you have got an extranet and you get hit by a virus, you can spread that to a lot of clients. Trust me, they are not going to be happy with you. Schultz: Clint, how much do you know about your systems? Smith: Quite a bit. I mandate that everybody on our team take technical training, because that makes us more effective lawyers. I think we may have a shift in the legal profession; lawyers are becoming increasingly technically savvy, and many of us will have more confidence in an electronic document system than a hard copy one. Joel: I think the legal implications of having technology pervade your business can be significant. If you are in a law department like I am, it’s important to understand technology, because clients are now going to be doing things with technology that perhaps previously they hadn’t been doing. Schultz: How about outside counsel? Joel: I like what Swati said. If you send us a virus, that’s not a good thing. We have had to temporarily shut down our direct connections to some of our outside counsel firms because of virus problems. Outside counsel are just like everybody else. They are quickly learning, and many of them are obviously highly conversant with technology and have a great deal of expertise. Schultz: Swati, you probably deal with as many lawyers involved in technology as anyone. As the economy has been changing over the last year or so, is there less of an interest by law firms or by the law industry to jump on to the newest technology? Agrawal: People are not spending money on something they don’t view as absolutely essential at the moment. Now all law firms need to have e-mail. Two years ago, you had plenty of law firms that didn’t have e-mail for all their attorneys. Beyond that, for more innovative solutions, I think there is interest. But I think it’s easy to take a wait-and-see attitude right now. But we also see firms out there saying, “This is a time for us to capitalize. Now is the time for us to come in and fill that void.” Schultz: Do you all have any thoughts on whether or not we need to do more lobbying for laws that are aimed at computer issues, or if it is better simply to let the law evolve? Joel: I think that the legal principles that have stood us well over the centuries continue to apply. I don’t view cyberspace and the Internet and e-commerce as some separate realm that exists apart from the rest of us that needs its own set of laws and rules of behavior. Obviously, we have to modify and adjust and evolve perhaps more quickly than we are used to. I’m not a big fan of intensive regulatory efforts that try to dot every “i” and cross every “t.” Let me also talk about electronic signatures and clickwraps. When you have clients conducting business electronically with e-mails, you run the risk of inadvertent electronic signatures. The way I view electronic signatures is whether or not you like them depends on whether you want to impose obligations on someone. If I drafted the form, then yes, I would want to empower the impulse shopper to go ahead and click or whatever and bind themselves to my agreement. If I’m the one who is going to be bound by the form, I’m more concerned about that. Schultz: I want to turn to Gina. If there is some commercial transaction that’s as old as mortgages I can’t think of it. How much do you feel that you need any sorts of new protections from or for e-commerce that aren’t encompassed by the 400 years of law of mortgage? Hough: I would second Alex’s comments. I think that there is a vast and stable framework, and we are quite comfortable with that. I think it sort of falls into the category of be careful what you wish for. With the dynamic changes going on in regard to the Internet, it’s hard to know exactly where things are going and what it is that would be of interest in terms of regulation. Schultz: Are there any questions from the audience? Audience Member 1: Could you comment on how you are managing the risk to your company of nonlawyers giving legal counsel as consultants, and how we as law firms who have the benefit or the legal competence and the attorney-client privilege can compete in this environment? Hough: This brings to mind the critical importance of client education. We have in many areas discovered that our business partners, in their exuberance, have taken on responsibilities that have outstretched their bounds. One of our jobs is to make sure that we maintain the kind of relationships that encourage them to come to us so that we can avoid the kind of pitfalls that you have mentioned. I think one of the things that outside counsel can do for in-house lawyers is to keep us abreast of these trends, to let us know that these are the kinds of things you are seeing so that we can make sure that the right relationships are in place, that the issues are spotted, that the issues are covered. So I think that’s something that we can do in partnership, proactively, for the benefit of our companies. Joel: I would also add that I think law firms can help themselves a bit here, too, by not trying to take on more than they are qualified to do. Audience Member 2: Regarding Sept. 11, I wonder, for example, would Marriott Hotel be averse to a law that allowed the government to tap into your reservations system to notice if people had just recently entered the country and then tie that into an airline database system that lets them see if somebody paid cash for a one-way ticket across the country? Joel: I think that’s a very interesting question. I’m not prepared to take a position on that for the record right now, but I will say that we are concerned about balancing privacy expectations against the needs of law enforcement. Swire: That comes to the core of the anti-terrorist bill and a lot of other legislation. The idea is if we put it all in a central database, then the good guys will be able to access the database to catch the bad guys. But if you share money laundering information with some money laundering experts, there will be other people getting into the database. If we set up a red flag through a money laundering investigation, then maybe a Pakistani investigator will get that red flag and be able to tip off Osama bin Laden. At that point, we are less happy with the whole thing because our database has turned into a leak. Also, who else is going to get the information? Is Marriott going to fax information about what they are going to do? Will the Ritz Carlton get access? So you have issues about competitive information. You know you are going to hear screams from people if that starts happening. So sharing information is great if only the good guys use it. But if you are sharing it very broadly, you have less and less confidence that only the good guys get it. How to build those structures is hard.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.