Lau
Kok Keng gives us with a broad overview of some of the key legal issues of
concern to most dot.com start-ups. This article was first presented on 4 August
2000 at the ‘Life and Exit of a Dot.Com’ conference jointly organised by
Butterworths Professional Conferences and CommerceNet Singapore.
Introduction
E-commerce
is creating new business opportunities and relationships. It has brought buyers
and sellers into closer proximity to each other, reduced overhead costs, and
increased the reach to global markets. It has and is continuing to change the
very way business is conducted, making some traditional business models obsolete
while at the same time creating new ones. Whether in addition to or in
substitution of having a physical business set-up, it is today increasingly seen
as essential for a business to go the dot.com way, that is, to have a web
presence. The virtual store front is viewed as indispensable even for businesses
already operating with physical business premises.
Going
dot.com essentially involves doing business over the Internet. The process of
starting up a dot.com business is not unlike that of establishing a traditional
business: both typically involve planning, design, implementation and
operational stages. For a dot.com business to be able to compete in today’s
global marketplace, the business model adopted must be able to take advantage of
what the Internet has to offer, including its broad connectivity and ability to
reach consumers across traditional geographical borders. At the same time, it
must be cognisant of the potential risks, threats, vulnerabilities and
liabilities that loom over conducting business online.
Deciding
on the Right Business Vehicle
Just
like starting up any business, setting up a dot.com business will typically
require a business vehicle to be set up to run the business. The main legal
vehicles for doing business in Singapore are the sole proprietorship, the
partnership, and the limited company. All businesses that wish to operate in
Singapore need to register with Registry of Companies and Businesses (‘RCB’).
In
deciding on which business structure to adopt for an e-commerce start-up, it is
important to bear in mind considerations such as the need to preserve the
confidentiality of financial information (eg information on the financial
position of sole proprietorships and partnerships are generally not accessible
to the general public, unlike the case of limited companies), the need for
flexibility in future changes to the business vehicle (eg it is relatively easy
to transfer the business of a sole proprietorship or a partnership to a limited
company, as compared with the dissolution of a limited company to make way for a
sole proprietorship or partnership) and the possibility of setting off business
losses against the personal income of the owners (an option available only to
sole proprietorships and partnerships). Other important considerations include
the issue of limitation of liability (eg a company limited by shares will only
be liable up to the value of its share capital — its directors and
shareholders will not be exposed to any additional liability, unless they have
given personal guarantees to creditors) and statutory requirements and
prohibitions imposed on the various business vehicles.
Domain
Names and Trademarks
Having
decided on the right business vehicle, a dot.com start-up will then want to
establish a presence on the Internet, and this is where the choice of a domain
name comes into play. Each computer connected to the Internet is assigned a
unique numeric address called an Internet Protocol or IP address, consisting of
a string of numbers divided into four parts. As numeric addresses are difficult
to remember or identify with, domain names (which are mnemonics associated with
particular IP addresses) are used instead as Internet addresses.
A
domain name that consists of a business entity’s trade name or trademark can
not only help maintain its business identity and build brand awareness, it may
also make it easier for its customers to locate it on the Internet.
Alternatively, a generic or descriptive domain name like ‘cars.com’ can also
help direct traffic to a website.
A
domain name ending with a ‘com’ is a generic top level domain or ‘gTLD’
and is issued by the Internet Corporation for Assigned Names and Numbers (‘ICANN’).
A domain name ending with a country ID such as ‘sg’ is a country code top
level domain or ‘ccTLD’. Such domain names are registered by registries in
the respective countries around the world.
The
Singapore Network Information Centre (‘SGNIC’) is the organisation
responsible for the registration and administration of the ‘.sg’ domain
names in Singapore. SGNIC only checks for existing identical domain name
registrations, and does not screen applications for domain names against entries
on the Trade Marks Register or the RCB. More than 25,000 ‘.sg’ registrations
have been lodged with SGNIC. A yearly fee is charged for the right to use a web
address. Unlike a ‘.com’ address, an applicant to SGNIC looking to register
a ‘.com.sg’ domain name, must be a locally registered business or company.
The name applied for must not infringe upon any registered trademark in
Singapore or be confusingly similar to it.
What
if the domain name chosen by your dot.com start-up is already taken by someone
else? In the event of competing claims or disputes over any domain name
registrations, under SGNIC rules, the parties must resolve their dispute through
legal proceedings. In the case of registrations with ICANN, a simpler and much
cheaper process is provided under ICANN’s rules which provide for a Uniform
Domain Name Dispute Resolution Policy (‘UDRP’). All ‘.com’ domain name
registrants agree to be bound by the UDRP as part of their registration
agreement with ICANN or its accredited registries.
The
UDRP is an administrative as opposed to a legal proceeding for the resolution of
domain name disputes and was intended to curb cybersquatting (ie the
registration in bad faith of an Internet domain name identical or confusingly
similar to another’s trademark or famous brand name generally for the purpose
of ultimately selling the domain name to the entity that owns the trademark or
famous brand name). The other major advantage of the UDRP is the elimination of
the often sticky jurisdictional issues that arise in Internet-related disputes.
The URDP was started in January 2000 and, to date, more than 1,200 complaints
have been brought under UDRP, with more than 700 decisions made.
In
addition to registering a domain name, a dot.com start-up may also wish to
register its domain name and the name and mark under which it does business as a
trademark.
Metatagging
Metatags
are key words written into a web page’s code as means for search engines to
index its contents. Accordingly, if a search is made using a particular term
which has been used as a particular website’s metatags, the search engine
would retrieve that particular website (amongst others). Many websites use the
names of their business rivals in their metatags. For example, jennycam.org uses
metatags containing names of well-known men’s magazines like Playboy and
Penthouse. In one case where a former Playmate, Terri Welles, used the Playmate
and Playboy trademarks in her website’s metatags, Playboy sued for trade mark
infringement, but failed in their action. The US court held that Terri
Welles’s use of the Playmate and Playboy marks did not amount to trademark
infringement because she had used them in good faith to index the contents of
her website and there was no likelihood of web-surfers being confused into
thinking that it was a website endorsed by Playboy.
Copyright
Issues
As
a medium for the dissemination of information, the entire Internet is loaded
with copyright protectable material. Text, graphics and other copyrightable
works are protected in Singapore if they are original works. Foreign works are
also protected by virtue of the Berne Convention and membership in the World
Trade Organisation.
Setting
up a website presents a host of issues arising from copyright law. Any website
would be loaded with copyright protectable material arising from the text and
graphics on the web page itself. Basic questions arise as to who owns the
copyright, and whether the material is original or has been copied from other
websites. A start-up dot.com may have to contend with other more esoteric
copyright issues unique to and arising from the very nature of the Internet
itself.
Hyperlinking,
deep linking and framing
The
very nature of the World Wide Web is all about browsing through a system of
hyperlinks, and most if not all websites would have some form of hyperlinking.
Some websites, such as portals, provide content solely through the collation of
hyperlinks. The simple act of hyperlinking can itself raise important copyright
issues where the linking is unauthorised. In 1999, a Dutch court ruled that
unauthorised links to Church of Scientology documents on the Web had to be taken
down. The links alone, the judge said, contributed to a violation of the Church
of Scientology’s copyrights.
Deep
linking or the provision of a hyperlink to a specific content or a specific page
within a third party’s website raises other important copyright issues: should
it be allowed as it enables the revenue-earning home pages of other websites to
be bypassed, and when it enables diversion of potential business? Earlier this
year, in United States case of Ticketmaster Corp v Tickets.com Inc, the
Californian Federal District Court ruled that deep linking from one website to
another does not constitute copyright infringement because it does not involve
any copying. The court also dismissed a claim of unfair competition and held
that deep linking by itself, without the requisite confusion, does not
necessarily result in unfair competition.
There
is no recognised general right of action for unfair competition in Singapore.
However, that does not mean that hyperlinking or deep linking is fair game. In
Pacific Internet Ltd v Catcha.com Pte Ltd, the High Court refused to strike out
an action for trespass for providing an unauthorised web link, taking the view
that the novelty of the law and the technology involved required the most
rigorous examination and scrutiny which only a full trial could secure. The
court refused to rely on the United State’s case of Ticketmaster Corp v
Tickets.com and left the issue of whether linking amounts to copyright
infringement open.
Another
related issue is framing. This technique means that a user does not leave the
host site when clicking on hyperlink; rather, web pages of the linked site are
brought within the frame of the host site. Framing gives rise to issues of
copyright infringement and possibly trademark infringement as well if the
trademarks of the linked site are featured in the framed page.
In
setting up its website, a start-up dot.com should ensure that its site takes
these various legal issues into account.
Patenting
Business Models and Inventions
The
start-up dot.com may involve a unique business model. Alternatively, it may own
an invention which it wishes to exploit in the course of its start-up business.
Can that model or invention be patented?
To
obtain patent protection in Singapore, an applicant has to file an application
with the Singapore Registry of Patents or an international application under the
Patent Cooperation Treaty, designating Singapore as a country under which patent
protection is sought. If the inventor is resident in Singapore, he must file for
patent protection in Singapore first before filing an application overseas,
unless dispensation is obtained from the Intellectual Property Office of
Singapore.
For
an invention to be patentable, it must be new, involve an inventive step and be
capable of industrial application. To be considered new or novel, an invention
must be an original work and not include matters which are already previously
known. Public disclosure, sale or use of an invention prior to the filing of the
patent application may destroy the novelty of the invention. For an invention to
involve an inventive step, it must not be obvious to someone who is ordinarily
skilled in the art, ie someone (other than an expert in the art) who possesses
some knowledge in that particular field and who can understand the invention and
who has access to the relevant prior art. To be capable of industrial
application, the invention must have some demonstrable utility value, such as
the ability to rectify problems or produce certain desired improvements in any
kind of industry. The invention must also not relate to matters whose
publication would encourage offensive, immoral or anti-social behaviour.
The
practice of patenting e-commerce business models has drawn much criticism on the
basis that many of these patents often cover obvious innovations, and their
patenting will hinder e-commerce and the development of the Internet. Earlier
this year, Amazon.com found itself in the middle of a controversy after
receiving a patent for its affiliates programme, a technology that lets other
websites send it to their customers in exchange for a commission. In September
1999, Amazon received a patent for its One-Click technology, used by previously
registered Amazon customers to buy an item with just ‘one click’ of a mouse.
It then sued Barnes & Noble for copying its One-Click technology. In
December 1999, Amazon won a preliminary injunction against its chief rival.
Mention
should be made of the Patent Application Fund which has been set up by the
National Science and Technology Board to encourage Singapore businesses to
patent their innovations in order to obtain patent protection. Only Singapore
citizens, permanent residents, companies of which at least 30% of shareholding
is owned by Singaporeans, and Singapore public sector organisations are eligible
for funding, which only applies to the initial patent application as opposed to
subsequent renewals of the registered patent.
Protection
of Trade Secrets and Confidential Information
At
the infancy stage of a dot.com company, it is not only important to ensure that
its rights are protected, it is equally important to ensure that it is not
exposed to any lawsuits by others on the basis that it has infringed their
rights. In a competitive business world, few rights are more important than the
protection of trade secrets and confidential business information. This is even
more critical as we see a rising trend of job-hopping in the dot.com world.
As
an employer, a dot.com would want to ensure that its employees do not impart
confidential information about its business to their new employer when they
leave its employment. Non-disclosure agreements and appropriate clauses in their
contracts of employment would have to be provided for. However, the imposition
of contractual obligations of confidentiality on its employees is not
sufficient. A dot.com should also employ technical measures to prevent
unauthorised access to such information by them, for example, the use of
encryption techniques and passwords.
Conversely,
a dot.com should be aware of the possibility that any employee it hires may have
been placed under various legal restrictions in relation to their use or
disclosure of information or knowledge obtained from their previous employment.
What may appear to be a valuable contribution of ideas by a new employee may
result in a potential injunction order obtained against the dot.com to prevent
further use of the confidential information.
Advertising
The
Internet has provided a very successful forum for the advertising of products
and services. The improvement in the capabilities of search engines means that
information on products and services can be easily obtained by users online.
The
issues which affect the regulation of the content of advertisements on the
Internet do not differ substantially from those which affect advertising through
the traditional media. Like most jurisdictions, Singapore does not have any laws
that specifically regulate advertising on the Internet. However, there are
existing advertising laws that may possibly extend to Internet advertisements.
These include the advertising of products such as tobacco, medicines, films and
food products. In addition, voluntary industry codes of practice have been
adopted in relation to advertisements appearing in traditional advertising media
such as print and broadcast, and these codes could conceivably apply to Internet
advertisements as well. While violation of advertising laws may result in
penalties such as fines, non-compliance with voluntary industry codes such as
the Advertising Standards may result in adverse publicity and sanctions imposed
by the Advertising Standards Authority.
The
fact that a website may be accessed by users in many jurisdictions (each of
which have their own advertising laws, codes and standards, as well as different
ways of interpreting the same) presents a tricky situation for the advertiser.
Advertising law and practices have always been influenced by the specific
cultural, political, economic and moral standards of a particular jurisdiction.
What is acceptable in one jurisdiction may not be so in another jurisdiction. If
necessary, web advertisements should be expressly ‘qualified’ such as to be
targeted only at users in jurisdictions whose laws allow for the contents of
such advertisements. In the European Commission’s Green Paper on Commercial
Communications on the Internal Market, the Commission examined the issue of how
offending advertisements should be dealt with within the European Union, and
proposed a system of ‘country of origin control’ whereby action would be
taken against the advertiser in the EU jurisdiction in which the advertisement
was ‘first made available’, that is, the jurisdiction in which the web
server is located.
There
is a natural tendency for businesses to want to draw comparisons of their
products or services with those of their competitors in advertisements. A
dot.com company will have to be careful not to make any unfair or confusing use
of its competitors’ trademarks when it refers to them in its web
advertisements, or make any unsubstantiated and defamatory statements about
their business.
As
for advertising through spamming, it should be noted that although there are no
specific laws against spamming, it is an offence under the Computer Misuse Act
to obstruct the use of computer systems. A man who spammed the Housing and
Development Board recently with 7,500 emails in two and a half hours was
subsequently charged in court and fined $30,000.
Transacting
Business Online
The
ability to form enforceable online contracts is a fundamental requirement to the
acceptability and growth of e-commerce. For online communications to be trusted
and relied upon by businesses and consumers as a means of forming contractual
relationships, it is important that the parties are able to verify each
other’s identities, that their communications are not altered along the way
without their knowledge, that neither is able to deny that a particular message
originated from them, and that any contract that is eventually formed through
the online communications is recognised and upheld by the law.
In
Singapore, the law relating to the formation of traditional offline contracts
would generally apply equally to the formation of contracts through electronic
means. The Electronic Transactions Act (‘ETA’) clarifies that a contract can
be formed electronically. The ETA also clarifies that the requirements for
writing in law can be fulfilled by using certain electronic records. The ETA
also adopts provisions to clarify issues of the time and place of sending and
receipt of electronic messages. As for digital signatures, which are essentially
signatures generated as an application of the public key cryptography, the ETA
confers an evidentiary presumption that a digital signature that is verified by
a licensed Certification Authority is in fact the signature of the person to
whom it relates, and that that person intended to sign the electronic record.
A
company that wishes to sell its products online must post its contractual terms
and conditions on its site. These clauses must be reasonable and be capable of
being enforced in all countries where they might be invoked.
Privacy
Unlike
some traditional forms of business where the seller does not need to know
anything about the buyer and vice versa, e-commerce inevitably involves the
exchange of personal data, be it email addresses required by a network operator
to link with names and addresses, customer details required by a service
provider to fulfil orders, or personal information required by a web site owner
as a condition for allowing access to its website.
In
addition, information on how you may be collected without you even knowing about
it. Have you ever returned to a website and realised to your horror that it
seems to be able to identify you? Amazon.com, for example, will recommend the
latest CDs and book releases based on your previous purchases. How do they do
it? Aren’t we supposed to be anonymous on the Internet? Well, no. And it’s
all thanks to something called ‘cookies’ that you are tagged and tracked
like a carrier pigeon. These cookies keep a record of your surfing behaviour
and, especially, your e-shopping habits. So the next time you log on, the page
will be customised, presumably, to your preferences and shopping habits. If for
some reason you wish to protect your privacy (maybe you are a fugitive on the
run, or a wanted teen hacker), cookies may be removed if you dig deep enough
into your computer architecture. Cookies are particularly pernicious because
most people may not even realise that information has been collected on them.
In
each instance, there will always be a concern over the manner in which the
information is collected, stored, used, disclosed and transferred. This concern
arises from the risk that a web merchant that has data on us could sell the
data, just as Toysmart.com did when they went under. They tried to sell their
customer data, which included information such as phone and credit card numbers,
home addresses, and statistics on shopping habits. This practice has raised the
concerns of thousands of consumers who assumed that their data would not be
transferred, especially given Toysmart’s privacy statement.
There
is no specific law on privacy in Singapore, although a self-regulatory privacy
code may be put in place sometime in the near future. Although the issue of
privacy is one that ostensibly appears to affect consumers primarily, dot.com
companies will find this is a concern that they should take into account: if
consumers avoid e-commerce because of privacy concerns, then dot.com businesses
would have cause for concern themselves. Having an appropriate privacy statement
and policy will go some way towards alleviating consumers’ privacy concerns.
Business
Insurance Coverage
In
light of the recent spate of computer crimes and security breaches, it is
advisable for dot.com businesses to have specific insurance for electronic
commerce, as these operations dramatically expand the sphere of potential
liability and the degree of risk accepted by the insurer. Many companies have
traditionally purchased insurance which come with a territorial limit. However,
this practice is no longer acceptable when companies move into electronic
commerce. A company’s website may lead to liability or loss outside the
country and its insurance must be broad enough to cover this. Business insurance
often covers the costs of litigation and this may entail not only costs of
litigation within the company’s territory but may now require companies to
defend claims in other countries with which they have traded.
Dot.coms
doing business on the Internet may suffer losses as a result of technology
failures, carrier failures or other system or server mishaps. Where businesses
are largely or wholly dependent on electronic commerce, such losses can be
crippling. Dot.coms should ensure that adequate insurance coverage is obtained
for loss of business sustained through failures and perils within the electronic
commerce methodology of operation, including hacking and virus infection. Many
insurance companies in the US have denied cover for hacker related losses,
claiming that it was entirely within the hands of the company to have put
adequate security measures in place. However, provided a company can show that
it has taken reasonable security precautionary measures in the course of its
electronic trade, then coverage should not be denied.
Conclusion
This
is but a broad overview of the general issues that dot.coms should consider when
first starting business. There are, of course, many other more specific issues.
Dot.com companies should consult their business, legal and technical advisors
before finalising electronic commerce projects and structuring financing in
order to ensure that the proper documentation is prepared and executed, and that
all rights, obligations and potential liabilities are clarified with their legal
advisors even before they go on to the Internet. Although the initial euphoria
about dot.coms has given way to a more sceptical assessment of their chances of
survival in the long run, with proper advice, trust and goodwill of customers, a
sound business model, and optimal utilisation of what technology has to offer to
further the cause of e-commerce, dot.coms may well experience a revival in
fortunes.
Lau
Kok Keng
Rajah
& Tann