Electronic Commerce

With explosive use of the Internet, electronic commerce, or e-Commerce (전자상거래/電子商去來), has grown rapidly in Korea. For the safety of e-Commerce, the data or information in digital form should be reliable in terms of information assurance (IA), the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. The concept of IA includes confidentiality, integrity, authentication and non-repudiation, so-called 4 Principles (or often 4 Pillars) of IA.

Nowadays e-Commerce is conducted with social networking services (SNS) like Tweeter and Facebook, taking advantage of location data and other personal information of customers.

Key words
e-Commerce, social networking services (SNS), confidentiality, integrity, authentication, non-repudiation, public key infrastructure (PKI)

Confidentiality
Confidentiality means that information is not disclosed to unauthorized individuals, processes, or devices. Confidential information must only be accessed, used, copied, or disclosed by users who have been authorized, and only when there is a genuine need. A confidentiality breach occurs when information or information systems have been, or may have been, accessed, used, copied, or disclosed, or by someone who was not authorized to have access to the information.

Integrity
Integrity means data can not be created, changed, or deleted without proper authorization. It also means that data stored in one part of a database system is in agreement with other related data stored in another part of the database system. Integrity is interpreted more narrowly to mean protection against unauthorized modification or destruction of information. A loss of integrity can occur when a computer virus is released onto the computer, or an on-line shopper is able to change the price of the product they are purchasing.

Authentication
Authentication means security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. Authentication breach can occur when a user's login ID and password is used by un-authorized users to send un-authorized information. In this regard, authenticity is necessary to ensure that the users or objects (like documents) are genuine, and they have not been forged or fabricated.

Non-repudiation
It assures that the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data. Non-repudiation implies that one party of a transaction can not deny having received a transaction nor can the other party deny having sent a transaction.

e-Commerce uses technology such as digital signatures to establish authenticity and non-repudiation.

Regulation of e-Commerce
The four Pillars shall have been maintained by statutes like the Framework Act on Electronic Commerce, the Electronic Signature Act, the Electronic Financial Transactions Act. Take an example of confidentiality and integrity. They are preserved by the Framework Act on Electronic Commerce and the Electronic Financial Transactions Act. The Electronic Signature Act has been enacted for the purpose of authentication and non-repudiation of electronic messages.

On the global level, the UNCITRAL Model Law on Electronic Commerce of 1996 was presented as standard legislative texts for e-Commerce:
 * to facilitate commerce conducted using electronic means by providing a set of internationally acceptable rules aimed at removing legal obstacles and increasing legal predictability for electronic commerce;
 * to overcome obstacles arising from statutory provisions that may not be varied contractually by providing equal treatment to paper-based and electronic information. Such equal treatment is essential for enabling the use of paperless communication, thus fostering efficiency in international trade;
 * to set forth the fundamental principles of non-discrimination, technological neutrality and functional equivalence that are widely regarded as the founding elements of modern e-Commerce law.

Framework Act on Electronic Message and Electronic Commerce
UNCITRAL States may consider adopting the provisions of the Convention at the domestic level. Such decision would promote uniformity, economizing on judicial and legislative resources as well as further increasing certainty in commercial transactions, especially in light of the diffusion of mobile devices for electronic transactions.

Korea adopted the UNCITRAL Model Law on e-Commerce and enacted its own Framework Act on Electronic Commerce effective on July 1, 1999. This Act cosists of provisions regarding electronic messages, largely derived from the Model Law, and other provisions on policy measures such as data protection, consumer protection, certified electronic data depositaries and e-Commerce Dispute Mediation Committee unique to the Korean e-Commerce environment.

In general, electronic commerce is governed by the Framework Act on Electronic Message and Electronic Commerce (전자문서 및 전자거래기본법) Accordingly, several Certified e-Document Authorities have been established to provide the storage and retrieval service of electronic messages.

Electronic Signature Act
Electronic signature is essential to ensure authenticity and non-repudiation. In Korea, e-signature is widely used from the Internet banking to the verification of oneself in on-line transactions. Initially e-signature was designated as only digital signature based on the public key infrastructure (PKI). Accordingly, the Electronic Signature Act was legislated firstly on the PKI basis in 1999, and later amended to cover diverse and state-of-the-art biometrics technologies at the end of 2001 (effective on April 1, 2002).

So an e-signature is any electronic means that indicates either that a person adopts the contents of an electronic message, or more broadly that the person who claims to have written a message is the one who wrote it. Increasingly, encrypted digital signatures or biometric data are used in e-commerce and in regulatory filings. In many countries, including the United States, the European Union and Australia, electronic signatures (when recognised under the law of each jurisdiction) have the same legal consequences as the more traditional forms of executing of documents.

The English version of the Electronic Signature Act as of December 2008 is available here.

Electronic Financial Transactions Act
Electronic funds transfer (EFT) is the electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer-based systems.

In the United States, the Electronic Funds Transfer Act was enacted in 1978 by Congress to establish the rights and liabilities of consumers as well as the responsibilities of all participants in EFT activities in the United States.

In Korea, the Electronic Financial Transactions Act was promulgated in 2006 and came into force on January 1, 2007. The Act is to establish the rights and liabilities of consumers and other participants in the electronic financial transactions thereby to ensure their safety and reliability. Under the Act, the electronic financial transactions mean the transactions in which financial institutions and electronic financial service providers provide financial products and services by means of electronic devices, and consumers can process such transactions in an automatic manner without face-to-face relationship or communications with the personnel of such financial institutions and electronic financial service providers.

The English version of the Electronic Financial Transactions Act as of February 2008 is available here.

Domain Names and Cybersquatting
Nowadays, the economic value of "good domain names" is on the increase. The rapid growth of e-Commerce and e-Government transactions gives rise to cybersqatters who register or use a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatters then offer to sell the domain to the person or company who owns a trademark contained within the name at an inflated price.

To this end, the Act on Internet Domain Resources was enacted in 2004, whose English translation is not available at the moment.

The term "Cybersquatting" is derived from "squatting", which is the act of occupying an abandoned or unoccupied space or building that the squatter does not own, rent or otherwise have permission to use.

Prospects
Basically, the above statutes on e-Commerce will be modified sooner or later in line with the advancement of new technologies. Take an example of the Electronic Signature Act, which was legislated on the PKI basis in 1997. Later, in view of the introduction of biometrics technology like fingerprint, iris and voice print, the Act had to be changed to cover such technological advancement.