October 9, 1998
James Love firstname.lastname@example.org
Consumer Project on Technology
Ottawa, October 9, 1998. The following are personal notes and observations from the OECD Ministerial Conference on Electronic Commerce that was held from October 7-9 in Ottawa, Ontario, Canada.
OECD is short for the Organization for Economic Cooperation and Development (called the OCDE in French). The OECD has its roots in the Organization for European Economic Co-operation (OEEC), which administered U.S. aid to Europe under the Marshall plan. In 1961 the OECD was formed by 20 European and North American countries. Nine countries have since joined the OECD. Today the OECD has a somewhat diverse membership, including some developing countries such as Korea, Mexico and Hungary, but it is still largely known as a club for rich countries.
The OECD Ministerial meeting on electronic commerce was a very high level event, with top trade and industry officials from Japan, the United States and several other countries present, plus presentations made by the heads of the World Trade Organization (WTO), the World Intellectual Property Organization (WIPO), the United Nations Commission on International Trade Law (UNCITRAL)and several other national and international bodies.
In addition to the government representatives, there were several speakers from business and non-government organizations (NGO), and there were "parallel" sessions at which businesses and NGOs made recommendations.
THE CORE ISSUES
The OECD meeting is one of several events unfolding that will define new forms of governance for the Internet. This concerns profound issues. Internet commerce is global, and hence our entire framework for speech, commerce, censorship, and communications are being thrust into an environment where national laws are, some say, no more than a local ordinance on the information superhighway.
Moreover, the early debate is far broader than issues regarding harmonization of laws or coordination of enforcement.
It is more than the debate to determine if traditional government roles in protecting consumers will be abandoned. It is also a debate about whether or not governance itself will be privatized, and whether democratic traditions can survive in cyberspace.
These issues are being raised in a number of topic areas.
One such topic is privacy protection, and there was much focus on the showdown over the EU's directive "concerning the processing of personal data and the protection of privacy in the telecommunications sector," which is supposed to curtail transborder data flows with countries that do not protect personal private at sufficient levels.
( http://www2.echo.lu/legal/en/dataprot/protection.html). There was also the brave new world presented by White House aide Ira Magaziner, that is a "deregulated system in which the corporate world sets the rules and provides the enforcement" on privacy, consumer protection, governance of domain names and IP addresses, and many other topics. [see below].
GETTING INTO THE MEETINGS
You could only attend the sessions of the meetings if you were a member of a national delegation or if you had some type of an invitation from the OECD. The official U.S. delegation was quite large, officially listed as 63 members, and included many non-government members, including representives from Microsoft, Disney, AT&T, EDS, MCI/Worldcom, UPS, Hewlett Packard, Oracle, Bechtel, and a large number of trade associations.
Small businesses were largely invisible in the U.S. delegation. For example, while the U.S. Government (USG) sponsored representatives from Canadian owned West Publishing, British and Dutch owned Lexis-Nexis, two publishing giants that dominate U.S. legal publishing, there was no one from the American Association of Legal Publishers, a trade association made up of U.S.-owned small businesses that are challenging the "Wexis" cartel. Meanwhile, the OECD gave Nigel Stapleton, the Chairman of Reed-Elsevier (owner of Lexis/Nexis) an opportunity to address the first plenary session to pitch the controversial database protection legislation that would further entrench the West/Lexis cartel. (See http://www.cptech.org/ip/database)
The business funded Center for Democracy and Technology (CDT) was a member of the U.S. delegation, but no American consumer or privacy groups were.
The Internet Law and Policy Forum (ILPF), which is sponsored by a few dozen large corporations ( http://www.ilpf.org/sponsors.htm), appeared to have its own status to credential delegates, and had at least 5 participants in the meetings, including Stephen Balkam, the President of the Recreational Software Advisory Council (RSAC), a content rating agency that was often touted during the meetings.
I was never contacted by the U.S. government about the meetings, but was invited to participate as a member of the Trade Union Advisory Council (TUAC) delegation, after Roland Schneider, a German economist working in the Paris TUAC office, ran across the CPT web page ( http://www.cptech.org). Other TUAC representatives included Louise Sylvan, the head of the Australian Consumers Association and Vice President of Consumers International, and several trade union officials. Jim Murray, the Director of the European Consumers Organization and one of the leaders of the newly formed Trans Atlantic Consumer Dialog was an OECD invited speaker. Marc Rotenberg from the privacy group EPIC was credentialed as an invited speaker, but EPIC's David Banisar, an internationally recognized expert on privacy laws, had to spend the two days borrowing ID tags to attend meetings.
When participants arrived, we were given a name tag that hung around our necks on a ribbon that said "EDS*OECD/OCDE '98". (Marc Rotenberg asked EDS whether this indicated a merger, and was told that "no, it was an acquisition.") Our documents were in a nice briefcase that had a large white IBM logo. The back cover of the "Official Agenda" was filled with logos from 19 corporate sponsors, and this pretty much set the tone for the meetings, which were heavily dominated by commercial interests.
The two major substantive documents passed out were an OECD staff briefing, the 60-page "Documentation for Participants," and a 65-page "A Global Action Plan for Electronic Commerce prepared by Business with Recommendations for Government." The OECD staff "Documentation for Participants" devoted five pages to "consumer protection in the electronic marketplace," including a single paragraph on "the role of government," which said in part,
Disparate national policies may impede the growth on electronic commerce and, as with many other issues in the electronic marketplace, consumer protection can be addressed most effectively through international consultation and co-operation.
Elsewhere in the document there was much endorsement of business self-regulatory plans, including the statement that "Governments also have an ongoing role in enforcing laws to back up self-regulatory plans where a business that claims to comply with the private sector standards fail to do so." So apparently the private sector can decide what the consumer protection rules should be, and government can make sure they are enforced, which must seem like a good solution to the Chamber of Commerce. Number of concrete proposals to harmonize consumer protection laws: zero.
The OECD's "Documentation for Participants" included include three pages on "protection of privacy," much of which is an explanation of different approaches that might be followed. There is a call for governments to "work with the private sector to develop criteria for effective privacy protection which the private sector can implement through self-regulatory codes," but also a recognition that governments can still enact "privacy legislation," and enforce laws in this area. But generally, pretty thin stuff, and there was no plan whatsoever to deal with cross border privacy issues.
The Business "Global Action Plan" was more specific in terms of its recommendations. On the issues of "Consumer Empowerment/ Marketing and Advertising Ethics," offered these words:
The international legal community has only just started reviewing the many complex issues surrounding applicable law and jurisdiction in cyberspace. Any premature regulation mandating the law and forum of the country of destination for consumer transactions would seriously undermine the growth of electronic commerce, as compliance would be overly burdensome for all businesses and practically impossible for small and medium-sized enterprises. ...
In the borderless global environment of the Internet, internationally incompatible national laws on advertising and promotions seriously impede cross border sales.
Governments should support self-regulation for Internet advertising at the global level based on the existing agencies and business self-regulatory bodies for traditional advertising at the national level.
On the area of standards, the Global Action Plan says that "Governments should avoid mandating unnecessary standards that could be led by Business." On questions of Internet governance, governments should "continue to support the proposed transfer of administration of the Internet name and address system to the private sector," consistent with protection of "existing trademarks." Governments should "remove existing barriers for workers to share in the new and different employment generated by electronic commerce." On the issue of privacy, governments were encouraged to "recognize the validity and adequacy of effective self-regulation augmented by the use of privacy-enhancing technologies,"
However, on the issue of intellectual property, the "Business" document takes a 180 degree turn, and harmonization, lifting of standards and lots of government action are all recommended. Indeed, governments are asked to consider "further measures to secure property rights in the digital networked environment, including filing the gaps in protection ... left by the Performances and Phonograms Treaty," and to "work, through WIPO, towards adequate protection of intellectual property in databases," and to harmonize trademark law and policy so that companies can "protect their trademarks in cyberspace."
The introductions, welcomes and opening speeches include comments from three Canadians (the Prime Minister, the Minister of Industry and the Secretary General of the OECD), plus speeches from officials of Andersen Consulting, Telus, CGA and IBM, and Renato Ruggiero, the Director General of the WTO and William Daley, the U.S. Secretary of Commerce.
Mr. Daley's statement was short on specifics and long on boosterism, but there a few points worth quoting. On the issue of privacy, he said, "We believe that our self-regulatory approach can co-exist with approaches taken by other governments." On the emerging issue of the status of e-commerce contracts, Daley said "How can people know that the contracts they make over the internet will be enforced? ... we have proposed an international convention... It would assure that electronic contracts are enforceable." There was no acknowledgement of the U.S. debate over the status of unreasonable "click on" contract terms that is at the core of the debate over the modifications of Section 2b of the Uniform Commercial Code (UCC) (See http://www.cptech.org/ucc), and how this problem is much more complex in global commerce.
The first plenary session roundtable was on the subject of "Building Trust for Users and Consumers: Roles and Responsibilities." This included a tough talk by Jim Murray, head of an association of European consumer groups (Bureau Européen des Unions des Consommateurs), who spoke out against the notion that self regulation was the answer to all problems of privacy and consumer protection on the Internet, or that government should turn over important governance functions to private corporations. Mr. Murray indicated that while it was appropriate to delegate many public interest responsibilities to non-government entities, it should be done under a framework of accountability to democratic bodies. "Governments must remain the ultimate guarantors of the rights of citizens and not abdicate their responsibilities in this area," he said.
As indicated above, Nigel Stapleton, the Chairman of Reed-Elsevier, made a pitch for new intellectual property laws to provide new legal rights to control redissemination of non-copyrighted materials in databases. Mr. Albert Gidari, Jr. from the Internet Law and Policy Forum said no one actually knew what "self regulation" of the Internet meant. "Does it mean deregulation?" he asked, or was it something else?
The "self" in self-regulation normally applies to the business sector only. "This conception of self-regulation places too much of the burden on industry to solve the legal and policy issues raised by electronic commerce and fails to recognize individual users of Internet services and participants in electronic commerce as independent stakeholders and possible administrators in a larger self-regulatory regime." [The Ottawa Citizen, October 9, 1998, quoting Mr. Gidari].
The second plenary session was "Building trust and making it work: case studies in effective implementation." The session was moderated by John Sacher from Marks and Spencer, the retailing giant that is now much more than a good place to buy knickers. Danny Weitzner spoke representing the World Wide Web Consortium, his new employer, as did former FTC Commissioner Christine Varney and lots of others. I missed much of this session as the various privacy and consumer groups were trying to draft an NGO statement, which required a fair amount work. (More on this below).
The third plenary session was chaired by Don Johnston, the Secretary General of the OECD, and included presentations by Martin Bangemann, the powerful European Commissioner for Industrial Affairs, Information Technology and Telecommunications, Sanzo Hosako, the State Secretary of International Trade and Industry in Japan, White House official Ira Magaziner, and Maria Livanos Cattaui, the head of the International Chamber of Commerce. I missed Mr. Bangemann's presentation, but apparently he emphasized public polls indicating 58 percent of Americans want privacy safeguards for personal information (I thought the percentages would have been higher). Mr. Hosako's presentation was quite general. He did emphasize the development of e-commerce policy initiatives in the Asia Pacific Economic Cooperation (APEC) meetings, the idea that rules should be different for developed and less developed countries, and that consumer protection was an issue of concern, and he rattled off a long list of other outstanding "issues" without much elaboration. The Chamber of Commerce presentation contained no surprises. The most dramatic presentation on this panel was from U.S. Internet czar Ira Magaziner, whose speech was accurately described in press accounts as tough and deregulatory.
Mr. Magaziner [said] . . . the laws and regulatory tools used in the industrial revolution could only damage the development of electronic commerce. . .Mr. Magaziner favors a deregulated system in which the corporate world sets the rules and provides the enforcement. He envisioned an international code of conduct for electronic commerce companies. Organizations that agree to protect client privacy would be allowed to display a special seal on their web pages. Government could conduct public information programs but non-government organizations such as the Better Business Bureau would be responsible for dealing with violations and conducting audits. [The Ottawa Citizen, October 9, 1998]
After Mr. Magaziner described the U.S. approach for self regulation of privacy and Internet governance, he suggested it would be a model for consumer protection. The reaction against Mr. Magaziner's speech was harsh among consumer and privacy group. Mr. Murray described it as the worst of all the presentations, and Louise Sylvan, the head of the Australian Consumers Organization said it was "appalling." The U.S. privacy groups indicated that years of experience in the U.S. has demonstrated that self-regulation alone has proved to be ineffective.
In a protest outside of the meeting area, Maude Barlow from the Council of Canadians complained that the meetings would lead to large changes in financial institutions. "It's basically deregulated and is one more huge step to remove the control of the financial institutions of our society out of the hands of people," she said. This reminded me of complaints made by NGOs during the May 1998 World Trade Organization (WTO) Ministerial meetings. The NGOs were concerned that "no Internet tax" agreements would be used to stop countries from imposing a "Tobin Tax" on currency speculators.
Also related were reports in the local Ottawa newspapers that two Canadians, Thomas Kim Seto and Orest Rusnak of Edmonton, were charged by the Alberta Securities Commission with illegally setting up the World Stock Exchange and selling unregistered securities. Apparently this new Internet stock exchange was first established on a web site hosted in Alberta, but was later moved to ISPs in the Cayman Islands, then Antigua and Barbuda. An Alberta regulator was quoted as saying "We're breaking new ground here. It could set a precedent across Canada," which seemed like a rather limited way to view the dispute. John Heine from the U.S. Securities and Exchange Commission indicated "I'm not aware of any enforcement action we've taken with any parties that have operated a stock exchange on the Internet." The Alberta case reportedly goes to a hearing on October 22, 1998. Disputes such as these, as far-reaching as they may appear to ordinary citizens, were not mentioned by the various trade and industry officials in the OECD meetings.
The last plenary session of the first day was "Establishing the Ground Rules for Global Electronic Commerce: International Activities and Initiatives." The featured speakers and moderators included (please forgive the acronyms) the Deputy Secretary-General of the OECD, the Director-General of the WTO, the Director-General of WIPO, the General Manager of the IMF, Under-Secretary General of the UN representing UNCITRAL, the chief of the European Free Trade Association and heads of international organizations for telecommunications, customs and postal services.
Renato Ruggiero, the WTO head, gave a low key talk, cautioning against the (false) notion that laws don't already apply in cyberspace. There are signs the WTO will be slated for a larger role in Internet governance. At the May 1998 WTO Ministerial meeting in Geneva, which I attended, the U.S. pushed for a new role for the WTO, initially centered on tariff and customers issues, but with a much broader mandate. And circulated at the May WTO meetings was an EU staff document suggesting the WTO become the arbitrator of disputes over privacy policies. Ira Magaziner clearly wants to challenge EU privacy rules under the theory that they represent barriers to trade. From Mr. Ruggiero's prepared comments at Ottawa:
At our second Ministerial Conference in May this year, all WTO Members adopted a Declaration on Global Electronic Commerce with two major results: We agreed not to impose customs duties on electronic transmissions until Ministers reconsider the matter at the end of next year. We agreed to launch a future programme of work on electronic commerce under which the relevant bodies in the organization will examine and report back on any trade-related issues arising from electronic commerce which Members wish to raise.
What does this work programme - which will begin this month - entail? First we will confirm the rules on electronic commerce that already exist in the WTO - to avoid undermining existing rights and obligations by treating electronic commerce as if it were outside the normal trade regime. Second, we will identify any weaknesses in the existing legal structures that need to be strengthened or clarified. And third, we will see if there are any areas not covered by WTO disciplines where Members agree that it might be appropriate to move forward.[Prepared remarks on the web at: http://www.wto.org/wto/speeches/ott.htm]
The NGO Parallel Track
At the end of the first day we separated into three parallel tracks, one for the trade ministers, one for Business, and one for the various labor, consumer and privacy groups in attendance.
I was a speaker in Parallel Session C, "The Meeting of Labour and NGO leaders: Social Perspectives on Global Electronic Commerce." This session was chaired by Mr. Angelo Gennari, Director of Studies and Research for the Italian Confederation of Workers Trade Unions, and included ten speakers: trade union officials Bill Connor (Distributive and Allied Workers), Sid Shniad (Canadian Telecommunications Workers Union), and Roland Schneider (TUAC), Marc Rotenberg of EPIC, Louise Sylvan from the Austrian Consumers Organization and Consumers International, myself, and two government officials, Mr. David Johnston, a Special Advisor on the Information Highway to the Canadian Minister of Industry, and Mr. Jay Naidoo, the South African Minister for Posts, Telecommunications and Broadcasting.
The presentations by the trade union officials were highly critical of the day's proceedings, which they regarded as a public relations exercise for big businesses, and they discussed the problems that telecommnicating and flexible work forces presented for union organizing. Marc Rotenberg began his talk by comparing the day's emphasis on self-regulation for privacy and consumer protection to the calls for self regulation of working conditions in the 19th century, and later he contrasted the U.S. government's positions on intellectual property and encryption to its policies on the EU privacy directive. Louise Sylvan's talk concerned the Australian approach to self-regulation, which seemed much more like a partnership than simple deregulation. Ms. Sylvan emphasized the need to look at industry enforcement mechanisms and the ways that the industry codes were maintained or updated. Time was limited and there wasn't much talk about antitrust problems that result from industry-administered regulatory schemes.
My own talk began by asking the audience if they were as appalled as I was at the positions advocated by the United States government at the meetings. I then asked for a show of hands to determine how many persons rejected the idea by Ira Magaziner and others that self-regulation by large corporations would be sufficient for privacy and consumer projection. About 2/3 of the audience raised their hands to reject the self-regulation model, and 1 person raised his hand to associate himself with the U.S. position. I asked the chair to report the result to the full group.
I then talked about the U.S. policies on intellectual property, where the U.S. and other OECD countries had pushed for new international treaties, new forms of property rights, requirements for harmonization of laws, rising standards of protection, and the outlawing of new technologies that undermined these new rights, plus international tribunals and sanctions to ensure enforcement. This was then compared with the assertions often heard at the Ottawa meetings that enforcing any privacy or consumer rights would simply be too difficult.
I then turned to the issue of Internet governance, and in particular, the U.S. plan to turn over Internet domain names and IP numbers, plus an undermined number of other issues, to a private corporation. The USG has indicated that it will be vesting this new authority with a group now called the Internet Assigned Numbers Authority (IANA). The IANA's October 2, 1998 letter to Secretary of Commerce William Daley, described the proposal as follows:
This organization will be unique in the world - a non-governmental organization with significant responsibilities for administering what is becoming an important global resource.
The October 2, 1998 letter promised it would preserve "as much as possible, the tradition of bottom-up governance of the Internet," and that it would be an "open, inclusive and transparent organization." However, upon closer inspection, there are no democratic foundations for the organization, just a private corporation with lots of authority and power but no accountability. Initially, it would be run by a self-selected 19 member board of directors. This would be made be up of the president, nine "at large" members and nine board members chosen by three committees created by the board. The three committees would be on IP addresses, domain names and a an undefined "protocol supporting organization" that would make recommendations on "the operation, assignment and management of protocol parameters...[and] other technical parameters and related subjects."
The IANA proposal promised that Internet users could "nominate" board members, but there was no provision for Internet users to vote. At the NGO meetings, I compared this unfavorably to the founding of the United States, where at least white, male property owners were permitted to vote. (For more on this topic, see some of the papers written by Harvard Professor Larry Lessig from Harvard Law school, such as http://cyber.harvard.edu/works/lessig/cpsr.pdf).
The IANA model is important, because if the proposed authority were created, it might be asked to assume ever greater authority on a wide range of matters. As a self-appointed group, with the ability to change its bylaws or elect whoever it wants to its own board, it would be given enormous power to control essential Internet resources, without being accountable to any government or any group of users. If this is the future of Internet "self" governance, one might ask who is the "self" that is governing, and how did they obtain this much power and from whom?
I also spend some time explaining that there were many efforts underway to elevate the legal status of various contracts of adhesion, and that these were quite controversial in the United States, particularly in the proceedings on changes to section 2b of the U.S. Uniform Commercial Code (UCC). (See http://www.cptech.org/ucc or http://www.badsoftware.com). Presently various "shrink wrapped" and "click on" contracts for software and web pages contain numerous objectional clauses, such as the elimination of the right to seek legal redress for non-performance, non-compete clauses, clauses prohibiting public criticisms or negative reviews of products, and prohibitions against reverse engineering.
There is, I said, a movement to replace a wide range of current privacy, consumer protection and copyright measures with an approach based upon contracts. This is being pitched as easier to implement than harmonization of national laws. However, in practice, it would permit firms to write their own laws, eroding or eliminating many hard-fought rights under current law. This has been a major issue in copyright matters, as many of the contracts would eliminate consumer rights under current fair use exemptions, for example.
I discussed also a number of other topics, including current restrictions on parallel imports.
As we were beginning our session, we learned that the OECD staff had already circulated a draft of our "conclusions," which none of us had even seen, and which apparently were written before our meeting took place. Then we had a long discussion about who would present the findings from our group the plenary session the following day. We were told that David Johnson, an advisor to the Canadian Government, would present our results. Several persons thought it would be more appropriate for an NGO to present our position, particularly since the business group was speaking for itself. We were told that we basically had no choice, and that the U.S. and some others didn't even want the NGO parallel session to begin with, and we had to be careful or we wouldn't be invited back to another OECD meeting. This didn't go over too well with some of the NGOs, but in the end we folded. The objections had nothing to do with David Johnson, who was a wonderful guy, and very smart and articulate, and who did an excellent job of presenting in general terms the results of the group on Friday.
THE NGO STATEMENT
A fair amount of Thursday was spent drafting a joint NGO statement. Jim Dempsey from the CDT wrote an initial draft which was hacked up and expanded some. Debra Hurley from the Harvard Information Infrastructure Project (HIIP), Pippa Lawson from the Public Interest Advocacy Centre (in Canada), Marc Rotenberg, myself and several others worked on various sections. In the end the document was pretty good, but also very short - less than two pages. This could be contrasted to the 65-page business groups' document circulated earlier. But it was a start. The document is on the web at:
I worked on three sections of the NGO statement. The Intellectual property section read:
Intellectual property: The framework for intellectual property protection should be based upon mechanisms that are least intrusive to personal privacy, and least restrictive for the development of new technologies.
This could have been much more detailed if we had more time. Efforts to put in a fair use section, for example, were unsuccessful because the concept goes by different names in different countries, and we did not have time to draft a section based upon exceptions and limitations of copyrights.
On the issue of Internet governance, the NGO statement says:
Internet governance: Governments should foster Internet governance structures that reflect democratic values and are transparent and publicly accountable to users. Standards processes should be open and should foster competition.
This was fairly minimalist, and had not even been in the first draft of the statement.
Mark Rotenberg drafted most of the consumer protection section, which was expanded a bit to deal with the UCC2b type issues.
Consumer protection: The OECD should support the establishment of minimum standards for consumer protection, including the simplification of contracts, means for cancellation, effective complaint mechanisms, limits on consumer liability, non enforceability of unreasonable contract provisions, recourse at least to the laws and courts of their home country, and cooperation among governments in support of legal redress. Such minimal standards should provide a functional equivalence to current safeguards, offering at least the same levels of protection that would be afforded in the offline world.
On Friday, we heard another round of speeches by various parties, and reports of the different parallel sessions. At one point the floor was permitted to ask questions, I believe for the first time. I was permitted an intervention, where I described the meetings as somewhat detached from reality. The various "we can get by with self regulation" speeches were really statements that the OECD had its head in the sand, and had no idea whatsoever how to deal with difficult cross-border problems. I mentioned our interest in four areas of electronic commerce where self regulation was not an attractive solution. These were the sale of unregistered securities over the Internet, the regulation of "truth in advertising" for credit practices, restrictions on unethical advertising of pharmacueticals and medical devices and unsolicited commercial announcements, known as junk mail.
I indicated that once people got down to specifics, it was clear the problems were complex, and that it was generally the case that in the areas where the government had been compelled to act before, there were major drawbacks to turning regulation and enforcement over to unelected private cartels. It was time to "pull our heads out of the sand" and begin to deal with real thorny problems, I suggested. I think I was the first person to mention the word cartel during the two days of plenary sessions. A few minutes later, Joanna R. Shelton, the Deputy Secretary General of the OECD, responded to my intervention, saying the OECD did not have its head in the sand, and that no one believed self regulation was the answer to all the problems. She also said the OECD would be issuing consumer protection guidelines.
There were many additional speeches on the final day, including some that I missed. There are a number of documents about the meeting on the web at:
E-commerce is a term now used by several international bodies to describe a wide range of policy issues and controversies. Much of this has to do with the future of governance and democratic government in an era of disappearing national borders.
These issues are generally too important to be left up to a handful of trade officials and corporate lobbyists. One would hope the debate itself over governance in cyberspace will become more democratic than was evidenced at the OECD's Ottawa meetings.