Delivering services online brings with it new and special legal challenges, particularly when government is delivering the services. These challenges can be managed when the organisation implements appropriate design and facilities (including Web sites, databases and supporting software), products and business processes.
Factoring legal issues into planning as early as possible will avoid the need to revise designs and functionality at a late stage in a project. Some key legal issues are discussed below.
Identity Authentication and Non-Repudiation In the offline world, many transactions do not require the establishment of the parties' identities. For example, a retail transaction paid for by cash can often be carried out anonymously. This may also be true in the online world. But many online transactions do require identity authentication (for example, regulatory returns, purchases and payments). There are currently no reliable and widespread "e-cash" systems, and any retail purchases made over the Internet often require some physical address for the delivery of goods and credit card details for payments.
The offline world has evolved several mechanisms which allow parties transacting at a distance to authenticate the identity, attributes and, sometimes more importantly, the authority of the other party to enter into a particular type of transaction. A level of confidence in the other person's identity can be established either through a relationship of trust developed over a period of time or by the use of some form of identity token issued by a trusted third party, such as a passport.
For the many transactions in the online world where the identity of the parties must be established (this includes most government compliance transactions), the issue of identity authentication is important. An organisation can pre-authenticate counterparties (for example, by issuing passwords) but this assumes that all counterparties are known and identified in advance of an online transaction, which may not be the case.
Where it is required that transactions be performed with persons not previously authenticated, the technology exists to provide a high standard of authentication, but generally relies on the existence of a trusted third party and a supporting authentication infrastructure. In the case of a public key infrastructure (PKI) system, which is generally considered to be capable of providing a high level of authentication, these trusted third parties are known as certification agencies.
Federal cabinet has directed that all federal government agencies which use PKI for their online authentication must use providers of PKI which are accredited under the Commonwealth's Gatekeeper model.
An issue often related to authentication is that of non-repudiation. This is concerned with binding transacting parties to their actions. In the offline world, requiring some form of mark or signature often does this. Under the federal Electronic Transactions Act 1999, where a law of the Commonwealth requires a person to provide a signature, that requirement can be met by using an electronic signature. The act does not specify the type of technology to be used in any given case, but rather notes that the technology must be appropriate for the circumstances. In certain circumstances then, a message signed with a digital signature or other appropriate electronic signature can be a valid signature under Commonwealth law. The states and territories have agreed to pass similar legislation to the Electronic Transactions Act in their jurisdictions, and some have already done so. Of particular interest for government in the area of digital signature certificates is the Australian Business Number - Digital Signature Certificate or ABN-DSC. This is a class of certificate which contains a business's ABN and uses it to identify businesses in their dealings with government and, ultimately, with each other.
Privacy and Security
Other issues frequently mentioned as inhibitors of electronic commerce are privacy and security. While the information-handling practices of the federal government have been subject to the Privacy Act 1988 for some considerable time, state and territory public sectors are now being subjected to new privacy regimes. Many businesses in Australia will become subject to privacy regulation for the first time in December 2001 when recent changes to the federal Privacy Act will come into force. Officers in state and territory governments will need to be aware of the privacy regulation governing their information handling practices.
Although privacy as an issue is not confined to online service delivery, the online medium does open up greater opportunities for the collection and exploitation of personal information than previously. For this reason, those involved in government online service delivery need to be particularly vigilant to ensure that they are meeting their obligations under appropriate privacy regulations. In respect of security generally (which applies not only to personal information but arguably to all information), the onus is again on those involved in delivering online services to ensure that they are meeting appropriate standards of confidentiality, integrity and availability of information and services.
Disability Access
While electronic service delivery has great potential to break down some barriers to accessibility, it can also inadvertently result in the creation of others. As an example, users with a visual disability find it difficult or impossible to access many Web sites. Like most online service delivery issues, this one is manageable provided it is addressed early. Sound Web site design can make many services available to people with such a disability.
Form and Content Requirements
Legislation often requires that a particular application for a licence or a grant be submitted in writing or in a particular format. The Electronic Transactions Act (and its state and territory equivalents) addresses these issues to some extent. It provides that where a law requires something to be produced or disclosed in writing, that requirement is discharged where the application or disclosure is made electronically, provided certain conditions are met. It is again an issue that can best be addressed by appropriate site design and planning to ensure that the transaction is on a sound legal footing.
The above is only a brief outline of some of the more difficult issues encountered in the delivery of government services online.
For those involved in providing infrastructure and supporting services, or those managing contracts in this area, it is important to be aware of these issues and to manage them carefully. An organisation's ability to deliver online services is totally dependent on sound underlying technological infrastructure. The above issues are manageable, but an organisation can save much time and effort if it can identify them as a part of the planning and scoping process and not as an afterthought.
Mark Sneddon is a partner at Clayton Utz. Sven Bluemmel is a senior solicitor at Clayton Utz
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.