Internet Law

Doing Business on the Internet FAQS

Q: Are there any legal restrictions governing online privacy and confidentiality?

  • A:Yes, and the chances are that there will be even more restrictions as time goes on. Federal law has already been enacted that is called the Children's Online Privacy Protection Act of 1998. Under this law, any person who operates a Web site located on the Internet or an online service, and who collects or maintains personal information from or about users or visitors, is generally prohibited from collecting such information from a child. The Act can be enforced by the Federal Trade Commission or by state regulators.

    Efforts are also continuing to expand the law in the area of privacy. For example, proposed legislation was introduced that would have been known as the Online Privacy Protection Act of 2001. This Act would have required the FTC to prescribe regulations to protect the privacy of personal information collected from and about individuals who aren't covered by the Children's Online Privacy Protection Act of 1998, to provide greater individual control over the collection and use of that information, and for other purposes.

    Business interests generally oppose efforts to adopt new laws to protect online privacy and instead promote self-regulation with respect to privacy issues. Their reasoning is that new laws are unnecessary, because the courts have already clearly recognized a constitutional right to privacy.

Q: Can I be held liable for spreading a computer virus?

  • A:If you spread a virus on purpose, you can certainly be held liable, on both civil and criminal charges. From the standpoint of civil liability, you could be sued by any number of interests ranging from ISP's to individual users. Your liability would be damages you caused by willfully spreading the virus. In addition, you could be held liable for exemplary or punitive damages for an intentional wrongdoing. Such liability may not be dischargeable in bankruptcy. With regard to potential criminal liability exposure, intentionally spreading a computer virus could be characterized as a crime under any number of circumstances.

    You may not even have to be the one who spread the virus to be held accountable. For example, you may created a virus program or let someone use your computer in spreading it. In such situations, there are ways that a prosecutor could try to hold you responsible. You might be deemed a co-conspirator, or someone aiding and abetting the commission of a crime.

    It's not clear whether someone could be held liable for negligently spreading a virus. In most situations, it would probably be a stretch to find liability where an end-user innocently spread a virus by unwittingly doing something like opening up an e-mail. In order to establish such liability, it would have to be shown that the user acted unreasonably and thereby fell below the standard of care of a reasonable computer. However, there are presently many "anti-virus" programs on the market that are able to detect and filter out infected e-mails and other communications, so it may only be a matter of time before claims will be brought on the basis that a user fell below the standard of care by not using a virus scanner.

    While it may be stretching the analysis a bit, liability in an extreme case might even extend to ISP's and to software developers or manufacturers, if they knew or should have known that their products would be used for creating or transmitting a virus. However, the likelihood of such liability may be remote given that the law presently affords some degree of protection to such companies under the Digital Millennium Copyright Act. By comparison, it would be difficult to impose liability on an automobile manufacturer simply because the company's automobile was used in a robbery.

Q: Can I copy software code, articles or other information off the Internet without first getting permission?

  • A:Unless the information is in a protected format, you can copy almost anything off the Internet. Whether or not it is legal to do so is a separate question, the answer to which largely depends on why you are copying the information. If you are copying the information for your own personal use, it may be okay. However, if it is for use in your business or otherwise for financial gain, you may be faced with potential liability exposure.

    Under the general heading of intellectual property, and without regard to the Internet, the law affords protection to the following:

    • Copyrights - original works of authorship fixed in any tangible medium of expression
    • Patents -- inventions
    • Trademarks -- words, names or symbols that identify goods made or sold, and that distinguishes them from goods made or sold by others

    Being able to access and copy or reproduce information so easily over the Internet has given rise to many new legal issues. As a consequence, new legislation has been adopted, including the Digital Millennium Copyright Act of 1998. This Act provides stiff civil and criminal penalties for pirating and other unauthorized use of software. If a licensor brings a civil action against you, for example, it may be possible to obtain an injunction and monetary damages. The licensor may then choose between actual damages, which includes the amount lost because of infringement, plus any profits attributable to the infringement. In addition, the government can criminally prosecute you for copyright infringement. If convicted, penalties can include up to five years in prison and a fine of up to $500,000. Second-time offenders risk 10 years of prison and a $1,000,000 fine.

    In addition to criminal penalties, there can also be substantial penalties on the civil side of the fence, as civil liability will almost always attach to any criminal act. In addition, punitive damages can be awarded for any wrongdoing that is intentional. Furthermore, damages for an intentional act may not be dischargeable in bankruptcy.

Q: Can Web sites or Internet service providers be held liable for crimes or other wrongful acts committed online by their users?

  • A:Under the proper circumstances, it may be possible to find liability. However, the realities of the situation are that lawmakers are not going to allow liability to attach to the point that it would chill or discourage further development of the Internet. To the extent that the Internet has already become a pervasive means of communication and expression, there may also be rights of free speech involved with issues that come up in this regard. Under the Fifth Amendment, these rights are zealously protected in our society.

    Case law so far has generally ruled in favor of ISP's and Web sites on legal challenges that have tried to hold them liable for the transmission or posting of information of third parties. And protection has also been given to some degree under the Digital Millennium Copyright Act of 1998. For example, the Act generally limits the liability of ISP's for copyright infringement liability for simply transmitting information over the Internet. However, they're expected to remove material from users' web sites that appears to constitute copyright infringement.

Q: How enforceable are the boilerplate provisions that companies always force people to accept in order to use or access their Web sites?

  • A:While the law is constantly evolving in this area, the likelihood is that such provisions can be held enforceable. The logic is that by accepting terms of participation, a user has entered into an enforceable contract. In simple terms, an enforceable contract requires only that there be a proposal in the form of an offer that is accepted, with some "consideration" exchanged in the process. While this doesn't rule out the possibility of finding a defense or an excuse to performance, there is clearly an argument that a contract has been created by a user clicking on an "accept" button in consideration of being able to access a Web site or to download a software program.

    In looking at the issue a different way, contracts are enforced under the law in order to preserve the reasonable expectations of society as a whole. Given that the digital world is becoming an everyday part of our lives, there is certainly a need for people to be able to transact business over the Internet. So procedures and protocols have been and will continue to be developed for contracting over the Internet. Indeed, legislation has already been adopted that allows for electronic signatures. For example, the federal law known as the Electronic Signatures in Global and National Commerce Act ("E-SIGN") of 2000 was designed to eliminate legal barriers to the use of electronic technology to form and sign contracts, collect and store documents, and send and receive notices and disclosures. Many states had previously adopted their own laws to govern contracting over the Internet.

Q: Is it legal to link a Web site to another Web site without first obtaining permission?

  • A:Maybe, maybe not. The answer to this question is really going to boil down to the facts and circumstances of each situation. Linking happens all the time and there are usually not a lot of complaints about the linking itself. Thus, the chances of there being liability exposure for a casual link in probably minimal. However, problems are more likely to occur are in situations where linking of a Web page is being commercially exploited without the consent of the owner of that Web page.

    Theories of liability are usually premised on copyright violations. However, companies have become very creative in finding ways to protect their turf. For example, liability has attached with regard to a Web site taking unfair advantage of information on another site by using "deep links" that allow a user to bypass the home page of the linked site. The argument here is that such a deep link is misleading because the user may not understand that he or she is has been linked to proprietary information on a different Web site.

    Similarly, Web sites have been found liable for linking on the basis of trespass where the intent of the link was, in effect, to use information over from the linked site to use on its own site.

    Although it may seem far-fetched, it may even be possible criminal liability for linking to a site that is operating illegally or that contains illegal information (for example, pornography). The basis of liability would be that by linking to such a site, it would be republishing the same information on your site.

    Before linking, the safest thing to do is to comply with the linking policies that may be posted on the linked site, or otherwise to obtain the consent of the site before putting the link up. You should also review the site carefully to make sure that the content on that site is something that you would effectively be incorporating by reference on your own site.

Q: What are record-keeping requirements related to e-commerce?

  • A:Record-keeping requirements for a business are complicated enough, as different rules apply to different kinds of records. In one sense, the Internet may make record keeping easier, because of the ability to maintain soft copies of documents rather than have to keep storage rooms full of paper documentation.

    Legislation like the federal Electronic Signatures in Global and National Commerce Act of 2000 ("E-Sign") has also facilitated electronic record-keeping. In general, this Act provides that electronic records satisfy legal requirements for writings. E-Sign also authorizes the substitution of electronic notices for paper notices including most, but not all, types of consumer notices. And E-Sign also includes a number of important protections to ensure that consumers can receive, keep and use electronic notices provided to them.

    At the same time, though, there are pitfalls to record-keeping on the Internet. One big concern, for example, is that it is easy to modify, amend and even erase documents that are maintained in an electronic medium. A company may find that it's necessary to exercise additional due diligence to make sure that the integrity of business records are maintained if they are being stored in an electronic medium. This may entail making copies of records in a CD-Rom or PDF format so that they cannot be altered.

    Doing business online may also give rise to new or different record-keeping requirements that companies may unwittingly violate by destroying or erasing information that they did not even consider to be business records. For example, certain professions are required by law to maintain copies of all advertising materials used in their business. In theory, this could mean that any business that is subject to such requirements should maintain a cached copy of all online advertising. If the business maintains a Web site, it could likewise be characterized as a form of advertising such that all Web pages, and any updates or editorial changes to the Web site, should likewise be cached and preserved for record-keeping purposes.

Q: What are the legal requirements for creating a Web page?

  • A:There are really very few legal requirements in creating a Web page. The first thing you have to do is to secure the rights to use the domain name that you choose. This requires registering the name with a domain administrator. There are a number of domain name registration services around the world. The one you use should be accredited by the Internet Corporation for Assigned Names and Numbers ("ICANN"). ICANN is a nonprofit corporation that has been delegated responsibility by the U.S. government to coordinate Internet technical functions, including management of the Internet domain name system.

    Once you are able to secure domain name registration, the process of starting an e-commerce business will be much the same as any other business enterprise. For example, you may want to incorporate your business. You will also need to enter into numerous contractual relationships in order to secure the services and products that are required to get the business up and running. You should pay close attention to any contracts that you are asked to sign, as they may have long-reaching effects. You should also be very careful about the scope and extent to which you use various products.

    You also have to be very careful about intellectual property rights. One question to ask yourself, for example, is whether or not it is appropriate to incorporate source code into your Web site that you have taken from a commercial software company. It is oftentimes contemplated by a software license that the user is allowed to reproduce and distribute a software product as part of its own product, provided that usage is adding significant and primary value to the underlying software, along with numerous other limitations and restrictions.

    Licensing your business can also be problematic. Wherever you have a home office, it is almost a certainty that you will need to obtain a business license. There may be other requirements in the locale where you are located. You must also undertake due diligence to see what requirements may be on the other end where your customers are. This is sometimes called part of the "fulfillment" process, which could be exceedingly complex depending upon the nature of your business and where your customers are located.

    Once your business is up and operating, compliance issues are ongoing. A business activity that is illegal in one medium is not going to become legal simply because you are doing it over the Internet. Given the lack of restrictions in accessing and using the Internet, it is also sometimes easier to fall into traps for the unwary. Examples would include posting unauthorized materials on a Web site, infringing upon intellectual property rights, or engaging in unlawful solicitations (for example, spamming). In some instances, it is also much easier to get ripped off over the Internet by, for example, sending money to someone via an online auction to purchase an item that is never sent to you.

Q: What are the penalties for computer hacking?

  • A:The term "hacker" had been overused to the point that it may have lost any specific meaning. In general, though, the term could be used in the context of computers as being someone who knows computers inside and out, and who can get a computer to do almost anything. There are even hackers with different specialties.

    Many folks look at hacking as being a hobby and a way to have fun, not as a business of cracking into or penetrating a computer system for financial gain. Regardless, engaging in "hacking" activities that are illegal can result in severe civil and even criminal penalties. For example, the Digital Millennium Copyright Act provides for stiff civil and criminal penalties for pirating and other unauthorized use of software. The government could elect to criminally prosecute a hacker for copyright infringement. If convicted, penalties can include up to five years in prison and a fine of up to $500,000. Second-time offenders risk 10 years of prison and a $1,000,000 fine.

    If a software company or any other business brings a civil action against a hacker, it may be possible to obtain an injunction and monetary damages. The suing party may be able to choose between actual damages, which includes the amount lost because of infringement, plus any profits attributable to the infringement. In addition, punitive damages can be awarded for any wrongdoing that is intentional. Thus, there is an increased possibility that punitive damages can be awarded against a hacker in a civil case since, by definition, hacking is an intentional act. And damages for an intentional act may not be dischargeable in bankruptcy.

Q: What is an online "reverse auction" and is it legal?

  • A:A "reverse auction" in simple terms is where bids are accepted from sellers rather than from buyers. The way such an auction typically works is that someone who desires to buy a product or a service will post a request online. Prospective sellers of the product or service are then afforded the opportunity to submit bids for a predetermined length of time and the lowest bidder wins. Beyond this, the rules vary. Sometimes, for example, the bidders will be able to see competing bids. Sometimes, there may also be rules designed to prevent someone from sneaking in at the last minute with the lowest bid. For example, a last second bid may have to be at least some percentage less that the previous one or, in the alternative, a last minute bid may cause the bidding time to be extended.

    As with doing any kind of business on the Internet, the laws regulating online auctions are still evolving. But many of the fundamental legal requirements for conducting online auctions will be the same as with any kind of auction business. In large part, the rights of participants as between each other and the auction site itself will be defined by their contractual relationships and will be governed by contract law.

    A principal consideration here will be whether or not an auction site will be able to avoid liability exposure based on disclaimers in the terms of participation that users are required to accept as a condition to participation. Although every situation may have its own set of distinguishing characteristics, there is a legal basis for enforcing such disclaimers.

    No doubt, the auction process has been and will continue to be subject to legal challenges. For example, there have already been a number of legal challenges involving online auctions based on fraud of the bidding parties or even the auction business itself. However, the online auctions have become a very popular way to do business on the Internet, so they are no doubt here to stay even if there are further efforts to regulate them.

Q: What is "spamming" and is it illegal?

  • A:Spamming can take on many forms and is difficult to precisely define. Generally speaking, though, it consists of mass posting or cross-posting of unsolicited e-mail for commercial purposes.

    Under federal law, it's unlawful to send junk mail by facsimile, with the possibility of civil liability of up to $500 per copy. Efforts have been made to extend this law to spam sent over the Internet, but isn't clear if this law applies to spamming.

    Some states like California have gone further. Under legislation approved in September 1998, unsolicited commercial e-mail messages must include opt-out instructions and contact information. An opt-out request must also be honored. Certain messages must also be identified in their subject lines as being advertisements. A service provider may also sue a sender of unsolicited commercial e-mail for violating the provider's policies if the sender has actual notice of such policies and if the spam is sent out through the provider's facilities located in California. Other states make it illegal to provide falsified routing information.

Q: What kind of lawyer do I need for a legal problem involving the Internet?

  • A:There may be no such thing as a pure "Internet lawyer." If you are developing an Internet product involving informational technology, you almost certainly want a lawyer who has experience with intellectual property issues (for example, copyrights, trademarks, or patents). In addition, you will want a lawyer who has experience on issues unique to your line of business.

    However, unless you are in a highly specialized area, a general business lawyer with some experience in dealing with Internet issues may be sufficient.

    If you have been sued or are thinking about suing somebody involving issues on the Internet, you are then going to need a litigator. Again, a lawyer with general litigation experience may be able to address your needs. When difficult issues are involved, though, it may be necessary to retain a lawyer with a greater level of expertise on the particular issues involved.

Q: What laws govern business on the Internet?

  • A:Doing business on the Internet, or what is commonly called "e-business" or "e-commerce," is a new frontier. The laws regulating the Internet and doing business online are still evolving. But many of the fundamental legal requirements for doing business on the Internet remain the same as the requirements for a "bricks and mortar" company.

    Without much doubt, a big concern for any company is regulatory compliance. A typical requirement, for example, is that a company must be licensed where it has a principal office or where it does business. The test used to be much easier when it came to determining where a business has to be licensed. Now, however, the test is much more difficult because e-commerce effectively makes everyone in the world a potential customer or client, and who is to say where a company is actually doing business? Potential ramifications are violations not only of U.S. law but also laws of other countries.

    The licensure issue is particularly acute for professionals such as doctors or lawyers. In the U.S., the general rule is that such professionals must be licensed in a state before they can practice there. Before the Internet, it was a lot easier to draw the line on where a business professional is practicing, based on physical presence if nothing else. Now, however, the issue is not nearly so clear.

    Examples of situations where licensure issues could arise for an on-line business include:

    • A business operates in one state but maintains a Web site on a server in another state. The business also consults with or sells products to customers or clients who live in other states and even in different countries. Where is the company doing business?
    • A business maintains a Web site that effectively advertises to prospective clients all over the world. Where should the lawyer be licensed?
    • A lawyer practices in one state but advises a client online who lives in another state. Has the lawyer engaged in the unauthorized practice of law?
    • A world-renown surgeon is able to provide invaluable medical advice by video camera on a surgery under way in a state where she is not licensed to practice medicine. Has the surgeon violated the law?

    As things continue to evolve, a number of new laws have been enacted that pertain specifically to the Internet. For example, federal laws such as the Digital Millennium Copyright Act provide stiff civil and criminal penalties for pirating and other unauthorized use of software. If a licensor brings a civil action against you, for example, it may be possible to obtain an injunction and monetary damages. The licensor may then choose between actual damages, which includes the amount lost because of infringement, plus any profits attributable to the infringement. In addition, the government can criminally prosecute you for copyright infringement. If convicted, penalties can include up to five years in prison and a fine of up to $500,000. Second-time offenders risk 10 years of prison and a $1,000,000 fine.

    Lots of issues have also arisen with respect to fundamental questions about the enforceability of contracts in an e-commerce environment, such as whether or not a contract could be held enforceable when an offer was accepted over the Internet without a hard-copy signature. While this issue has not been completely resolved, legislators have attempted to address it by legislation, such as the federal law known as the Electronic Signatures in Global and National Commerce Act ("E-Sign") of 2000. E-SIGN was designed to eliminate legal barriers to the use of electronic technology to form and sign contracts, collect and store documents, and send and receive notices and disclosures. The goal of the Act is to establish legal standards for signatures as well as record keeping that meet the needs of an ever-changing economy.

    A number of states have also enacted a version of the Uniform Electronic Transactions Act ("UETA"). This is a proposed Uniform Law that covers many of the same issues as E-Sign. Some states have enacted the uniform version but other states have chosen to add consumer protections that go beyond UETA.

    There are many other issues that can arise that go beyond the question of licensing. For example, what must a professional do to maintain confidentiality of communications via e-mail? How much personal information may a company gather about people using its Web site? Do sales or use taxes apply to a business transaction? Or should e-commerce be taxed in other ways? You can count on other regulatory issues arising, as well, as state and federal governments make an effort to exact tax revenues from business done on the Internet.

    As legislative enactments continue to try to clarify open issues with respect to e-commerce, businesses have been forced to adapt to legal issues by carefully trying to clarify the terms and conditions of online transactions, and by contractually defining the format or scope of such transactions. One approach that is typically used is to set forth the terms of service on a Web site that a person must "accept" before being able to use the Web site.

    In addition, businesses typically include language on their Web sites and in e-mails that limits the scope of online interaction. Typical provisions would include qualifying language such that a company is licensed to do business only in certain areas, that users agree to terms of service, and that anything obtained on a Web site is for informational purposes only and does not constitute any form of advice or an offer of any nature.

Q: What legal action can I take to stop spamming?

  • A:While an ISP or a Web site can take action to terminate relationships with spammers, it can be a frustrating experience for an individual user to stop someone from spamming his or her e-mail address. The best thing you may be able to do is to take advantage of "opt out" provisions that are required in certain states. There is the line of thought, though, that by making an "opt out" request, you are only verifying for the spammer that your e-mail address is good.

    Contacting your ISP may not be a bad idea, either. There are also various private or public spam reporting agencies where you may be able to file a report. Taking legal action on your own accord, though, would rarely be a good idea, as it could consume huge amounts of your time and it may be an expensive proposition. However, there may someday be more cost-effective ways to pursue legal action in this arena. Someone may also get creative enough someday to bring a class action lawsuit on spamming.

Q: What legal restrictions are there on the use of e-mail in business?

  • A:Much like everything else involving the Internet, the restrictions on use of e-mail in connection with e-commerce are still largely undefined. E-mail has clearly taken hold as an e-commerce tool, which gives rise to lots of legal issues relating to its use or misuse. Potential legal issues include:

    • Spamming (unlawful or inappropriate solicitation in a business context)
    • Misuse of e-mail by employees, creating vicarious liability for the employer
    • Communications giving rise to civil or criminal liability (e.g., securities laws violations)

    As an employer, it's extremely important to control the use of e-mail in your business. You should have a policy regarding its use. It should also be made clear to employees that your e-mail and computer system are property of the employer and that the employer has the complete and total ability to control its usage. It should further be made clear that employees have no privacy rights with respect to communications involving company e-mail and that the employer has the right at all times to monitor and inspect such e-mail. Any communications generated on the e-mail should likewise be the property of the employer. It should be made clear to employees that they cannot use e-mail for unauthorized purposes.

Have a e commerce question?
Get answers from local attorneys.
It's free and easy.
Ask a Lawyer

Get Professional Help

Find a E Commerce lawyer
Practice Area:
Zip Code:
How It Works
  1. Briefly tell us about your case
  2. Provide your contact information
  3. Connect with local attorneys

Talk to an attorney

How It Works

  1. Briefly tell us about your case
  2. Provide your contact information
  3. Choose attorneys to contact you