Untangling the Global Web: How to Navigate the Maze of International Internet Regulations

They don’t call it the World Wide Web for nothing. You’ve no doubt heard–too many times–the canard that the Internet will break down national boundaries and usher in a new era of frictionless international commerce. Sadly, that view is about as dated as a 1998-era dot-com business plan.

The fact is, many countries (and especially those in the European Union) are creating new laws and regulations, some of which produce new challenges for businesses conducting global e-commerce. Here are just a few examples of the kinds of legislation countries are adopting:

  • Privacy protection laws
  • Regulations governing the exchange of consumer information
  • Restrictions on advertising
  • Limits on the types of goods and services that can be bought and sold
  • Restrictions on the use of data encryption
  • Laws governing the acceptability of electronic contracts
  • Intellectual property regulations such as trademark, copyright, and patent laws (or the lack thereof)

This situation presents a catch-22 for many companies. The Internet opens up a world full of potential customers–but also exposes your company to the laws of myriad nations.

Global Marketing
Doing business online can, in and of itself, th you into a thicket of international laws. Any commercial Web site available to the public is potentially accessible by individuals around the world. Since consumer protection laws usually apply in the jurisdiction where the buyer (not the seller) resides, that means your company could be subject to the laws of another nation the instant a consumer from that nation visits your site.

“Companies need to know that by marketing in other countries, they are making themselves subject to laws in those countries–and that means you can be sued in those countries,” says Michael R. Overly, an attorney at Foley & Lardner in Los Angeles. “The bottom line is this: Is your firm prepared to be sued in courts around the world?”

For example, in November 2000, a French court ordered Yahoo to cease hosting auctions of Nazi memorabilia–or at least to exclude French citizens from those auctions. Although the auctions were hosted on Yahoo’s U.S.-based servers, the fact that French citizens could buy these items violated French laws restricting the sale of objects that promote racial hatred. Yahoo recently asked a California court to rule on the applicability of the French decision, but the California court has not yet made a decision.

As a practical matter, unless your company has employees, real estate, or other assets in a particular country, it’s unlikely that you need to worry about court decisions there. But for companies that already have multinational operations, the French court’s decision is a troubling precedent.

Seller Beware
Many potential problems can arise as a result of laws governing advertising in various countries. For example, in Saudi Arabia, the law prohibits showing a woman’s bare midriff, while in Germany, advertisers cannot make explicit comparisons between different products, says Overly.

To avoid such problems, Overly recommends offering different versions of your Web site for each country. For example, FedEx has a multinational Web site that asks you what country you reside in when you first visit it. The site automatically adjusts its language, graphics, and content based on the country you specify, allowing FedEx to ensure that the content is appropriate (and legal) for each regional market.

Similarly, Cisco Systems encourages companies to adopt a Web site strategy of “one site, many views.” The new Cisco.com site, due to launch in early 2002, will exemplify this strategy. It will ensure that a consistent brand and company experience coexist with local content and flair. Navigation and architecture will be consistent across all languages, but users around the world will experience Cisco.com as a local site.

A host of companies offer Web site globalization and can help other companies create a FedEx-like multinational site. Such companies include globalization service providers such as Berlitz GlobalNet and Lionbridge Technologies, as well as software vendors such as GlobalSight, Idiom, and Uniscape.

Use Local Expertise
The key to making a global Web site work effectively, according to Boston-based research firm Aberdeen Group, is to control the site’s technology and branding centrally, but let the content on each country’s site be controlled locally. Local content managers and lawyers can then ensure that country-specific versions of your site conform to local customs, expectations, and laws.

That’s how Otis Elevator does it. The company, which sells elevators and escalators in 220 countries, uses a combination of centralized Web technology and local expertise to offer 53 distinct localized sites in 26 languages. Local country offices manage their own sites, customizing content to reflect local language, customs, preferences, and laws, says J. Russell Mitchell, the manager of Otis.com. For example, building codes in Europe often specify smaller elevators hoisted by cables, while American building codes prefer larger, hydraulic elevators. The only way a multinational corporation like Otis can deal with that level of local regulation is to rely on the sales staff and local attorneys.

Smaller companies, of course, can’t afford to hire a small army of international lawyers–but practically speaking, they probably don’t need to. Overly recommends that Web site operators be informed about international legal issues in a general sense, but says they don’t need to become experts in every country’s laws. Instead, identify your most significant international markets, and conduct a more detailed legal assessment for those countries only.

Keep It Private
One big concern for e-business is the use of information about consumers. The European Union’s Directive on Data Privacy mandates that its member countries adopt stringent consumer privacy protection laws. Not only are companies doing business in the EU prevented from exchanging consumer data without the consumer’s consent, but the data cannot be transferred out of the EU (even to another office of the same company) unless the receiving country’s privacy laws are up to the Directive on Data Privacy’s standards.

“It certainly seems that the EU has sought to become the leader in regulating personal information and electronic transfers of that information,” says Alan Charles Raul, a partner at Sidley Austin Brown & Wood, and head of the firm’s cyberlaw practice in Washington, DC.

Although most non-European countries don’t yet live up the EU’s stringent data protection standards, corporations can continue to collect, process, and transfer consumer and other personal data provided they obtain the individuals’ consent, participate in the EU-approved “Safe Harbor,” or incorporate EU-approved contractual protections–or if the data is needed to carry out transactions on behalf of customers, employees, or other “data subjects.” (“Safe Harbor” is a privacy agreement between the United States and the European Union that was designed to make it easier for U.S. organizations to comply with European laws. The agreement was approved in July 2000.)

Also, says Raul, companies can take heart that the EU is stricter in setting laws than it is in enforcing them–at least so far. “The enforcers tend to take more reasonable approaches when working with the business they regulate, so good-faith efforts to comply may be sufficient to satisfy what, on paper, are really onerous standards,” says Raul.

Practical Precautions
“The mere act of putting up a commercial Web site will increase the likelihood of being sued,” says law professor Jonathan Bick, author of 101 Things You Need to Know About Internet Law. However, he adds, “it will not necessarily increase the likelihood of losing such a suit,” provided that you take reasonable precautions. Specifically, Bick recommends:
Do not send unsolicited commercial e-mail (spam), which is illegal in some countries.
When you include a hyperlink to an international site, make sure you have a linking agreement with that site. While most countries put no restrictions on hyperlinks, a few do–particularly if those links appear to indicate a business relationship that doesn’t exist, or if the linked site may not welcome an association with the site linking to it.
If you use metatags on your Web pages, make sure they don’t include trademarked terms or names, since many countries’ laws prohibit such use, even in metatags.
Use private contracts with business partners in other countries to minimize the chances of misunderstandings and to reduce the risk of litigation.

Ultimately, companies doing business online need to exercise caution and educate themselves about the laws in other countries. But by following a few principles and making good-faith efforts to comply–particularly in your company’s most critical overseas markets–you can probably stay out of hot water.

October 26, 2001

About the Author
D. F. Tweney is an award-winning writer with more than 10 years’ experience covering business technology, computers, and the Internet.

Link: Untangling the Global Web: How to Navigate the Maze of International Internet Regulations

Link broken? Try the Wayback Machine.

Untangling the Global Web: How to Navigate the Maze of International Internet Regulations

What’s Going On Down at the Plant?

New real-time computing technologies can link manufacturing plants with other divisions of the company — and help stave off supply-chain disasters.

During the past decade, corporations have put immense amounts of cash and effort into IT projects with alphabet-soup acronyms, like enterprise resource planning (ERP), supply-chain management (SCM), and customer relationship management (CRM) systems. What these projects have in common, apart from the acronyms, is an attempt to consolidate lots of data about business operations so that executives can make quick and accurate decisions.

The only problem is that these systems often lack reliable, timely connections to the business “on the ground,” where work actually gets done. In manufacturing, the situation is particularly acute. The best ERP software, for example, can predict a factory’s output capacity and try to synchronize it with demand, but it doesn’t know what’s going on in factories from day to day. For that, companies need real-time application integration software.

Corning Specialty Materials, based in Corning, N.Y., is a good case study. The company has four factories, generating about $350 million in annual sales, that produce glass used in semiconductor manufacturing. Its customers grind the glass into precision lenses for “steppers,” machines that etch the tiny circuits onto microchips. The glass has to meet rigorous specifications, or the steppers’ lasers won’t be accurate enough.

These exacting standards mean that Corning needs an unusually high level of control over its manufacturing processes. To make that happen, the company relies on real-time application integration technology from Camstar to tie together its four factories into a single “virtual factory,” with a central database that allows all four plants to share information and resources.

Because this virtual factory system is integrated with ERP software, from PeopleSoft (PSFT), Corning executives can keep an eye on manufacturing and provide customers with the production data they demand. For instance, salespeople can predict how long it will take to fulfill an order based on available production capacity. And when they enter new orders on their desktop PCs, the software automatically passes the information through the Camstar system to manufacturing, so production begins immediately.

Corning division CIO Doug Anderson hopes that this real-time integration will give Corning a competitive edge. “If we’re the best at turning a customer request around and getting it produced and out the door, then we become the ones they call [on],” he says.

Equally important is that Corning’s system makes the entire production process more efficient. For instance, one factory might have more raw glass than it can easily finish, while another factory has idle capacity. “Physically, it’s not a problem to airfreight the glass from one factory to another,” Anderson says. “The problem was, How are we going to move all this critical data, and get it out of one system, reformat it, and get it into another system?” With a single, shared manufacturing system, it’s a question of keystrokes.

Camstar is not alone in this market — other vendors of so-called manufacturing execution systems include iBASEt and Manex. For the most part, these systems are needed only by companies with extremely demanding production processes, such as makers of electronic equipment, medical devices, and aerospace products.

If your company is not in one of those categories, you can still benefit from this kind of tightly integrated production through the use of Web services. Integrated Web services are business applications that share data with other applications over the Internet — say, an invoicing system that links up to an accounting program. If they have standard, consistent interfaces, such Web services can greatly simplify the process of integrating applications throughout a company. That’s why a host of technology companies are piling on the Web services bandwagon: Microsoft’s (MSFT) .Net, Sun Microsystems’s (SUNW) Sun ONE, Oracle’s (ORCL) Dynamic Services, and Hewlett-Packard’s (HWP) E-Speak are all attempts to define a series of standards by which Web services can exchange information with one another, using XML as the foundation.

As Web services become more commonplace, it will get easier and easier for companies to link up their enterprise systems with the production processes where work actually gets done. And that, in time, will bring executives ever closer to the ideal of “real-time enterprise computing,” where the data on the CEO’s screen reflects the company’s actual condition at that very minute. That, in turn, will make companies better able to respond rapidly to changing market conditions — and that’s a very timely thing indeed.

Link: What’s Going On Down at the Plant?

Link broken? Try the Wayback Machine.

What’s Going On Down at the Plant?

Putting Your Web Servers Under Lock and Key

The events of the past month have made many companies nervous about their Internet security. It’s about time.

If you believe that your computer systems are vulnerable these days, you’re not alone. In the month since the terrorist bombings, many businesses (and individuals) have adopted a heightened interest in security, online as well as off.

Before overreacting, however, it’s important to separate fact from fiction. Despite fears of cyberterrorism, such threats have not yet materialized. I asked a number of experts whether they believed there was any connection between the attacks of Sept. 11 and the virulent Nimda and Code Red II computer worms, which appeared in the week following the attacks. The consensus: These viruses owed their timing more to coincidence than to terrorism.

According to CERT, the computer-security tracking organization based at Carnegie Mellon University, the number of security breaches hasn’t risen appreciably since Sept. 11. “Are we more conscious of what we’re looking at? Yes. That’s just good common sense,” says Marty Lindner, an Internet security analyst at CERT. “But we haven’t seen any increase in activity.”

Still, however, the events of the past month should persuade some companies to take advantage of this opportunity and ensure that their systems are safe. Here’s a brief rundown of what security experts recommend right now.

Use Microsoft servers with care. Both Nimda and Code Red II took advantage of weaknesses in the design of Microsoft’s Internet Information Server (IIS), the popular Web server that’s part of Windows 2000. That led John Pescatore, research director for Internet security at Gartner, to conclude that companies using IIS had better take a long, hard look at their systems.

It’s not that IIS is fundamentally insecure, Pescatore says, but that corporations using it don’t always take the steps necessary to lock it down. The problem is compounded by the fact that companies often choose Microsoft because it’s easy to expand their server farms by plugging in cheap Windows servers. The result: While a Unix shop might have only one or two big servers to secure, Microsoft-based outfits often have dozens of Windows servers, all of which need to be secured separately. Fortunately, doing so is a relatively simple matter: Network administrators need to adjust security settings on each server, and also download and install the latest security patches from Microsoft. The trick is making sure every server gets this treatment — which is a work process issue more than a technical problem.

Microsoft announced plans last week to change the default configuration of IIS so that it’s more secure. In the meantime, Pescatore says, “if you’re going to stay on IIS, then you have to improve your security processes.” And if you can’t do that, then you’d better switch to a different server.

Turn off unused services. If your servers have features that you aren’t using, they may be providing an entry point into your network — even if you have a secure firewall. Play it safe and turn off any server features or services you aren’t using, such as Windows file sharing, support for CGI programs, built-in server or network monitoring tools, and the like. Here again, Microsoft users need to watch out. CERT’s Lindner points out that IIS is included in every installation of Windows 2000. As a result, he says, “there’s a lot of IIS out there that people don’t even know they’re running.” If you’re running Windows 2000 and you haven’t turned off or secured IIS, you may be leaving the backdoor wide open to hackers.

Use virus software and keep it up-to-date. One thing that security experts agree on is that virus software can be effective — for corporate servers as well as desktop computers. The key is to make sure you keep your virus scanner updated with patches from the vendor, which will ensure that it can screen out the newest viruses. Leading vendors of antivirus software for servers and desktop computers include Network Associates, Symantec, Trend Micro, and F-Secure. Most offer automatic updates or notification services to help you keep on top of the latest viral threats.

Require users to choose strong passwords. All your security measures are for naught if one of your employees chooses an easy-to-guess computer password, or if your system has user accounts that don’t require passwords at all. For safety’s sake, eliminate any accounts that have no passwords or that have obvious passwords (such as the word “password” or the user’s login name). Then require employees to use sophisticated passwords (including numerals as well as letters) and change them every month.

Stay on top of the latest threats. Last week the FBI’s National Infrastructure Protection Center and the Systems Administration, Networking and Security (SANS) Institute released a list of the top 20 threats to Internet security. The list addresses threats to Unix and Windows servers as well as general Internet security hazards. It should be required reading for your company’s network administrators.

Implementing better security doesn’t have to be expensive — in many cases it’s simply a matter of changing software settings to eliminate common vulnerabilities. Make it a priority now, before those deficiencies turn into security breaches.

Link: Putting Your Web Servers Under Lock and Key

Link broken? Try the Wayback Machine.

Putting Your Web Servers Under Lock and Key

Wireless Data Set to Take Europe by Storm

Americans are accustomed to thinking of themselves as being on the leading edge of technology, adopting new gadgets–be they personal digital assistants (PDAs) or PCs–sooner, more enthusiastically, and in greater numbers than the rest of the world. But when it comes to wireless technology, the United States is practically a sluggard.

According to research firm Cahners In-Stat Group, the overall wireless market in western Europe will have 277.6 million subscribers at the end of 2001. That makes it more than twice as big a market as North America, which will have 134.5 million subscribers by the end of the year. But that’s nothing compared to what’s in store. By 2005, Cahners predicts western Europe will have 315.8 million wireless subscribers, while North America will lag at 223.9 million.

In mobile commerce, the story is the same. Jupiter Research predicts $22.2 billion in worldwide mobile commerce revenues in 2005, from wireless shopping, for-pay content, and advertising. Of that total, Asia and western Europe will account for the biggest slices, at $9.4 billion and $7.8 billion, respectively. By comparison, North America will account for a relatively small $3.5 billion in mobile commerce revenues, Jupiter estimates.

Europeans (as well as the Japanese) have already proven themselves avid users of short message services (SMS), sending one another wireless text messages with abandon. But Americans have been more reluctant to use SMS. Worldwide, 20 billion wireless text messages were sent in 2000, but only 750 million of those were sent in the United States, according to Mobile Streams, a United Kingdom-based research firm. (This year, 20 billion SMS messages are being sent worldwide every month.) Other wireless data services, such as Web browsing via Wireless Application Protocol (WAP)-enabled phones or wireless e-mail, have also been slow to catch on stateside.

What accounts for Europeans’ enthusiastic embrace of all things wireless? There are a number of factors, including differences in technology, the availability and expense of wired telecommunications, and variations in culture.

Setting a Standard
“One of the things that has really helped Europeans get a leg up on Americans is that everyone is using GSM–there’s one mandated standard, so there’s a common set of tools,” says Scott Goldman, CEO of the WAP Forum. GSM–the Global System for Mobile Communications–is the digital wireless standard used by carriers in Europe and Japan. “That consistency has bred a confidence in the wireless technology over there,” agrees Ken Dulaney, vice president of mobile computing for GartnerGroup.

In the United States, by contrast, consumers are faced with a bewildering array of possibilities, because each carrier uses a different digital wireless standard–Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), or GSM. That means phones can’t easily roam from one network to another (unless you have a more expensive multiband phone). Also, for SMS messaging, the networks’ incompatibilities mean that you can’t send a text message to another wireless subscriber unless you first know which carrier that subscriber is using. In Europe, by contrast, all you need to know is the recipient’s phone number.

The Price Is Right
Pricing structures for wireless and land-line phones have also played a role. Americans have a strong incentive to continue using land-line phones, where all local calls are covered under a flat monthly rate. In contrast, American cell phone users are charged by the minute whether they are placing or receiving a call–which makes many reluctant to give out their mobile numbers, except to those they trust. In Europe, the situation is reversed. Local land-line calls are charged at per-minute rates, while cell phone users are only charged to place calls, not to receive them. That gives Europeans a strong incentive to use their cell phones as a primary means of contact. It also provides yet another incentive for the wireless Internet: Using the dial-up, wired Internet in Europe is relatively expensive, because your modem needs to place a local toll call to your Internet service provider.

The fact that wireless carriers cover smaller geographic territories in Europe makes it relatively easy for them to build comprehensive digital networks, says Gartner’s Dulaney. In the United States, building out truly nationwide digital network coverage is prohibitively expensive, which means that existing analog networks are likely to be around for a long time–particularly in low-density areas where there are only a few subscribers. Also, the smaller individual markets in Europe have allowed some carriers to be more innovative than the big American telcos can afford to be. “We still have the AT&T mentality in the United States. The carriers control our wireless future, but they provide very little insight. They don’t understand the new world very well,” says Dulaney.

A Certain Je Ne Sais Quoi
Finally, there are cultural and social differences that foster the growth of wireless in Europe. Significantly, the wide availability of mass transit means that Europeans spend a lot of time on trains–the perfect place to use a mobile phone for data services. Users can compose text messages while the train is underground, and these messages will be beamed off to their destinations once the subscriber re-emerges aboveground. Americans, on the other hand, tend to drive everywhere. That’s conducive to voice conversations (particularly when using a headset), but makes it very difficult to punch in or read text messages.

Europeans may also be more willing to use wireless data services for Internet access, thanks to their pre-existing acceptance of cell phones for voice communications. “They believe that cell phones can work all kinds of magic,” Dulaney says.

On the other hand, Americans–while somewhat slower adopters initially–may prove to be enthusiastic users of the wireless Internet once sufficiently appealing content is available. “When people discover the services you can access via WAP, I think there’s going to be uptake in the United States that will rival other regions, because people here are very productivity-oriented,” says the WAP Forum’s Goldman.

Taking Advantage of the Opportunity
Ken Hyers, a senior analyst at Cahners In-Stat, agrees that it is productivity-oriented applications and content, rather than social text messaging or location-based advertising, that will stimulate American wireless usage. “Just getting random messages saying that baby carrots are on sale at Krogers is not going to fly too well,” says Hyers.

In fact, American wireless carriers might have a slight edge over European carriers, which have recently spent tens of billions of dollars on high-tech third-generation (3G) wireless spectrum licenses. In the United States, 3G spectrum auctions haven’t even started yet, so carriers are concentrating on upgrading their existing digital networks with so-called “2.5G” technologies that provide high data rates (up to 144 Kbps) at a lower cost. When 2.5G phones and services become widely available next year, that may prove to be the catalyst that the American wireless data market needs to get rolling.

The key, for businesses interested in capitalizing on the wireless opportunity, is to focus on productivity applications that are time- and location-sensitive. For example, wireless stock trading, traffic advisories, and restaurant reservations are all well-suited to WAP phones, says Goldman, who adds that teenagers may also be a strong market for SMS services, once they recognize the services’ “entertainment value.” Hyers points out that U.S. financial companies are already experimenting with SMS: “Brokerages have discovered [SMS] is a great way to reach customers with something that is truly time-sensitive…. The kind of services that are going to take off [in the United States] are going to be very action oriented–they are going to be time-sensitive, they’re going to be location-sensitive, and they’re going to be personalized for the individual user.”

Gartner’s Dulaney emphasizes the difference between the wireless world and the wired Internet. “The developers of wireless applications have not yet understood how to build for this new medium, which requires a new paradigm,” says Dulaney. Instead of trying to re-create the wired browsing experience on a cell phone, wireless developers should look for ways to exploit the unique characteristics of the new platform, such as cell phones’ small size, portability, and lack of full-sized keyboards. For example, says Dulaney, data-enabled mobile devices can be used to notify customers of time-sensitive events, such as online auctions they’re interested in, and can provide simple menus to execute transactions, request more information, or have information forwarded to a nearby fax machine. But such applications may be some time in coming. “People took the metaphor of the PC and just shrunk it down,” says Dulaney. “And that is going to take a while to fix.”

Until the United States catches up, however, Europe remains a larger and readier market for wireless data services. In this case, at least, Europeans are the avant-garde, leaving their American counterparts in the rear.

October 4, 2001

About the Author
D.F. Tweney is an award-winning writer and editor with a decade of experience covering business technology, computers, and the Internet.

Link: Wireless Data Set to Take Europe by Storm

Link broken? Try the Wayback Machine.

Wireless Data Set to Take Europe by Storm