The Internet is wild, largely unregulated territory. Bank-intermediated business-to-business commerce is heavily regulated.
Because of this stark contrast, compelling legal and policy questions arise as companies, sponsored by their financial institutions, increasingly go on-line to find corporate customers and suppliers.
Who should regulate business-to-business Internet commerce?
How closely? What should be left to the free market or to parties who have arrived at a good-faith meeting of the minds? What is the role of government? What international bodies, if any, should set rules?
And there is one more nitty-gritty question with potentially farreaching implications: Who should be authorized to create and manage the cryptography-based electronic identities on which most business-to-business Internet commerce models rely?
The right decisions will give companies the best chance to flourish on the Internet. The wrong decisions will stifle opportunities for millions.
Too much regulation by too many regulators will eliminate the enormous efficiencies of business-to-business electronic commerce. Too little regulation will make unwitting companies prey for e-commerce money machines.
These tensions are particularly compelling for financial institutions that are beginning to facilitate e-commerce by extending their commercial trust services to the Internet.
The good news is that, at least for the time being, the right balance between regulation and freewheeling on-line commerce has been reached by default. Existing contract law, banking regulation, and market forces already create an e-commerce environment that protects users from fraud while allowing commerce to thrive.
The bad news is that lawmakers and policymakers are threatening to change course in a way that might upset the balance created by these legal and commercial forces.
Over the last four years, for example, a number of domestic and international efforts have struggled with the issue of how to define the legal framework for authenticating electronic commercial transactions and the parties who conduct them. These efforts have yielded widely varied and novel approaches.
These approaches range from myriad U.S. state-based digital authentication initiatives to several federal U.S. and non-U.S. efforts to legislate or regulate a still-emerging, digital-signature-based commercial framework. Though there is some commonality in these efforts, existing legislative work suggests that a lack of uniformity is emerging among digital authentication techniques-a potential legal Tower of Babel for those who want to participate in e-commerce, particularly internationally.
Perhaps more troubling, a number of U.S. jurisdictions also seem to be leaning toward a larger-than-necessary state role in the emerging digital authentication infrastructure.
At first glance, mandatory state licensing or accreditation requirements for certification authorities, or CAs (the entities that issue and manage electronic credentials) are a great idea. The unintended result, however, may end up being a non-uniform international legal regime that may actually create conflicting substantive and procedural requirements for transacting parties. Trading partners would need legal advice every time they try to do business with a counterpart certified by a CA in a different state.
The most unfortunate aspect of this government-driven activity is that it counters the significant and highly responsible treatment of digital authentication by the private sector.
Existing credit card systems and new e-commerce-oriented bank initiatives provide good …