|
| |
Government Relations |
Priorities
Authentication Services
As the world's leading
provider of Internet security tools, VeriSign is deeply involved in
all aspects of U.S. and global discussions about the appropriate regulation
and recognition of electronic security measures, including digital signatures
and related tools for electronic authentication. VeriSign actively pursues
governmental recognition of electronic signatures on a global basis,
as well as the establishment of mechanisms for the qualification of
certificate authorities issuing digital certificates and for the mutual
recognition of certificates issued in foreign jurisdictions. We participate
actively in statutory and regulatory activities of national and local
governments, foreign governments, and international organizations (such
as the U.S. Uniform Electronic Transactions Act (UETA) and federal E-Sign
Act regulatory regimes, the European Commission and the United Nations
Commission on International Trade Law (UNCITRAL). We believe that strong
support for the deployment of the dominant technology in use today—PKI—can
promote the growth and development of secure e-commerce in the United
States and around the world.
UETA: In response
to the wide range of state statutory regimes concerning electronic signatures,
the National Conference of Commissioners on Uniform State Laws (NCCUSL)
created a drafting group in 1997 to develop a Model Electronic Signatures
Act. The purpose of the Act was to provide consistency and uniformity
on the recognition of electronic signatures and implementing tools.
The Uniform Electronic Transactions Act (UETA) was adopted by the NCCUSL,
and states began enacting local versions in 1998. In practice, however,
only thirty states have actually passed a version of UETA, and a number
of states have incorporated divergent approaches to implementing electronic
signatures. In its model form, UETA provides no direction on recognition,
qualification, or licensing of specific technological approaches to
electronic signatures. For example, some states have implemented UETA
with licensing provisions, and some states have authorized electronic
forms of notarization.
E-SIGN: As
a result of inconsistent regimes among U.S. states, the Congress enacted
the Electronic Signatures in Global and National Commerce Act in June
of 2000. The heart of the E-Sign Act, and its support for electronic
signatures, appears in Section 101(a): "Notwithstanding any statute,
regulation, or other rule of law ... with respect to any transaction
in or affecting interstate or foreign commerce—
- A signature,
contract, or other record relating to such transaction may not be denied
legal effect, validity, or enforceability solely because it is in electronic
form; and
- A contract relating
to such transaction may not be denied legal effect, validity, or enforceability
solely because an electronic signature or record was used in its formation."
As with the UETA adopted
by the states, the E-Sign Act does not prescribe minimum reliability
standards for the use of any specific technology or procedure, and does
not specifically encourage deployment of PKI technology. Indeed, the
most notable feature of the E-Sign Act is its complex and controversial
set of provisions for the preemption of state statutes that are inconsistent
with its provisions. While the E-Sign Act does provide a baseline of
validity for electronic signatures and thereby, for example, allows
a litigant to overcome a motion to dismiss a case based on the fact
the signature is electronic, it provides sparse guidance to the courts
on how to resolve particular disputes involving a digital signature.
Although the Act is designed to drive the states towards a uniform system,
the goal of a uniform, effective national regime of electronic signatures
has not yet been realized. The present environment in the United States
could therefore still benefit from greater clarity, both among state
laws and within federal law.
EU: In 1999,
the European Commission issued its Directive on Electronic Signatures,
authorizing the adoption of local statutes in each EU Member State.
While the Directive's operative provisions do not contain the expression
"digital signatures," its recognition of "advanced electronic
signatures" supported by certificates can only be effectuated through
public key infrastructures and digital signatures. Under Article 5(2)
of the Directive, an Electronic Signature shall not be denied legal
effectiveness and admissibility as evidence in legal proceedings solely
on the grounds that it is:
in electronic form, or
not based upon a qualified
certificate, or
not based upon a qualified
certificate issued by an accredited certification-service-provider,
or
not created by a secure
signature creation-device.
The European Parliament
and the European Council have obtained assistance in their efforts to
support digital signatures and qualified certificates from the European
Telecommunications Standards Institute ("ETSI"), which has
created a policy document establishing a standard code of practice for
certification authorities and certificate users that is recognized by
most EU countries.
UNCITRAL: The
U.N. organization devoted to examination and international harmonization
of trade laws has paid particular attention to e-commerce in recent
years, including development of a Model Instrument on Electronic Signatures
that was adopted in 2001. UNCITRAL working groups are presently considering
future work plans that include international contracting (including
electronic) and recognition of contract instruments. VeriSign participates
in UNCITRAL working groups through the Business and Industry Advisory
Committee (BIAC) to the Organisation for Economic Co-Operation and Development
(OECD) and the International Chamber of Commerce.
Digital Identity
Through its acquisition
of Network Solutions in 2000, VeriSign is the world leader in domain
name registration and related identity services and operates the definitive
database of over 32 million Web addresses in the .com and .net databases
on a powerful platform that is the world's de facto standard in the
Domain Name System (DNS).
ICANN: The
Internet Corporation for Assigned Names and Numbers (ICANN) was established
in 1998 as the international regulatory body responsible for coordinating
certain global technical management functions of the Internet addressing
systems and the development of related global policies. ICANN coordinates
functions that involve the Internet's domain name system, the allocation
of IP address space, the assignment of protocol parameters, and the
management of the root server system. VeriSign works closely with ICANN
in the effort to preserve the operational stability and security of
the Internet, promote competition, achieve broad representation of the
global Internet community, and develop an effective bottom-up, consensus-based
process. Its formal relationship is governed by a new Registry Agreement
approved by ICANN, the Department of Commerce, and VeriSign's Board
of Directors in Spring 2001.
IDN: Despite
the rapid, global growth of the Internet, it remains an English-centric
resource with barriers of entry for non-English speaking people. One
such barrier is the lack of internationalized capability within the
DNS. Currently, the DNS only supports domain names consisting of letters
from the Roman alphabet and digits. In response to the high demand for
support of domain names in characters used by other languages, VeriSign
is working to make this capability a reality through the Internationalized
Domain Name (IDN) Testbed. By expanding the character capabilities of
the DNS, VeriSign can help open the door to Internet, e-commerce, research
and educational opportunities for millions more people. The VeriSign
Global Registry Services approach in implementing the Testbed is to
ensure adherence to the Internet Architecture Board (IAB) principle
of a single DNS root and continued compliance with the evolving standards
under development by the IDN Working Group of the Internet Engineering
Task Force (IETF).
New gTLDs:
In November 2000, the ICANN Board selected seven new top-level generic
domain names (gTLDs) for negotiation of agreements allowing them to
be included in the Internet's domain name system. These are the first
new TLDs (other than country-code TLDs, known as ccTLDs) to be introduced
to the Internet by ICANN. Before these TLDs become operational, the
sponsor of each must reach a contract with ICANN. ICANN has already
reached agreements with .aero, .biz, .coop, .info, .museum, and .name.
The other new gTLD that was selected is, .pro. VeriSign supported the
introduction of new gTLDs and is a member of the Afilias consortium
sponsoring .info.
UDRP: The Uniform Domain Name Dispute Resolution Policy (UDRP)
was adopted by ICANN to resolve trademark disputes involving domain
names. VeriSign fully supports the UDRP, which consists of a relatively
simple arbitration proceeding to which all domain name registrants are
required to submit if one of their registrations is challenged. A party
may initiate such a proceeding if: (1) the domain name at issue is identical
or confusingly similar to a trademark or service mark in which the party
has rights; (2) the domain name registrant has no rights or legitimate
interests in the domain name; and (3) the registrant has registered
the domain name in "bad faith." To initiate a dispute proceeding,
the complaining party must submit a written complaint to any dispute
resolution service provider approved by ICANN to resolve domain name
disputes. At present, four such providers are approved by ICANN: the
World Intellectual Property Organization, the National Arbitration Forum,
the CPR Center for Dispute Resolution, and the Asian Domain Name Dispute
Resolution Centre.
WHOIS: The
WhoIs search engine is a valuable tool that is used to retrieve information
about the registration of a particular domain name. It may be used to
determine whether names are available, assist in law enforcement investigations,
enforce intellectual property rights, or trace technical problems. In
connection with the new Registry Agreement, VeriSign agreed to allocate
a part of the $200 million that it has committed for "research,
development, and infrastructure improvements to the .com, .net, and
.org Registries" to "design and develop a Universal WhoIs
Service that will allow public access and effective use of WhoIs across
all Registries and all TLDs" (Appendix
W). The agreement requires VeriSign to "insofar as is
reasonably possible in view of dependence on the cooperation of third
parties, strive to achieve significant progress in implementing a Universal
WhoIs Service by December 31, 2002." VeriSign has established a Web-based
forum to solicit input on users' requirements.
Electronic Payments
VeriSign's Payment Processing
services simplify e-commerce by providing payment connectivity over
the Internet between online customers, merchants, buyers, sellers, and
the financial networks that move money between them. VeriSign provides
essential support for business-to-consumer and business-to-business
Web transactions using a variety of pay platforms. Trusted online payment
and e-commerce services are an essential component of the Internet's
potential for even greater growth. VeriSign's increasing role in this
area enables it to fulfill its overall goal of enabling people to use
the Internet with confidence.
Intellectual
Property
As a technology intensive
company, VeriSign is keenly aware of the role played by intellectual
property protection in fostering innovation. Patents and copyrights
have played a decisive role in the development of semiconductors, computers,
software, and networks, including the Internet. As the Internet and
e-commerce have grown on a global scale, they have had to face challenges
posed by the continued protection of intellectual property. VeriSign
actively participates in efforts to resolve these issues in a way that
balances consumer protection, proprietary interests, and the continued,
stable growth of the Internet. Our areas of focus include database protection,
business method patents, and enforcement of trademark rights within
the Internet's Domain Name System.
International Trade
With almost half of VeriSign's
revenues derived from sales outside of the United States, the company
is directly affected by conditions, regulations and restrictions on
market access imposed by other countries. Trade can be affected by tariffs
imposed directly on the sale of goods, or non-tariff barriers on goods
or services, such as performance requirements and investment restrictions.
Through membership in key trade associations, VeriSign actively participates
in ongoing negotiations involving U.S.—bilateral trade agreements and
multilateral forums, such the World Trade Organization (WTO). VeriSign
supports the negotiation of the most open and flexible treatment of
goods and services involved in e-commerce in order to promote, rather
than hinder, the continued growth of the Internet.
Network Security
Network security is more
important than ever before. The exponential growth in the use of the
Internet as a leading means of communication, and commerce increases
the risk of actual and potential abuse. Those who seek to compromise
the integrity of electronic networks range from benevolent hackers to
organized criminals and industrial competitors engaged in economic espionage.
As both a provider of key network security technologies, as well as
the custodian of the Domain Name System and the "A-root" server,
VeriSign maintains a leadership role in promoting network security and
sharing information about network intrusions and remedies.
Privacy
The use of personally identifiable
information (PII) is an important issue for businesses that gather,
store, and use information about individuals. With the issue of consumer
privacy gaining increased visibility, consumers are more aware of the
information they share with businesses, governments, financial institutions,
and healthcare officials. More businesses are posting notification of
their privacy policy for consumers to review, including who has access
to the information shared and how the information is used. VeriSign
considers the protection of an individual's privacy important to the
success of the Internet and believes that the most effective tools to
protect it are consumer education, technology tools, and industry collaboration
(e.g., TRUSTe). The advantages of these tools are that they are global,
permit customization, and can be rapidly modified as the technology
used in the Internet itself changes. In contrast, the other option—governmental
regulation—is limited territorially, can be difficult to customize,
and is harder to update quickly.
Spam
SPAM is a term that covers a broad spectrum of e-mail not initiated
by the receiver. It may be bulk marketing, with accurate information
selling products to consumers. Or, it may be information sent with the
use of a fraudulent header, to keep the receiver from tracing the sender's
origin or from getting off the sender's list. SPAM is currently the
subject of legislation at the state and federal level. VeriSign believes
that the best way to curtail fraudulent e-mail traffic is to prohibit
the falsification of routing information and to allow the Federal Trade
Commission to enforce it. In addition, legislation that clarifies it
is illegal to send misleading or inaccurate headers, contact, or routing
information, with the intent to deceive or commit fraud against a consumer,
would help the Federal Trade Commission enforce current law.
Taxation
The taxation of commerce
continues to be a principal way for governments to fund their operations.
As the Internet provides a new and potentially dominant method of transacting
business in the global economy, increasing attention is being given
to electronic commerce and network infrastructure and related services.
Striking the right balance between promoting the growth of e-commerce
and appropriate taxation is a global issue for which no simple answer
has yet been discovered. VeriSign actively participates in the continuing
debate on how to reconcile these competing interests.
|
|
