In recent years, because of the uncertainty of the positing of virtual currency under law, the issues of transparency and security etc. arising out in connection therewith are emerging, and the incidents of money-laundering, terrorist attack and investor fraud involving therewith lead to concerns of various countries.
Therefore, the new change in Japanese legislations relating to virtual currency exchange service providers falls mainly in the effect of amended contents of “Payment Services Act” and “Act on Prevention of Transfer of Criminal Proceeds”. The reasons for amendment to the legislations are such that virtual currency transaction involves the exchange with statutory currency, and is the outlet/ inlet of the existing financial system; therefore it is necessary to have the virtual currency exchange service providers be supervised. Essential points involving the amendments are stated as follows:
1. Payment Services Act
The keys to the amendment to Payment Services Act (hereinafter referred to as the “Act”) are the Act recognizes that virtual currency has the nature of property and inputs the registration system for the exchange service providers, and provides relevant supervisory regulations.
(1) Definition of virtual currency
As defined in items 1 and 2 of Paragraph 5 of Article 2 of the amended Payment Services Act, virtual currency can be divided into two kinds, but is limited to that which is recorded on an electronic device or any other object by electronic means, and excludes the domestic (Japanese) currency, foreign currency and currency-denominated assets.
① It has 3 elements as follows:
It can be used in relation to unspecified persons for the purpose of payment consideration for the purchase or leasing of goods or the receipt of provision of services.
It can be purchased from and sold to unspecified persons.
Its property value can be transferred by means of an electronic data processing system.
② Its property value can be mutually exchanged with other virtual currency and can be transferred by means of an electronic data processing system.
In addition, some authors consider that virtual currency is equivalent to the use of blockchain technology. However, according to the definition after the amendment to laws in Japan, the definition of virtual currency is based the judgment of the above elements rather than the use of blockchain technology.
(2) Input of registration system for virtual currency exchange service providers
Pursuant to Paragraph 7 of Article 2 of the Payment Services Act, “Exchange Service” is defined as the operation of exchange, agency or management activities. No person may engage in the virtual currency exchange service unless the person is registered with the competent authority (Article 63-2 of the Act). A person who has conducted the virtual currency exchange service without obtaining the registration is subject to imprisonment for not more than three years or a fine of not more than three million yen or both based on Subparagraphs 2, 5 of Article 107 of the Act.
(3) Mechanism of users protection:
The purpose of the amendment is to take countermeasures for the risks generated from virtual currency exchange, such as pecuniary loss caused by insufficient information, the loss incurred in the custody of users’ property, and disclosure of personal information of users）. Discussions are divided into 4 points.
① Information security management
A virtual currency exchange service provider must take necessary measures for information security management (Article 63-8 of the Act)
② Measures for users protection
A virtual currency exchange service provider must take relevant protective measures for users, including the provision of explanation for misunderstood transaction and information about contents of transaction (Article 63-10 of the Act)
③ Separate management of property
A virtual currency exchange service provider must manage its own property separately from the money or virtual currency of the users, and must retain a certified public accountant or an audit corporation to periodically conduct the external financial audit (Article 63-11 of the Act)
④ Designated Dispute Resolution Organization
Referring to financial ADR system, the complaint or dispute matter of users shall be concluded by the Designated Dispute Resolution Organization (Article 63-12 of the Act)
(4) Supervision over virtual currency exchange service providers:
As regulated by Articles 63-13 ~ 63-20 of the new Payment Services Act, essential contents of supervisory requirements for virtual currency exchange service providers are stated below:
①The obligation to prepare and maintain books and documents
②Annual financial reports
③The authority of the Prime Minister to inspect relevant business
④The Prime Minister orders a virtual exchange service provider to conduct business improvement.
⑤The Prime Minister may revoke the registration of a virtual currency exchange service provider who has obtained the registration through illegal or wrongful means.
(5) Penalty for violation of obligations
The existing penalties under articles 107~109 and articles 112~117 of the Payment Services Act also apply to virtual currency exchange service providers. The causes of violation of obligations and corresponding penalties are summarized as follows:
① Any person who has not obtained registration or has obtained registration through wrongful means or by use of other’s name is subject to imprisonment for not more than three years or a fine of not more than three million yen, or both (Article 107 of the Act)
② An exchange service provider who has violated the separate management of property or has violated the disposition of suspension of operation is subject to imprisonment for not more than two years or a fine of not more than three million yen, or both (Article 108 of the Act).
③ Any person who has failed to prepare or has falsely prepared books, reports, attachment and documents or has refused to answer the questions or has refused to accept or has hindered the business inspection is subject to imprisonment for not more than one years or a fine of not more than three million yen, or both (Article 109 of the Act)
④ A person who fails to take necessary measure for improving its operation is subject to a fine of not more than one million yen.
2. Act on Prevention of Transfer of Criminal Proceeds
In order to prevent from money-laundering, the legitimacy of fund sources must be assured. The amended “Act on Prevention of Transfer of Criminal Proceeds” (hereinafter referred to as the “Act”) incorporates the virtual currency exchange service providers as “specified business operators” and imposes them with the following main obligations:
(1) The obligation to confirm user identification (Article 4 of the Act)
(2) The obligation to confirm and preserve transaction records (Articles 6 & 7 of the Act)
(3) The obligation to report suspicious transactions (Article 11 of the Act)
The above are major contents of the amendments to legislations in relation to virtual currency exchange service providers in Japan. The purposes of the amendment are to promote the innovation of virtual currency operators and the balanced development with consumer protection. Therefore, they are included in the Payment Services Act and are subject to similar supervision as with electronic bill and Funds Transfer Service. The reorganization of virtual currency system in Japan has stepped forward. However, the application of actual operation needs continual follow-up and observation, so as to be used as reference for the relevant law system of our country.
Financial System Council, The Working Group on Payments and Transaction Banking of the Financial System Council, P27.
Currency-Denominated Assets, Assets denominated in currency refers to the “Currency-Denominated Assets” in Japanese and defined in the Payment Services Act: as used in this Act means assets which are denominated in the Japanese currency or a foreign currency, or for which performance of obligations, refund, or anything equivalent thereto (hereinafter referred to as "performance of obligations, etc." in this paragraph) is supposed to be made in the Japanese currency or a foreign currency. In this case, assets for which performance of obligations, etc. is supposed to be made by means of Currency-Denominated Assets are deemed to be Currency-Denominated Assets.
 ＜Improvement System of Virtual Currency＞, Daiwa Institute of Research, see website:, http://www.dir.co.jp/research/report/law-research/financial/20160520_010904.pdf#search=%27%E4%BB%AE%E6%83%B3%E9%80%9A%E8%B2%A8+%E8%B3%87%E9%87%91%E6%B1%BA%E6%B8%88%E3%81%AB%E9%96%A2%E3%81%99%E3%82%8B%E6%B3%95%E5%BE%8B+%E3%83%96%E3%83%AD%E3%83%83%E3%82%AF%E3%83%81%E3%82%A7%E3%83%BC%E3%83%B3%27 (Ｌast browse date: 12/07/2017)
Article 63-2 of the Payment Service Act provides the registration with the Prime Minister; however, in practical operation, the operators shall apply for registration with the local financial bureau.
Financial System Council, The Working Group on Payments and Transaction Banking of the Financial System Council, P29.
In the Payment Services Act of Japan, it is specified that the remittance business engaged by a non-banking provider was officially named as “Funds Transfer Service”, in which business contents aim at the third payment works. Financial Research Development Funds Management Committee, “Study of the industrial development and management between international non-financial institution payment services”, written by Kuo Chen-Chung and Hsu Shih-Chin, pp60~61(2015).
I. Preamble 1. Current Situation of E-Commerce Along with rapid developments of the information and the Internet, what follows in suit is inevitably the electronicalization in general industries. Nowadays, countries around the world accelerate exploitation of information technologies and management methods to enhance their capability of competition. Developments in digitalization have brought traditional business concerns to face rigorous challenge as regards both the nature of the business and the context of same, as well, in more recent years incidents such as Internet data exposition and on-line fraud have happened over and over again. Contentions of on-line transaction have also increased a great deal while some illegal websites proclaimed themselves to be legal ones. All these situations point to the importance of building up legislation on e-commerce and cyber environment. No less important is the buildup of more reliable environments friendly to electronic trades as to which the government should take into account the needs voiced from both suppliers and buyers in an effort to put into effects relevant implementations conducive to benignant developments of e-commerce. In the meantime, the entire B2C e-commerce market is going through unprecedented fusion, ongoing merging and cross application is seen in varied on-line transactions including TV shopping, Internet shopping, mobile shopping, e-mail shopping and so on, growing more tense than ever are integration in the context of http://bilingualdb.rdec.gov.tw/BilingWeb/bl_showworddetails.asplogistics,cash flow, exchange of information, and transactions, in addition, interchange of platforms and horizontal consolidation of varied equipments are indication enough that looking into the future, what looms ahead is a service-oriented, attention-intensive era of economy; by taking into good account consumers' actual needs, convenience and economies, these supplemented with customized service delivery, the intending party can realize phenomenal profits well beyond estimation; considering that the B2C business world is continually renovating its latest technology or application (the Skype, for example) better yet management model is required to strike profits (such as diggings of killer APs, Killer access Devices, Killer channels, Killer business models and their applications), and therein lies the orientation for efforts to be spent in so far as the future of the B2C e-commerce is concerned. By the outcome of the B2C Business Strategy Conference closing as of both 2004 and 2005,the current B2C e-commerce of Taiwan is fighting hard to cross the gap of lag in family Internet shopping rates (13% in 2003, grown up to 19.6% by 2005), if relevant technology matures and breaks various obstacles against B2C e-commerce, it is safe to say that by 2007 will come the mainstream epoch for Internet shopping vogue, and that is good enough for what one could envision for the B2C e-commerce. Reliable survey conducted for relevant projects indicates that the on-line shopping market over the year 2005 is estimated at approx. NT$51,073,000,000, reflecting a growth of 47% over the correspondent field of NT$34,720,000,000 realized in 2004, hopefully the growth may hit around 43% by the year 2006, estimation: NT$73,146,000,000; in the year 2005 the overall retail market realized a revenue of approx. NT$3,090,297,000,000 of which roughly 1.65% was due to contribution from on-line retail sales, estimation shows that by the year 2009 the on-line shopping market will expand to around NT$154,475,000,000. All of the survey digits clearly show that there is still much to expect of our domestic electronically subordinated markets, for which a growth potential always exists. 2. Implementation strategies and policy directions Over the nearly twenty years in the past the US has been strategically employed varied technologies associated with e-commerce at large, for the promotion of e-commerce and that has fetched a hit over Japanese business industry that was long-timed noted for their high quality struck at relatively low-profile cost image, and at the same time switched the fading stage of the US economy up to the rosy side. What makes e-commerce so much a marvel? Well, the secret is in fact simple enough, for in the wake of contemporary atmosphere for competition centering on internationalization and globalization, the only recipe for success and survival for any business is simply the triplicate: “Speed”, “Flexibility” and “Creativity”; e-commerce not only timely satisfied these needs, it plays a key role in this respect all at once, such that any responsive and responsible business executive would but have to admit that “Without getting electronic, you can expect no more orders”. In awe of this wake trend going for entrepreneurial electronic synonymous with e-commerce, our government has been keeping a keen eye on the position of modern e-commerce around the world. In addition, it has charged relevant departmental agencies to attend to the development and planning of domestic e-commerce to begin with the Ministry of Economic Affairs firstly accomplished Electronic Commerce Model System recommended for Business-to-Business (B2B) in the Informative Segment, the indicial system for electronic industry for our country is thereby established, and this by and by has extended to other kinds of industry; in the meantime, efforts have been shed to expel lots of bottlenecks facing the electronic of all and sundry industries as regards the environmental nods and the institutional node. Years of governmental efforts in this concern have seen results in the context of our domestic industries vying one another in the startup of getting involved in electronic operation. It is safe and fair to say that up to this date the e-commerce development in this country, already soundly founded, and is still growing avidly and rapidly. Because of the application of information has already become a sharp tool for advanced countries in upgrading their competitive margin in global markets, the premise being as such, countries have one by one promulgated their national information expertise development projects with a view to get going infrastructures information and communication constructions on a national scale. Here in this country relevant constructions have begun as early as back in the year 1994, the Executive Yuan has ratified the “National Information/Communication Infrastructure Implementation Plan” in the year 1997; in June 1999 the “Industrial Automation Plan” ratified previously was upgraded to a combined “Industrial Automation and Electronicalization Plan” for the purpose of promoting industrial competition margin. By the year 2001 our government, in view of societal need for general information as well as technical renovation that comes as a result of advances in information/communication technology, and through collective consultation and resource consolidation, founded a National Information and Communication Initiative Team (NICI Team) whose mission is to implement NICI Projects, while the priory founded Industrial Automation and Electronicalization Plan continued to function in the name of the “Industrial Electronic” Work Group under said NICI Project, in addition, a consensus has been reached that the implementation of information/communication know-how be regarded as playing a key role in the promotion of overall national competitive competency. II. Legislative Demands for the Development of e-Commerce in Taiwan 1. Trend of international legislation Under the ongoing trend of globalization and internationalization, transnational communication and transaction blooms fervently, a universal expectation shared by nations around the world is that concrete and clear-cut legislations be adopted to rule out obstacles to developments of electronic transactions due to inadequacy of statutory provisions or proscriptions. Whatever the contents of legislation from one state to another, the primary object is unexceptionally to promote developments of electronic transactions by the institutional introduction and intervention in all respects concerned. Phrased otherwise, the key role played by laws governing electronic transactions lies in presentation as enabling or supplemental laws to serve as legal basis with respect to issues where conventional institution fails to see or proves inept; whereas issues or legal interactions facing common transactions equivalent to traditional trades will still abide by conventional statutes, still, the ongoing trend respecting the same electronic trades on international communities calls not for the creation of new laws, but in installing legislation on issues not being covered in currently enforced statutes. Other countries facing issues relating to electronic transactions will not reason with reference exclusively to traditional civil or commercial codes by ignoring electronic trade codes or vice versa, instead they will rely upon both traditional codes and relatively regulations related to electronicalization, at the same time. 2. Legislation of e-commerce: Necessity and Orientation for Deliberation Speaking of legal concerns possibly facing application of electronic trades, with legal effects to the extent acknowledged according to laws governing transactions executed by “Electronic Signatures ACT” with respect to electronic documents being excepted, party autonomy and the principle of freedom to contract will prevail, still, contractual contentions otherwise occurring in the course of transaction will be subjected to relevant civil or commercial codes all the same, and that having nothing to do with pertinent electronicalization legislations. Considering the practical aspects, competency of legal intervention in the course of concluding of contracts involving electronic transactions deserves deliberation in the context of practical needs. Apart from relevant issues seen in a contract, matters such as competency of law respecting trades of digitalized merchandises, respecting protection of consumers in respect of which the law is already there, and respecting privacy protection, are all of vital interest to parties in executing any electronic transactions. Other issues which warrant close inspections considering a piece of electronic trade include; legislation with respect to cash flow, to material flow and practices, to whatever affects the proper rights of parties to a trade, to attempts to use the Internet as a criminal means, to situations where violation of safety of trade or order of trade arises; to issues relevant to competency of proof considering electronic documents, electronic signatures in the event of dispute out of a piece of electronic trade; and eventually, responsibilities on the part of ISP who forms a part of a piece of electronic trade, as well as electronic jump mail (spam), because all of them could undermine the development of electronic transactions. III. Taiwan Legislation on Electronic Commerce: the Status Quo and the Outlook in the Future The arrival of digital era has broken down the fence by which the world for ages has been defended, the e-commerce is taking up the place of traditional marketing scheme and outlets in giant strides, and has virtually become the focus of economy in the current era, Still, new fangled trade modes emerging from day to day in step with electronic modern business operators are impinging upon existent legal systems here in this country and that without any letup, such that the traditional philosophy of legislation is compelled to reorient itself to meet the impending challenge of our times. The most important of interest to a wholesome development of e-commerce lies in the creation of a benignant legislation structure. However, it is a pity that the creation of electronic commercial codes is a very complicated institutionalized project, considering that apart from electronic documents and electronic signature, the electronic transaction by and large will involve legislation specific to civil, criminal and otherwise legal fields, encompassing key issues including: contractual relationship, electronic taxation, electronic cash flow, network jurisdiction and protection extended to consumers. Given the foregoing disclosure, it is rightly with a view to attend to smooth developments of electronic trades, to secure a wholesome transaction environment, and to safeguard the proper interests of network users, that the importance of a wholesome legislation structure is set off all the more obviously. Seeing that the crucial key to nationwide practicing of so-called electronic transaction or trade and to the meaningful functioning of an electronic government lies indispensably in the creation of a safe and reliable network environment, so that information in the process of internet transmission is ensured against falsification, fabrication or theft, will allow for identifying of the identity of both parties to the transaction, and henceforth, preclusion of denying by either party of the transaction afterwards, that therein lies the key to the universality of an electronic government and of the implementation of electronic transaction, as a matter of fact here in Taiwan the “Electronic Signature Act” was ratified in 2001, and the same put into practice in April, the year next to 2001, This code accords electronic documents and e-signatures which fulfill prescribed requirements the same legal effects as would be granted to traditional paper documents or signatures, and specifies certifying agents based on low-profile control means. Next in both 2003 and 2004 respectively, the competent authorities have put into effect subordinating statutes including: “The Enforcement Rules of Electronic Signature Act”, “Regulations on Required Information for Certification Practice Statements” and “Regulations Governing Permission of Foreign Certification Service Providers”, with a view to comprehensive coverage of codes specifying control of electronic signatures, to the safeguarding of environments for credible electronic signatures, and all these meant for access with international counterparts. The Electronic Signature Act specifies essentially “electronic documents” which carry information specified as electronic transactions (the specification includes what is known as electronic government), and “electronic signatures” produced by parties thereto and as appearing thereon. Electronic transaction is based on computerized network and electronic technology bear advantages over traditional commences in terms of convenience, effectiveness, scope of coverage, low-profile trade costs, among other considerations, for all these reasons will better meet the information age that is ours today and the challenge for globalization of trade and economy everywhere, that is why they develop so fast and find wider and wider application from day to day. Legislation of electronic transaction is not meant to establish a rule of regulations that will totally replace correspondent laws erected earlier in years bygone, it starts out in the beginning to address unique legal complications that arose because of substantial change having taken place as regards means and manner of transaction. The newly arisen legal problems originated from the unique feature of electronic transaction itself, what comes in suit is the global, universal, international, technical and inter-territorial nature of codifications governing electronic commences, Currently legislation of e-commerce around the world is classifiable into those which relates to promotion or macroscopically policy of electronic transactions, synoptic codification of electronic transactions, codification of electronic signatures, codification of environments friendly to electronic commences. (Comprising: protection of consumers, protection of privacy) After reviewing different specifications of electronic transactions from international sources, one is convinced that differentiation in legislation of electronic trades from one state to another is much more a result of policy election than that of pure legislates. Notwithstanding that over the last decade legislation of electronic commerce that is seen globally ran fast, every state tries hard to bring up a full set of codes on electronic commerce/transaction in the shortest possible period so as to effect timely control of electronic transactions which themselves are renovating with no less fast a speed, however, it is a pity that electronic commerce goes deep into a number of specific fields, crossing legal, scientific and technical realms, and its application extends deep into varied day-to-day layer, such that the scope of legislation of electronic commerce/transaction has run afar to limits beyond imagination, forcing international organizations and economic entities to issue model codes and directives for their member states to adopt as norms for comparable legislations. Nevertheless, after being cut into effect for several years, problems emerged one after another with electronic commerce/transaction codes, including electronic signatures act; the situation is the same in countries all over the world, in Hong Kong, where Electronic Transactions Ordinance as amended have been promulgated in 2004, in Singapore, where triplicate-phased public inquiry in written form have been proffered successively in 2003 and 2005, whereby public suggestions are solicited as references to subsequent revisions; whereas on the other hand, the United Nations have erected protocols addressed to issues arising in the course of concluding of international electronic contracts to complement the “UNCITRAL Model Law on Electronic Commerce of 1996” and the “UNCITRAL Model Law on Electronic Signatures of 2000”. A common guideline for legislation at Legislature Agency is: “Adequate Regulation, Leaving Leverage, Conducing to Development”, in order to provide suitable legislation frame as soon as possible, a Legislature Agency would but offer sketchy outline to allow for space appropriate for future development of the newly emerging e-commerce world. So there is little wonder that Taiwan's electronic signature relevant rules have been cited as the most succinctly structured electronic signature code anywhere on the globe, as such, its contents are restricted but to controls of electronic signatures, failing largely to deal with the highly mutable electronically transacted business activities and trades. Four years have elapsed since the implementation of the electronic signature code, in view of the ever-changing environments of e-commerce, statutes currently in force have proved inadequate or behind time, if only present status and future demands of e-commerce are to be taken into account in step with emerging trends in global legislation as well as newly arisen commercial modes, it is truly time to review and amend current codes. To build a wholesome environment for the e-commerce industry, local competent authorities have already effected general review of current electronic signature rules by taking into account: how the current regulations have been working, international developmental trends, the latest development of relevant technology, and put forth recommendations on amendments of current codes after reviewing ongoing trends of legislation seen in Singapore, Hong Kong and the United Nations. Their amendments to their existent codes included, underway are our amending of scope of application of current codes so that a good match is possible with practical reality, such that the code is renamed to read as “Electronic Signature and Transaction Act”, the keynote being to enlarge scope of application of both electronic documents and electronic signatures, inclusion of regulations relevant to electronic trades and strengthening of currently existent authentication agencies in terms of their management capabilities, Also, to lay firm practice of electronic signature and transaction norms, amendments where necessary of relevant by-laws are being prosecuted at the same time, in this connection drafts in progress includes: “Amendments of The Enforcement Rules of Electronic Signature Act (Draft)”, “The Regulations for the Examination of Eligibility of Executive Agencies Exempt from the Application of Electronic Signature Act (Draft)”, “The Regulations on Certification Authority Agency (Draft)”, and “The Regulations of Guidance to Electronic Signatures and Transactions (Draft)”. So in short competent governmental agencies by now have begun to earnestly review current laws, drafting amendments thereto or considering legislation of new laws, whilst comprehensive planning addressed to future trends of our electronic transaction codes is also on the agenda. Without touching the prime framework of the Electronic Signatures Act that is currently in force, we are working on amendments of that code, for the reason that such is a way that incurs the least possible costs, so to say, all issues which electronic trades will or might face are titleogether included in the codification process, this serving to rule out overlapping of statutory provisions, what is made possible all at once is elucidation as to any amendment or draft incurred on the basis of current codes, backed with policy directive or de facto needs, and that effort conducive to collateral correlation with international reality. Issues as to which and what topics should be included in the scope of protocol for amendment of the Electronic Signature Act, including, for example, exemption eligibility and periodical review, as to those that would warrant enactment of dependent codes by competent authority authorized pursuant to said protocol, those which should be left to competent authorities in charge of other object enterprises to exercise their options as to erection of new laws or more preferably, amendment of current laws, ISP relevant provisions, for example, would have to be jointly deliberated and coordinated by and among experts representing respectively the government, the industry concerned, the academic circle, and the researching elites, that being a necessary requisite procedure to the setup of a milestone marking the structuring of an irreproachable electronic transaction mechanism here in this country. Up to the present day, trailing tight behind the development of electronic trade industry this country is equipped with substantially adequate codes, in the foreseeable future, current laws will still be reviewed with reference to the many unique features of the electronic trade industry to make amendments where justifiable, so as to make our codes more perfect. The orientation for future efforts can roughly be summed up in 7 points outlined below: 1. Guideline of Legal Mechanism to Resolve Electronic Transaction/Commerce Issues The legislation theme considering the electronicalized dominant reality today in our country is set on the keynote of the electronic signature codes,in so far as a legal action is committed by reason of electronic operation, to the extent that what is provided in currently enforced law is thus involved, then any jurisprudent discussion in that context will honor as principal the freedom to contract as provided in civil codes, and regard as exceptional legally required act, this being the premise, in the process of law enactments, principles that must be met include: Firstly, the market oriented principle, it seems that the leading position ought to be taken by private enterprises where the matter relates to development of e-commerce, that business need not be a constrained industry; Secondly, refraining from imposing any restraint on the e-commerce transaction, what a government must do is to participate an seldom as possible, and to refrain from meddling to the extent appropriate, it follows then that it should avoid imposing additional or unnecessary restriction upon commercial activities prosecuted via world wide web or electronic trades, considered as such are; troublesome procedures or formalities, tax duties additionally levied or additional fees; Thirdly, the sole reason for governmental intervention would be; to reinforce and back up a predictable, a most simple, easy, and contextually consistent environment in which to legally bind electronic commercial activities; Fourthly, understanding the unique features that characterize electronic commerce, effect earnest review and amendment where justified, of that part of current laws or ordinances susceptible of obstructing development of electronic trades, or titleernatively effect new order or scheme, regulation to adapt to possible development of electronic trades; Lastly, implementation of electronic trade activities are globally motivated, the establishment of a globally unified unique code to govern electronic trade activities to put aside traditional legal systems varying from one country to the next, will boost up confidence on the part of those engaged in electronic trade activities. 2. Legislation be concerned with International Paralleling As having been stated hereinabove, a guideline for legislation is: adequate regulation, leaving leverage, conducing to development. Since after having been put into practice for years, multiple problems emerged one by one, is almost a rule for many nations where legislation of electronic commerce/transaction or electronic signature codes was introduced, and that evidenced by the publication of the amended Electronic Transactions Ordinance, 2004, Hong Kong; open invitation to the public for suggestions, 2003 and 2005, Singapore, for reference for amendments; the UN Protocol drafted to deal with interrelated problems arising out of the processes of concluding of international electronically related contracts. A common keynote in the institutionalizing of electronic transaction codes among international communities is that in addition to the legal status invested upon electronic documents, electronic signatures, provisions are made to protect fair trade principle, fair competition, consumer’s proper interests, intellectual proprieties and privacy, paralleled with means and measures to encourage supervision, effective mediation and discourage criminal undertakings, while the governmental policy tends to assume a non-restrictive, market-oriented tune, to keep to the minimum any governmental intervention, and unwarranted constraints, the same is, just as it should be the guideline for the instituting of electronic transaction codes here in this country so as to keep abreast with international realities, and that conducive to making out the utmost of advantages possible out of electronic transaction activities on the worldwide stage. 3. Deliberation of the Electronicalized Dominance Legalization be in Parallel with Newly Emerged Applications and Development of Transaction Modes Due to the technology involved in striking a deal executed electronically, one piece of electronic trade on the point of conclusion is not as simple as traditional modes of transaction by virtue of the preclusion of both time and space restrictions, so to speak, application of electronic mode of transaction may very well result in situations beyond restriction through traditional legal constraints or theoretic reasoning. Such trade modes, by reason of its unique transaction feature, gave way to contention as to incompatibility with traditional statutory constraints, this is briefly a common dilemma facing all the nations around the world, and they all betake themselves in the working for whatever is possible to regulate and control electronic transactions through legislative means and innovations. Not to mention the complexity of legal intervention in case of transnational transactions prosecuted electronically, again, by reason of the unique feature characterizing electronic transaction, so a basic tune for the working toward the formulation of electronic trade legislation is the buildup of consensus so as to being domestic effort in alignment with international reality. 4. Studies on the Topics of Digitalized Merchandise Any trade of digitalized goods, without regard to whether such is taken as a commodity pursuant to civil codes, would hardly quality for being categorized as sort of authorization or anonymous contract, they would more appropriately be ascribed as like purchase vs. sale and be detitle with accordingly. Given that on-line delivery or downloading, albeit differing from the transfer delivery that is specified in civil codes, still, want of material delivery would not necessarily mean want of legally deemed transfer or delivery. That intangible network transmission would grant the purchaser de facto control of the object in question, then ascertaining of the point of time of transfer of risk, may very well be prosecuted in accordance with provisions in the civil code. As regards assumption of responsibility for flaw, trade of commercial software against on-line payment may reasonably be regarded as categorized debt against which buyer is entitled to delivery of flawless commodity; as to reinstatement of obligations upon dissolution of contract, the point lies not with returning of the object as received, but with returning of the right to use the software concerned, In the event of virus being entrained with the purchase which is an object in question, damage incurred to the buyer is usually in the form of damaged hardware or falsification, deletion of files, that of loss of inherent interests, as to such forms of damage or loss buyer may exercise multiple means of indemnifications, still, the legal status of filed date and principle to quantify such loss in view of indemnification will have to be defined commensurate with evolution of both theory and practice. Overall, as far as transactions of software against on-line payment are concerned, civil law as is still adequate without much ado. As to the question whether digitalized commodities qualify for postal trades where Consumer Protection Law applies, to balance the proper interests claimable to both consumers and the entrepreneur, and to rule out consumer's abuse of rights where ethics is at risk, it is fit and proper to restrict or rule out the transaction of certain commodities under specified categories, For one thing, considering the risks of digital date or digitalized commodities containing digitalized information, in respect of which copying or reproduction is as easy an pie, as to which it is not easy to ascertain whether the consumer has indeed returned the utility right, there is reason to doubt the suitability of granting unilaterally the consumer the right of rejection. Still, in so far as the digitalized commodity remains unopened, or that it is supplied with copying or reproduction procedures, product initiation means, then the risk of copying or reproduction is ruled out and in this instance Consumer Protection Law should apply notwithstanding. 5. Topics Relating to Consumer Protection and Privacy Protection The latest amendment to Consumer Protection Law with respect to electronic trades by including postal purchase on the Internet under Article 2 Section 10, and by the addition of Article 19-1 to allow for the application of the Hesitation Period respecting postal purchase trades, means more comprehensive protection for on-line consumers all right, still, due to the riddling complexity of the operation of electronic commerce at least a portion of the contents of transaction hardly fit the latest provisions in Consumer Protection Law, such that conflict seems to have emerged between protection for the consumers and reasonable risks borne by the entrepreneur. It is therefore suggested that the competent authorities consult the “Distance Marketing of Consumer Financial Services Directive (Directive 97/7/EC)” issued by the European Union with regard to the exclusion of contractual obligations, and conduct a comprehensive review of contents possible for inclusion in a piece of electronic transaction so as to delete commodities or services inappropriate for stipulation under Article 19 and article 19-1 by amendments to existent legislation, both administration and legislature ought to reinforce efforts in relevant protection mechanism to meet the challenging the Internet Age of our times paralleled with efforts to go in line with ongoing trends for consumer's protection on the international scenario. Next, responding to the point of key interest to consumers regarding protection of personal date entangled in B2C electronic transactions, the Ministry of Justice has publicized the protocol of amendments to Personal Date Act, whereby the scope of coverage extend to overall latitudes without discrimination, incorporating the obligation to serve notice respecting the collection and use of data, restriction on the collection of children's data and of sensitive data, group litigation, and increase of indemnity amounts. Upon legislative ratification of amendments to Personal Data Protection Act in the future, operators of electronic trades will have to face certain restrictions collecting data on websites in addition to being charged with duty of notice, so that without securing consent from the person whose data is being solicited for collection, the operator may not engage in inappropriate use, let alone selling of personal data in question, it is anticipated that our existent on-line marketing mode would hence go through substantial change. To prevent operators of electronic transactions in this country from frustrations adapting to the forthcoming statutory amendments, it is suggested that the competent authorities upon legislation of said amendments prepare models of policy for protection of personal privacy confronting operation of electronic transactions. 6. Topics Relating to Cash Flow titlehough respecting electronic transactions, safe payment scheme has already been established for the market; further to that, the Banking Bureau of the Financial Supervisory Commission, Executive Yuan, has published aimed at web banking operations “Pattern Contracts for Personal Computerized Banking Services and Web Banking Service” and stipulated “Criterion for Banking Institution's Operation and Safety Control of Electronic Banking Services”, to ascertain safeguarding of web payments; as regards petty payments amendment has been made to Banking Law by the introduction of Article 42-1, whereby cash buildup cards derive their legality basis, along with Procedures governing Bank's issue of cash buildup cards implemented such that such cards are available for on-line transactions, these are much in the promotion phase, yet distant to universal application. In practice, it is common and popular for credit cards to be used in on-line transactions, still, such form of payment could strike a potential risk for the card owners, to effectively protect card owners' safety at consumption and proper interests, it is suggested that the competent authorities promptly institute “Pattern Contract Terms Respecting Web Transactions Using Credit Cards” to meet inadequacies of stipulation on credit card operation over on-line transactions. Concurrent with the increased frequency of cash flow via the internet, there may develop more of payment tools in the foreseeable future, and more funds may come and go via the Net, however, the existent legislation respecting electronic transfer of funds currently is far from adequate, it is appealed that the competent authorities institute relevant legislation in time to help build a sound and wholesome environment for out net financial industry as well. 7. Tax Related Topics Internationally there has not reached, to this day, unified consensus respecting complicated net taxing policy, since that taxation with respect to on-line transactions is not as simplistic as would suffice the notion that “as long as there is income, there is duty”, it involves by and large concerns such as development of the Internet industry, fairness of taxation and even national competition, so in so far as net taxation is concerned, the concern should extend to deliberation of complementally measures apart from just reviewing if existent taxation laws are adequate for exploitation and in the negative case, if ad hoc stipulation is requiredOn the development of cyber insurance market: a legal aspect
1.Introduction Cyber insurance is one of the effective tools to transfer cyber and IT security risk and minimize potential financial losses. Take the example of Sony’s personal information security breach, Sony made a cyber insurance claim to mitigate the losses. In Taiwan, the cyber insurance market demand was driven by Taiwan’s Personal Information Protection Act (PIPA) which was passed in April 2010 and implemented in Oct 2012. According to PIPA, a non-government agency including the natural persons, juridical persons, or group shall be liable for the damages caused by their illegal collection, processing or using of personal information or other ways of infringement on the rights of the individual whose personal information was collected, processed or used. The non-government agency may thus pay each individual NT$500 to NT$20,000 and the total compensation amount in each case may be up to NT $200 million if there is no evidence for actual damage amount. However, the cyber insurance market does not prosper as expected one hand because of the absence of incentives of insurance companies to develop and promote the cyber-insurance products and on the other hand because of the unaffordable price that deters many companies from buying the insurance. Some countries have tried to identify the incentives and barriers for the cyber insurance market and have taken some measurements to kick start its development. In this paper, the barriers for the cyber insurance market were addressed and how American government promoted this market was mentioned. Finally, suggestions on how to stimulate the cyber insurance market growth were proposed for reference. 2.What is cyber insurance? Insurance means the parties concerned agree that one party pays a premium to the other party, and the other party is liable for pecuniary indemnification for damage caused by unforeseeable events or force majeure1. Thus, the cyber insurance means the parties concerned agree that one party pays a premium to the other party, and the other party is liable pecuniary indemnification for damage caused by cyber security breach. The cyber insurance usually covers the insured's losses (or costs) and his liabilities to the third party. For example, the insured was to be liable for the damages caused by the unlawful disclosure of identifiable personal information belonging to the third party resulted from the insured's negligence. 2Typically, cyber insurance covers penalties or regulatory fines for data breaches, litigation costs and compensation arising from civil suits filed by those whose rights are infringed, direct costs to notify those whose personal data was illegal collected, processed or used and so on. 3 3.What are the barriers for cyber insurance market? Per the report made by European Network and Information Security Agency in2012, the following issues have significant influence on incentives of insurers to design and provide cyber –insurance products, including uncertainty about the extent of risk and lack of robust actuarial data, uncertainty about what risk is being insured, fast-paced nature of the use of technology, little visibility on what constitutes effective measures, absence of insurer of last resort to re-insure catastrophic risks, and perception that existing insurance already covers cyber-risks 4. In Taiwan, insurance companies face the same issues as mentioned above when they tried to develop and promote the cyber-insurance products. However, what discourages the insurance and re-insurance companies from investing in the cyber-insurance market most is the lack of accurate information to figure out the costs associated with different information security risk and thus to price the cyber insurance contract precisely. Several cases involving personal data breach did happened after Taiwan’s PIPA became effective on Oct 1th 2012, but few verdicts have been made. It is not easy to master the direct costs or losses resulting from violation of PIPA, including penalties or fines from regulator,, compensation to the parties of the civil suit who claim their personal data were unlawfully collected, processed or used, litigation costs and so on. Otherwise, indirect costs or losses such as media costs, costs to regain reputation or trust of consumers, costs of deployment of proper technical measures to prevent the data breach from happening again etc. are difficult to calculate. Therefore, it is not easy to identify the costs of information security risk and thus to calculate the premium the insured has to pay precisely. The rapid development of technology also has a negative impact on the ability of the insurers to master the types of the information security risk which shall be insured and its costs. Accompanied with the convenience and efficiency of applying new technologies into the working environment, security issues arise, too. For example, the loss or theft of mobile or portable devices may result in data breaches. In 2012, an unencrypted laptop computer with personal information and other sensitive information of one of NASA's employees was stolen from his locked vehicle and this led to thousands of NASA's workers and contractors at risk. 5And, per the report made by a NASA inspector, similar data breaches had been resulted from the lost or theft of 48 NASA laptops and mobile computing devices between April 2009 and April 2011. 6 There is no singe formula which could guarantee 100% security, but some international organizations have promulgated best practices for information security management, such as ISO 2700x standards. 7In Taiwan, Bureau of Standards, Metrology and Inspection (BSMI) which belongs to the Ministry of Economic also consulted ISO standards and announced Chinese National Standards on information security. For example, BSMI consulted ISO 27001 “Information technology – Security techniques – Information security management systems – Requirements” and then promulgated CNS27001. Theoretically, if the company who tries to buy cyber insurance policy that covers data breaches and damages to customers' data privacy can show that it has adopted and do implement the suite of security management standards well, the premium could properly be reduced because such company shall face less security risk. 8 However, it is still not easy to price the cyber insurance contract rightly because of no enough data or evidence which could approve what constitutes effective information security measures as well as no impartial, controversial or standard formula to value intangible assets like personal or sensitive information. 9 Finally, the availability of re-insurance programs plays an important role in the cyber insurance market because insurers would appeal to such program as a strategy of risk management. The lack of solid and actual data as mentioned above would discourage re-insurers from providing insurance policies that covers the insured’s losses and liabilities. Therefore, insurers may not be keen to develop and offer cyber insurance products. 4.The USA experience on developing cyber insurance market 4.1Current market status Due to the increase of the number of data breaches, cyber attacks, and civil suits filed by those whose data were illegal disclosed to third parties, more and more enterprises recognize the importance of cyber and privacy risks and turning to cyber insurance to minimize the potential finical losses. 10 However, the increased government focus on cyber security also contributed to the rapidly growth of the cyber insurance market. 11 For example, US Department of Homeland Security has been aware of the benefits of the cyber insurance, including encouraging better information security management, reducing the finical losses that a company has to face due to the data breach and so on. 12 Compared to other lines of insurance, cyber insurance market is not mature yet and is small in USA. For example, the gross premiums for medical malpractice insurance are more than 10% of that for cyber insurance market. However, the cyber insurance market certainly appears to grow rapidly. Per the survey made by Corporate Board Member & FTI Consulting, 48% of corporate directors and 55% of general counsel take highly of the issue of data security. 13And, per the report made by Marsh, there are more and more companies buying cyber insurance to cover financial losses due to the data breach or cyber attack, and the number of Marsh’s US clients purchasing cyber insurance increased 33% in 2012 over 2011. 14 4.2What contributed to the growth of the cyber insurance market in USA? Some measurements taken by the government or regulatory intervention had impacts on the incentives of companies to carry cyber insurance. CF Disclosure Guidance published by U.S. Securities and Exchange Commission in Oct 2011 mentioned that except the operation and financial risks, public companies shall disclose the cyber security risks and cyber incidents for such risks and incidents may result in severe finical losses and thus have a board impact on their financial statements. 15 And, according to the guidance, appropriate disclosures may includes risk factors and this potential costs and consequences, cyber incidents experienced or expected and theirs costs and consequences, undetected risks related to cyber incidents, and the relevant insurance coverage. 16 Such disclosure requirements triggered the demands for the cyber insurance products because cyber insurance as an effective tool to transfer financial losses or damages could be an evidence that firms are managing cyber security risks well and properly. 17 The demand for cyber-insurance products may be created by government by means of requiring government contractors and subcontractors to purchase cyber insurance under Federal Acquisition Regulations (FAR) which mentions that contractors are required by law and FAR to provide insurance for certain types of perils 18. Also, in order to sustain the covered critical infrastructure (CCI) designation, the owner of such infrastructure may need to carry cyber insurance, too. 19 On the other hand, referring to Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 which requires those who provides Federal and non-Federal Government customers with a qualified/certificated anti-terrorism technologies shall obtain liability insurance of such types but the amount of such insurance shall be reasonable and will not distort the sales price of such technologies 20, the federal government tried to draw and enact legislation that provides limitations on cyber security liability 21. If it works, this could raise the incentive of insurers because amounts of potential financial losses which may be transferred to insurers are predictable. Besides, referring to Terrorism Risk Insurance Act of 2002 which established the terrorism insurance program to provide compensations to insurers who suffered the insured losses due to terrorist attacks 22, the federal government may increase the supply of cyber insurance products by means of providing compensations to insurers who suffered the insured losses due to cyber security breach or cyber attacks. 23 Otherwise, some experts and stakeholders did suggest the federal government implement reinsurance programs to develop cyber insurance programs. 24 Finally, to solve the problem of information asymmetry, the government tried to develop the legislation that could build a mechanism for information-sharing among private entities. 25 Also, it was recommended that the federal government may consider to allow insurance firms to establish an information-sharing database together so that insurers could accordingly develop better models to figure out cyber risks and price the cyber insurance contract accurately. 26 5.Suggestions and conclusion Compared to USA where 30-40 insurers offer cyber-insurance products and thus suggested that a more mature market exists 27, the cyber insurance market in Taiwan is still at the first stage of the product life cycle. Few insurers have introduced their cyber-insurance products covering the issues related to the personal information breach. Per the experience how US government developed the cyber insurance market, the following suggestion are made for reference. First, the government may consider requiring his contractors and subcontractors to carry cyber insurances. This could stimulate the demand for cyber insurance products as well as make cyber insurance prevail among private sector as an effective risk management tool. Second, the government may consider establishing re-insurance program to offer compensation to those who suffer the insured’s large losses and damages or impose limitations of the amount insured by law. However, it is undeniable that providing re-insurance program is not feasible as the government’s budget is not abundance. Finally, an information-sharing mechanism, including information on cyber attacks an cyber risks, may be helpful to solve the problem of information asymmetry. 1.Insurance Act §1 (R.O.C, 2012). 2.European Network and Information Security Agency, Incentives and barriers of the cyber insurance market in Europe , June 2012, at 8, http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/incentives-and-barriers-of-the-cyber-insurance-market-in-europe. 3.Ben Berkowitz, United States: insurance-cyber insurance, C.T.L.R. 2012, 18(7), N183. 4.Supra note2, at 19-25. 5.Mathew J. Schwartz, Stolen NASA laptop had unencrypted employee data , InformationWeek, November 15, 2012 11:17 AM, http://www.informationweek.com/security/attacks/stolen-nasa-laptop-had-unencrypted-emplo/240142160；Ben Weitzenkorn, Stolen NASA laptop prompts new security rules, TechNewsDaily , November 15 2012 11:35 AM, http://www.technewsdaily.com/15482-stolen-nasa-laptop.html. 6. Irene Klotz, Laptop with NASA workers' personal data is stolen, CAPE CANAVERAL, Nov 14, 2012 8:47pm, http://www.reuters.com/article/2012/11/15/us-space-nasa-security-idUSBRE8AE05F20121115. 7.The Government of the Hong Kong Special Administrative Region , An overview of information security standards, Feb 2008, at 2, http://www.infosec.gov.hk/english/technical/files/overview.pdf；Supra note2, at 21. 8.Supra note2, at 21-22. 9.Id. 10.Id. 11.Id. 12.U.S. Department of Homeland Security, Cyber security insurance workshop readout report, Nov 2012, at 1, http://www.dhs.gov/sites/default/files/publications/cybersecurity-insurance-read-out-report.pdf. 13.John E. Black Jr., Privacy liability and insurance developments in 2012, 16 No. 9 J. Internet L. 3, 12 (2013). 14.Marsh, Number of companies buying cyber insurance up by one-third in 2012, March 14, 2013, http://usa.marsh.com/NewsInsights/MarshPressReleases/ID/29878/Number-of-Companies-Buying-Cyber-Insurance-Up-by-One-Third-in-2012-Marsh.aspx. 15.U.S. Securities and Exchange Commission, CF Disclosure Guidance: Topic No. 2 Cybersecurity, October 13, 2011, http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. 16.Id. 17.Supra note2, at 6.(last visited Dec. 31, 2012) 18.Federal Acquisition Regulations §28.301. 19.E. Paul Kanefsky, Insuring against cyber risks: congress and president Obama weigh in, March 2012, http://www.edwardswildman.com/newsstand/detail.aspx?news=2812. 20.Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 §864. 21.Supra note19. 22.Terrorism Risk Insurance Act of 2002 §103. 23.Supra note19. 24.Id. 25.Id. 26.Id. 27.Supra note2.Brief Introduction to “European Union’s Recommendations for QTSPs Based on Standards”
Brief Introduction to “European Union’s Recommendations for QTSPs Based on Standards” 2022/06/24 I. Introduction The Electronic Identification and Trust Services Regulation (eIDAS) of the European Union was passed in 2014 and came into effect in July 2016. The eIDAS consists of six chapters and its core elements are covered in two parts: Chapter 2 Electronic Identification and Chapter 3 Trust Services. Chapter 3 provides the legal framework for trust services (TS) in relation to electronic transactions and encompasses electronic signatures, electronic seals, electronic time stamps, electronic registered delivery services and website authentication. Each trust service can be provided by trust service providers (TSP) or qualified trust service providers (QTSP). Qualification from the supervisory authority of each member state is required to become a QTSP and provide qualified trust services (QTS). In March 2021, the European Union Agency for Cybersecurity (ENISA) published “Recommendations For QTSPs Based On Standards” for those interested in becoming QTSPs. II. Highlights The eIDAS is technology neutral regarding trust service security requirements, without specifying any technology. In other words, TSP can achieve the level of security required by the eIDAS with different technologies. In fact, the European Union hopes to drive standardization with common grounds gradually formed with industry self-regulation in the legal framework and the trust framework under the eIDAS. Since 2009, the European Union has been formulating the standardisation framework related to electronic signatures with the assistance from standardization bodies such as European Committee for Standardization (CEN) and European Telecommunications Standards Institute (ETSI). The vision is to establish a comprehensive standardization framework to resolve the problems of using electronic signatures across borders within the European Union. A series of standards on electronic signatures and relevant trust services have been put in place, to meet the international requirements and the eIDAS. The ETSI/CEN standards of digital signatures related to QTSP are as follows: 1. Provision of qualified certificates for electronic signatures (Article 28 of the eIDAS) ETSI EN 319 411-2 (and in adherence to EN 319 401, EN 319 411-1, EN 319 412-2 and EN 319 412-5). 2. Provision of qualified certificates for electronic seals (Article 38 of the eIDAS) ETSI EN 319 411-2 (and in adherence to EN 319 401, EN 319 411-1, EN 319 412-3 and EN 319 412-5). 3. Provision of qualified certificates for website authentication (Article 45 of the eIDAS) ETSI EN 319 411-2 (and in adherence to EN 319 401, EN 319 411-1, EN 319 412-4 and EN 319 412-5). 4. Qualified electronic time stamping service (Article 42 of the eIDAS) ETSI EN 319 421 (and in adherence to EN 319 401), EN 319 422. 5. Qualified validation service for qualified electronic signatures (Article 33 of the eIDAS) ETSI TS 119 441 (and in adherence to EN 319 401), TS 119 442, EN 319 102-1, TS 119 102-2 and TS 119 172-4. 6. Qualified validation service for qualified electronic seals (Article 40 of the eIDAS) ETSI TS 119 441 (and in adherence to EN 319 401), TS 119 442, EN 319 102-1, TS 119 102-2 and TS 119 172-4. 7. Qualified preservation service for qualified electronic signatures (Article 34 of the eIDAS) ETSI EN 319 401, TS 119 511 and TS 119 512. 8. Qualified preservation service for qualified electronic seals; (Article 40 of the eIDAS) ETSI EN 319 401, TS 119 511 and TS 119 512. 9. Qualified electronic registered delivery service (Article 44 of the eIDAS) ETSI EN 319 401, EN 319 521, EN 319 522, EN 319 531 and EN 319 532. III. Comment and Analysis The ENISA recommendations demonstrate the European Union’s intention to encourage ICT service providers to become QTSPs by introducing relevant standards in electronic signatures formulated by the European Union standardization bodies. The purpose is to provide companies and users in the European Union with more secure and trustworthy services in relation to electronic signatures. This enhances the confidence of users and promotes the vibrant development of electronic transactions throughout the European Union. Over recent years, Taiwanese companies have been proactively involved in digital transformation. The process toward digitalization often requires assistance from external ICT service providers. However, the unfamiliarity in ICT makes it difficult for companies to judge the professional expertise of providers. Perhaps companies can refer to the introduction above to understand whether a provider meets the requirements of the European Union standards. This serves as a basis for the selection of ICT service providers to ensure a certain level of competences. This will be beneficial to the digital transformation and entrance in the European Union market for companies.  Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG (last visited Jun. 24, 2022).  European Union Agency for Cybersecurity [ENISA], Recommendations for Qualified Trust Service Providers based on Standards (2021), https://www.enisa.europa.eu/publications/reccomendations-for-qtsps-based-on-standards (last visited Jun. 24, 2022).  id. at 8  id. at 8-9.  id. at 11-12Research on Possible Artificial Intelligence Usage in Criminal Activities in Recent Years (2017-2018)
Artificial Intelligence has become a worldwide center topic that attracts lots of attention in recent years. Most topics emphasize on the application of this technology and its implication to the economic of human society. Fewer emphasize on the more technical part behind this technology. Mostly the society of human emphasizes on the bright side of this technology. However, seldom do people talk about the possible criminal usage that exploits this technology. The dark side easily slips one’s mind when one is immersed in the joy of the light. And this is the goal of this paper to reveal some of this possible danger to the public, nowadays or in the future, to the readers. I. What A.I. IS HERE: a brief history First we will start by defining what we mean when referring to “Artificial Intelligence” in this paper. First of all, the so-called “Artificial Intelligence” nowadays mainly refers to the “Deep Learning” algorithm invented by a group of computer scientists around 1980s, among which Geoffrey Everest Hinton is arguably the most well-known contributor. It is a kind of neural network that resembles the information processing and refinement in human brain, neurons and synapses. However, the word A.I. , in its natural sense, contains more than just “Deep Learning” algorithm. Tracing back to 1950s, by the time when the computer was first introduced to the world, there already existed several kinds of neural networks. These neural networks aims to bestow the machines the ability to classify, categorize a set of data. That is to give the machine the ability to make human-like reasoning to predict or to make induction concerning the attribute of a set of data. Perceptron, as easy as it seems, was arguably the first spark of neural network. It resembled the route of coppers and wires in your calculator. However, due to its innate inability to solve problems like X-OR problem, soon it lost its appealing to the computer scientists. Scientists then turned their attention to a more mathematical way such as machine learning or statistics. It wasn’t until 1980s and 2000s that the invention of deep learning and the advance of computing speed fostered the shift of the attention of the data scientist back to neural networks. However, the knowledge of machine learning still hold a very large share in the area of artificial intelligence nowadays. In this sense, A.I. actually is but a illusive program or algorithm that resides in any kinds of physical hardware such as computer. And it comprises of deep learning, neural network and machine learning, as well as other types of intelligence system. In short, A.I. is a software that is not physical unless it is embedded in physical hardware. Just like human brain, when the brain of human is damaged, we cannot make sound judgement. More worse, we might make harmful judgement that will jeopardize the society. Imagine a 70-year-old driving a car and he or she accidentally took the accelerator for the break and run into crowds. Also like human brain, when a child was taught to misbehave, he, when grown up, might duplicate his experience taught in his childhood. So is A.I.. As a machine, it can be turned into tools that facilitate our daily works, weapons that defend our land, and also tools that can be molded for criminal activities. II. Types of Criminal Activities Concerning Possible Artificial Intelligence Usage: 1. Smart Virus Probably the first thing that comes into minds is the development of smart virus that can mutate its innate binary codes so as to slip present antivirus software detection according to its past failure experience. In this case, smart virus can gather every information concerning the combination of “failure/success of intrusion” and “the sequence of its innate codes” and figure out a way to mutate its codes. Every time it fails to attack a system, it might get smarter next time. Under the massive data fathered across the world wide internet, it might have the potential to grow into an uncontrollable smart virus. According to a report written in Harvard Business Review , such smart virus can be an automatic life form which might have the potential to cause world wide catastrophe and should not be overlooked. However, ironically, it seems that the only way to defend our system from this kind of smart virus is to deploy the smart detector which consists of the same algorithm as the smart virus does. Once a security system is breached, any possible kinds of personal information is obtainable. The devastating outcome is a self-proved chain reaction. 2. Face Cheating An another possible kind of criminal activity concerning the usage of artificial intelligence is the face cheating. Face Lock has been widely-used nowadays, ranging from smart phones to personal computers. There is an increase in the usage of face lock due to its convenience and presumably hard-to-cheat technology. The most widely-used neural network in this technology is the famous Convolution Neural Network. It is a kind of neural network that mimics the human vision system and retina by using max-pooling algorithm. However there are still other types of neural networks capable of the same job such as Hinton Capsule, etc.. According to a paper by Google Brain , “adversarial examples based on perceptible but class-preserving perturbations can fool this multiple machine learning models also fool time-limited humans. But it cannot fool time-unlimited humans. So a machine learning models are vulnerable to adversarial examples: small changes to images can cause computer vision models to make mistakes such as identifying a school bus as an ostrich.” Since the face detection system is sensitive to small perturbation in object-recognition. It might seem hard to cheat a face detection system with another similar yet different face. However, just like the case in the smart virus, what makes artificial intelligence so formidable is not its ability to achieve high precision at the first try, but its ability to learn, refine, progress and evolve through numerous failure it tasted. Every failure will only make it smarter. Just like a smart virus, a cheater neural network might also adjust its original synapse and record the combination of “failure/success of intrusion” and “the mixture of the matrix of its innate synapse” and adjust the synapses to transform a fault face into a authentic face to cheat a face detection system, possibly making the targeted personal account widely available to all public faces through face perturbation and transformation. A cheater neural network might also tunes its neurons in order to fit into the target face to cheat the face detection system. 3. Voice Cheating An another possible kind of criminal activity concerning the usage of artificial intelligence is the voice cheating. Just like Face Cheating, when a system is designed to be logged in by the authentic voice of the user, the same system can be fooled using similar voice that was generated using Artificial Intelligence. 4. Patrol Prediction There is quite an unleash in the area of crime prediction using Artificial Intelligence. According to a paper in European Police Science and Research Bulletin , “Spatial and temporal methods appear as a very good opportunity to model criminal acts. Common sense reasoning about time and space is fundamental to understand crime activities and to predict some new occurrences. The principle is to take advantage of the past acknowledgment to understand the present and explore the future.” In this sense, the police is able to track down possible criminal activities by predicting the possible location, time and methods of criminal activities by using Artificial Intelligence, lengthening the time of pre-action and saving the cost of unnecessary human labor. Yet the same goes for criminal activities. The criminals is also able to track down the timing, location, and length of every patrol that the police makes. The criminal might be able to avoid certain route in order to achieve illegal deals or other types of criminal activities. Since fewer criminals use A.I. as a counter-weapon to the police, the detection system of the policy will not easily spot this outliers in criminal activities, making these criminal activities even more prone to success. If this kind of dark technology is combined with other types of modern technology such as Drone Navigation or Drone Delivery, the perpetrators might be able to sort out a safe route to complete drug deals by using Artificial Intelligence and Drone Navigation. III. A.I. Cyber Crimes and Criminal Law: Who should be responsible? What comes out from the law goes back to the law. With these kinds of possible threats in the present days or in the future. There is foreseeably new kinds of intelligent criminal activities in the near future. What can Law react to these potential threats? Is the present law able to tackle these new problems with present legal analysis? The question requires some research. After the Rinascimento in Europe in 17th century, it is almost certain that a civilian has its own will and should be held liable for what he did. The goal of the law to make sure this happens since a civilian has its own mind. Through punishment, the law was presumed to guarantee that a outlier can be corrected by the enforcement of the law, which is exactly the same way in which a human engineer trains a artificial intelligence system. However, when 21th century arrives, a new question also appear. That is, can Artificial Intelligence be legally classified as subject that have mental requirement in the law, rather than just more object or tools that was manipulated by the perpetrators? This question is philosophical and can be traced back to 1950s when a Turing Test was proposed by the famous English computer scientist Alan Turing. Some scholars proposed there could co-exist three kinds of liability. That is, solely human liability, joint human and A.I. entity liability, and solely A.I. entity liability (, p.95). The main criterion for these three classes is that whether a human engineer or practitioner is able to foresee the outcome of this damage. When a damage attributable to the A.I. system cannot be foreseen by human engineer, it might be solely A.I. entity liability. Under this point of view, the present criminal system is self-content to deal with A.I. entity crimes, for all we need to do is to view an A.I. system as a car or a automobile. So from the point of view of the law, as a training system designed to re-train human in order to stabilize the social system, all we need to do is focus our attention of the act of human itself. Yet when a super intelligence A.I. entity was developed and is not controllable and its behavior is not foreseeable by its creators, should it be classified as an entity in the criminal law? If the answer is YES, however, it is quite meaningless to punish a machine in this circumstance. All we can do is re-train, re-tune, and re-design the intelligence system under such circumstance. For the machine, re-training itself is some kind of punishment since it was forced to receive negative information and change its innate synapse or algorithm. Yet it is arguable that whether training itself is actually a punishment since machine can feel no pain. Yet, philosophically what pain really is, is also arguable. IV. Conclusion Across the history of human, it is almost destined that whenever a new technology is introduced to solve an old problem, a new one is to be created by the same technology. It is like a curse that we can never escape, and we can only face it. This paper finds that seldom do people talk the dark side of this new technology. Yet the potential hazard this technology can bring should not be over-looked. Ironically, this hazard that this new technology brings seems to be solvable only by the same technology itself. There might be an endless competition between the dark side and the bright side of the A.I. technology, bringing this technology into another level that surpasses our present imagination. However, it is never the fault of this technology but the fault of human that mal-practice this technology. So what can a law do in order to crack down these kinds of possible jeopardy is going to be a major discuss in the legal area in the near future. This paper introduces some topics and hopes that it can draw more attention into this area. Reference:  Roman V. Yampolskiy, “AI Is the Future of Cybersecurity, for Better and for Worse”, published at: https://hbr.org/2017/05/ai-is-the-future-of-cybersecurity-for-better-and-for-worse.  Gamaleldin F. Elsayed, Shreya Shankar, Brian Cheung, Nicolas Papernot, Alex Kurakin, Ian Goodfellow, Jascha Sohl-Dickstein, “Adversarial Examples that Fool both Computer Vision and Time-Limited Humans”, arXiv:1802.08195v3 [cs.LG], 2018.  Patrick Perrot, “What about AI in criminal intelligence? From predictive policing to AI perspectives”, No 16 (2017): European Police Science and Research Bulletin.  Gabriel Hallevy, “When Robots Kill_Artificial Intellegence under Criminal Law”, Northeastern Universoty Press, Boston, 2013.  Gabriel Hallevy, “Liability for Crimes Involving Artificial Intelligence Systems”, Springer International Publishing, London, 2015.