1. Prologue Flexible and collective usage of spectrum is the mainstream in the modern times. Julius Genachowski, chairman of the Federal Communications Commission, delivered the keynote address to the CTIA-Wireless Association convention on Oct. 7, 20091. He said the U.S. government has been tripling the amount of spectrum available for commercial uses. The problem is that many industry experts predict wireless traffic will increase 30 times because of online video and other bandwidth-heavy applications. Accordingly, he warned that the shortage of spectrum would be a crisis for the on-going evolution of mobile broadband communication. Therefore, it’s critical for using precious spectrum effectively. Now, with the breakthrough of ICT, there is an alternative solution to this crisis: "application of interleaved/white space". 2. The cure for shortage of the spectrum To solve the shortage and ineffective use of scarce spectrum, developed countries have innovated technology to overcome the dilemma. Accordingly, the cognitive radio (CR) network with OFDMA (Orthogonal Frequency Division Multiple Access)2 systems, namely "spectrum sensing", to use the interleaved/white space is the therapy nowadays, especially after digital switchover (DSO). CEPT (European Conference of Postal and Telecommunications Administrations) identified "white space" as a part of the spectrum, which is available for a radio-communication application (service, system) at a given time in a given geographical area on a non-interfering / non-protected basis with regard to primary services and other services with a higher priority on a national basis. Specified clearly, the wording of "White Spots" or "White Spaces" or "Interleaved Spectrum" applied by CEPT has been used to introduce a concept of frequency spectrum which is potentially available at a given time for further utilization within frequency spectrum originally planned for broadcasting in GE063. The current CEPT view is that any new white space applications should be used on a non protected non interfering basis. Further studies are required into the framework needed to enable the use of CR devices within white space spectrum. Meanwhile, Millions more — both rural and urban — couldn’t afford computers and internet access in the United States. Yet big telephone and cable companies won’t bring broadband internet to rural America. Therefore, U.S. administration takes it seriously and considers to bridge the "digital gap" via CR networks for using white space to high-speed wireless internet access in rural area. Moreover, innovative way to use the spectrum after DSO could also satisfy the demand of band immediately with National Broadband Plan which proposed by President Barack Obama. 3. The definition and function of "white/interleaved space" In a word, the spectrum licensed to commercial use or public safety is not always occupied totally all the time. Accordingly, some bands are vacant just like "white" or "interleaved". If communicators use these interleaved and fragmented bands temporally, the spectrum-usage will be more effective and the cost of the spectrum now we used will be much lower. Not only U.S but also UK regulator Ofcom has published a discussion document to explore the possibility of using interleaved spectrum to wirelessly link up different devices and offer enhanced broadband access in rural areas. The idea is based on the development of technology that could search for unoccupied radio waves between TV channels to transmit and receive wireless spectrum. Take DSO in U.S. for example, when TV goes digital in June, 2009, TV broadcasters will use only a small portion of the public airwaves they are allocated.4 This is because digital transmissions can be packed into adjacent channels, while analog ones cannot. This means that the band can be "compressed" into fewer channels, while still allowing for more transmissions, which could result in a kind of "white space" (or so-called digital dividend) mentioned above. In most rural areas, 60 to 70 percent of these digital airwaves will be vacant. It goes without saying that those bands will be idle, which will also increase the cost the spectrum-usage. However, the TV band can carry a broadband signal that penetrates buildings, travels great distances, and penetrates heavy foliage. If people could search the "spectrum hole", off course, with CR or DSA (Dynamic Spectrum Sensing), and then link up those unoccupied band for wireless communication, the compelling needs of spectrum will be eased. Most important of all, this innovative way fits the trend of collective and flexible spectrum usage in 3G/4G era. 4. The key to open "white space" Undoubtedly, the WSD (White Space Devices) is the key to open the new gate. FCC issues some R&O to test WSD for welcoming white space. On October 5, 2007, OET (the Office of Engineering and Technology) of FCC issued a public notice inviting submittal of additional prototype devices for further tests (Phase II). On February 24, 2010, OET selected Wilmington, North Carolina, for the test market for the DTV transition, and unveiled a new municipal Wi-Fi network, after a month of testing. OET permitted that TV Band has an 18-month experimental license.5 For the goal of "smart city", the network has used the white space made available by the end of analog TV transmission. Spectrum Bridge (a famous company devoted to working out WSD and solution to white space)6 has worked to make sure TV stations in the market do not receive interference (no interference issues have been reported), and the company hopes to do the same if similar service becomes nationwide. The "smart city" network will not compete with cell phone companies but will instead be used for "national purposes", including government and energy monitoring (i.e. Smart Grid). TV Band Network, made up of private investors, has put up cameras in parks, and along highways to show traffic. Other uses include water level and quality, turning off lights in ball parks, and public Wi-Fi in certain areas.7 This success has promptly encouraged those have eyed unlicensed band/devices for wireless broadband internet access, especially the White Spaces Coalition8. The White Spaces Coalition consists of eight large technology companies that originally planned to deliver high speed broadband internet access beginning in June 2009 to United States consumers via existing white space in unused television frequencies between 54-698 MHz (TV Channels 2-51). The coalition expects speeds of 80 Mbps and above, and 400 to 800 Mbps for white space short-range networking9. Therefore, the Coalition hasn’t only pushed FCC to free up the band, namely unlicensed-band approach, but also eagerly innovated the WSD and advanced IT technology (i.e. Geo-Location, CR, DSA, OFDMA and IEEE 802.2210 …etc. ) to promote the awareness of white space. 5. How to use the key to unlock the door ? First of all, Geo-Location technology is the threshold to use the white space. Geo-Location is the identification of the real-world geographic location of Internet-connected computers, mobile devices, website visitors or others. In avoidance of band-interference and public safety communication, users mustn’t interfere with the prior ones, or s/he couldn’t access the band via WSD. Thus, Geo-Location can assist WSD users, just like a beacon, to avoid the occupied band and keep them away from nearby transmissions. Second, a spectrum database that contains Geo-Location information about devices using the free channels in the radio spectrum and some strong database managers are needed. Frankly speaking, the original idea was that WSD would detect existing users and switch frequencies to avoid them, but that's technically dubious and hasn't been demonstrated to FCC's satisfaction. So the proposed solution requires devices to locate themselves then connect to a database which will allocate a frequency along with a timeout, after which the device will have to repeat its request. For example, the followings are the necessary information in the TV database. • Transmitter coordinates (latitude and longitude), • Effective radiated power (ERP), • Height above average terrain of the transmitter (HAAT), • Horizontal transmit antenna pattern (if the antenna is directional), • channel number, • Station call sign. In a word, in order to protect existing broadcasters, FCC mandated the creation of a Geo-Location database that details what spectrum is in use and where. Furthermore, the idea is that unlicensed broadband devices will tap this database before sending or receiving data, using the info in tandem with spectrum sensing technologies to avoid interference. Accordingly, White Spaces Database (WSDB) was introduced, a DB which would permit public access to register and discover devices and the frequencies used based on their location11. This database would be used in conjunction with local device discovery to avoid contention between devices. FCC has worried about that no one has ever run a radio system like this, so no one can really claim experience in the area (though most of the proposals try). The FCC commissioner Robert McDowell has raised an eyebrow at Google's request to serve as an administrator of a national database detailing the use of white-space spectrum. Google proposes the operation of a WSDB for at least five years, promising to "transfer to a successor entity the Database, the IP addresses and URLs used to access the Database, and the list of registered Fixed WSD" in case they cannot live up to it. Google does not plan to "implement per-query fees"12 , but they are considering a per-device fee. No decision has been made yet, but the FCC allows a WSDB administrator to charge such fees.13 Finally but innovating initially, it’s the Cognitive Radio system (CR). There are various definitions of CR. Herewith the paragraph 10 of the FCC 03-322 NPRM, the definition of Cognitive Radio could be specified as a radio that can change its transmitter parameters based on interaction with the environment in which it operates. The following figure shows how the Cognitive Radio System does work. Figure 1.Cognitive Radio System Let’s explain it more clearly and vividly. Imagine a radio which autonomously detects and exploits empty spectrum to increase your file transfer rate. Suppose this same radio could remember the locations where your calls tend to drop and arrange for your call to be serviced by a different carrier for those locations. These are some of the ideas motivating the development of cognitive radio. In effect, a cognitive radio is a software radio whose control processes leverage situational knowledge and intelligent processing to work towards achieving some goal related to the needs of the user, application, and network. Although cognitive radio was initially thought of as a software-defined radio extension (Full Cognitive Radio), most of the research work is currently focusing on Spectrum Sensing Cognitive Radio. In other words, the focus on CR has been switched into "DSA" (Dynamic Spectrum Access) nowadays.14 Therefore, some fellows replace Cognitive Radio with "Cognitive Systems" for accurate description.15 The following is the figure to show the function of DSA to detect "spectrum hole" that could be used as TV white space.16 Figure 2.The sensing of the spectrum hole "Digital dividend", one kind of interleaved/white space, has been viewed as precious band in Unite Kingdom, too. In U.K., its regulatory body, Ofcom, has also published a discussion document to explore the possibility of using these "dividend" to wirelessly link up different devices and offer enhanced broadband access in rural areas. Ofcom has predicted that could enable the use of the spectrum in this way would take at least three years to develop. Possible applications include mobile broadband, the transmission of home media such as photos from cameras to a computer wirelessly and the ability to control appliances in the home. Moreover, Ofcom firmly contended that if there was evidence that interference could be avoided, it would allow the use of interleaved spectrum without the need for individual licenses, the same as the FCC’s policy. However, local TV coalition United for Local Television (ULTV)17 has strongly criticized the Ofcom’s current proposal to appoint a band manager to "control" interleaved spectrum (and make it available to applications such as wireless microphones for special events) and to ensure that the spectrum is made available to local TV groups on fair, reasonable and non-discriminatory terms. According to current proposals, Ofcom’s "band manager" would be required to allocate spectrum to special event organizers on fair and non-discriminatory terms but not to local TV groups. ULTV has protested this unfair condition. In contrast, FCC has clearly issued the "2nd report" to mandate the bidder of upper 700 MHz D block should apply to fair and non-discriminatory terms. 6. Technological challenges for accessing white space In November 2008 the FCC issued an R&O on the unlicensed use of TV white space.18 The FCC regulated some vital requirements to rule the usage of TVWS in this document. These requirements impose technical challenges for the design of devices operating in TV white space spectrum, which brings new tough task for the innovation and production of WSD.19 These new rules provide an opportunity but they also introduce a number of technical challenges. The challenges require development of cognitive radio technologies like spectrum sensing as well as new wireless PHY and MAC layer designs. For example, the development of spectrum sensing techniques involves RF (Radio Frequency) design, robust signal processing, pattern recognition and networking protocols… etc. The choice of RF architecture is no longer merely a hardware issue, but will directly affect the upper layer performance. Furthermore, these challenges include spectrum sensing of both TV signals and wireless microphone ones, frequency agile operation, geo-location, stringent spectral mask requirements, and of course the ability to provide reliable service in unlicensed and dynamically changing spectrum.20 In addition, the FCC has strict out-of-band emission (OOBE) requirements to prevent interference with licensed transmissions in other channels. A detailed description of these out-of-band emission requirements and their impact on the transmission spectral mask for WSD is provided in Section VII of the R&O. Unfortunately, there are still other hurdles to be overcome. While the frequencies used by television stations do have a long reach and easily penetrate walls, it is important to remember that these signals are one-way communications, often broadcast from giant antennas at megawatts of power. For gadgets and computers, a much lower transmission power would be used, greatly decreasing the range of the White Space devices. So are we talking the Wi-Fi-like ranges here or 3G-like ranges? The National Association of Broadcasters has also questioned the ability of WSD to operate without interfering with television broadcasts. In addition, wireless microphones could be affected, although Google has proposed a "beacon" that could be utilized alongside existing wireless microphone equipment that would alert WSD not to operate on the same channel. Last but not least, how to ensure QoS of WSD users is implicit trouble. The Cognitive Radio system should provide that fast, robust, coordinated sensing and quite periods and to protect incumbents as well as provide QoS. It will be a dilemma faced by the regulatory bodies and ICT industry. Another real-world problem is that there are no WSD for consumers and even if someone comes out with a new product, it will likely be very expensive since it isn’t widely produced,21 although Spectrum Bridge has proven one example mentioned above. Nevertheless, some people still criticized what Spectrum Bridge has done probably could have used 5 GHz for the point-to-point backhaul connections. "The Smart City" is using Wi-Fi for the last mile rather than white spaces because there are no white space devices on the consumer end. Rick Rotondo, chief marketing officer for Spectrum Bridge argued Spectrum Bridge tried using Wi-Fi at 2.4GHz, 5GHz would never have made it; 2.4 didn’t make it. However, Spectrum Bridge did use Wi-Fi for the last hundred feet, not the last mile, but for the last hundred feet because there are Wi-Fi receivers built into laptops and smartphones and that’s who we wanted to be able to connect to this network. It sounds like a tautology. 7. What’s beyond the white space ? What kind of ICT could people apply to after getting the white/interleaved space? "Super Wi-Fi" is the first application connected with white space. As Larry Page, co-founder of Google, has described that white spaces are like "Wi-Fi on steroids" linked up wireless internet with much faster speeds, stronger signals and more affordable costs. Besides, there are other advanced ICT could function via white space, such as LTE, IPTV, MediaFLO, DVB-H, ISDB-T, MVNO, ITS (DSRC) and so on. 8. Vision: Legal challenges for accessing white space in Taiwan Although not mentioned above, FCC indeed allows the secondary-market of spectrum boosting in U.S. That’s an important reason, or motivation, to develop white space applications and regulations. In other words, the spectrum, not the license, could be auctioned, leased, retailed, weaved and so on. However, the regulatory mode of communication in Taiwan is "Vertical Regulatory Framework", which would be an obstacle to evolve the spectrum-usage in contrast to U.S and EU. Under the interpretation of Legal Positivism, Taiwan Budget Act Article 94 states, "Unless otherwise provided for by law, grant of quota, frequency, or other limited or fixed amount special licenses shall be conducted by open auction or public invitation to tender and the proceeds of which shall be turned in to the national treasury." Hereby, the administration could really fulfill the legal assignment via public invitation to tender or auction for the "license", not the band. Nevertheless, the administration does not apply auction process to issue the licenses, but approaches the frequency licenses with "Radio and Television Act" and "Administrative Regulations on Radio Waves" which is promulgated under the Telecommunications Act in accordance with the first paragraph of 48, Section 1 of said Act instead. Step closely, Radio and Television Act Article 4 firmly states, "The frequencies used by radio/television businesses are owned by the state and their allocation shall be planned by the MOTC in conjunction with the regulatory agency. The frequencies mentioned in the preceding paragraph may not be leased, loaned, or transferred. (emphasis added)". This article has resulted in inflexible use of spectrum, and dragged the collective use of spectrum, too. Undoubtedly, only we have to do is to amend the article for accessing white space in accordance with Legal Positivism. Second, according to Administrative Regulations on Radio Waves, the National Communications Commission shall be responsible for the overall coordination and regulation of radio waves including radio frequencies, power, emission method and radio station identification call sign etc., which shall not be used or altered without approval. Thus, under the justice of legal system, NCC should revise the spectrum policy/regulations in harmony with Administrative Regulations on Radio Waves. For example, the Article 6 and 10 separately regulates, "The radio equipment shall adopt the latest technical advances to limit the number of frequencies and the frequency bandwidth used to the minimum essential for the necessary services. The frequency assigned to a station of a given service shall be separated from the limits of the band allocated to this service in such a way that, taking account of the frequency band assigned to a station, no harmful interference is caused to services to which frequency bands immediately adjoining are allocated." Therefore, WSD indeed, even necessarily, should be applied to band management and revolution of ICT industry. Moreover, Central Regulation Standard Act Article 5 (embodied the principle of constitutional requirement of a specific enactment) also requires, "The following objects shall be stipulated by a statute: 1. It is required to stipulate by a statute as the Constitution or a statue expressly stipulated. 2. Stipulation concerns the rights or obligations of the people. 3. Stipulation concerns the organization of a government agency at national level. 4. Other objects with substantial importance shall be stipulated by a statute." The Legislative Yuan must consider to promote the status of Administrative Regulations on Radio Waves to Statue, which conforms to Constitutional requirement. To sum up, Taiwan administration should take white space seriously, or ICT in Taiwan will be doomed as if getting lost in "space". 9. ad hoc Conclusion :Do not lock the door of white space "Open access" is the most important canon in the usage of white space. In this meaning, there are two dimensions for open access. One is unlicensed band-usage, the other is unlicensed WSD which is also unlicensed and interlocks into different operators’ networks. The later is a big task in America. FCC’s decision was contested by the TV broadcasters who fear using the freed channels would interfered with TV signals and live singers who are using the same wave spaces.22 Larry Page also argued that unlicensed white spaces offer a way for the U.S. to catch up with the rest of the world in broadband access. Today, 10% of Americans still don't have access to DSL or cable broadband, according to consultancy Parks Associates. Fortunately, the first steps towards white space communications have already been taken and FCC has approved unlicensed use of the spectrum, but FCC requires a database of all known licensed users to be deployed in order to prevent from interfering with the existing broadcasts and devices already using the space, such as licensed TV broadcasts and some wireless microphones The second dimension is unlicensed WSD to compatible different network architecture. At first, the unlicensed devices must fit the criterion which could guarantee that they will not interfere with assigned broadcasts can use the empty white spaces in frequency spectrum. In order not to harm nearby transmission, the best way is to set a standard for WSD in one network built by certain operator. For example, if WSD users want to connect to Verizon Wireless’ network, s/he has to buy/use Verizon Wireless’ WSD. However, out of Verizon Wireless’ network, WSD users have to purchase/use another WSD. It will be inconvenient and raise the cost, but quench people’s desire to use WSD. As a result, FCC issued the R&O to prevent devices-locked, so-called "discriminatory QoS", from deploying the white space proposal. Accordingly, the mandatory rule indeed slows down the innovation of WSD. Obviously, unlicensed use of the vacant TV channels is an economic and social revival waiting to happen in rural areas. In addition, white/interleaved space will manage to fit the core principle of modern spectrum-development, "collective and effective use". There are so many merits to share the "dividend", but at this time, we are still far away the real "white space". The situation in Taiwan is much worse unfortunately. 1.See FCC official document,http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-293891A1.pdf (last visited 03/05/2010) 2.OFDMA is a multi-user version of the popular Orthogonal frequency-division multiplexing (OFDM) digital modulation scheme. Multiple access is achieved in OFDMA by assigning subsets of subcarriers to individual users. This allows simultaneous low data rate transmission from several users. 3.See Final Acts of the Regional Radio-communication Conference for planning of the digital terrestrial broadcasting service in parts of Regions 1 and 3, in the frequency bands 174-230 MHz and 470-862 MHz (RRC-06). 4.In the United States, the abandoned television frequencies are primarily in the upper UHF "700-megahertz" band, covering TV channels 52 to 69 (698 to 806 MHz). 5.See http://spectrumbridge.com/web/images/pdfs/smart_city-spectrumbridge.pdf visited on 2010/2/27. 6.http://spectrumbridge.com/web/ 7.See http://showmywhitespace.com/portals/1/Spectrum%20Bridge%20Launches%20White%20Spaces%20Network%20In%20Wilmington-New%20Hanover%20County.pdf visited on 2010/2/27. 8.The group includes Microsoft, Google, Dell, HP, Intel, Philips, Earthlink, and Samsung Electro-Mechanics. 10.The standardization is another crucial issue but will not be discussed in detail hereunder. 11.In February 2009, Google joined Comsearch, Dell, HP, Microsoft, Motorola, and Neustar to form the White Spaces Database Working Group (WSDG), an effort to build such a database.. 12.Actually, the database host will know where users are and the kit they're using, both of which are commercially valuable pieces of information. Google thinks that data will pay for the database, and Google is very good at extracting value from information; but even if it can't turn white space into gold, it will have five years to drive the competition out of business. 13.See generally Google’s proposal to FCC, http://www.scribd.com/doc/24784912/01-04-10-Google-White-Spaces-Database-Proposal visited on 2010/2/28. 14.Specifying clearly, the main mechanism of CR is including, but not limited to DSA. 15.Evolution of Cognitive Radio toward Cognitive Networks is under process, in which Cognitive Wireless Mesh Network (i.e. Cog-Mesh) is considered as one of the enabling candidates aiming at realizing this paradigm change. 16.Test conducted in the rural sector west of Ottawa, Canada. See C. R. Stevenson, G. Chouinard, W. Caldwell,Tutorial on the P802.22.2 PAR for :"Recommended Practice for the Installation and Deployment of IEEE 802.22 Systems," IEEE802, San Diego, CA, 7/17/06 http://grouper.ieee.org/groups/802/802_tutorials/july06/Rec-Practice_802.22_Tutorial.ppt. 17.United for Local Television ("ULTV") is a coalition of groups and campaigners who together lobby the government to recognize local TV as a public service. ULTV argues that all citizens should have access to local TV, no matter where they live, without having to subscribe to pay-TV or broadband. ULTV proposes that the government reserve capacity for local TV services on the most popular television platform in the UK today – digital terrestrial television (commonly known as "Freeview"). ULTV anticipates that local TV channels will provide local news and sport, together with a range of other local and networked programming. ULTV envisages local TV services would also provide local advertising, for the first time offering a cost-effective option for many local businesses seeking to advertise on terrestrial TV in their target market. 18.See Second Report and Order and Memorandum Opinion and Order In the Matter of Unlicensed Operation in the TV Broadcast Bands, Additional Spectrum for Unlicensed Devices Below 900 MHz and in the 3 GHz Band, Federal Communication Commission, Document 08-260, Nov. 14, 2008. 19.In detail, the FCC distinguished fixed WSD from portable one. There are different restrictions and requirements between them. 20.See http://ita.ucsd.edu/workshop/09/files/paper/paper_1500.pdf visited on 2010/2/20. 21.See http://www.digitalmediabuzz.com/2010/03/broadband-debate-white-space/ visited on 2010/3/17. 22.See http://lasarletter.net/docs/nabpet4review.pdf visited on 2010/2/25.
Although third-party payment is already one of the most popular ways to do the payment online in many countries, for example, Alipay of China and Paypal of USA, third-party payment in Taiwan is just about to start. For these days, the legislation of third-party payment has become a highly debated issue. However, due to many reasons, the legislation of third-party payment eventually has not been realized. And in fact, the third-party payment in Taiwan is not mature yet. A third-party payment system in Taiwan is unable to deposit stored value in advance. This is one of the basic functions of third-party payment system abroad, such as Alipay in China and Paypal in USA. Mainly, what third-party payment provides in Taiwan is money transmission based on real trade. 1. Latest progress of third-party payment in Taiwan. (1)Credit card payment for third-party payment system. Recently, third-party payment has a breakthrough development. According to the resolution of the meeting “Obstacles of using credit card in third party payment” held by Executive Yuan in September this year, Financial Supervisory Commission has made the commitment that the third party payment is allowed to be a “contracted merchant” under “Regulations Governing Institutions Engaging in Credit Card Business”, and personal entity or small business which is not provided with the qualification of “contracted merchant” are allowed to accept credit card payment though third party payment system. This is a very important progress in third-party payment in Taiwan. It means credit card payment is available for C2C transaction now. This will improve the safety of C2C transaction and reduce the quantity of fraud transaction. In other way, boost the prosperity of E-commerce. (2)Evaluation Requirements for Data Processing Services Industry Performing Trans-border Internet Transaction. In response to the Central Bank’s request, MOEA (Ministry of Economic Affairs) approved and announced the “Evaluation Requirements for Data Processing Services Industry Performing Trans-border Internet Transaction” on October 3rd, 2012. Any Data Processing Services Industry Performing Trans-border Internet Transaction would like to obtain the qualification as a mandatory under Article 8 of “Regulations Governing the Declaration of Foreign Exchange Receipts and Disbursements or Transactions”, should pass the evaluation according to the “Evaluation Requirements for Data Processing Services Industry Performing Trans-border Internet Transaction”, and get the compliance certification. The “Evaluation Requirements for Data Processing Services Industry Performing Trans-border Internet Transaction” has set up several requirements for a business which would like to run the payment service for trans-border internet transaction. Mainly, basic requirements are as the followings. 1-2-1 The applying data processing service enterprise should be a limited company or a company limited by shares. 1-2-2 The applying data processing service enterprise should open a special purpose deposit account to deposit the entire transmitting amount received from consumers. And the transaction of this account should be only based on the consumers’ directions of money transmitting. 1-2-3 Users of the third-party payment service provided by the data processing service enterprise should register for the first time usage. And the user’s name, birth and ID number are required for registration. The applying data processing service enterprise has the liability to check the reality of the information provided. 1-2-4 The contract between the data processing service enterprise and the user should be in writing. If the contract is performed in electronic way, it should follow the requirement of “in writing” according to Article 4 of “Electronic Signatures Act”. In addition, the contract should contain the mandatory articles about foreign exchange declaration listed in the “Evaluation Requirements for Data Processing Services Industry Performing Trans-border Internet Transaction”. 1-2-5 The data processing service enterprise should be equipped with sound information security system and operating regulations, comply with “Personal Information Protection Act” and the related directives, join ECTSA (E-commerce Trust Security Alliance), and get the ISO27001 certificate or PCI-DSS validation. 1-2-6 The data processing service enterprise should keep detailed transaction information for at least 5 years. 1-2-7 The data processing service enterprise should set up money laundering prevention operating regulations, and provide money laundering prevention employee training annually. Once MOEA receives the application, MOEA will set up a special team, which assembles legal professionals, information engineering experts and financial experts, to conduct the evaluation. The compliance certification of the evaluation will be valid for 5 years. During these 5 years, the data processing enterprise has the duty to accept the annual examination and non-timed examination by MOEA. 2.Three-Party Legal Relationship under Third-Party Payment The nature of a third-party payment service is “service of payment collection and forwarding”. Generally, payment collection and forwarding refers to the transfer of a transaction payment performed by a third party in its role of assisting the buyer and the seller. The current practice in Taiwan of making payment to and collecting product from a convenient store pursuant to online transaction or of paying for product upon delivery by shipping company is a type of “payment collection and forwarding” business. In a relationship of payment collection and forwarding service, the legal relationship between the buyer and the payment collector/forwarder is a “contract of mandate” under Article 528 of the Civil Code. Refer to Article 8 of the Regulations Government the Use of Uniform Invoices: “When a business entity is engaged to handle collection and payment on behalf of another party, if there is no difference between the amount collected and the amount paid, and the purchaser specified on the payment receipt voucher is the engaging party, then the business entity may deliver the voucher to the engaging party and is exempt both from issuing a uniform invoice and from including the payment as a sales amount.”. Article 18-2 of the Profit Seeking Enterprise Income Tax Audit Standard also has similar stipulations. As to whether or not a contract of mandate is formed between the seller and the payment collector/forwarder, depends on the agreement between the parties. If it is agreed that the buyer has completed payment when the payment collector/forwarder receives the fund, then the payment collector/forwarder receives the fund on behalf of the seller and a contract of mandate is formed. Under the contract of mandate, the seller grants the payment collector/forwarder the right of agency and the right of processing. Generally speaking, it is deemed that when the buyer pays the fund to the payment collector/forwarder, the buyer has completed the obligation of payment. Therefore, both the buyer and the seller form a contract of mandate with the payment collector/forwarder and grant the right of agency under such contract of mandate. Diagram 1 Three-party relationship diagram under collection/forwarding of transaction payment Source: Prepared by author The payment collector/forwarder under online transaction acts as the agent of the buyer and the seller at the same time with regard to the act of payment and collection. This constitutes the legal issue of “acting as agent for both parties” under Article 106 of the Civil Code. However, the payment collector/forwarder performs the contract of sale and purchase for the buyer and the seller. Therefore the exception provided under Article 106 of the Civil Code is applicable. 3.Payment Custody Mechanism under Third-Party Payment (1)Overview The important value of a third-party payment mechanism is that it provides a credit guarantee between the buyer and seller. Through a third-party payment organization, the buyer receives the merchandize and then sends an instruction to the third party payer for the price previously provided to the third party payer to be forwarded to the seller. Although the buyer and the seller cannot verify each other’s creditworthiness and the quality of the merchandize face-to-face, through third party payment, the buyer can be assured that the merchandize will be received after the price is paid. The buyer can even be assured that he/she will receive the merchandize that he/she is satisfied with. For example, in “Alipay”, the after shopping, the consumer pays the transaction price to Alipay. Only when the consumer replies with “production received” will Alipay forward the money to the seller. So “third-party payment service” helps activate E-commerce and is especially helpful in C2C transactions. This is one of the important features that differentiate “third-party payment service” from “Internet banking”. Therefore, although the Central Bank of Mainland China introduced the function of “Super Internet Bank” in 2009, consolidating the consultation and account transfer systems of many banks, it is generally considered that this did not have a strong impact on the third-party payment service industry which is already flourishing in Mainland China, because it does not provide value-added services, such as a guarantee and delayed payment provided by third-party payment service. Although third-party payment service provides account transfer service, absorbing part of the functions of Internet banking, it also created new business opportunities for the banks. In reference to the experience of Mainland China, the tasks are divided between third-party payers and banks as follows: Source: Xi-Song Zhang, Choice of Development Model for Third-Party Payment in China – From the Perspective of Full Intervention by Commercial Banks, Review by Xi’An University of Finance and Economics, Volume 22, Book 2, Page 46 (March 2009). So the service provided by third-party payment and the service provided by Internet banking overlap to a certain degree. Both perform the function of fund transmission. However, instead of thinking that the two as competitors, it is better to think of them as a cooperative. (2)Relevant Legal System in Taiwan The feature of the above-described third-party payment is that the third party holds the property for the benefit for others until the satisfaction of certain conditions. A similar legal system in Taiwan is “trust”. In accordance with Article 1 of the Trust Act: “For the purposes of this Law, the term "trust" refers to the legal relationship in which the settler transfers or disposes of a right of property and causes the trustee to administer or dispose of the trust property according to the stated purposes of the trust for the benefit of a beneficiary or for a specified purpose.”. However, in accordance with Article 2 of the Trust Act, a trust must be done through a contract of trust. What is different from the contract of mandate formed under the payment collection/forwarding described above is that, in a contract of trust, the parties must specify the purpose of the trust in the contract. Otherwise, the contract of a trust is not formed. An exception is trust by declaration for the purpose of public interest under Article 71 of the Trust Act. Below we discuss the structure and feasibility of providing third-party payment service through trust. 3-2-1Third-Party Payer Acts as Trustee When a third-party payer acts as the trustee of under the contract of trust and the buyer that pays the price under an Internet transaction designates it as the principal and the beneficiary, a trust for self benefit is formed. It is a trust with a purpose. The purpose of the trust is to transfer the price of sale and purchase. The seller is also the beneficiary. According to the “principle of identified beneficiary” under the laws of Taiwan as long as the beneficiary is identifiable, even though many transactions may be formed with many sellers after the buyer registers to use third-party payment service, a contract of trust can still be formed. However, in accordance with Article 2 of the Trust Act, unless the principal has reservations in the contract of trust, the termination of a trust for the benefit of others is subject to the consent of the beneficiary. So it is simpler to process under a trust for one’s own benefit. Diagram 2 Diagram of trust relationship under third-party payment (where the third-party payer is the trustee) Source: Prepared by author To form a contract of trust, in accordance with Articles 9 to 12 of the Trust Act, the fund entrusted by the service user to the third party to be forwarded becomes trust property and can be effectively segregated from bankruptcy. If the trustee is bankrupt, the trust property will not be included in the bankruptcy property, and the creditors of the trustee cannot enforce upon the trust property, providing more protection for the user of third-party payment service. Also, in accordance with Article 24, the principal shall manage the trust property and the principal’s own property separately. A monetary trust can be managed by keeping separate accounts. So if a contract of trust is formed under a contract of third-party payment service, it can ensure proper accounting of trust property by the service provider. Also, in accordance with Paragraph 2, Article 9, property right acquired by the trustee through the management, disposal, loss, destruction or other event of the trust property remains part of the trust property. Therefore, proceeds received from the deposit by third-party payer with the bank of any fund before it is forwarded become part of trust property and belong to the buyer, i.e., the principal and beneficiary. Certain doubts as to whether the Trust Enterprise Act is applicable to third-party payment service provider. In accordance with Article 2 of the Trust Enterprise Act, “trust enterprise” referred to in this Act means an organization approved by the competent authority in accordance with this Act to operate trust activities. There are 4 targets regulated by the Trust Enterprise Act: Trust companies that operate trust activities with approval by the competent authority, banks they also operate trust activities, securities investment trusts, investment consulting businesses and securities dealers that also operate trust activities and trust investment companies. A third-party payer is not a trust enterprise approved by the Banking Bureau of the Financial Supervisory Commission. Therefore, the contract of trust formed under third-party payment service is a general trust under civil law and is subject to supervision by the court in accordance with Article 60 of the Trust Act. The court may select an inspector and impose other necessary disposition by order pursuant to the petition for inspection on trust activities filed by an interested party or a prosecutor. However, the court has a role of passive supervision and does not have the general authority of supervision and management by the Bureau of Banking. Third-party payment is a service provided to unidentified members of the society. Including third-party payers into the system of financial supervision for trust will provide better protection for interest of the general public. Also, in accordance with Article 34 of the Trust Act, trust enterprises have the obligation of provisioning compensation reserves. No such obligation is imposed under general civil-law trust. So if third-party payers are included as trust enterprises, better protection will be available to the consumers. Also in accordance with Article 19 of the Trust Enterprise Act, a trust contract must be done in writing. In case of an electronic document, requirements under Article 4 of the Electronic Signature Act must be met: “the content of the information can be presented in its integrity and remains accessible for subsequent reference, with the consent of the other party”. Under third-party payment service, the third-party payer must make payment in accordance with the user’s instructions. So the trust that is formed is “a trust where the trustee does not have discretion over utilization of trust property”, as referred to under Paragraph 2, Article 7 of the Enforcement Rules for Trust Enterprise Act. It is also “a monetary trust under specific centralized management and utilization” under Article 8 of the Enforcement Rules for Trust Enterprise Act. However, in accordance with Article 9 of the Trust Enterprise Act: “A trust enterprise's name shall indicate the word, ‘trust.’ This rule does not apply to an entity which conducts a trust business concurrently with the approval of the Competent Authority.” If the third party payer adds the word “trust” in the company name, it will create a difference from the scope of business of third-party payment service. So an approval from the competent authority, the Bureau of Banking of the Financial Supervisory Commission, allowing third party payers to also operate the trust activity, seems to be a better solution. 3-2-2Bank Acts as Trustee As mentioned above, in a payment collection/forwarding relationship, the underlying legal relationship between the third-party payer and buyer is a “mandate”. Under a separate relationship of mandate, the buyer can grant the third-party payer the right of agency to sign a contract of trust with the bank on behalf of the buyer. The bank will act as the trustee and the buyer will act as the principal and beneficiary. The third-party payer will be the agent of the principal. Same as above, the beneficiary can also be the seller here. Under the current structure of the Trust Act of Taiwan, almost all rights that can be exercised by a principal can also be exercised by a beneficiary, including the rights under Articles 23, 24, 32, 35 and 65. Therefore, it is more convenient for a bank, with the qualification of trust enterprise, to serve as the trustee. However, trust related fees may be payable to the bank, raising the cost of third-party payment service. The relevant cost will most likely be transferred to the user of third-party payment service. The third-party payment service fee is generally paid by the seller, i.e., the payee. Under the structure where the third-party payer acts as the trustee, the relationship between the third-party payer and the bank is solely one between a depositor and a depository account. Therefore the third-party service provider does not need to pay any fee to the bank. It may even receive interest from the deposit, constituting proceeds from trust property which belong to the principal. So if the bank acts as the trustee, the cost of transaction flow is higher. On the other hand, it may obstruct the development of the industry. However, it is more consistent with the model of trust management. Diagram 3 Diagram of trust relationship under third-party payment (bank being the trustee) Source: Prepared by author 4.Conclusion There is currently no legal restriction against simple payment collection and forwarding. The contract of mandate under the Civil Code can process the tri-party legal relationship (buyer, seller and payment collector/forwarder). The transaction guarantee for third-party payment and the mechanism of custody and delayed payment of price can be processed with the structure of trust. As mentioned above, under the structure of a trust, the third-party payer can act as the trustee and the bank can act as the principal (at which time the third-party payer represents the principal and signs a contract of trust with the bank on behalf of the buyer). The formation of trust ensures account management, avoiding improper utilization of the transaction price under custody. When the third-party payer is the trustee, a general civil-code trust is formed, which is only subject to inspection by court pursuant to petition by interested party or the judge. The supervision and management are more relaxed. However, third-party payment serves an unidentified public of society and has an extensive impact. It is suggested that the competent authority, the Financial Supervisory Commission, allows third-party payers to also operate the business of trust and include third-party payers into the scope of financial supervision. When the bank acts as the trustee, the transaction cost is higher. However, the supervision and management of its business activities under the current legal system is more complete. Currently, a more feasible way is when the bank serves as the trustee and the third-party payer serves as the agent of the principal. In the long term, it can be studied to open up for third-party payers to also operate Internet transaction trust business, acting as the trustee. Third-party payment replaces bank’s fund settlement function to a certain extent. Contrary to the traditional industry of payment collection and forwarding, third-party payment provides the convenience of fund collection/payment function and can fall prey to money laundering criminal activities. For the purpose of protecting the consumers and prevention of money laundering crimes, it is indeed necessary to include third-party payment into legislative management. The priority focus of such control is to require that the operator possesses a sound corporate structure and financial status. The requirement regarding capital is different depending on the country. The flexible requirement of capital amount in the EU can be used as a reference. For smaller operators with lower transaction volumes, a lower capital amount should be required under flexibility. In 2011, the Internet shopping market in China was 773.5 billion CNY. The amount of Internet payment was approximately 70 billion CNY. In 2011, the Internet shopping market in Taiwan was only 562.7 billion NT Dollars. If the minimum capital amount required of third-party payment operators in China is applied to third-party payment operators in Taiwan, it would not be reasonable. We can refer to the US method and ask operators to take out insurance to lower the risk and avoid market monopoly or oligopoly due to high capital amount barrier, blocking full competition. With the capital amount requirement, it is highly possible that the operators will increase the amount of transaction processed in accordance with the development of E-commerce, creating the necessity to increase the capital. It is best to choose the form of limited stock companies in order to answer to capital placement requirement swiftly. Regarding the issue of money laundering prevention, third-party payment institutions are currently not the “financial institutions” under Article 5 of the Money Laundering Prevention Act of Taiwan. However, it should be a “payment tool” under Article 9, with only an obligation to freeze the payment account and cooperate with investigation as required by prosecutors. At the same time of developing third-party payment services, the Bureau of Investigation of the Ministry of Justice should also develop a money laundering prevention reporting system for third-party payment services. In reference to the US legal system, third-party payers should be included into the network of money laundering crime prevention of Taiwan for management. In addition, third-party payment services should be performed on real-name basis. The general public should be required to register and use third-party payment services with their true identities. As for verification of identity, the so-called KYC process, the banks’ KYC can be relied upon to a certain degree, such as comparison of account name information of the credit card holder or the deposit account. In reference to the legal system of different countries and the current financial legal system of Taiwan, third-party payment operators should have the obligation to maintain payment transaction information in order to facilitate criminal investigation. To protect consumers, the rights and obligations between the consumers and the third-party payers should be specified in a written contract. If it is displayed in electronic form, the written requirement should be consistent with Article 4 of the Electronic Signature Act of Taiwan. In addition, the consumers’ funds should only be used in accordance with the consumers’ payment instructions. To avoid other uses by the operators, there should be a requirement to deposit into special bank accounts to provide clear trace of transaction history. In reference to Article 24 of the Trust Act, separate account management is required under trust. So if a trust is formed, then the requirement for special deposit account can be waived. Furthermore, to avoid insolvency by the operators, operators can be required to take out insurance and acquire full performance guarantee. Prevention is better than a cure. We should take precautions about possible issues that may arise from third-party payment. In addition, clear rules of the game will encourage industry development. On the other hand, with the new type of money flow payment activities in the Internet era, traditional financial industries should see it as a new opportunity of business development, and not a threat. What third-party payment system processes is information flow; the actual flow of funds is still dependent on the banking system. Internet payment operators are still dependent upon the finance industry to provide financial planning and new types of financial products (such as trust and insurance) in order to promote their business. Building a sound Internet payment system indeed requires contributions from the information industry, the finance industry and the legal industry.
The approaches to promote critical infrastructure protection in Japan The approaches to promote critical infrastructure protection in Japan are illustrated below: 1. Coverage of Critical Information Infrastructure In the "Action Plan on Information Security Measures for Critical Infrastructure" promulgated by the Information Security Policy Council (ISPC) in 2005, critical infrastructure is defined as: Critical infrastructure which offers the highly irreplaceable service in a commercial way is necessary for people's normal lives and economic activities, and if the service is discontinued or the supply is deficient or not available, it will seriously influence people's lives and economic activities. Based on the definition of the action plan, the critical infrastructure contains: telecommunication systems, administration services of the government, finance, civil aviation, railway, logistics, power, gas, water, and medical services 2. Promoted Relevant Policies of The Past The issues regarding the CIIP are gradually being developed with the norm of information social security policy in Japan. Adopting the Action Plan of the Basic Guidelines Toward the Promotion of an Advanced Information and Telecommunications Society of 1998 proposed by the Japanese government in 1998 as a basis. The Japanese government keeps presenting polices of improvement for the relevant issues in order to acquire the stable development of telematics and telecommunications. Several years later, the Ministry of Economy, Trade, and Industry (METI) announced the Comprehensive Strategy on Information Security in 2003. The formulation of the strategy not only emphasizes the possible telematics-related risks and protection against threats that may be encountered in the information society, but it also enhances the level of information security to the level of national security and presents a comprehensive information security improvement program. Furthermore, the submission of the strategy has identified government’s responsibility in the development of information security Therefore, a division which is solely responsible for information security was established in the Cabinet Secretariat and is devoted to the development of it. In 2005, the Ministry of Economy, Trade, and Industry (METI) amended the Comprehensive Strategy on Information Security and announced the First National Strategy on Information Security based on the creation of a policy of a long-term information security task in Japan which is also the foundation for the policy of guidelines and action security concerning critical information infrastructure. This is in addition to being the most important basis for the policy of information security development. The strategy is different from the Comprehensive Strategy on Information Security in connotation. In the range of information security protection, it not only maintains information security from the perspective of the government; for instance, to divide the rights and duties on information security protection practices between the central government and the local government, and to strengthen the capacity of the government to solve emergencies such as cyber attacks, but it also tries to employ the public-private partnership on the CIIP issue to construct an extensive information security protection and to develop a Capability for Engineering of Protection, Technical Operation, Analysis and Response (CEPTOAR): one similar to the ISAC of America, to strengthen the information sharing and analysis of information security of all industry involved. According to the strategy, the METI established the Information Security Policy Council (ISPC) and the National Information Security Center (NISC) under the subordination of the Cabinet Secretariat in order to reach a goal of dependable society of information security.1 Finally, the information security policies more directly related with the CIIP are the Action Plan on Information Security Measures for Critical Infrastructure and the Standards for Information Security Measures for the Central Government Computer Systems, both of which regulate CI-related threats, information security standards, public-private partnership information sharing system, and the levels of information security standards between different governments and critical infrastructures, respectively. 3. Oraganization Framework Generally speaking, the Cabinet Secretariat is the main division of the CIIP and the information security for the Japanese government, while the ISPC and the NISC established under the Cabinet Secretariat in 2005 are the core organizations for the development of the CIIP policy. In addition, the National Policy Agency (NPA) and the Ministry of Internal Affairs and Communications (MIC) also played an important role in assisting the Cabinet Secretariat with critical infrastructure protection. The part of public-private partnership is covered by the CEPTOAR which takes the responsibility for information sharing and analysis of information security between the government and private organizations. 4. Notification System For critical infrastructure protection, Japan has set up a warning and notification system in addition to the emphasis on fundamental information security protection. With the concept of public-private partnership, various messages related with information security are analyzed and shared in order to prevent information security incidents from occurring. The network of notification system in Japan mainly consists of several organizations as listed below. (1) National Incident Response Team The National Incident Response Team (NIRT) which is the information security office under the Cabinet Secretariat in the organization framework belongs to the Computer Emergency Response Team (CERT)2 and is first in line in the government to handle internet emergencies. According to the Action Plan for Ensuring e-Government's IT Security, the NIRT which consists of 17 experts from the government and the private organizations is responsible to (1) accurately understand and analyze emergencies, (2) develop technical strategies to solve and rehabilitate emergencies to prevent incidents from reoccurrence, (3) provide other governmental organizations the assistance to solve the information security issue, (4) collect and analyze information or intelligence so that effective solutions and strategies may be provided when an incident happens, (5) provide the governmental organization with professional knowledge and information, and (6) enhance and improve all knowledge pertinent to information security. (2) Computer Emergency Response Team Coordination Center The Japan Computer Emergency Response Team Coordination Center (JPCERT/cc) is the first Computer Security Incident Response Team (CSIRT) established in Japan. It consists of internet service suppliers, security products/service suppliers, governmental agencies, and associations of industry & commerce. The JPCERT/CC is also a member of the Asia Pacific Computer Emergency Response Team (APCERT) and a member of the Forum of Incident Response and Security Teams (FIRST). It coordinates and integrates prevention measures pertinent to information security and is consistent with other CSIRTs. (3) Telecom Information Sharing and Analysis Center In Japan, besides the mechanism responsible to notify the government, which functions as a bridge for communication between it and all those outside of it, the mechanism of information sharing and notification is also established among industries to provide each with a channel for information exchange and consultation. In 2001, Japan established the Telecom Information Sharing and Analysis Center Japan (Telecom-ISAC Japan). In addition to real-time inspection for computer intrusion incidents and conducting information collection and analysis, the Telecom-ISAC Japan proposes to e-government many suggestions related with the Transact-SQL issue as well. The reasons for launching the Telecom-ISAC are to instantaneously detect a computer intrusion incident, and to instantaneously gather and analyze its information, and then exchange this with other telecom carriers and offer them relevant countermeasures for precaution; so that in can reach the goal of ensuring telecom security since it is an important infrastructure concerning social economy. (4) Cyber Force The reasons for launching the Cyber Force are to maintain the security to use the internet by regularly "patrolling" it, searching for evidence of internet crime, and to notify the critical infrastructure operators about any unusual internet use so as to prevent the occurrence of cyber terror attacks. The Cyber Force also assists operators to solve and diminish the damage and influences when an incident occurs. (5) Portal Site of National Police Agency The National Police Agency owns the portal site "@police". It exists to prevent large-scale cyber emergencies and to provide gathered information concerning information security to government. In addition to providing the techniques related with the safe use of computer networks, @police is also dedicated to educating internet users about the concept of information security and to increase security awareness. (6) Ministry of Economy, Trade and Industry Since 1990, the Ministry of Economy, Trade and Industry (METI) has cooperated with the JPCERT/CC and the Information Technology Promotion Agency (IPA) to provide reports on virus, intrusion, and the damage caused by them, to remind the public to pay attention. 5. Legal Norms The laws regarding critical infrastructure protection in Japan are illustrated as follows: (1) Unauthorized Computer Access Law of 1999 The Unauthorized Computer Access Law includes various conducts such as cyber intrusion, and data thefts, into the norms of criminal punishment to deter cyber crimes from spreading in order to ensure the safety of the critical information infrastructure. (2) Act on Electronic Signatures and Certification Business of 2000 With the formulation of the Act on Electronic Signatures and Certification Business, the smooth promotion of the electronic signature system is ensured and the circulation and process of electronic communication can be fostered further. (3) Basic Law on Formation of an Advanced Information and Telecommunication Network Society of 2001 Through the formulation of the Basic Law on Formation of an Advanced Information and Telecommunication Network Society, the legal basis to execute an information technology policy is enhanced, and the direction and job content for the government to execute this policy is explicitly stated. 1.http://www.nisc.go.jp/eng/pdf/national_strategy_001_eng.pdf(last accessed date: 2009/07/20). 2.http://www.nisc.go.jp/en/sisaku/h1310action.html(last accessed date: 2009/07/20).