The World Information Technology and Services Alliance (WITSA) Newsletter

In connection with the OECD "Emerging Market Economy Forum" in Dubai on January 16-17, WITSA and the other four founding members of the Alliance for Global Business (AGB) published a business statement, �Seizing Digital Opportunities: A Business Perspective�. The AGB, which is an informal network of five prominent international business organizations, represents one of the key focal points of private sector leadership in e-commerce. The five-page statement draws on the conclusions made in the previous AGB statements endorsed by WITSA, and in particular the 1st and 2nd editions of the AGB Action Plan on E-Commerce and the April 1999 Discussion Paper By The Alliance for Global Business On Trade-Related Aspects of Electronic Commerce. The statement provides a timely and precise summary of industry concerns related to e-commerce and digital opportunities.

Among some of the top priorities identified in the paper, governments must ensure that the regulatory environment is strongly in favor of competition, business creation, and private sector investment. Incentives also have to be correct for skill acquisition and necessary changes in the organization of the workforce, and governments must pursue important trade-related objectives enabling innovation, including:

In conjunction with the OECD Forum in Dubai, AGB also organized a January 15 business-government forum on e-commerce entitled �Maximizing the Digital Opportunity�. The purpose of the business-government forum was to highlight the private sector's priority needs for policy coherence between countries, and the international trade and economic policy issues "which need to be addressed to make the digital economy a reality for emerging market economies as well as advanced market economies" (see press release). Several WITSA representatives presented at the two Dubai events, including:

Additional background information on AGB is available at the WITSA site at http://www.witsa.org.

The World Information Technology and Services Alliance (WITSA) on November 30, 2000 issued a statement to Council of Europe General Secretary Walter Schwimmer, voicing concerns over the latest revision of the draft COE Convention on Cyber-Crime, but supported the objectives of improving international law enforcement cooperation and mutual legal assistance to keep pace with the increasingly international environment. This legally-binding text would be the first international treaty to address criminal law and procedural aspects of various types of offending behavior directed against computer systems, networks or data, and aims to harmonize national legislation in this field, facilitate investigations and improve co-operation between the authorities of the 41 member states. Given the importance of the subject, non-member States, such as Canada, Japan, South Africa and the United States, also actively participate in the negotiations.

In the statement, WITSA expressed serious concerns with several of the provisions contained in the 24^th revision of the draft cyber-crime convention, dated November 17, 2000. The draft Convention was finalized by an expert group (Plenary meeting of Committee PC-CY) on December 15, 2000. A 25th revision was published on December 22, 2000. This text has also been submitted to the COE Parliamentary Assembly for opinion, which is expected to give its opinion in April 2001. Industry input will also be accepted within this time period. In the light of the Assembly opinion, the text will be subject to a further revision by the COE European Committee on Crime Problems (CDPC), which is then expected to approve it at its next Plenary session in June 2001. Finally, the text then will be submitted to the Committee of Ministers for adoption.

In its current form, the draft convention could impose heavy record keeping burdens on Internet service providers (ISPs); make ISPs liable for third party actions; and restrict legitimate activities on the Internet.

The international enforcement problems implicated by crime using information systems, as well as the substantive problem of crimes committed against information systems, require close cooperation and dialogue between government and the information industry. WITSA recently launched a global partnership between industry and government leaders from around the world as the outcome of the October 16-17, 2000 inaugural Global Information Security Summit in Washington, D.C. WITSA, as well as many other industry and Internet user groups, have voiced concerns over many provisions contained in the draft Convention, which really indicates that this important process is just beginning and that all parties should take great care not to make premature decisions.

Many of the changes made to the draft Convention over the past several months have been largely cosmetic, and clearly falls short of addressing the concerns of the IT industry and other groups. It bears remembering that often the most effective way to counter cyber crime is through technical innovation, not burdensome legislation. WITSA is committed to participation in that dialogue, and to reaching a consensus on carefully tailored measures that will both support effective international law enforcement and foster continued growth and innovation in the information technology sector. A copy of the statement and press release is available at the WITSA site.

At its October 15, 2000 meeting, WITSA decided to hold a second Global InfoSec Summit in Belfast to tackle cyber-crime and other information security issues threatening the growth of the Internet. A large number of cross-industry business executives and international government officials are expected to attend the WITSA Global InfoSec Summit II, to be held in Belfast�s Waterfront Hall on May 31 � June 1, 2001. The initiative follows a growing number of on-line banking, e-business security breaches and hacker attacks on high profile websites including Yahoo! and CNN.

The two day event will be hosted by the Northern Ireland Software Industry Federation (SIF) who lobbied successfully for the conference at WITSA�s inaugural Global Information Security Conference held in Washington DC in October.

WITSA is highly respected internationally for its work in raising awareness of information security and for promoting it as a high priority issue for governments, industry and consumers. Earlier this year, for example, WITSA president � Harris Miller- was one of a number of Internet industry leaders who discussed the subject at a high level meeting with President Clinton following a series of orchestrated attacks on leading American web sites. Bringing this major summit to Belfast is expected to put Northern Ireland on the map in the minds of international e-business leaders.

For many companies, IT networks are fundamental to their businesses. As IT becomes increasingly widespread and sophisticated however, there is growing unease about the security of on-line financial transactions and the risks of fraud, virus infection and hacking. The fact that these and other immensely significant issues will be examined under a global spotlight in Belfast, underlines Northern Ireland�s growing standing as a European IT center. Northern Ireland�s growing importance as a location for the international IT industry was a key factor in the WITSA decision to bring the event to Belfast. WITSA members believe the city will provide a vibrant location for international business executives, technologists and policy leaders to come together to learn about trends and developments in information security and to share best practices, programs, ideas and opinions.

The event � which is being organized by international event management company Project Planning International - will also review work undertaken by working groups set up at the Washington DC Summit in October to look at areas such as best practice, workforce education, research and development, cyber-crime and law enforcement and public policy. To register, or to find further information on the Summit II, please see the SIF or Project Planning Web sites. Information on the October 16-17, 2000 Summit is available here.

As reported in the November 2000 edition of the WITSA Newsletter, the inaugural Global InfoSec Summit in Washington, DC on October 15-17, 2000 initiated a groundbreaking process toward global collaboration among industry, government, and academia representatives to ensure the security and integrity of the Internet and to promote the growth of e-commerce. On May 31 to June 1, the Software Industry Federation in Northern Ireland (SIF) will be hosting the Second Global InfoSec Summit in Belfast (see article above). Leading up to the Summit II, five international Working Groups were established under the Partnership for Global Information Security and a Web site has been set up at http://www.pgis.org/. The Working Groups convene electronically and per conference calls and aim at increasing awareness, building partnerships and filling gaps of information not available elsewhere. The Working Groups are open to participation by interested parties and will develop work plans and report at Summit II in Belfast. The Working Groups are structured as follows:

1. Best Practices: Identify emerging and successful information security best practices in the areas of technology, policies, and procedures to help existing organizations compete in today�s world of changing and threatening cyber security exposures.

2. Workforce: Identify resources to find talented information security specialists and educate the workforce on strong information security procedures with the goal of supplying the digital economy with talent it needs to be creative, productive, and secure.

3. Research & Development: Increase collaboration across industries and around the world on information security research and unique developments efforts.

4. Cybercrime & Law Enforcement: Bring industries and law enforcement experts together from around the world to identify challenges and opportunities for identifying, preventing, reporting, and investigating cyber crime.

5. Public Policy & Legal: Explore policy developments and to identify legal issues around the world, including the legal status of enabling technologies, the state of government regulations, and the emerging risk management strategies for InfoSec liability.

Countries represented include United States, U. K., Kenya, Belgium, Bulgaria, South Africa, Poland, France, Pakistan, Philippines, Canada, and Mexico. More information on PGIS and how to register is available online.

WITSA collaborated with McConnell International LLP on a first-of-its-kind International Security Law Project, aiming to identify the measures taken by the governments in 52 countries across the world to combat information security. Bruce McConnell formerly operated the International Y2K Cooperation Center (IY2KCC), which was set up by WITSA under the mandate of the United Nations, and coordinated Y2K readiness between national coordinators from over 150 countries. As reported in the August 2000 edition of the WITSA Newsletter, WITSA also previously cooperated with McConnell International in developing a high-profile �E-Readiness� report.

The report, entitled "Cyber Crime . . . and Punishment? Archaic Laws Threaten Global Information", was published on December 7, 2000 and is available online. A joint December 7, 2000 WITSA/McConnell International press release is also available as well as a January 2, 2001 press release regarding updated references to Canadian cyber crime legislation.

The report looked at ten different types of cyber crime in four categories: data-related crimes, including interception, modification, and theft; network-related crimes, including interference and sabotage; crimes of access, including hacking and virus distribution; and associated computer-related crimes, including aiding and abetting cyber criminals, computer fraud, and computer forgery.

Among some of the key findings: Thirty-three of the countries surveyed have not yet updated their laws to address any type of cyber crime. Of the remaining countries, ten have enacted legislation to address five or fewer types of cyber crime, and nine have updated their laws to prosecute against six or more of the ten types. Of those countries, only one, the Philippines, indicated that updated legislation is currently in place to prosecute a future perpetrator of all of types of crimes. In addition to highlighting the efforts of 19 countries that have partially or fully updated their criminal laws, the report also identifies efforts underway in 17 countries that have not updated their laws, including Cuba, Latvia, New Zealand, and Zambia.

6. 2001 Global Public Policy Conference to be held in Cape Town, South Africa

As previously reported, WITSA is proud to co-host with Information Industry South Africa (IISA) its first ever conference in Africa. As technology permeates every aspect of our lives in the modern world, it is increasingly affecting the lives of those in developing countries even though it may be less apparent. It is clear that in most instances advances in information technology and communications are widening the gap between first and third world countries and between the "haves" and the "have-nots" in populations. The WITSA Global Public Policy Conference 2001, to take place in Cape Town on September 10-11, 2001, will examine the developments in technology and in particular the growth in the Internet and Electronic Commerce. Among featured speakers is Carl Bildt, former Prime Minister of Sweden and Special Envoy to the United Nations.

The aim of the conference is to bring together a cross section of people from government, business and organized labor to address the requirements for establishing and implementing effective public policy. The following important dates have been established with regard to call for papers:

Feb 28, 2001		Notification of interest in submitting paper
April 15, 2001		Paper submission deadline
May 15, 2001		Notification of acceptance
July 31, 2001		Camera ready copy of final paper

A range of sponsorship opportunities are available for suppliers to gain exposure to the influential delegates attending the conference, the social functions, and also to the WITSA network as part of the international marketing campaign for the WITSA Global Public Policy Conference 2001:

Diamond Sponsorship		U.S. $ 100,000
Platinum Sponsorship		U.S. $ 75,000
Gold Sponsorship		U.S. $ 50,000
Silver Sponsorship		U.S. $ 25,000
Bronze Sponsorship		U.S. $ 10,000

Further details regarding the event, call for papers and sponsorship opportunities can be found at the GPPC 2001 Web site. A new call-for-papers brochure can be downloaded in PDF and MS Word formats. Inquiries can be made to the Secretariat or to Louise Hullock or Peter Aspinall at SBS Conferences.

The 2002 World Congress on IT will take place in Adelaide, Australia from February 27 to March 1, 2002. WCIT 2002 seeks to engage people around the world - the people within the IT industry and the people that depend on IT-in a lively and positive dialogue that will help to shape a better future. It aims to be the most interactive and most rewarding Congress experience for participants and for sponsors. The event will build on the outcomes of previous World Congresses and will challenge you to help define the future and to unleash the power of information and communication technologies for the benefit of us all.

A brand new EZINE newsletter is now available, with updated information from Chief Executive John Gygar. You are encouraged to read the newsletter and to explore the both the WCIT 2002 and WCIT 2000 web sites to learn more about this extraordinary event.

WITSA Chairman George Newstrom on December 4, 2000 delivered a keynote address in Soul, Korea at the ASOCIO 2000 Symposium. The speech, which addressed WITSA activities as well as critical issues related to the Digital Economy, is available at the WITSA Web site. The Asian-Oceanian Computing Industry Organization (ASOCIO) is the regional organization designed to encourage and foster trade between its members and to develop the computing industry in the Asian and Oceanian region. More than 500 IT executives from the Asian and Oceanian region attended the 2000 Symposium.

Separately, ASOCIO members agreed to establish an ASOCIO Secretariat Office based in Tokyo and hosted by Japan Information Service Industry Association (JISA), a WITSA member association. Harres Tan of the Association of the Computer And Multimedia Industry Malaysia (PIKOM) was appointed as the new ASOCIO President for the period 2001-2003. For more information, please see the official ASOCIO Web site.

9. Bidding Deadline for 2006 World Congress on IT Extended to May 1, 2001

The World Information Technology and Services Alliance (WITSA) will be represented with a booth at SETI 2001, one of the largest European high-tech trade shows seen annually by some 120,000 visitors. Semaine Europ�enne des Technologies de l'Information, often known as the Paris Expo, will be held on March 6-8 in Paris at the Paris-Expo ( Porte de Versailles). The WITSA stand will be located in the "International Area" at the expo, and will include a large screen displaying the WITSA Web site as well as information on WITSA's key events, including Global InfoSec Summit II, the 2001 Global Public Policy Conference and the 2002 World Congress on IT. Jean-Paul Eybert, Deputy General Manager of the French WITSA member association, Syntec Informatique, has generously committed to maintain the stand. General questions about SETI 2001 may be directed to Skander MABROUK at skander@infopromotions.fr.

11. High-Tech Industry Announces New Information Sharing & Analysis Center for Information Security

[This press release is also available at the ITAA site] The Information Technology Association of America (ITAA) and nineteen of the U.S. leading high tech companies on January 16 announced the formation of a new Information Technology Information Sharing and Analysis Center (IT-ISAC) to cooperate on cyber security issues. The objective of the IT-ISAC is to enhance the availability, confidentiality, and integrity of networked information systems.

In response to the recent increases in the number and nature of cyber attacks on networked information systems, the IT industry has banded together to fund this new organization to facilitate the sharing of threat and vulnerability information.

The IT-ISAC is a not-for-profit corporation that will allow the information technology industry to report and exchange information concerning electronic incidents, threats, attacks, vulnerabilities, solutions and countermeasures, best security practices and other protective measures. The organization is a voluntary, industry-led initiative with the goal of responding to broad-based security threats and reducing the impact of major incidents. Membership in the IT-ISAC is open to all U.S.-based information technology companies. It will offer a 24-by-7 network, notifying members of threats and vulnerabilities.

The nineteen Founding Member companies of the IT-ISAC, all represented at the announcement, are AT&T, Cisco Systems, Computer Associates, CSC, EDS, Entrust Technologies, Hewlett-Packard Company, IBM, Intel Corporation, KPMG Consulting, Microsoft Corporation, Nortel Networks, Oracle Corp., RSA Security, Securify Inc., Symantec Corporation, Titan Systems Corp., Veridian and VeriSign, Inc.

Significant IT industry input to the President's Commission on Critical Infrastructure Protection led to the adoption of a number of industry recommendations in the Commission�s final report, including the creation of public-private partnerships and information sharing mechanisms addressing threats and vulnerabilities of IT networks. These industry views were included in Presidential Decision Directive 63, which advanced a public-private sector plan for critical infrastructure protection, and the IT industry has worked closely with the Department of Commerce and other Federal agencies in laying the groundwork to implement information sharing mechanisms.

In February 2000, many IT industry leaders participated in a White House summit on network security and committed to create an IT industry mechanism to share information on cyber attacks, vulnerabilities and security practices. The January 16 announcement is the next step in what has been, and will continue to be, an ongoing cross-industry and government partnership that is vital to improved network security and reliability and our common national interests. The IT-ISAC Founding Members were joined at the January 16 announcement by Commerce Secretary (Transportation Secretary-designate) Norman Mineta, Information Technology Association of America President Harris N. Miller, the National Coordinator for Security, Infrastructure Protection, and Counter-Terrorism, Richard Clarke, and the Assistant Secretary of Commerce for Communications and Information, Greg Rohde. The creation of the center prompted numerous statements from the founding companies. Statements are posted at www.itaa.org.

12. Tech Waits on New President, New Congress: ITAA Backs Key Bush Cabinet Choices

[The following article can be found in the January edition of the ITAA E-Letter]: In January 2001 Washington, D.C. witnesses see a changing of the guard, with the beginning of a new Congress and new Administration. While the new Administration has made nominations for all Cabinet appointees, the hundreds of additional key sub-cabinet typically take months to fill in new Administrations. President Bush has nominated several long-time friends of the IT industry. Both John Ashcroft and Spencer Abraham were leading IT champions in the Senate.

The Information Technology Association of America (ITAA) has publicly supported the nomination of former Senator John Ashcroft as Attorney General. His previous record on encryption, intellectual property and online privacy has been well received. Energy Secretary-designate, former Senator Spencer Abraham, is another strong friend, especially on business immigration issues. Change is also in store with the new Congress. The even party split will impact on the dynamic in the Senate. In the House, there are many new Committee Chairmen, including several Committees that are generally closely watched by the high-tech industry. Key issues include:

q Privacy - ITAA worked hard in 2000 to ensure precipitous regulation of Internet privacy was avoided. ITAA supports industry best practices and technology-based solutions that empower consumers to establish their own privacy preferences. The high tech industry is working diligently to provide these innovative products, such as P3P.

q Internet tax - The Internet tax moratorium, passed in 1998, is due to expire in October 2001. ITAA will strongly support a continuation of the moratorium for a minimum of three to five years.

q Telecommunications - ITAA will continue to promote a faster completion of the transition to competitive local telecommunications markets, promoting consumer choice among a variety of technologies and providers.

q Trade - ITAA is counting on the pro-free trade Bush Administration, with support from Congress, to reinvigorate efforts to eliminate barriers around the world that disadvantage US IT companies.

ITAA has been working both with the Bush transition team and the new Congressional leaders. ITAA staff, for example, have participated as member of Transition's Advisory panel on the Federal Communications Commission.

In light of Sweden's EU Chairmanship in the first half of 2001, the Swedish IT-companies' Organisation (SITO) released a January 12 press release outlining priority areas of work, including in particular telecom liberalization and eEurope. Other priority areas are the skills gap, eGovernment and environment-related questions. In December 1999 the European Commission launched the eEurope initiative, which among other things aims to bring all European citizens into the Digital age and connected to the Internet. In June 2000 the European Council adopted the action plan "eEurope 2002". The plan includes objectives that must be reached by 2002, and is the basis for the Swedish Chairmanship this year (see latest "The eEurope 2002 Update" prepared for the December 7-8, 2000 European Council in Nice).

An important part of eEurope is that authorities and public administration be accessible online 24 hours per day. Under the Swedish Chairmanship, a special conference will be arranged on this theme. SITO tracks the issues that are placed on the agenda under the Swedish EU Chairmanship, e.g. telecom regulation, the application of VAT on digital services, environmental regulation, skills shortage, information security, e-government, and R&D. Moreover, SITO has offered to be a link between the Swedish Department of Trade, IT companies and other European industry associations. It is clear that telecom liberalization and certain aspects of eEurope will be among the IT issues to receive top priority under the Swedish Chairmanship. However, it is far more uncertain where negotiations will stall and which other IT related issues will be put on the agenda in the first half of 2001. For more information, please contact SITO directly: Robert Limmerg�rd.

In a January 11 2001 letter to President Dr. Fernando de la Rua, Argentinean WITSA member C�mara de Empresas de Software y Servicios Inform�ticos (CESSI) sought a short-term action plan for the Argentina high-tech sector. The letter was cosigned by CESSI President Dr. Jorge Cassino and Ing. Carlos Z�rate (Motorola), President of the Argentina Commission of Industrial Policies. The letter pointed out that the technology sector was at a critical point in time. CESSI stated that the Argentine government needed to work with industry in order to develop a more proactive policy for the telecommunications sector, including greater use of tax incentives. Latin-American governments that were cited as good examples for public telecommunication policy included Costa Rica, Colombia, Brazil, Chile and Uruguay.

According to the CESSI letter, a world is being transformed which includes three main categories: (1) those who produce the tools and products for the digital economy, (2) those who use the tools and products needed to participate in the digital economy, and (3) those that are left behind. CESSI warns President de la Rua that Argentina currently is placed somewhere between the first and second category, and that a government-industry action plan is needed to ensure that the environment is optimized for the production of tools for the digital economy. Of particular importance was creating the right environment for not only producing, but retaining skilled labor in the IT sector. The letter concludes with an urgent request for meetings with the President and other key government officials in order to present industry's views on what will need to be done in the short term in order to facilitate the high-tech sector in Argentina. For more information, contact CESSI Executive Director Silvia Bidart.

At a late-December 2000 Board Meeting of the Australian Information Industry Association (AIIA), AIIA Chairman John Gwyther identified the Australian WITSA member's new and revised priorities. A short list is included below, and Chairman Gwythers entire speech is available at the AIIA site.

1. Leading and representing the information industry to maximize the potential of the Australian economy: Previously the Association's mission was focused solely on the ICT industry. However in recognition of the importance of our industry to all other Australian industries, AIIA's mission has been extended to encompass the industry's impact on the economy as a whole;

3. transform AIIA into an ebusiness, with Australia's first on-line Board election, implemented for AIIA by election.com and the redevelopment of AIIA's website by HarvestRoad.

B. POLICY PRIORITIES (4 priority areas of government policy over the next 6 to 12 months)

1. Public Policy (including industry development) - facilitating the growth of the industry;

2. Skills & Education: ensuring we have the necessary resources to support that growth;

3. Privacy and Consumer Issues (particularly as in regard to e-commerce) - building our reputation and business through trust; and

4. Tax and the Business climate - enhancing industry's investment appeal and reducing business costs.

AIIA has established a Taskforce for all four of these priority areas, and each is chaired by a Board member and supported by the AIIA Secretariat. The Taskforces have replaced the previous structure of policy forums, and as the label 'taskforce' suggests, they are outcomes focused.

The Public Policy Taskforce is in the process of finalizing a 'National ICT Policy Paper', which will outline AIIA's vision for the future of our industry, and recommend the various policy requirements to achieve this vision. This builds on previous papers of a similar nature released by the Association every 2-3 years.

The Australian Information Industry Association (AIIA), the national body representing computing and communications technology suppliers, in a January 13 press release welcomed the Humphry report on the implementation of the Federal Government's Outsourcing initiative. Association Executive Director Rob Durie stated that the recommendations, which had been broadly accepted by the Australian Federal Government, effectively endorsed the Association's position on outsourcing. The statement described outsourcing as the right policy, but cautioned that it needed to be implemented in such a way as to promote true partnering between government agencies and the computing and communications industry. Durie stressed that, by giving responsibility to individual agencies, there will be greater focus on business solutions and less focus on legal and contractual issues - resulting in better business and program outcomes for both government and industry. For more information, please see the AIIA site.

The Information Technology Association of Canada (ITAC) is actively participating in the Canadian National Broadband Task Force, which was set up after the Canadian Federal government in October last year announced its "connectedness strategy", aiming to provide broadband Internet access to all Canadian citizens by 2004. At the first meeting of the Task Force, ITAC advised that "government's role is better suited to creating content � compelling content � that would link every citizen in Canada. The focus should be on content from the vast repository of knowledge the government holds and applications that would improve every aspect of our lives. The Biodiversity Network Initiative or projects like the Nova Scotia Tele-Health Network, which provides remote diagnostics, consultation and education functionality for medial practitioners, available province wide, are excellent examples of compelling content that would build demand. With sufficient demand created, we believe there will be more than enough suppliers willing to build the infrastructure, something the private sector is much better suited to do". For more information about ITAC's participation, see the January 23 edition of the ITAC NetFlash Newsletter and a January 11 news release.

Late last year, the Information Technology Association of Canada (ITAC) announced the results of a Canadian study, the first of its kind, identifying the growing impact on productivity and output growth in Canada due to investment in information technology. In a press release, ITAC stated that the stock of IT capital had been growing by about 30 percent a year for 20 years - a growth rate never before seen for so long and transforming how business is carried out in Canada. In 1980, total real Canadian IT capital was a paltry CAN $0.44 billion. This strong growth had, by 1999, increased our IT capital stock to CAN $80.4 billion. But by way of comparison, this is equal to 5.7 per cent of Canadian capital stock compared to about 13.5 percent in the United States. The impact on GDP growth of investment in IT capital is almost as much as that of investment in non-IT capital. This is significant because IT capital accounts for only about 5 per cent of the capital stock, and non-IT capital the other 95 per cent. This study, prepared for the Information Technology Association of Canada, IBM Canada and Microsoft Canada, confirms the findings of similar studies in the United States showing that the surge in information technology investment is having a growing impact on productivity and output growth. For more information, see the ITAC site. To read or subscribe to the ITAC NetFlash Newsletter, Click here.

According to a survey by the National Association of Software and Service Companies (NASSCOM), e-commerce in India will witness a significant jump over the next three years. According to the Indian WITSA member association, the penetration of Internet and e-commerce transactions in India will increase by leaps and bounds. It is being stated that in the case of Business-to-Business transactions, the Indian industry will reach on-line penetration of 5% by 2003. This would be around one sixth of the e-commerce penetration achieved in Japanese industries during the same period. The survey findings also point to the fact that India�s active Internet population would spend close to 3.2 percent of its total regular household spending through Internet purchases by 2003. Revenue streams would increasingly be aligned with the emerging global model, it is being anticipated. This would mean that the majority of the revenues would come from transactions, while a smaller amount would be realized from advertising revenues. It is expected that by 2003, more than 75 percent of revenues of Internet Business-to-Consumer businesses would come from transactions. The advertisement revenues would amount to about 8% percent of total ad spend by the companies.

In the year 1999-20000, Internet and e-commerce related software and services export from Indian brought in US$500 million out of an estimated US$4 billion software and services exports. Supply Chain Management optimization is one of the strongest drivers of the global e-commerce solutions market, as it spurs business-to-business transactions. More than 68% of Indian software houses have informed of strong expertise in supply chain and distribution management solutions.

About 23 percent of top 500 companies in India already have started some form of e-commerce in place. These have been facilitated through the upgrading of existing IT systems or fresh installations configured or E-commerce transactions. Meanwhile, SMEs are increasingly seeing the benefits arising from e-commerce as expanded geographical coverage giving them a larger potential market into which they can sell their products and services. For more information, see detailed report at the NASSCOM site.

In an effort to tackle the "digital divide", OECD on January 16-17 organized an Emerging Market Economy Foru m on Electronic Commerce in Dubai, including about 300 delegates from 20 emerging-market and developing countries in addition to industrialized nations and members of the Digital Opportunities Taskforce, or DOT Force - set up in July 2000 by the G-8 in Okinawa. The Forum produced a number of recommendations on how to bring the benefits of the "digital revolution" to less fortunate countries and population segments, including awareness-building exercises involving senior government officials, government-backed venture capital funds to support information and communication technology (ICT), publicity for successful pilot projects that can serve as examples to others, and tax incentives to encourage ICT companies to expand operations in least-developed countries (see OECD press release).

The OECD Dubai 2001 Issues Paper, prepared by Professor Robin Mansell at London School of Economics in advance of the meetings, demonstrated how significant the digital divide had become. Most notably, the Issues Paper stated that the entire African continent, excluding South Africa, only had about 12,000 Internet hosts in the .com, .net and .org domains, about the same number as the tiny Baltic nation of Latvia: Even when including other Internet domains (country-code top-level domains), the number of hosts were only estimated to range between 25,000 and 30,000. While Latvia has a population of 2.5 million, Africa's non-South African population is 780 million (1999 estimates). While many emerging economies experienced significant e-commerce growth, e.g. Arab countries (Egyptian Internet service providers projected a 1,000 percent growth in e-commerce volume in 2000), there was few examples of developing countries "catching up" on technology. In 1999, for example, only 0.1 percent of the Arab population was connected to the Internet.

The findings from the Dubai Forum will serve as input for the DOT Force, which is scheduled to issue a substantial report to G-8 leaders at their Genoa summit in July 2001. The Dubai Forum marked the launch of a series of DOT Force consultations to be held over the next several weeks. The next meeting will take place in Berlin in late-January, and then in Davos (Switzerland), at the World Economic Forum. Separately, OECD will host a joint March 5-6 OECD/UN/UNDP/World Bank Global Forum in Paris on the connection between development aid and ICT exploitation. Furthermore, the OECD and the Italian government is scheduled to host a Global Conference on Governance in Naples on March 15-17, with a focus on "democracy and development through e-government". Finally, OECD Forum 2001, to be held in Paris on May 14-16, will address digital divide issues. For information about WITSA participation at the Dubai Forum, please see article above (WITSA Activities section).

21. Hacking on the Rise; Internet Guru Sees Solutions

According to recent Attrition.org data, as reported by Computerworld, defacement of web sites increased by more than 50 percent in 2000 over the previous year. A total of 5,800 sites were vandalized, according to the data. While web site defacements traditionally has been disregarded as a serious security threat, recent developments and increased sophistication on behalf of hackers has forced information security experts to consider the possibility that defacements are coupled with code that either grant hackers illegal access to sensitive data or leaves behind malicious code that turns computers with always-on Internet access into so-called "zombie machines". The latter are infected computers that can become a tool for hackers to launch distributed denial-of-service (DDOS) attacks at any time. In fact, the well-known attacks against CNN and eBay Inc. in February 2000 were part of such schemes. There are likely a much more substantial number of computers around the world that are latent carriers of malicious code, without the knowledge of the owners or administrators.

While Internet security has a long way to go, however, technology that protects computers and enhances privacy and security on the Net also advances. At a December government conference on Internet-related security issues, entitled "Defending Cyberspace 2000", Internet founding-father Vint Cerf advocated the use of so-called smart cards - credit card sized mini-computers enabled to validate user identities before conducting any transaction. According to Cerf, advances in smart cards could be one of several technologies that would ultimately provide the security and privacy protections needed to safeguard e-commerce.

According to the Internet Industry Almanac the U.S. has an overwhelming lead in Internet users with almost 40 percent of the total 280 million Internet users at year-end 1999. The definition of an Internet User being any person over 16 who uses the Internet on a regular basis at least once a month. However, the U.S. is only ranked 4th in Internet users per capita. Canada is the per-capita leader with nearly 43 percent of the population being regular Internet users. The Internet Industry Almanac projects that the U.S. will have over 165 million Internet users or 27 percent of the total 601 million worldwide Internet users in year 2002. In the U.S., 59.2 percent of the population is forecasted to be Internet users by 2002. In a press release, the following top 15 countries in terms of Internet usage were listed: (1) Canada, (2) Sweden, (3) Finland, (4) U.S., (5) Iceland, (6) Denmark, (7) Norway, (8) Australia, (9) Singapore, (10) New Zealand, (11) Netherlands, (12) Switzerland, (13) United Kingdom, (14) Taiwan, (15) Hong Kong.

According to the Internet Industry Almanac, there are currently 9 countries with over 30 percent Internet penetration. By year-end 2002 there will be 14 more countries where over 30 percent of the population will be Internet users: Austria, Belgium, Germany, Ireland, Israel, Italy, Japan and South Korea.

Separately, an American Express Global Internet Survey found that Sweden ranked first in terms of Internet access. According to the Survey, 79 percent of Swedes have Internet access, compared to 73 percent of Americans. Of the 10 countries polled (Sweden, USA, Australia, Canada, Hong Kong, Argentina, Great Britain, Brazil, Japan, Italy), nearly half (46 percent) of all consumers on average have access to the Internet at home, school, work or elsewhere. Of the ten countries, Japan and Italy have the least Internet access, at roughly one quarter of their population. American Express expects the overall level of Internet users across the ten countries to surge to 57 percent this year.

23. Internet Governance Body Appoints New CEO; Prepares for Melbourne Meetings

The Internet Corporation for Assigned Names and Numbers (ICANN) on January 23 announced that Dr. M. Stuart Lynn would succeed Michael Roberts as President and Chief Executive Officer of the global Internet governance organization. Dr. Lynn will take office at the conclusion of the Board's next meeting in Melbourne, Australia, March 10-13, 2001.

Dr. Lynn has had a distinguished career in computing and information technology that dates back almost four decades. His most recent position until his retirement in 1999 was as Associate Vice President for Information Resources and Communications for the University of California Office of the President where he served as chief information officer for the combined University of California system. A January 23 ICANN press release states that ""We are incredibly fortunate to have found someone with Stuart Lynn's extensive and varied technical and managerial background to succeed Mike Roberts," said Vint Cerf, Chairman of the ICANN Board of Directors. "Dr. Lynn will bring the energy, experience and skills needed to forge consensus from the diversity of Internet constituencies that have interest in ICANN and its work. I look forward to working with Stuart, the Board and the ICANN staff during the coming year." Cerf also served as the chairman of the Executive Search Committee."

In a conference call with journalists (see Total Telecom article), Dr. Lynn expressed that his main goal will be to build consensus for policy decisions by involving Internet users worldwide. Lynn would work to make ICANN increasingly attentive to the Internet community as a whole: "The Board of Directors of ICANN sets the policy but the policy is based very much on community input". Dr. Lynn did not intend to unduly impose his own personal views on the Internet governance body, said his greatest challenge would be to "bring people together" in a common cause. In a separate statement, outgoing ICANN CEO and President Mike Roberts believed the new U.S. Bush Administration would continue to support the continued process of privatizing the domain name system by gradually handing over its management from the U.S. government to ICANN.

ICANN's next round of meetings will be held (10-13 March, 2001), in Melbourne Australia. The meetings are free to attend, and open to any interested person. ICANN encourages broad participation in its bottom-up consensus-development process. Meeting schedule, registration and information about hotel booking is available at the ICANN site.

Separately, in the previous edition of the WITSA Newsletter, we announced that ICANN at its annual meeting in Marina del Rey, California, on November 16 2000 appointed Vinton Cerf as its new Chairman, replacing Esther Dyson - a high-tech entrepreneur and newsletter editor who left the board after having served as Chairman for two years, when the Internet technical coordination body was first established. Mr. Cerf, who assumed the Chairmanship for a one-year unpaid term, is widely recognized as one of the �founding fathers� of the Internet.

The consensus is reflected in amendments to the Commentary on the OECD Model Tax Convention which were recently adopted by the Committee on Fiscal Affairs. These amendments will help both companies and tax authorities determine how to apply the permanent establishment definition in relation to e-commerce. As such, they mark an important clarification in the fiscal environment for e-commerce, which is likely to assist in its continued growth. These amendments are available on the OECD�s website.

The CFA will meet again on January 30-31. The Working Parties and the five government-business Technical Advisory Groups will issue reports to the CFA at that time, and it is hoped that the progress reports from both the TAGs and the WPs will be published. The CFA is scheduled to meet again in late June to consider new reports that takes the public comments into account. A first-of-its-kind global tax conference entitled �Tax Administrations in an Electronic World� will take place in Montreal June 2001. This is a government-only conference.

A rather peculiar incident occurred in Norway early in the morning on December 31 when 16 of the national railroad company's (NSB) airport express trains and 13 high-speed, long-distance Signatur trains failed to start. The cause of the malfunctioning was found to be an undetectedY2K bug resulting in the trains' computers to recognize all 2000 dates except December 31, 2000. A temporary solution was found by turning the computer clocks back to December 1, 2000. Ironically, the railroad company had experienced no flaws a year earlier, as the world entered into the new millennium. The older trains were not affected by the bug, and many of these were used to ensure that no major delays were experienced.

European Union Commissioner on Enterprises and Information Society Erkki Liikanen on January 10 held a first hearing to consider a proposal for a legal measure outlawing "spam", the sending of unsolicited e-mail. Legislation adopted in 1997 provided protection against telemarketers, infamous for unsolicited phone calls. The new "Proposal for a directive concerning the processing of personal data and the protection of privacy in the electronic communications sector" presented by the European Commission would extend the same protections to all forms of electronic communication, including PCs and mobile phones. The proposal is based on a so-called "opt-in" mechanism, preventing businesses from transmitting mass-mailings to people who have not given express consent in advance. The proposed system differs from the "opt-out" method, which places the burden on recipients to notify spammers to stop sending the e-mails.

In the U.S., there are still unresolved issues about a federal ban on spam, e.g. the development of public safety warnings by e-mail (weather, emergencies, etc.). Some U.S. States, however, have adopted their own spam measures. As reported in the March 1999 edition of the WITSA Newsletter, Virginia became the second US state to criminalize spamming on February 23, 1999, following California's lead in 1998. In Virginia, spamming is a misdemeanor punishable by fines ranging from US $10 per message up to US $25,000 per day. Violations could rise to a felony punishable by up to five years in prison if spamming is caused by a "malicious act" and results in more than US $2,500 in damages to the victim. The Virginian legislation also apply to all out-of-state junk mail sent through any Internet service provider based in Virginia.

27. Companies Hesitant About 'Safe Harbor'; Industry-Government Seminar Launched

As previously reported, in order to bridge the different privacy approaches and provide a streamlined means for U.S. organizations to comply with the European Commission�s Directive on Data Privacy, the U.S. Department of Commerce in consultation with the European Commission developed a "safe harbor" framework which entered into force on November 1, 2000. As stipulated by the Department of Commerce, "safe harbor" is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that participating U.S. companies provide "adequate" privacy protection, as defined by the Directive.

However, as of January 25, only 13 companies and organizations had signed up to participate in the "safe harbor". One explanation for companies being hesitant about signing to become certified under the program up is uncertainty about all the possible ramifications, and in particular with regard to potential legal liabilities. In response, the Commerce Department and U.S. industry will team up this year to launch a series of explanatory seminars, which may increase that number and bolster the legitimacy of the safe harbor arrangement. The seminars are aimed at informing U.S.-based companies about the new provisions and providing advice on how to develop corporate data privacy policies that are necessary in order to be eligible for legal protection from stringent European privacy laws. Early indications are than several companies are actively exploring the safe harbor program, and may sign up in the near future.

The first seminar is scheduled to take place Jan. 25 in Palo Alto, Calif., with others due to follow next month in New York, Washington and Dallas. A detailed Web site has been set up by the Commerce Department to provide detailed information about the safe harbor agreement as well as sign-up forms for companies and organizations. For more information, see also ComputerWorld article. The European-American Business Council (EABC) also launched a seminar on safe harbor earlier this month. In that seminar, participants asked when companies might expect the release of the EU safe harbor model contract, indicating that availability of the contract also will impact company decisions on whether or not to self-certify or pursue the contract option.

A January 17 U.S. Trade Representative (USTR) press release announced that the U.S. and the European Union have implemented mutual recognition agreement (MRA) sectoral annexes that immediately reduce barriers to approximately US$30 billion in annual transatlantic trade of telecommunications and electronic products by eliminating duplicative product testing requirements. The press release stipulated that, following a successful two-year confidence building period under the telecommunications and electromagnetic compatibility annexes, EU regulators will now recognize certificates issued by designated labs operating in the United States that the equipment they have evaluated meets the EU requirements - and vice versa. This step eliminates duplicative assessments for most telecommunications and electronic products by permitting U.S. manufacturers to export products to the EU without additional tests and certifications. The decision officially confirms 33 different U.S. and 32 European conformity assessment bodies (CABs) as recognized to be competent by U.S. and EU government regulatory authorities to test and certify equipment under these two annexes. These CABs now may begin testing and certifying products within the scope of their designation. Additional CABs will be added in the near future.

The MRA annexes on telecommunications equipment covers telecommunications terminal equipment and information technology equipment. The annex on electromagnetic compatibility covers equipment subject to EU and US radio interference and compatibility requirements, including radios and videocassette recorders imported into the US and most electrical and electronic equipment exported to the EU.

The European Commission on January 5 announced that despite "significant technological changes" since 1998 in the field of voice on the Internet, this activity still could not be defined as voice telephony and thus should not be covered by the regulatory regime applying to the latter. The Commission said Internet telephony could only be considered voice telephony if it was offered to the public commercially, made available to and from public switched network termination points on the fixed telephony network and involved direct transport and speech in real time (see Total Telecom article). The decision was made as an update to the 1998 Communication notice on the status of voice on Internet under Community law, after a consultation process. This update brings a number of clarifications to the 1998 Notice, but confirms its overall assessment that voice on Internet should continue, except in limited cases, to be treated by the Member States differently from voice telephony.

By way of background, the 1998 notice on the status of voice on Internet under Community law indicated that its content should be reviewed before the year 2000, in order to take into account possible technological and market developments. A public consultation took place in the Summer of 2000, which gave the opportunity to a variety of market players (operators, manufacturers, national authorities, associations�) to express their views. After taking these comments into consideration, the Commission adopted a supplement to the 1998 Notice on 21 December 2000, which concludes that the approach of the latter remains valid. Voice services on Internet usually do not meet each of the conditions for the definition of voice telephony in the 1990 "services" Directive and should therefore not be treated as such from a regulatory point of view.

The Commission, which reached its conclusions after consultation with the industry last year, said there could be exceptions. The communication clarifies the differences between voice over Internet protocol and voice over the Internet. It states, as a consequence of this distinction, that the conveyance of voice signals over dedicated private networks using the Internet protocol is likely to produce a level of service comparable with that of voice delivered over conventional telephony networks. "Certain Internet telephony providers may qualify as providers of voice telephony as soon as they offer a quality of service equivalent to that of traditional voice telephony".

George W. Bush's stands on technology issues were frequently referenced and commented on during the presidential election campaign last year. However, as reported by NationalJournal.com on January 18, a list of Bush's technology proposals made available earlier this month also shed light on one important issue not previously discussed in detail by the new President: Online privacy. According to the proposal, George W. Bush favors basic notice and consent requirements, that "everyone should have the ability to know what information is collected about them and how it will be used, and to accept or decline the collection or dissemination of this information." While the document is only an early indication where Bush will stand on privacy and other issues, the statement seems to harmonize fairly well with draft legislation S. 2928 introduced in the previous Congress by Sen. John McCain, R-AZ, former Sen. Spencer Abraham, R-MI, and Sen. John Kerry, D-MA. That proposal would require Web sites to provide consumers with notice and choice about businesses' information-collection practices.

On taxation, Bush supports extending the domestic moratorium on Internet taxes until 2006, and will oppose all Internet access taxes. Bush will also work to make the Internet a duty and tariff-free zone globally, and will seek to eliminate non-tariff to IT trade. Both intellectual property piracy and development of internationally compatible standards for e-commerce will be high priorities for the new Administration. On immigration issues, G. W. Bush will seek to increase the number of high-tech workers granted H1-B visas. Bush also intends to appoint and fund the Deputy Director for Management of the Office of Management and Budget (OMB) as the first U.S. federal government CIO. As regards child online protection, Bush will seek to increase penalties for "cyberstalking" and supports requirements that schools and libraries receiving federal funds install filters to protect children from "harmful content". On trade issues, President Bush will attempt to secure Fast Track negotiating authority by next April and to push for a new comprehensive round of global trade talks. Moreover, Bush will seek Free Trade Agreements with all Latin-American countries, and in particular Chile, Argentina and Brazil. Finally, while welcoming China PRC into the WTO, Bush also intends to incorporate Taiwan into the global trading body. A copy of G. W. Bush's proposals can be obtained by contacting the Secretariat.

Separately, two U.S. lawmakers on January 23 unveiled legislation providing some privacy protection for Internet users, adding yet another approach to what will likely be a major issue for the 107th Congress. The bill, co-sponsored by Reps. Chris Cannon, a Utah Republican, and Anna Eshoo, a California Democrat, would require Web sites to notify visitors how personal data such as telephone numbers and ZIP codes are used, and allow visitors to limit its use (see Total Telecom article). A number of states are also expected to consider online privacy bills this year. State legislatures are just beginning to convene, but a total of 14 bills related to online identity theft, fraud and children's issues have already been introduced in Arizona, Massachusetts, New Jersey and Missouri, according to research sponsored by the Internet Alliance (see ComputerWorld article).

Canada's Personal Information Protection and Electronic Documents Act became law on January 1, requiring federally regulated businesses in Canada such as airlines, banks telecommunications firms and broadcasting organizations to comply with specific requirements such as getting a customer's consent before sharing data with affiliates or commercial partners, and providing access to the data for review. The law will not be extended to most other businesses until 2004, but the lack of a "grandfather clause" means that a company that doesn't have the consent of an individual on the day the law applies, it won't be able to use that individual's information even if the data was collected years hence. The law, which follows the Canadian Standards Association's model code on privacy, will therefore likely encourage a great many firms to comply with its provisions well in advance of 2004 - even if not federally regulated.

As detailed in the January 23 edition of the ITAC NetFlash Newsletter, Canadians are now protected by new legislation that establishes rules to govern the collection, use, and disclosure of personal information by the private sector. It will be enforced in three stages, the first applying to the federally regulated private sector, including banks, telephone companies, broadcasters, cable companies and air carriers (January 1, 2001). The Act also covers all businesses and organizations engaged in commercial activity in the Yukon, the Northwest Territories, and Nunavut. It will apply to health information on January 1, 2002, and to all commercial transactions involving personal information as of 2004. A guide to help businesses understand and meet their new obligations is available at the Web site of the Privacy Commissioner of Canada.

The Canadian law will in many cases require foreign firms that exchange personally identifiable data with Canadian companies and subsidiaries to sign contracts committing them to following law's privacy provisions. According to David Aaron, a former official at the U.S. Department of Commerce who negotiated the "safe harbor" privacy agreement with the European Union (see article in August 2000 edition of the WITSA Newsletter), large and multinational companies doing business in Canada will likely need to sign dozens of such contracts with anyone who provides them with personal information, even their own subsidiaries. However, many firms have already taken measures to comply with the model code on privacy in anticipation of the legislation. The new law will have little or no impact on those companies. For more information, please contact the Information Technology Association of Canada (ITAC).

As reported in the previous edition of the WITSA Newsletter, Prime Minister Mori of Japan on August 30, 2000 proposed bill adopting the IT revolution as a national goal, and making it an objective to surpass the U.S. in high-speed Internet infrastructure within five years. The Lower House of the parliament on November 9, adopted Mori�s proposed action plan -The IT Basic Bill- which is expected to form the foundation for the grander Formation Law, and includes the following:

The Law for the Formation of an Advanced IT Society attempts to remedy the digital divide by building a nation-wide optical fiber network. However, in a recent report by Total Telecom Asia, a Japanese minister indicated that current efforts may not be enough to ensure universal Internet Access. The statement was made by Koichi Uchida, who is the director general of the International Affairs Department of the Telecommunications Bureau Ministry of Public Management, Home Affairs, Posts and Telecommunications. According to Uchida, the private sector has little incentive to invest in areas of low population and to conduct basic research necessary to get the program going. Uchida suggests that government will need to provide additional subsidies for rural network build-out and for basic research.

However, the government of Japan's ambitious plan to achieve universal access through a massive optical fiber network has been questioned by some who argue that alternative technology solutions, such as satellite and wireless may provide for more cost-effective solutions in inaccessible areas.

In the previous edition of the WITSA Newsletter, it was reported that the ASP Industry Consortium at the Comdex/Fall 2000 in Las Vegas had announced that a new global dispute avoidance and resolution mechanism for application service providers (ASPs) were near completion, and announced an executive summary of the draft guidelines: "ASPresolve: Dispute Avoidance and Resolution Best Practices for the ASP Supply Chain" (the ASP Industry Consortium is an international advocacy group of 700 companies in 28 countries, formed to promote the industry by sponsoring research, promoting best practices, and articulating the measurable benefits of this evolving delivery model). On January 9, the ASP Alliance Chapter (AAC) in Singapore released three documents that it hopes will lead to a better understanding of the local application provision scene and define the parameters within which ASPs operate. The three documents are: ASP Definition, Code of Practice, and Service Level Agreement Guidelines. According to IDC, the Asian ASP market is growing rapidly: By 2004 the ASP market in ASEAN alone will be worth US$185 billion. While the ASP business model is expected to grow significantly in the time to come, ASPs face serious obstacles related to consumer confidence and security.

Formed late August 2000 as the ASP Alliance Committee, the AAC now has 40-odd members. Membership is expected to reach 50 by the end of next month. The non-profit grouping is organizing an ASP pavilion at COMDEX/Asia at Singapore Informatics 2001, which will be held April 10-12. See article in singapore.internet.com.

World Information Technology and Services Alliance, 8300 Boone Boulevard, Suite 450

The World Information Technology and Services Alliance (WITSA) consists of 41 national information industry representative bodies from around the world. Its role is to develop public policy positions on issues of concern to the information industry and present these positions to governments and international organizations. For more information on WITSA and its members, please go to http://www.witsa.org

6. 2001 Global Public Policy Conference to be held in Cape Town, South Africa

Feb 28, 2001

Notification of interest in submitting paper

April 15, 2001

Paper submission deadline

May 15, 2001

Notification of acceptance

July 31, 2001

Camera ready copy of final paper

Diamond Sponsorship

U.S. $ 100,000

Platinum Sponsorship

U.S. $ 75,000

Gold Sponsorship

U.S. $ 50,000

Silver Sponsorship

U.S. $ 25,000

Bronze Sponsorship

U.S. $ 10,000

9. Bidding Deadline for 2006 World Congress on IT Extended to May 1, 2001

21. Hacking on the Rise; Internet Guru Sees Solutions