Legal Issues of Electronic Commerce:
Activity Policies, Intelligent Agents and Ethical Transactions

Chris W. Higgins, Attorney at Law
Lane Powell Spears Lubersky LLP


As governments continue to consider how best to enforce their interests in electronic transactions, technical standards and traditional contract principles will provide a private source of law to govern online transactions. Conceptual, operational and intellectual property issues are raised by electronic commerce, and organizations actively involved in intelligent transactions must conduct legal risk assessment in order to document their information policies. The Activity Policy Association Facilities of ISO/IEC 10744:1997 ("HyTime") represent an international, content-neutral, owner-based system for self-regulating intelligent transactions.


When the World Wide Web Consortium (W3C) officially adopted the eXtensible Markup Language (XML) in mid-February 1998, the Internet finally came to what users of SGML have been enjoying for years, a meta-grammatical modeling language. The difference is, these newcomers brought millions and millions of dollars and users with them. At a time when Microsoft and Sun Microsystems fought each other in a courtroom over the future of Java, the two companies co-sponsored the 1998 XML Conference in Seattle, Washington. Wait a minute. What's going on here? and why?

Electronic commerce is what is going on, and there appears to be enough for everyone. [ELGIN1] Companies like Microsoft, Sun Microsystems and Adobe are finally working with SGML veterans like SoftQuad, ArborText and Inso because the information needs generated by electronic commerce are powerfully addressed with the modeling tools of SGML. The whole global information infrastructure could benefit from this fact, as first commercial transactions and then non-commercial transactions are transformed into a rich, rapid and accurate intelligent information stream, and structural innovation becomes a competitive market instead of a birthright of the next business cycle.

As the mechanism for mediating the exchange of value between intelligent information systems, meta-grammatical standards like XML and SGML play the same role that the law plays in mediating the exchange of value in the real world. As such, these technical standards act as a source of law for online transactions and therefore must be reliable, detailed and accurate enough for real jurisdictions to rely upon them in addressing the multitude of legal issues generated by electronic transactions.

With the passage of only one statute, digital signature laws, the way humans do business will never be the same. For as secure digital commerce evolves, the sheer number of transactions possible predicts that entities will be party to dramatically more contracts. Where there are contracts, there is litigation. Whether, when and how legal institutions will give legal effect to online transactions is the greatest challenge confronting both the legal and technological communities. Even though there are no clear answers, there are some important questions that need to be asked. This paper will attempt to spot the important legal issues generated by electronic commerce, detail the benefit of an international, content-neutral regulatory structure and suggest a semantic framework for understanding and distributing the risks of electronic transactions.

Most importantly, it is my desire to generate a dialogue among participants regarding these issues before the next generation of innovation for the global information infrastructure moots many of these questions. There is a tension between governmental bodies and the private sector over the development of a legally-sufficient electronic infrastructure, and so far, governments are waiting to see what the private sector does first. SGML/XML and the standards-based content interchange industry have an opportunity to provide that infrastructure in a vendor-neutral way, while at the same time creating a whole new and level market for semantic information tools. The Internet is a new economic environment with tremendous potential. But if the economic infrastructure of the Internet only mimics current markets, then much of that potential will be lost, and in the end, your PC will look more like the soda machine down the hall then the intelligent access point it can be.

Activity Policies: Technical Standards as Private Law

All information has structure which may be described in terms of objects and properties, and yet there is never a definitive description of information because users conceptualize information in different ways. Since these differences produce difficulties in exchanging information, exploitation of information regardless of its descriptive structures can only be achieved either by having everyone use the same grammar to conceptualize their information, or by somehow overcoming the structural differences in order to directly access the content. The former approach was attempted with HTML, but finally had to be abandoned because confining all current and future information to a single grammatical structure placed more emphasis on the structure of the processing software system than on the value of the content. The Internet's migration to SGML technology demonstrates that the difficulty of providing ordinary users the ability to individually conceptualize information structures is far outweighed by the value of the free market of ideas created by such expressions. The key value of this technology is its ability to insure that the flexibility and innovation of notation systems necessitated by such expressions is supportable and universally understandable. Now that the freedom to contract electronically is real, the ability to strategically organize information assets is also having a liberating effect on the information processing software market.

Since markup is only used to facilitate usage of the content, it should be the power of the appeal of the content and not the particular markup used that determines information's utilization. For this very reason, the most important substantive legal issues raised by specific electronic transactions will be those customarily seen in the same substantive off-line transactions. New issues of first impression are primarily being created by transactions whose online nature in some legally significant way alters the characteristics of the progenitor off-line transaction, as well as transactions which have no off-line progenitor equivalent. Since automatic, or semi-automatic intelligent commercial transactions will be enabled by metadata exchange structures, it is those metadata structures and the data they mark up which will be the focus of legal decision makers' attempts to characterize the nature of these transactions in any dispute resolution. Examining these structures will provide both the context and substance of a specific transaction, whereas a comparison of a party's particular metadata exchange structure versus their usual structure will provide meaningful evidence regarding the intent of the parties.

Managers looking to understand, assess and plan for the legal risks of intelligent electronic transactions must incorporate legal risk assessment into a general structural analysis of the information flow in their organization. This analysis will highlight the points of concern and provide an opportunity to design structures that will minimize liability or maximize gain by associating an organization's policies with particular objects, properties or multiple combinations thereof. In this way, an organization can specify what are its policies regarding the whole range of information transactions in which it participates. In HyTime jargon, such policies, regardless of the notations in which they may be expressed, are known as Activity Policies (APs) [HyTime1]; each AP is a set of terms and conditions under which an an asset or user may participate in one or more classes of transactions.

The more complicated information is, the more detailed its structure and relations will be and the more choices there will be for representing that information and its structure in markup. One task faced by information managers is determining which properties of their information are intrinsic and therefore independent of specific processing applications. For example, the font style and size of this text are independent processing considerations which are not intrinsic to the information, but if this paper contained trademarked symbols, their formatting information might well be intrinsic. Representation strategies normally depend on the expected uses of information assets, on performance considerations, and other factors, and they will vary depending on the specific needs of the informationn owner. When information is encapsulated with meta-information that identifies it, its relations, and its significance, the whole package can be reused for any purpose, in any context and by any application at any future time.[HyTime1] The principle of inheritance also allows information objects to inherit the structural and semantic characteristics of any other object, so non-intrinsic information is easily and intuitively changed. (This includes easily exchanging complex sets of APs for a certain information asset, e.g. after the sale of a piece of intellectual property the asset could be integrated into the buyer's portfolio by means of inheritance of activity policies from existing assets in that portfolio.)

Thus, SGML and XML empower an infinitely rich information stream by creating an object-oriented, value-based process for expressing real language preferences in such a way as to be machine readable. This richness provides the means for an organization not only to plan, track and regulate its transactions through real language directives, but if constructed correctly, the information stream will also establish those directives and the structures which maintain them as a potential source of law for any dispute arising out of any transaction conducted on such a system. Since the starting point of discovery in any litigation is always any expressions by either party regarding their intentions with respect to the transaction in question, organizations with Activity Policies associated with the underlying metadata structure of the actual transaction will fare much better in court than organizations without such structures. Digital signature laws only establish the legality of such transactions by establishing default presumptions and burdens of proof for the humanistic aspects of contract formation, execution or breach in a particular state. But it will be an individual entity's Activity Policies which become the facts upon which these presumptions are established or refuted. Therefore Activity Policies may be the single most valuable tool in addressing legal risks associated with specific electronic transactions.

As languages for the creation of notations for expressing Activity Policies, SGML and XML allow for the evolutionary differentiation of information architectures while at the same time removing the obstacles to the free flow of information created by such differentiation. As such, SGML and XML codify the principles of free expression and equal access which are critical to the integrity of cyberspace. By conceptualizing information as objects it is not only possible to provide easier and quicker exchanges of information, but by specifying the types of objects and types of properties associated with each type of object in a model, it becomes possible to provide more specific and more personalized access to information. The power is tremendous, and the opportunities for fraud numerous. Participants must compete with each other, and yet they must each also retain some obligations to maintain the integrity of the structures which facilitate electronic commercial transactions. These structures must describe diverse and dynamic transactions depending on context or user-specified preferences, and yet still allow pinpoint access based on semantic queries to specific transactional records. By providing reliable and accurate access to proper documentation, organizations may use Activity Policy Associations to more effectively address the legal issues raised by the transactions in which they are involved. In this way, the technical standards used to describe the meta-grammatical models for the expression and exchange of information can become a source of law.

Ethical Transactions:
Unique Knowledge and Semantic Processing Algorithms

It has become incumbent upon all professionals to learn the difference between an expression of grammar and an expression within a grammar. This distinction is both the key to understanding and capitalizing on the innovation represented by SGML and critical to assessing and apportioning the legal risks associated with electronic commerce. It is the difference between statements of fact and propositions of law, and it is therefore the starting point for analyzing an organization's operations, describing its activities and developing meaningful policies regarding online transactions.

In a nutshell, an expression of grammar is a structural rule which dictates the sense or nonsense of an expression within a grammar, i.e., the rules of grammar provide the structural foundation for instances of language. What makes this distinction really confusing is that one instance of language can actually act as both an expression of grammar and an expression within a grammar. For example, this difference is represented by the distinction between language as the object of exchange (data) and language as the means of exchange (metadata). Those familiar with SGML know that SGML tags are metadata which describe some structural attribute of the data with which they are associated. Thus, SGML tags are expressions of grammar which provide the rules for the representation of the data which they mark up. However, since SGML tags themselves can only be used at certain times and in certain ways, they are also expressions within a grammar.

With the adoption of XML, Internet users are now able to explicitly use metadata as both expressions of grammar and expressions within a grammar. In fact, since SGML represents human-readable semantic markup which is also machine readable, it is a language-making language with the capability to represent not only the hierarchical and linking structure of information objects but also their relational structure; not simply location but also meaning. This allows the unlimited creation and use of operation-specific markup because the only limits placed on what kinds of tags to use and how to use them will be determined by individual needs, market forces and ethical considerations.

In the past, the main issue in the information industry was moving information reliably from point A to point B. This is accomplished by a series of redundant checks and a process of packet switching, or breaking messages into smaller packets of data coded for its final destination.[NATMEDAL] The packets from a single message may take different routes through a network before being reconstructed at their final destination, where validation confirms that all packets have arrived.[NATMEDAL] This is a structure-centered issue: proper transfer from one location to another. In contrast, the future is infocentric, and the biggest issue is mediating the exchange of value between users A and B. Since intelligent information systems communicate with each other concerning not only their content but also their structure, transactions will affect both an owner's inventory of actual information and also the grammar under which those assets are managed. A transaction does not consist only of the simple transfer of an information object from one user to another, but rather involves an interchange of knowledge between the users. The changes of a particular transaction can manifest themselves in many ways, such as changes in the user's link structures, activity policies or even information preferences. The extent to which this process is automated will vary from user to user, just as some managers give their agents broad discretion and others are inclined to require their own personal approval on all of an agent's recommendations. The key issue is whether these processes become fixed or whether there is a non-proprietary, standard way for electronic agents to negotiate while still preserving a realm of innnovation to harness market forces to drive more efficient information processing and commerce. Will one structure win or will technology empower a free expression of grammar as well as content? Intelligent information systems require the latter.

Likewise in the past, a great deal of time and energy were wasted on porting information assets to various presentation systems in order for information from diverging systems to be compatible. Information asset managers had to balance between efficient local configurations of their assets and configurations that would encourage or allow their exploitation. The emphasis was on creating a compatible conduit of exchange between producer and consumer, instead of on the value of the content to potential customers. Now, however, since semantic processing algorithms are becoming the critical exchange mechanisms, information managers have an incentive to structure their internal information systems for comparability with others. As the content of those comparative semantic structures becomes the focal point for competition among online entities, the issue of the veracity and/or validation of that information becomes an issue of ethics. By providing a set of meta-grammatical forms for the standardized expression of structural and relational information, while still allowing for the natural evolution of local configurations, SGML places the emphasis on the content of the information and levels the playing field in the market for information architectures. At the same time, however, it also increases the dangers of and incentives for fraud made possible by such systems.

Therefore, one of the most critical questions generated by electronic commerce is who can or should regulate such transactions? In the past, the fundamental legitimacy of governing authority has always been based on physical presence and territorially-empowered courts, but the global information infrastructure is composed of every jurisdiction on the planet and cyberspace itself exists in no physical place. Since every substantive area of human interaction is potentially impacted by electronic commerce, sources of law and regulatory interests are potentially all sources of law in every jurisdiction. An additional factor to be considered is the so-called free market of jurisdictions in which users change their physical location based on the comparative value of a jurisdiction's legal structures to a user's needs. In reality, however, only the largest market players have the ability to do this, and so real law is being made situation by situation by local courts, legislative bodies and even executive pronouncements. Since piecemeal regulation will only treat the symptoms of the legal issues generated by the transforming information infrastructures, there is a need for the development of a set of structural legal requirements for electronic commerce. The key issue now becomes how to develop those requirements without making the HTML mistake of trying to fit every transaction into a single model. One answer is to empower individuals with the ability, authority and responsibility for defining their own activity policies, and SGML already includes that functionality with HyTime.[HyTime1]

Thus, people who manage information must look critically at their own operations and determine which aspects of their structure are unique and important to their operation, and which are common within the market or industry. Even though SGML provides unlimited ability to define and utilize efficient information structures, organizations should not design completely unique metadata, but rather should save costs by utilizing market or industry metadata for common information, saving their resources to develop unique metadata structures for their unique uses and protectable intellectual properties. In fact, the truly savvy information managers will be aware of potential uses for their unique metadata constructs by other organizations, thus creating a whole new market of substantively-designed semantic processing algorithms.

In short, managers must know what structural information needs they have in common with other organizations, what needs are unique or proprietary to them, and the ethics to figure out the difference.

Intelligent Agents: Default Settings in Diverse Markets

As electronic commerce systems develop a functional framework to adjust for both reduced human involvement and the elimination of paper documents, legal mechanisms will evolve to answer the challenges raised by such technology. Both information processing standards and the law attempt to conceptualize methods for efficient exchange that still provide meaningful incentives for individual contribution and responsibility. Working together, they provide flexible tools for infinite objectives. Yet the determinations made now regarding what structures are appropriate to promote fairness and rationality are critical because they will become the default settings in many diverse markets.

Utilizing standard meta-information semantics, computers can master sufficient complexity to support electronic transactions based on activity policies described in human languages. These activity policies will establish a realm of discretion within which an information asset owner may describe personal objectives, hopes, dreams, desires or whatever other factor market forces prove useful metadata for the exchange of information. Agents will operate within boundaries of discretion to achieve each users' objectives through a series of transactions having structural and sometimes legal consequences.

In analyzing legal risks, it is helpful to divide an agent's activities into two fundamental classes: actor and observer. Anytime an agent's objective is to alter another's structure, i.e. to acquire or enforce any rights, the agent is an actor; when an agent's objective stems from a desire to alter internal structure only, i.e., to receive information or create associations, the agent is an observer.[QUICK1] The responsibility for meeting the legal requirements of online transactions is usefully apportioned according to these distinctions. For example, the party that uses the Internet to create or enforce rights receives a benefit whose commensurate burden should be sharing responsibility for the legality of such transaction, whereas the party who simply receives information and creates relations within that information only gains a benefit that is equally shared by all participants. This suggests one set of legal requirements for initial access to cyberspace, and then an additional set of requirements depending on the user's objectives. Since the law strives for a correlation between benefit and legal responsibilities, the actor/observer structural distinction is a valuable consideration in determining how intelligent transactions will be given legal effect and who will bear what responsibility in that process.[ALEXANDER1]

Thus, there are three fundamental types of transactions between pairs of negotiating electronic agents: actor-actor, observer-observer and actor-observer. In the first type, both parties are engaged in traditional market economics. There is a strong incentive for both to utilize their structure to their best advantage and therefore the issue of verifiable information and due diligence is material to the negotiations and eventual transaction. For example, if my electronic agent brings samples of my latest song to the agent of a recording studio, they each are interested in maximizing their return on any possible deal, and the danger of fraud is high. Both parties must trust that the other can actually perform as promised, and the controlling source of law for any dispute will be whatever agreement the agents finally reach after negotiation. For this reason, the law has a strong interest in the nature of these transactions.[NIMMER1]

In contrast, observer-observer transactions have a lower danger of fraud because neither party is making an attempt to affect the other. For example, if my agent is instructed to be on the lookout for information on civil rights cases and occasionally drops by a nonprofit organization's electronic library, the library's agent may track my agent's activities, or it may not, depending on the need of that library for that information. No source of law will actually come from the transaction itself in case of any dispute, and the law does not have as strong an interest in regulation of these types of transactions. (In fact, there is a question of whether issues of privacy implicate fundamental individual rights in such online transactions.) In actor-observer transactions, one party is seeking to affect the other but that desire is not reciprocated. For example, the vast majority of unsolicited email advertisements will regularly be declined by my electronic agent, but some will get through depending on my current preferences. The advertiser's agent will deliver upon confirmation of receipt of notice and voluntary acceptance by my agent. The distinction of intent to alter structure is an important characteristic of intelligent information systems, and can serve as a practical differentiation for legal requirements of such systems.


By using human languages, activity policies will express human preferences of an extraordinarily subtle and dynamic range of potential meanings. Since agents will use the inherent discretion expressed in the conditions set forth in activity policies to negotiate contracts for their users, the intersection point of users' activity policies becomes the context of intelligent transactions. The fact that all aspects of a transaction, from the negotiations to the actual exchange of a product, takes place online means that there are no external sources from which the law can draw inferences about that transaction; legal decision makers are dependent on the transaction's own architecture for any information regarding the transaction. (Proposed changes to the U.C.C. treat digital deliverables as having lesser implied obligations than goods. This is an example of the difficulty in determining terms of a completely electronic transaction. U.C.C. 2-2202.) [NIMMER2]

Therefore, the difference between confirmable and non-confirmable transactional information provides a boundary of trust between electronic agents, and a motivation for users to specify their intentions regarding transactions about which they have identified legal risks. The ability (or lack thereof) to substantiate a party's intentions regarding a disputed transaction will be a focus of any dispute resolution concerning that transaction, and therefore records of relevant activity policies will be a powerful tool of electronic commerce system managers.



This paper is reprinted from the Conference Proceedings of SGML/XML Europe 1998, From Theory to New Practices, 17-21 May 1998, Paris, France, sponsored by the Graphic Communications Association (GCA), the Organization for the Advancement of Structured Information Standards (OASIS), and the International SGML Users' Group.

About the author

Chris W. Higgins has a B.A and M.S. in International Relations from Florida State University and a J.D. from the University of Washington. He was one of the founding officers of TechnoTeacher Inc., worked as a Coordinator for International Relations for Chiba Prefecture in Japan and is currently an associate working in Intellectual Property at Lane, Powell, Spears, Lubersky LLP in Seattle. He given papers at several of the GCA's Annual HyTime Conferences (now renamed "Metastructures") on legal/technical issues of interest to the SGML community.

Chris W. Higgins, Attorney at Law
Lane Powell Spears Lubersky LLP
1420 Fifth Avenue, Suite 4100
Seattle, Washington 98101-2338 USA
+1 206 223 7274
fax +1 206 223 7107