Electronic Commerce Taxaton: Emerging Legal Issues - Part II

UNAUTHORIZED HACKINGThe term "computercompelled to facilities the access to
hacking" traditionally describes the penetration intoe-data.AUTHENTICATING THE INTEGRITY OF
computer systems, which is not carried out withBUSINESS RECORDSWith conventional commerce
the aims of manipulation, sabotage or espionage,original records are paper-based and can be
but for the pleasure of overcoming the technicalexamined for the attributes of authenticity and
security measures. In practice, this kind ofintegrity. Since, with e-commerce transactions, the
offense can be frequently found. As far asoriginal documents are stored in electronic form
damage is concerned, a differentiation must bethe comfort of physically viewing the originals
made. In numerous cases, the attacked computerknowing that they are unaltered does not exist.
user is not actually harmed, but only endangered.However, software is being developed to identify
Contrary to this, considerable damages occur inalterations to computer records. Specific
other cases especially when the perpetrators lateraccounting software may also be deployed for
use their knowledge for committing espionage andthis purpose. Many of us in the workplace feel
sabotage. In any case the "formal sphere ofmore comfortable with paper-based records. But
secrecy" or the integrity of the concernedis this comfort an illusion? Paper records can be
computer systems is violated. Also it is veryaltered, lost or falsified. So too can computer
tough to draw a dividing line between what canrecords. The fact is that we are familiar with the
be considered mild and what endangers life.tools and procedures for checking paper records.
Consider someone breaking into the online flightWhereas, he tools for validating computer records
system of an Pakistan Airlines flight. He or she isare new and, perhaps, less intuitive. Revenue
definitely endangering the lives of those on boardauthorities are likely to reach a number of
though it may have been done for fun's.To getconclusions to do with this over the next few
access and verify the record being hosting inyears:* Computer audit means more and
remote services often requires the use ofdifferent training of staff.* Once staff is trained,
hacking to get access to records. The use ofcomputer audit will have advantages over
hacking as legal tools requires use of hacking softtraditional audit in terms of speed, precision and
wares with most modern technology and meansflexibility. It will be seen as the only way to audit
employed to curb any evasion of tax and verifylarge companies, in particular.* Computer audit will
the e- record.No specific statutory provisions aremake it easier to examine both accounting
available for the defining the authorized hackingsystems and the records which go to make up
rights on the part of tax officer.SECURITY ANDthose systems. Overall, it is not the fact that
PRIVACY ISSUES OF WEB HOSTING SITESInrecords are paper or computer-based that
numerous Western legal systems, the firstmatters.What matters for Revenue is that
"computer-specific" reforms of law during thebusinesses more likely to perpetrate tax fraud
1970s and 1980s concerned the protection ofare identified through correct risk analysis. This
personal rights and privacy in particular. Thedoes not depend on the nature of the records as
relevant legislation was a reaction to newbetween paper-based and computerized. In
challenges to privacy by the increasing possibilitiesconclusion, Revenue auditors will require a higher
of electronic data processing to gather, store,level of computer skills in future to allow accurate
connect and transfer personal data. The traditionalinterpretation of computerized records systems.
provisions for the protection of secrecy onlyIt will also be necessary for Revenue auditors to
covered part of the personality right and provedhave systems analysis skills to validate the data
to be far too narrow for a protection against themodels used in a given accounting environment.
new dangers. A differentiation in criminal dataThey will also need manipulation skills to accurately
protection law which can be found in all countriestrace transactions through such systems. The
today results from this historic development:computer software industry is aware of potential
Traditional offenses for the protection of secrecyfor loss of audit trail arising from business being
(e.g. for doctors, lawyers or public officials) can stillconducted on the internet. As mentioned already,
be found in the core of criminal law, i.e. thethe industry is developing techniques to ensure
Criminal Code. Personal data receives indirectthe integrity of electronic records. An example of
criminal protection by general criminal provisionsthis is a technique called "message digests". A
that are not limited to personal data . We canmessage digests works by attaching a unique
therefore speak of an international wave ofmessage to an electronic record. Any subsequent
reform, which clearly shows the commonchange to the record can be detected by
problems of all national legal systems.There arecomparing the original digest with a newly created
often Immunity is provided against disclosure ofdigest based on the current state of the file data.
information relating to security procedure, noOnce again we see an emerging overlap of
person shall be compelled to disclose anyinterest between the public and private sector;
password, key or other secret informationboth are keen for ecommerce to work well and
exclusively within his private knowledge, whichboth face common problems. The point has been
enables his use of the security procedure orwell made that the private sector, particularly the
advanced electronic signature shall not confer anyauditing profession, has the same interest as tax
immunity where such information is used for theauditors in safeguarding the integrity of
commission of any offence under any law for thee-commerce records. One area of focus is the
time being in force.The most formidable task isimpact of significant electronic processing of
getting access to remote data is the shelter beinginformation on the auditor's ability to rely on
provided by the remote hosting site forsubstantive, observable evidence in the conduct
maintenance of the privacy and security of theof an audit.FILING OF TAX RETURN OF
database. The right to breach the security right asE-BUSINESS AND FURNISHING
statutory is not possible in case of hosting of dataEVIDENCESelf-assessment relies on taxpayers
at remote server, unless the tax payer bevoluntarily meeting their tax obligations.