Internet privacy, security is next hurdle for oil and gas industry

June 18, 2001
Technology grows at a revolutionary speed, while the laws governing technological advances grow at an evolutionary pace.

Technology grows at a revolutionary speed, while the laws governing technological advances grow at an evolutionary pace.

Click here to enlarge image

This is nothing new. With the astronomical growth in electronic commerce in recent years and its impact on all elements of US society, however, the need to adopt legal regimes to keep pace with these developments is felt perhaps more acutely than ever.

For years to come, the US will be ironing out its position on internet privacy and security. Other countries will be involved in the same pursuit. Many predict that the European Union's approach to privacy and security issues will become the standard against which all other laws will be modeled.

Given its dominance in e-commerce, the energy industry is expected to play a vital role in defining the parameters of these laws and in drafting the actual e-commerce legislation.

Industry's internet presence

Concerns about internet privacy and security are not limited to one specific area of the public or private sector. These issues arise whenever the internet is used, and each industry, business, and individual that uses the internet in any form faces privacy and security concerns.

The energy industry is no exception. Indeed, the energy industry may have a more pressing need to confront these issues head-on, given the boom in internet energy transactions spurred by the proliferation of energy e-commerce sites in recent years.

The new technologies have replaced the traditional bricks and mortar, fax machine, and phone operations of the past, and all participants in the industry must continually upgrade their business practices to conform to the latest platforms-including in the areas of privacy and security.

Where has the energy industry expanded its internet and e-commerce initiatives? Every where. Although the energy industry was slow to embrace the internet, the current steps being taken by energy companies will transform the entire industry.

One indicator of the tremendous power and importance of e-commerce to the energy industry is Enron Corp.'s EnronOnline (at www.enrononline.com), which, only a few years after its Novem ber 1999 launch, is the largest e-commerce website for global commodity transactions. Moreover, the huge success of EnronOnline is driving changes within Enron itself as well as throughout the entire energy sector.

EnronOnline is a relative infant in the e-commerce realm. This web-based business has grown exponentially since its inception. By 2000, the website reported $50 billion worth of trading activity during the first half of the year. Since then it has handled more than 900,000 transactions for a total notional value of more than $555 billion.

During the first quarter of 2001 alone, EnronOnline reported handling 275,000 transactions for a notional value of $162 billion. The transaction and monetary totals are growing rapidly; EnronOnline currently averages $2.7 billion dollars in notional value trading each business day.

Other energy companies have joined the internet revolution:

  • IntercontinentalExchange Inc. (ICE), a venture that now includes units of BP PLC; Duke Energy Corp., Charlotte, NC; Reliant Energy Inc., Houston; and others, commenced trading in August 2000. ICE reports that it crossed the $100 billion (notional) mark in April 2001, trading energy and metals.
  • TradeSpark LP, a venture that includes units of Williams Cos. Inc., Tulsa; Coral Energy, Houston; Dynegy Inc., Houston; TXU Corp., Dallas; and Dominion Resources Inc., Richmond, Va., opened for trading in September 2000. It has since reported $30 billion (notional) worth of energy and commodities trading and rapid growth, with $18 billion of the trades coming during the first quarter of 2001. About half of TradeSpark's internet trades are in gas instruments.
  • enymex, a creation of the New York Mercantile Exchange, is in the works. It will initially focus on over-the-counter markets for crude oil, petroleum products, natural gas, and electricity. Metals, coal, and other commodities are to be added later.

Privacy

In the US, the privacy of computer users using the internet is given little thought by most. Nonetheless, some businesses monitor office computer use through the reading of personal electronic mails and actual tracking of computer use. When on the internet, it is easy for office managers to track the sites employees visit.

The best advice: assume someone is monitoring every computer in the office and consequently use the computer in a professional manner.

Numerous new federal laws are being proposed in the US to regulate and protect privacy in the computer world. However, there are no international standards for computer and internet privacy, and the laws vary from country to country.

In contrast to the US, the EU has very strict privacy laws that guard against companies or individuals monitoring computer use. These laws also afford protection of personal data obtained about customers of web-based businesses. Privacy is sacrosanct. The stringent EU guidelines for maintaining privacy have affected US businesses, which must modify their data-gathering habits in EU countries.

By contrast, there are few, if any, internet privacy laws in Asia, as of yet.

Security and nonrepudiation

Security of e-commerce transaction is another area of great concern. This includes the related issue of nonrepudiation-ensuring that the internet transaction is valid and binding on both the purchaser and the seller.

Will a hacker be able to steal personal information such as bank account details or credit card numbers? Will competitors change their business methods constantly to remain competitive, or will they use another company's ideas to steal business? Internet security concerns are endless.

The new energy e-commerce sites have raised privacy and security issues that extend beyond the realms of office or home computer and internet use. While the companies push the boundaries of e-commerce, they will also be creating the legal limits for internet e-commerce regulations in the energy sector and beyond.

For the online trading of energy and, for that matter, online purchasing of anything, great pains are usually taken to make the transactions secure and private. Various encryption-decryption systems are used to accomplish this result. This includes Public Key Infrastructure (PKI) architecture, which allows for the use of digital signatures to aid in authentication and prevent repudiation of transactions.

With PKI, all users have a private encryption key and a public decryption key that enable recipients to decode text and digital signatures sent by that user. This system provides a good level of security and privacy on the substance of the internet transaction but also provides, depending on the level of encryption used, a high degree of security over the identity of the buyer and the seller.

This is essential to ensure the enforceability of the transaction. While encryption systems are generally reliable, hackers have found leaks in some systems, gathering information that was supposed to be secure.

Export restrictions

There are some cautionary points to consider for energy companies that use encryption on their websites-either for financial transactions or for general corporate communications-especially if the company is networked in foreign locations. Although governmental controls of encryption systems have been significantly loosened in recent months, export licenses are nonetheless required for the transfer of encryption items to many countries.

US companies are generally prohibited from transacting business with persons in embargoed countries such as Iran, Iraq, Libya, and Sudan. Great care should be taken in designing e-commerce websites to prevent such transactions, whether intentionally or inadvertently. Moreover, because the US bans the transfer of encryption items to such embargoed countries-either directly or through making such items available through an internet website, for example-US firms must take precautions to comply with applicable law.

These export restrictions also apply to business transacted through foreign subsidiaries of US companies and to software that may be loaded onto a laptop computer of an executive traveling outside the US. Energy companies should undertake a thorough review of their communications, security systems, and policies to ensure that no US encryption items are being exported in violation of US law.

For example, the US Department of Commerce may require certain reports, an administrative burden for many companies, and submission of the new encryption for technical review. Also, the National Security Administration wants to know what kinds of coding systems are in use so that it may develop means of decrypting encoded messages in cases involving national security.

Be aware that the Commerce department may require a license for the export or report of certain encryption items to many governmental entities, excluding most of the North Atlantic Treaty Organization and EU countries, Switzerland, Japan, Australia, and New Zealand.

Any internet transmissions to computers in embargoed or restricted countries would, under US law, need to be sent in an unencrypted, uncoded fashion. The entire energy industry relies on the dissemination of information at key times.

The US hopes to prevent these countries from fixing prices and creating marketing strategies intended to manipulate US businesses and markets by placing encryption item embargoes on targeted nations. The embargoes do not universally limit the amount of encryption items to which embargoed or restricted countries have access; it simply limits the encryption items entering those countries from the US.

Other governmental concerns

Other branches of the US government are concerned with online commerce, particularly in the areas of energy and related commodities. In particular, the Federal Trade Commission is said to be watching the energy e-commerce industry to determine whether any elements of price fixing and price collusion may exist.

While the FTC neither confirms nor denies that any investigations are under way, it has stated publicly that it is trying to learn more about all forms of e-commerce.

Until the US government dictates otherwise, general rules of competition still apply in the online world. That doesn't rule out change in the future, however. Companies representing a substantial share of any market are limited by existing antitrust laws in their ability to band together to buy or sell goods and services-including energy and commodities. The gray area grows when these companies get together online where individual buyers and sellers make transactions.

Online energy transactions are extremely efficient. They do involve a heightened risk for price fixing and collusion, however, when competing energy traders have instant access to one another's transaction prices.

When supply and price information was previously unavailable or available only after a delay, such concerns were diminished. Energy price movements are dangerous to competing companies, too, because they add previously nonexistent volatility to the energy market and can instill unwarranted fears or confidences in buyers and sellers.

Conventional wisdom calls for the marketplace to be designed so that competitors don't know about pending proposals and current prices on individual sales. Firewalls are needed to prevent current price information on individual sales from passing immediately among competitors.

A system in which aggregate transactions or an average of all transactions under way are reported will probably pass muster with the government, but the legal landscape is not entirely clear.

The authors

Click here to enlarge image

Stephen Matthews is a partner in the Riyadh office of Baker Botts. Matthews concentrates his practice in foreign investment in Saudi Arabia and other Persian Gulf countries, banking and finance, energy and oil field services, technology transfer, electronic commerce, and construction.

Click here to enlarge image

William Nix is special counsel in the intellectual property department in the New York office of Baker Botts. Nix represents clients in intellectual property, entertainment, sports, and internet-new media law and handles licensing-merchandising, sponsorship, franchising, and other intellectual property-related matters on both a domestic and international level.

Click here to enlarge image

Evan Berlack serves as counsel in the corporate department in the Washington, DC, office of Baker Botts. Berlack's practice has involved a broad and diverse range of transactional and governmental regulatory matters, with a particular concentration on US export controls, sanctions, and related areas.