1.

Explain about taxation and E-commerce

1. Introduction to Taxation in E-commerce

Taxation is the system through which governments collect money (tax) from individuals and businesses
to fund public services.

In the context of e-commerce (electronic commerce – buying and selling goods/services online),
taxation deals with how taxes are applied to digital transactions, cross-border trade, and online services.

Unlike traditional commerce, where taxes are easier to enforce (e.g., sales tax collected in physical
stores), e-commerce taxation is complex because transactions:

Occur across borders.

Involve digital goods and services.

Are often anonymous and cashless.

Involve multiple jurisdictions (local, national, international).

2. Types of Taxes in E-commerce

E-commerce transactions can be subject to different types of taxes:

a) Direct Taxes

Taxes on income and profit of e-commerce businesses.

Corporate income tax → applied on profits of e-commerce companies.

Personal income tax → applies to freelancers and small online sellers.

b) Indirect Taxes

Taxes on goods and services sold online.

Value Added Tax (VAT) / Goods and Services Tax (GST): Charged on the sale of digital products, software,
subscriptions, etc.

Customs Duties: Applied on imported goods ordered online.

Excise Tax: Special tax on specific goods (e.g., alcohol, tobacco) purchased online.

c) Withholding Taxes

Applied when online businesses make payments to foreign companies (e.g., royalties, software licenses,
digital ads).
3. Taxation Models in E-commerce

Governments use different models to tax e-commerce transactions:

1. Origin-based Taxation

Tax is applied where the seller is located.

Example: A seller in Ethiopia sells digital products worldwide and pays Ethiopian VAT.

2. Destination-based Taxation

Tax is applied where the buyer/consumer is located.

Example: An Ethiopian buyer purchases from Amazon, and Ethiopian tax applies at import/customs.

3. Hybrid Model

Combination of both origin and destination taxation.

4. Challenges of Taxing E-commerce

E-commerce creates several taxation challenges:

1. Jurisdiction Issues

Which country has the right to tax an online transaction (buyer’s country or seller’s country)?

2. Digital Goods and Services

Intangible items like e-books, music, cloud services, and apps make it difficult to define and track taxable
items.

3. Cross-border Transactions

Hard to monitor imports and exports of digital services across multiple countries.

4. Anonymity and Tax Evasion

Online sellers can hide income or operate without registration.

5. Lack of Global Standards

Different countries use different tax policies, leading to confusion and double taxation or no taxation at
all.

5. International Efforts and Regulations

Several organizations are working to standardize e-commerce taxation:

OECD (Organization for Economic Cooperation and Development): Proposes international tax
frameworks for digital businesses.

WTO (World Trade Organization): Discusses rules on e-commerce taxation.

BEPS (Base Erosion and Profit Shifting): A project that addresses how multinational companies shift
profits to low-tax jurisdictions.

6. Examples of E-commerce Taxation

European Union (EU): VAT is charged on digital services based on the customer’s location.

United States: No federal sales tax, but states like California or Texas impose sales tax on e-commerce
purchases.

Ethiopia: The government introduced a VAT system for local online transactions, and customs duties
apply for imports.

India: Charges GST on e-commerce sales and requires platforms like Amazon/Flipkart to collect tax at
source.

7. Benefits of Proper E-commerce Taxation

✅ Increases government revenue.

✅ Creates fair competition between online and offline businesses.

✅ Reduces tax evasion by digital platforms.

✅ Ensures consumer protection.

2.Explain in detail about public key infrastructure

PKI is the set of roles, policies, hardware, software, and procedures needed to create, manage,
distribute, use, store, and revoke digital certificates and the public–private keys behind them. It enables
people and systems to authenticate, encrypt, and digitally sign securely at scale.

Core Building Blocks

1) Cryptographic keys

Private key: kept secret; used to decrypt and sign.

Public key: shared; used to encrypt to you and to verify your signatures.

Common algorithms: RSA, ECDSA (P-256/P-384), Ed25519 (in some ecosystems).

2) Digital certificates (X.509)

A certificate binds a public key to an identity (a domain, person, device, or organization), and is digitally
signed by a CA. Typical fields & extensions:

Subject / Subject Alternative Name (SAN): the identities (e.g., example.com).

Issuer: who signed it.

Validity: notBefore / notAfter.

Public key.

KeyUsage / ExtKeyUsage: what the key can do (e.g., TLS server auth, code signing).

CRL Distribution Points / AuthorityInfoAccess: where to check revocation/OCSP.

BasicConstraints: CA or end-entity, path length.

3) Authorities & roles

Root CA: self-signed, ultimate trust anchor; usually offline.

Intermediate/Issuing CA: signs end-entity certs; chains up to root.

Registration Authority (RA): validates identities (can be part of the CA).

Repository: where certs and status info are published (directories, CT logs).

OCSP responders / CRL servers: answer “is this certificate revoked?”

4) Policies & hardware

CP/CPS: Certificate Policy & Certification Practice Statement (rules & procedures).

HSMs: Hardware Security Modules to generate/store CA keys and perform signing.

Audits & root programs: external checks and inclusion in OS/browser trust stores.

Trust Models (how trust is organized)

Hierarchical (most web PKI): Root → Intermediate → End-entity. Simple validation path.
Bridge CA (federations): connects multiple hierarchies (e.g., gov/defense).

Web of Trust (PGP): peers sign each other’s keys (decentralized).

TOFU (SSH): Trust On First Use—client remembers the first seen key.

3.Discuss about security issues in e-commerce

🔐 Security Issues in E-commerce

1. Confidentiality Threats (Data Privacy)

E-commerce platforms store sensitive customer data like:

Personal details (name, address, phone number, email)

Payment information (credit/debit card details, banking info)

Purchase history

Issues:

Unauthorized access (hackers stealing data)

Insider threats (employees misusing data)

Insecure storage (unencrypted databases)

Example: Data breaches in online shopping sites leaking millions of customer card details.

2. Integrity Threats (Data Accuracy & Trustworthiness)

Integrity means data must not be altered during transmission or storage.

Issues:

Hackers modifying prices, invoices, or product descriptions.

Man-in-the-middle (MITM) attacks where a hacker intercepts communication and alters transaction
details.

Malware injecting fake payment requests.

Example: Changing the price of a product in the cart from $500 to $5 using malicious scripts.

3. Authentication & Identity Issues

Authentication ensures only the real customer or merchant is involved.

Issues:
Fake websites or apps pretending to be legitimate (phishing).

Weak password policies making accounts easy to hack.

Stolen credentials used for identity theft.

Example: A fraudster logs into someone’s account to place unauthorized orders.

4. Non-repudiation Issues

Non-repudiation means neither buyer nor seller can deny a completed transaction.

Issues:

Customers claim they didn’t receive goods even after delivery.

Sellers claim they never received payment.

Lack of digital signatures or verifiable receipts.

Example: A buyer disputes a charge (chargeback fraud) after successfully receiving goods.

5. Availability Issues (Service Disruption)

Availability ensures the e-commerce site is always accessible to customers.

Issues:

DDoS attacks (Distributed Denial of Service): Overload servers and crash the website.

System failures due to poor infrastructure.

Ransomware attacks locking the e-commerce system.

Example: During Black Friday sales, hackers launch DDoS attacks to make a competitor’s site unavailable.

6. Payment Security Issues

Most e-commerce frauds occur in online payments.

Issues:

Credit card fraud (stolen card details used for purchases).

Fake payment gateways tricking customers.

Skimming attacks capturing card details.

Lack of SSL/TLS encryption during checkout.

Example: Fake PayPal or mobile money login pages stealing customer credentials.

7. Phishing & Social Engineering

Hackers trick users into revealing personal details.

Issues:

Fake emails/SMS pretending to be from e-commerce sites.

Malicious links asking users to “update account details.”

Phone scams posing as customer service.

Example: A fake Amazon email asking users to “verify payment” via a malicious link.

8. Supply Chain & Third-party Risks

E-commerce sites rely on:

Delivery services

Payment gateways

Cloud hosting

Third-party plugins

Issues:

Weak security in third-party vendors can lead to breaches.

Unverified sellers in marketplaces selling counterfeit goods.

Malicious plug-ins capturing user data.

Example: Hackers injecting malicious code through a third-party payment script.

9. Mobile E-commerce Risks

With the growth of m-commerce (mobile shopping), new risks appear.

Issues:

Fake shopping apps containing malware.

Insecure Wi-Fi connections exposing transactions.

Lost/stolen devices leading to account takeover.

Example: A trojan-infected shopping app capturing card details.

10. Legal & Regulatory Issues

Different countries have different taxation and data privacy laws.

Some platforms fail to comply with GDPR (EU) or Data Protection Laws.

Customers face fraud but have limited legal protection across borders.

4.Explain about intellectual property rights

Intellectual Property (IP) refers to creations of the human mind such as inventions, artistic works,
symbols, designs, names, and images used in commerce.

Since these creations can bring economic value, they are protected by Intellectual Property Rights (IPR),
which give creators legal rights over their innovations or works.

🎯 Definition of Intellectual Property Rights (IPR)

Intellectual Property Rights are the legal rights granted to the creators or owners of intellectual property
to protect their creations from unauthorized use by others.

They allow creators to control, profit, and be recognized for their work.

Types of Intellectual Property Rights

There are several categories:

1. Copyright

Protects: Literary, artistic, and creative works (books, music, films, software, paintings, websites).

Duration: Author’s lifetime + 50 to 70 years (varies by country).

Example: A movie script or computer program.

2. Patents

Protects: Inventions and technological innovations (new machines, medicines, processes).

Requirements: Must be new, useful, and non-obvious.

Duration: Usually 20 years from filing date.

Example: Pharmaceutical drug patents, new smartphone technology.

3. Trademarks
Protects: Logos, brand names, slogans, and symbols that distinguish products/services.

Duration: Can be renewed indefinitely as long as used.

Example: Nike’s “swoosh” logo, Coca-Cola brand name.

4. Industrial Designs

Protects: Aesthetic/ornamental aspects of products (shape, pattern, color).

Duration: Usually 10–15 years.

Example: Unique shape of a perfume bottle or car design.

5. Trade Secrets

Protects: Confidential business information that gives a competitive advantage.

No formal registration; protection lasts as long as secrecy is maintained.

Example: Coca-Cola formula, Google’s search algorithm.

6. Geographical Indications (GI)

Protects: Products that originate from a specific location and have unique qualities due to that origin.

Example: Ethiopian Coffee, Champagne (France), Darjeeling Tea (India).

7. Plant Breeders’ Rights

Protects: New plant varieties developed by breeders.

Duration: Around 20–25 years.

Example: Hybrid maize seed variety.

5.Explain cybersquatting and defamation

Cybersquatting (also called domain squatting) is the act of registering, trafficking in, or using an internet
domain name with bad faith intent to profit from the goodwill of someone else’s trademark, brand, or
personal name.

Basically, someone buys a domain name (like nike-shoes.com) before the real company can, and then
tries to sell it back to the brand or misuse it.

🔑 Characteristics of Cybersquatting

1. Registering domain names of famous brands, companies, or personalities without permission.

2. Intending to sell the domain to the rightful owner for a profit.

3. Using the domain to mislead customers or redirect traffic to competitors.

4. Taking advantage of typosquatting (misspelled domains like facebok.com).

📝 Examples

Someone registers apple-electronics.com to later sell it to Apple.

Registering barackobama.org to trick users or demand money.

Using amaz0n.com (zero instead of “o”) to steal traffic or launch phishing attacks.

⚖️Legal Protection

Anti-Cybersquatting Consumer Protection Act (ACPA, USA) – protects trademark owners.

ICANN UDRP (Uniform Domain Name Dispute Resolution Policy) – allows disputes over domain names to
be resolved globally.

Many countries have their own cyber laws against cybersquatting.

Defamation

Defamation is the act of damaging a person’s or organization’s reputation by making false statements
(spoken or written) without justification.

In e-commerce and online platforms, defamation often occurs through social media posts, fake reviews,
blogs, or forums.

🔑 Types of Defamation

1. Libel: Written defamation (blogs, websites, newspapers, social media posts).

2. Slander: Spoken defamation (speeches, videos, podcasts).

📝 Examples

Posting a fake negative review on an online store to harm its reputation.

Publishing a false article saying a company sells unsafe products.

A competitor spreading rumors online to reduce customer trust.

⚖️Legal Protection

Defamation laws vary by country, but generally allow victims to sue for damages.
Courts balance defamation claims with freedom of speech.

In many places, truth is a defense against defamation (if the statement is true, it’s not defamation).

6.Explain in detail about jurisdiction on the internet

🌍 Jurisdiction on the Internet

📖 Definition

Jurisdiction on the internet refers to the legal authority of a court or government to regulate, hear cases,
and enforce laws related to activities that take place online.

Since the internet is borderless, it raises difficult questions:

Which country’s laws apply to an online activity?

Can one country punish someone living in another country for online actions?

How do courts enforce rulings across borders?

⚖️Types of Jurisdiction

Traditionally, jurisdiction is divided into:

1. Territorial Jurisdiction

Based on geographical location of the person or activity.

Example: An online fraud committed by a person in Ethiopia against another Ethiopian falls under
Ethiopian courts.

2. Personal Jurisdiction

Based on the location of the defendant (person or company).

Example: A U.S. court can call a U.S.-based website owner for trial even if the victim is abroad.

3. Subject-Matter Jurisdiction

Based on the type of case (criminal, civil, intellectual property, taxation, etc.).

Example: A trademark infringement online would be handled by courts with IP jurisdiction.

🌐 Jurisdiction Challenges on the Internet

Because the internet crosses borders, traditional jurisdiction rules often fail. Key issues:

1. Borderless Nature of the Internet

A website hosted in Country A can be accessed by users in Country B, C, D simultaneously.

Which country has authority if a crime occurs?

2. Location of Servers

Websites and cloud services may host data in multiple countries.

Example: Facebook’s servers may be in Ireland, but its users are worldwide.

3. Cybercrimes Across Borders

Crimes like hacking, fraud, phishing, child exploitation, terrorism often involve multiple jurisdictions.

Criminals exploit differences in laws between countries.

4. E-commerce and Contracts

Online businesses deal with global customers.

Disputes arise over which country’s consumer protection or contract law applies.

5. Intellectual Property Rights (IPR)

Pirated movies, music, or software uploaded in one country may be downloaded worldwide.

Enforcing copyright across borders is very complex.

6. Defamation and Social Media

Harmful or false content posted in one country can damage reputations globally.

Courts struggle to decide whose law applies.

📌 Approaches to Internet Jurisdiction

Different legal doctrines have been developed to handle these challenges:

1. Effects Doctrine

A court can claim jurisdiction if the online activity has effects in its territory.

👉 Example: A defamatory post written in Kenya but viewed in Ethiopia may give Ethiopian courts
jurisdiction.

2. Minimum Contacts / Targeting Test

Jurisdiction applies if a website targets users in a particular country (advertising, pricing in local
currency, shipping products there).
👉 Example: An online store in the UK selling specifically to Ethiopian customers falls under Ethiopian
jurisdiction.

3. Passive vs. Active Websites

Passive website (just information): usually not subject to foreign jurisdiction.

Active website (selling goods/services, interacting with customers): can fall under multiple jurisdictions.

4. Long-Arm Jurisdiction

Some countries extend their legal power to cover foreign individuals/companies whose online actions
affect their citizens.

👉 Example: The U.S. often prosecutes foreign hackers who target U.S. companies.

🌏 International Cooperation in Jurisdiction

Since no single country controls the internet, international cooperation is essential.

Budapest Convention on Cybercrime (2001): First international treaty to address internet crimes.

Interpol & Europol: Help coordinate cross-border investigations.

Mutual Legal Assistance Treaties (MLATs): Countries share evidence and cooperate legally.

📝 Examples

1. Yahoo! France Case (2000):

Yahoo! US hosted auctions selling Nazi memorabilia (legal in the US, illegal in France). French court ruled
Yahoo must block access in France → raised conflict of jurisdiction.

2. Google Spain Case (2014):

European Court ruled Google must comply with the “Right to be Forgotten” for EU citizens, even though
Google’s servers were outside the EU.

3. E-commerce disputes:

Amazon or eBay sellers facing lawsuits in countries where customers claim fraud or defective products.

✅ Conclusion

Jurisdiction on the internet is a complex, evolving issue because cyberspace has no physical boundaries.
Courts and governments are adopting:

Targeting tests (did the site target local users?).

International treaties (for cybercrime and IPR enforcement).

Stronger cooperation between countries to solve cross-border disputes.

Ultimately, balancing sovereignty of nations with the global nature of the internet remains one of the
biggest legal challenges in cyberspace.