return to article index

Special Client Issues for Web Designers

by Timothy J. Walton


Joe Krause, vice president and co-founder of Excite, Inc., believes that ten million more people will purchase something over the Web in 1998 than in 1997.1 With that many people shopping online, there is much money to be made.2 The increase in frauds3 has resulted in legislation regulating companies conducting business online.4

California has a set of laws aimed specifically at Web merchants. Anyone selling (or attempting to sell) to a California citizen through the Web must comply with specific statutes intended to reduce the incidence of fraud. Not only must online merchants adhere to the same laws that a merchant in the real world must follow, but they must also comply with additional requirements. The first is that before any product can be sold, the vendor must state the legal name of the business, the full text of the vendor's return and refund policy and the street address where they conduct business.5 A post office box may be used if certain other requirements are met. The disclosure may be made either on the website or via email. If the disclosure is done on the webpage, then it must be in one of four places:

1. The first screen displayed when the site is accessed;
2. The screen where the goods are first offered;
3. The screen where an order is placed for the goods; or
4. The screen where the buyer enters payment.

The required information cannot be smaller or less legible than the offer of goods or services. The merchant must also state a method for the buyer to receive this information by email. The email disclosure must be made within five days of request. Webpages that advertise a toll-free phone number may implicate telemarketing laws depending on the individual state and its laws.

Failure to comply with these requirements can subject a vendor to a misdemeanor conviction in California6 and either six months in jail or a fine up to $1,000. California requires that all websites aimed at California consumers adhere to the requirements. As a result, some attorneys advise that all websites selling goods comply no matter where the vendor is located.7 Another way to avoid the law would be to include a disclaimer on the website stating that no sales will be made to citizens of California.

When tangible goods are sold over the Web, California exerts other requirements as well. The Electronic Commerce Act of 19848 demands that businesses make certain disclosures to consumers which include:
1. The name, address and phone number of the webmaster (if different from the vendor of the goods);
2. Any extra charges imposed by use of the Web (rather than another medium for sale); and
3. Procedures for resolving complaints, including the telephone number and address of the Complaint Assistance Unit of the Division of Consumer Services of the Department Consumer Affairs.

Businesses should also consider their policies when it comes to collecting personal information for marketing purposes. Some websites aimed at children have demanded that users fill out an online form including name, email address, postal address and phone number before accessing other areas of the site. The Federal Trade Commission has examined this practice and is in the process of determining whether it violates privacy rights.9 It is considered good “netiquette” for websites that collect such personal information to disclose a policy regarding the circumstances under which the information is used. A Georgia Tech University study found that 70% of Americans refuse to register at Websites due to privacy concerns.10 No laws require private companies to have privacy policies,11 nor adhere to them if they do, but it is an important customer concern.

Businesses also do well to consider the usefulness of databases prior to adding them to a website. Online databases are occasionally used for purposes other than those intended. One such instance arose when “spammers”12 began to harvest email addresses from DejaNews, a searchable online database of USENET postings. Another insidious example is the reverse phone number database that Yahoo! installed which allowed one to input a phone number and find out the name of the person at the number. This feature was being misused for negative purposes. Consumer complaints resulted in the removal of this feature from the Yahoo! website.13


Security and integrity of online data is essential to business conducted over the Internet. In addition to the necessity of keeping credit cards numbers safe during online commerce,14 companies often wish to protect trade secrets on office intranets. Yet the U.S. government fears the criminal use of encryption technology to such a degree that it has defined strong encryption15 as a munition and international export is heavily regulated. However, government attempts to control distribution of encryption algorithms have not always been successful.16 The result has been a softening of the hard-line approach (and the granting of export licenses to key U.S. companies).17

Florida has enacted a law designed to facilitate the authentication of electronic documents. The Florida Electronic Signature Act of 199618 has defined electronic signatures and authorized them to carry the same legal weight as written signatures.19 This allows for legally enforceable contracts to be entered into over the Internet. It also provides certainty in cyberspace, when one might otherwise be unsure about the origin of an email requesting shipment of large amounts of inventory.



Attorneys must adhere to more stringent rules than others advertising on the Web or creating their own website.20 State bar associations consider all attorney websites to be advertisements, so they fall under the rules for “solicitation.” Each state has its own Rules of Ethical Conduct that govern this behavior. For example, attorneys in Florida and Texas must submit their sites to the State Bar for review prior to publishing on the Web. Florida may also require a $100 fee.21 If attorneys in a firm are licensed in more than one jurisdiction, it may also be necessary to have separate websites aimed at the different jurisdictions.22 There may be a requirement that copies of the website must be kept on file for a specified period of time. Many states also require that attorney ads have specific disclaimers or labels. Missouri recommends a specific disclaimer for law firm websites.23

Texas has instituted specific rules for attorneys with a presence on the Web.24 Firms that put up websites must pay a fee and file the homepage with the State Bar Advertising Review Committee. The page must state the city or town of the firm’s principal office. Adjacent pages may also need to be submitted, particularly if there is an element of interaction (online forms, newsletters, job listings, etc.). Even pages with biographical information are considered invitations for email so they must also be submitted. All websites must clearly indicate which jurisdictions the attorneys are licensed to practice in. If attorneys are licensed in more than one state or jurisdiction, then the jurisdictional limitations of each attorney must be specified. All versions of every page must be clearly dated and kept on file for at least four years.


Spring Street Brewery made headlines and history by being the first to sell stock over the Web. With a knowledgeable attorney representing them and prior approval from the Securities Exchange Commission (“SEC”) they had great success.25 The interest in this type of marketing has prompted the SEC to promulgate a new set of guidelines for those seeking to sell or promote securities over the Internet.26 The complexity of securities sales makes this area too broad to adequately cover in this space. Any attempts at securities sales over the Web should involve the assistance of an attorney experienced in securities law as well as the prior approval of the SEC.


The fate of online gambling has not yet been determined. The first case to deal with this issue is Minnesota v. Granite Gate Resorts, Inc.27 In this case, the Minnesota Attorney General brought suit against a Nevada corporation that was operating a server in Belize. The webserver has a program running that allows visitors to place wagers, regardless of a surfer’s jurisdiction of origin. This gambling is illegal in Minnesota, and the AG determined that about 60 Minnesota residents had placed wagers at the Granite Gate website. The case has not yet been decided (although Minnesota jurisdiction survived the defendant’s challenge on appeal).

Missouri has also attempted to stop Internet gambling. The president of a Pennsylvania company called Interactive Gaming and Communications faces civil and criminal charges there, but Pennsylvania has refused to extradite him to stand trial in Missouri.

The U.S. Justice Department takes the position that the federal Wire Act applies, making Internet gambling legal only for residents of the state in which the webserver is located. But no court has yet held that federal law prohibits gambling over the Internet.28 Congress is currently seeking to change that. There is proposed legislation pending which would make online gaming illegal even when such activity by voice over the telephone would not be.29

The Interactive Gaming Council estimates that the online gambling industry could be worth $8.5 billion by the year 2000.30


Whether the posting to a webpage of pornographic material is lawful depends upon the definition of “obscene.” Obscene material does not fall within the First Amendment’s protection of free speech.31 The U.S. Supreme Court has stated that the legal test for obscenity turns on three considerations: 1. Whether the average person, applying contemporary community standards, would find that the work as a whole appeals to the prurient interest; 2. Whether the work depicts or describes sexual conduct in a patently offensive way; and 3. Whether the work as a whole lacks serious literary, artistic, political or scientific value.32 While it is legal to possess pornography within the confines of one’s own home,33 the availability of obscene material may be regulated by the various levels of government.34

For those wishing to provide adult material on their webpages, the thorniest part of the test for obscenity is the “contemporary community standards” aspect. A famous example is the case of the California couple held to the community standards of Memphis, Tennessee.35 The couple operated a BBS in California that was accessible by long distance phone call. A postal inspector in Tennessee dialed the number with his computer and joined the service under an assumed name. He received images by modem over telephone lines and ordered videotapes for delivery by United Parcel Service. A jury determined that the material was obscene by the “contemporary community standards” of Memphis. The BBS operators were fined and incarcerated.

This case differs slightly from that of a typical situation on the Web, because the BBS proprietors knew that the subscriber was logging on from Tennessee. In addition, they knew the jurisdiction to which they were shipping videotapes. In contrast, websurfers rarely identify their local community when accessing websites. Still, the case is instructive for the argument that providers of adult content must reference the most sensitive community standards when determining compliance with obscenity regulations.36

The U.S. Supreme Court has decided the fate of the Communications Decency Act37 (a portion of the 1996 Telecommunications Act) by overturning certain sections.38 However, the Court left intact the portions dealing with "obscene" content. Content providers should take steps to avoid the viewing of such material by minors. One way to do this is to have a warning page where viewers must click on a statement certifying that they are over the age of 18 or 21 and will not hold the site responsible for violation of community standards.39 No court has yet decided whether this type of warning is sufficient.40 Sites that wish to avoid the risk inherent with minimal prevention can make use of the cottage industry that has sprung up to verify a user's age, such as AdultCheck and AdultVerify. Other methods include listing a site with Surfwatch or Cyber Patrol (software that filters or controls access to pornographic websites) or including warning labels. The W3C (the organization controlling HTML standards) has warnings that can be created and attached using the new Internet Content Selection.41 Another form of warning, known as PICS, can be placed in the meta commands so that it is invisible to the viewer.42

The exhibition of children engaged in sexual acts is always illegal, even if the children are computer-generated images.43 A reporter for National Public Radio was even arrested and charged with violating the law while researching a story about child pornography on the Internet. The law has been challenged as unconstitutional in the 9th Circuit.

1 See Outlook, San Francisco Chronicle, January 4, 1998, at B-1 (stating belief that half of the 50 million people with access to Internet will have purchased something online by end of 1998, up from 18-28 percent). A study by Nielsen Media Research and CommerceNet suggests that 10 million people have already purchased something online.

2 See Cyberscope, Newsweek, January 12, 1998 at 8 (stating that in 1997, online sales topped $1 billion).

3 The National Consumer League claims that Internet fraud has risen by 300%. See

4 Some applicable laws and regulations not discussed here may be found at the Software Publishers Association site:

5 Cal. Bus. & Prof. Code 17538.

6 See discussion of jurisdictional issues, infra..

7 California Consumer Protection Law Extend to Internet Vendors, Cooley Godward LLP, September 10, 1997.

8 Cal. Civ. Code 1789 et seq.

9 See

10 Matthew Weinstock, Psssst... Want the Dope On What Turns Off Consumers?, Financial Service ONLINE, November, 1997, at 45.

11 While government Websites are required to display Privacy Act statements, OMB Watch claims that only 17% of such sites actually do carry adequate statements.

12 Companies using unsolicited email to market products and services.

13 Yahoo! never disabled the software though. At least two Websites other then Yahoo! have software that allows surfers to use the Yahoo! database to search by phone number.

14 ESPN and the NBA were the latest victims to have credit card numbers stolen from a Webserver. Starwave Corp., the operator of the server, said that 2,397 customers were affected, but that none of the credit card numbers had been used.

15 Strong encryption uses more than 56 bits of random elements. The 56 bit RC5 encryption key has been cracked using the equivalent computing power of 11,000 PowerPC 604e/200s (or 26,000 Pentium 200s).

16 Bernstein v. U.S. Department of State, C-97-0582 MHP (N.D.Cal. 1997).

17 Netscape has been allowed to export strong encryption in its Navigator software, and Cylink has been allowed to incorporate strong encryption into hardware that is shipped overseas.

18 1996 Fla. Laws ch. 224.

19 Id. at 5.

20 Attorneys and law firms creating a Website to showcase their practice should consult the bar association in their state about the exact rules which apply.

21 Peter Krakaur, Internet Advertising: State of Disarray?, New York Law Journal, September 15, 1997. The Florida State Bar Internet Guidelines can be found at

22 Iowa Ops. 96-1, 96-14.

23 See Missouri Opinion 1997-10 (suggesting cautionary statement that communication by email is not secure or confidential).

24 The discussion of requirements is not exhaustive. Lawyers and law firms in Texas need to review Rules 7.01, et seq. of the Texas Disciplinary Rules of Professional Conduct and all applicable comments.

25 Others that have been unwilling to follow the rule have not been so successful. Internet 2000, a German software developer, is reportedly being investigated by German authorities for selling shares of its stock without issuing a prospectus.

26 See e.g., Statement of the Commission Regarding Use of Internet Web Sites to Offer Securities, Solicit Securities Transactions or Advertise Investment Services Offshore, Securities Act Release No. 33-7516 (March 23, 1998) (specifying safe harbor for securities activity outside United States); IPONET, SEC No-Action Letter, Fed. Sec. L. Rep. (CCH) 77,252 (July 26, 1996) (discussing electronic indications of interest in private exempt offering). The Commodity Futures Trading Commission has also proposed new rules for trading over the Internet.

27 No. C6-97-89 (1997) (still pending).

28 “Internet Law,” Kenneth A. Freeling and Ronald E. Wiggins, The National Law Journal, March 30, 1998 at B07.

29 The Internet Gambling Prohibition Act of 1997, H.R. 2380.

30 The government of Victoria, Australia, recognized the potential revenue here and has decided to tax and regulate Internet gambling.

31 Roth v. United States, 354 U.S. 476, 485, 77 S.Ct. 1304, 1 L.Ed.2d 1498 (1957).

32 Miller v. California, 413 U.S. 15, 24, 93 S.Ct. 2607, 37 L.Ed.2d 419 (1973), reh’g denied, 414 U.S. 881 (1973).

33 Stanley v. Georgia, 394 U.S. 557 (1969); but see New York v. Ferber, 458 U.S. 747 (1982) (allowing outright prohibition of material depicting minors engaged in sexual conduct); 18 U.S.C. 2255(a)(4)(B) (criminalizing possession of child pornography).

34 See e.g., 18 U.S.C. 1465 (criminalizing transmission of obscene material);but see 47 U.S.C. 223(f)(2) (prohibiting states and localities from passing laws inconsistent with Communications Decency Act) and ALA v. Pataki, No. 97 Civ. 0222 (LAP) (S.D.N.Y. June 20, 1997) (finding that divergent requirements between jurisdictions violates Commerce Clause).

35 U.S. v. Thomas, 74 F.3d 701 (6th Cir. 1996), cert. denied 117 S.Ct. 74 (1996).

36 But see Joint Explanatory Statement of the Conference Committee, H.R. Conf. Rep. No. 458. 104th Cong., 2d Sess. 191 (1996) (indicating that Communications Decency Act was attempt to “establish a uniform national standard of content regulation”).

37 47 U.S.C. 223 et seq.

38 Reno v. ACLU, No. 96-511, 1997 U.S. LEXIS 4037 (June 26, 1997).

39 The following is an example of such language:

This Website contains images of a mature nature including full and partial nudity. If you are below the age of 18 or easily offended, then please leave.

By clicking on any link below, you are agreeing to the following:

I certify that I am of legal age in the jurisdiction from which I am accessing this page, or any pages, containing adult material. I indemnify the publisher, the service provider and the telecommunications companies from any losses, liability, costs and/or expenses incurred by them and any legal action commenced against them or any of them as a result of the viewing or the retrieving of such materials by me in the event that the material is contrary to the laws of the location from which I am accessing the material. I acknowledge all responsibility for viewing the material that follows.

40 While potentially relevant to the question of community standards (or whether material is “patently offensive”), consent alone is not likely to be a sufficient defense. See Paris Adult Theatre I v. Slaton, 413 U.S. 49, 93 S.Ct. 2628, 37 L.Ed.2d 446 (1973) (holding that movie theaters have no First Amendment right to show obscene films because “The States have the power to make a morally neutral judgment that public exhibition of obscene material... has a tendency to injure the community”).

41 See

42 See for more information.

43 18 U.S.C. 2251, et. seq.; United States v. Hockings, 129 F.3d 1069 (9th Cir. 1997).
last modified July 3, 1998

Timothy J. Walton
800 West El Camino Real
Suite 180
Mountain View, CA 94040
Vox: (650) 842-8481
Fax: (650) 618-8687
email: send email

Refund policy
Privacy policy

1998 Timothy J. Walton
All Rights Reserved

- Back to the Index -