Blue Chi’s

The Tender Board made a press release today (Arabic Text) in which it announced the values of all the tenders that were recently approved for upcoming government projects: One worth 5 milion Omani Rials was approved for doing additional works for the expansion of the Internet broadband coverage to provide the services for a 100,000 users.

Here is the actual text in Arabic:

الاعمال الاضافية على المناقصة رقم 1172006 توسعة شبكة النطاق العريض لتوصيل خدمة الانترنت لعدد 100 الف مشترك بمبلغ وقدره 000ر000ر5 ر.ع.

These 5 million rials are for additional works for this tender, which presumably has started years ago (for another separate sum). It is unclear if these “additional works” are to expand the broadband network to a greater number of users (So this 100K could be an additional to the existing number from the previous tender) or to do something else completely (e.g. unforeseen changes required for the infrastructure, 100K users are those that had access to it from before and the access wil not expand to new users).

I do not know if this project is managed by the Ministry of Transport and Communications (MOTC) or the Telecom Regulation Authority (TRA).

The Omani Electronic Transactions Law was issued by Royal Decree 69/2008, its basically recognizes electronic transactions as legitimate transactions, sets the ground rules for dealing electronically, regulates digital encryptions, recognizes and regulates digital signature and authentication services, regulates improper usage of digitally collected personal details, and establishes punishments for digital crimes.

The whole Arabic text of the law can be downloaded from here (warning PDF link). There is no official translation of the law until the time of this post, but our law is very much identical to a number of American legislations relating to the same subject matter (for example: the Electronic Signatures in Global and National Commerce Act (PDF version found here)) this happened because of American pressure on Oman to provide the minimum legal framework required for the entry of the Free Trade Agreement into force.

I would like to try and write several posts talking about the different issues governed by the Electronic Transactions Law. My first post is going to be about the impact of this law on website owners, as I am one of them.

I would like to make a disclaimer at this point that I am writing this post in my personal capacity. I am a civil servant employed by the Ministry of Legal Affairs, but this post is not be treated as any official opinion or commentary. I would also like advise you to seek the help of a proper lawyer if you face any problems with the law and not take the contents of this post as the decisive stance of the law as interpretation of it may differ from one person to the other.

Electronic Transactions Law 101: Website Owners and Bloggers

The law defines the term “Network Agent” to which it applies and the coverage of this term is is not limited to websites that we traditionally think of as online shops, but it covers any website that provides a service for sending, receiving, adopting, or storing an electronic transaction or performs any services relating to these transactions. It is worth noting at this moment at the term ‘Electronic Transaction” as any procedure or contract concluded or performed completely or partially using electronic messages.

This definition does not make any reference to receiving or facilities payment and that means that your mere involvement in providing a medium for merely communicating and offer and its acceptance makes you a “Network Agent” to which the law applies:

Example:
Ali owns a forum in which people can sell and buy products from each other. Anybody can register to his forum. He does not make any profit from it, but people can advertise their goods and other members can offer to buy them. When an offer and acceptance are met online, the seller and buyer agree to meet up somewhere offline to exchange the goods. Ali in this example offers a service for performing an electronic transaction. The fact that he does not make money from it is irrelevant. The fact that the money was not transferred on his website and that the contract was ‘performed’ offline does not matter, the ETL applies to his website.

It can also be easily argued that a website is a “Network Agent” to which the law applies is as follows:

1. Putting advertisement on a website can be an act related to an electronic transaction and that by itself is enough to make the law applicable to your website.
2. Providing a medium for communicating an offer or acceptance (eg. a private message system rather than a public post) can be considered as a electronic transaction service.

The wide definition of the term “Network Agent” means that the law will apply to a massive number of websites, and to add to that, there are obligations on all websites that collect personal information about their users without necessarily having any business aspect relate to them.

It is also worth noting that the term “Electronic Transaction” covers any ‘procedure’ or ‘contract’, it is unknown what the term ‘procedure’ means and but it can expand this definition even further. It is unknown if the authorities realize how wide the definition of Network Agent is or whether this definition was in fact intentional, but it seems to include forums, and websites and blogs in which advertisement is served at least.

So what does it mean to have your website recognized as a Network Agent under the ETL?

1. First of all, under Article 6, the law makes it an obligation for a network agent to provide under his own expenses all technical tools required to make his website accessible for the purposes of national security. The Ministry of Finance will specify any connectivity requirements to which network agents must be compliant with. Though the law makes this as a clear obligation, I do not think that it will mean anything in practice other than allowing the authorities to gain full access to your website for the purposes of national security.

2. Article 14 is one of the most interesting articles in the ETL as it covers the liability of a network agent of information created on his servers by others. The ETL states that the network agent can avoid the liability for creating, publishing, or distributing this infringing content if he satisfies both of the following conditions:

1. He does not know that the status of this information constitutes a criminal or a civil liability.
2. He instantly removes and stops access to this information once he knows about it.

Article 14 also states that it does NOT create an obligation on the network agent to monitor electronic records when his is limited to the provision of a service for accessing those records.

This is an interesting article as it rebuts the general belief that the website owner is not liable for content written by other people on his website and makes him liable for if he knows about it does not take any action regarding it. It is also worth noting that the information or infringing action does not have to relate to an electronic transaction itself.

Khalid has a blog in which he puts advertisements, he allows people to comment on his blog. Khalid wrote a review about a computer program. Ali replies to Khalid’s blog post and links to a cracked link of the program. Khalid knows about Ali’s comment but does not do anything about it. Khalid is liable for publishing copyright infringing content even though he did not put it himself because he is a network agent. He may face criminal and civil actions under the Copyright Law.

The law is not clear about the definition of ‘knowledge’ in this context, is ‘actual’ knowledge required, or can the network agent be expected to know where it is reasonable for him to be so. For example, can someone reasonable not know about a comment on his blog. Should he be assumed to know about it whether or not he actually knew about it?

3. The third relevant section of the ETL is Chapter 7 on the protection of personal data. Article 45 requires any person (not just a network agent) who controls personal information in the practice of his involvement in electronic transactions to inform the person to whom he has any information on prior to ‘using’ that information. The article requires the information holder to inform the user about who is responsible for using his information, the nature of the data to be held, and the purpose of using it.

The best example of this is a forum database, those databases have a massive amount of personal and non-personal information of users, e.g. name, location, date of birth, and obviously emails. So if you are going to use any of this information the user must be informed of everything related to this prior to your usage.

Mohammed has a forum in which he serves advertising. His database holds thousands of emails. Mohammed must tell his users that he is going to send them period advertisement emails before he sends any of these emails.

In the example above, Mohammed can inform his users about this practice right before they register by adding it to the terms and conditions of the website, but he must ensure that it mentions who is going has control and access to these emails.

Article 48 later prohibits using these personal details to damage the users or violate their rights or freedoms.

Article 49 requires any person holding personal information about users to take care while transferring these information abroad and he must take into consideration matters such as the nature of the information, the source of the info, the purpose for the transfer, the destination country, and the laws available to protect information in the destination country.

I find this last article above very strange, the practical implication of it is not clear, but I think that following it can release the liability of a person for the loss of data he has transmitted to a third party.

However, in practice, it is extremely rare circumstances will the data be stored in Oman itself because we do not have local hosting services, so everybody will be transferring personal details abroad.

—-

This concludes my very first post on Oman Electronic Transactions Law. I have only talked about article which I thought directly affected website owners and bloggers in general. I will try to post about the other topics in the near future.

I still did not manage to get over Omantel’s newly announced and ridiculously priced ADSL packages. The operator who answered my phone call this morning gave me wrong information, nobody knows yet if there is a cap or not on any of the new packages. I called again a minute ago and this operator told me that the issue has not settled yet, and that an announcement will be made on the 1st of May. I do not know if what he is saying is true, he might not know what he’s talking about just like the previous one.

However, the Fair Usage Policy hits that the cap is only available for the beginner package (512Mbps) and the Unlimited Package:

How Fair Usage Policy Works
Omantel will continuously monitor network performance and may restrict the speed available to very heavy users. This applies to customers on Home ADSL 512 Kbps and 8 Mbps Unlimited packages who actually reach a certain threshold of traffic. Customer in those situations will be contacted by Omantel and their speeds will be reduced until the next month

How come the FUP is not applicable to other packages, could that be because there is no cap on them?!

I agree with Muscati in that the government is also to blame for not having a strategy to close up the digital divide by forcing Omantel to provide affordable Internet to the public. If you think about it, what do you think will make more people use the internet, the speed or the price? Have ever you heard of someone who does not have a broadband internet connection at home because its too slow? Omantel’s exchange point in Rustaq has no business whatsoever (a fact), will higher speed make people of Rustaq decide to get a broadband connection now? Obviously not. What the people really need is an affordable always-on internet connection that works. Not faster internet that is times more expensive than what we used to have.

I was not impressed by Omantel’s new broadband packages, they are ridiculously priced. Here is the breakdown for home packages:

1. Package 1, connection speed 512Kbps, and 1baisa per MB @ RO 12.
2. Pakage 2, connection speed 1Mbps, 2GB free bandwidth, and 1baisa per MB @ RO19.
3. Package 3, connection speed 2Mbps, 5GB free bandwidth, and 1baisa per MB @ RO29.
4. Package 4, connection speed 4Mbps, 10GB free bandwidth, and 1baisa per MB @ RO39.
5. Package 5, connection speed 8Mbps, unlimited bandwidth @ RO 99!

NO MENTION WAS MADE ABOUT THE PRICE CAP, but I called just now to check and the guy who answered had no idea what the hell the price cap is, but said that the cap is still RO 39 for all packages PLUS the rental price (RO12 to RO39). (UNCONFIRMED, CHECK THIS POST)

The pricing of these packages is crazy, let’s not even talk about the 100 Rial package, I can’t imagine myself even just paying RO20 for 2GB of bandwidth. And are they trying to act all stupid with awain their “1 free email account included” – who the hell wants to be stuck using the ugly @omantel email or their buggy web based client? I also would not dare to install a random anti-virus software they are also ‘giving free with all packages’. Don’t they realise that the point of broadband connections is sharing the connection among many computers in the home, what is the point of giving a single anti-virus license.

The new packages of Omantel show us badly how much they enjoy their monopoly.

I can’t believe they dare to charge people RO 99 for an internet connection, I just can’t.

Why the hell don’t we have any other internet ISP in Oman yet?! This is absurd!!

PS. Not a lot of people know that internet connections are marketed using ‘bit’ speeds and not ‘byte’ speeds. The small ‘b’ is for bit and the capital ‘B’ is for byte. People who work at Omantel do not even know that (just confirmed that when I called now). This means that a 512Kbps means 64KBps, so a 600KB file will take about 6 seconds to download. A 8Mbps connection speed equals 1MBps, that is ONE Mega Byte per second and not EIGHT Mega Bytes per second.