IT REGULATORY FRAMEWORK IN HONG KONG The Chinese University of Hong Kong Department of Electronic Engineering Sin Chung-kai Legislative Councillor (IT) January 20,
AGENDA Regulatory Approach Electronic Transactions Ordinance Copyright Privacy Computer Related Crime Upcoming legislation
REGULATORY APPROACH Avoid undue legislation Make or amend laws only when existing ones are not sufficient to deal with the new technological developments Encourage self-regulation By industry associations e.g. Code of Practice on Regulation of Obscene and Indecent Material by HKISPA
REGULATORY APPROACH Apply existing laws to the cyberspace Cyberspace: one of the various media Publish obscene articles on the web = Publish obscene articles in printed media = Infringement Technology-neutral approach Maintain flexibility to keep pace with technological advancement
ELECTRONIC TRANSACTIONS ORDINANCE (Cap.553) Enacted on 5 Jan 2000 To provide legal basis for the use of electronic transactions for commercial & other purposes the framework to promote and facilitate the operation of recognized certification authorities (CAs) so as to ensure confidence and security in electronic transactions.
ELECTRONIC TRANSACTIONS ORDINANCE Writing (s.5) Signature (s.6) Presentation & retention of information in electronic records (s.7-8) Electronic contracts (s.17) Certification authority
ELECTRONIC TRANSACTIONS ORDINANCE Purpose of establishing CAs To encourage the use of digital certificates Adopt minimum regulatory control on licensing requirement to encourage private sector involvement Establish Code of Practice to specify the standards and procedures for recognized CAs to carry out their functions
ELECTRONIC TRANSACTIONS ORDINANCE 4 recognized CAs HongkongPost Sign Certification Services Ltd. Joint Electronic Teller Services Ltd. HiTRUST.COM (HK) Incorporated Ltd.
REVIEW OF ETO Legal recognition of other forms of electronic signatures, e.g. PIN, biometrics Security concerns? Legal requirement of “delivery by post or in person” Operation of the voluntary framework for recognition of CAs Exemptions under ETO
COPYRIGHT Current legislation Copyright Ordinance (Cap. 528) Intellectual Property (Miscellaneous Amendments) Bill 2000
COPYRIGHT ORDINANCE (Cap. 528) First enacted in 1997 Incorporate the latest WIPO agreement Require NO registration to enjoy copyright
COPYRIGHT ORDINANCE (S.22) Enshrine the right to copy issue copies to the public rent copies to the public (computer program / sound recording) make copies available to the public perform, show or play the work in public broadcast or include a work in a cable programme service make an adaptation of the work or do any of the above in relation to an adaptation
INTELLECTUAL PROPERTY (MISCELLANEOUS AMENDMENTS) BILL 2000 Original aim: Clarify definition of copyright infringement “For the purpose of trade or business” ==> “For the purpose of, in the course of or in connection with, trade or business” Widen the scope extensively
COPYRIGHT ORDINANCE Copyright (Suspension of Amendments) Bill 2001(June, 2001) Suspended changes in April/01, except Computer Software Movies Sound recordings Television Programs (Drama) Remove the term “ in connection with ”
REVIEW OF COPYRIGHT ORDINANCE Consultation Paper - “Review of Certain Provisions of Copyright Ordinance” (October, 2001) 1. Criminal liabilities of end-users 2. Exception for education purpose 3. Exception for visually impaired persons 4. Free public showing or playing of broadcast or cable programme 5. Parallel importation of copyright works computer software: Copyright (Amendment) Bill Unauthorised reception of subscription television programmes
COPYRIGHT (AMENDMENT) BILL 2001 Parallel importation of copyright works means the importation into HK without the permission of the copyright owner, of a copy of that work which was lawfully made in the country of origin. To remove legal liabilities related to parallel importation of and subsequent dealings in computer software - S.35(3) (4)
PERSONAL DATA (PRIVACY) ORDINANCE (Cap.486) Collection, storage and use of personal data Organization’s identity Organization’s privacy policy statement
PERSONAL DATA (PRIVACY) ORDINANCE Office of Privacy Commissioner for Personal Data (PCO) issued guidelines for users of personal data on the internet “Internet Surfing with Privacy in Mind” Non-compliance with an enforcement notice served by PCO $50,000 fine 2 years imprisonment
PRIVACY AT WORK - NEW ISSUE Consultation Paper on Personal Data Privacy at Work (March 2002) Employee monitoring involves technology Example: monitoring of & computer usage, video monitoring Issue a new Code of Practice on Monitoring and Personal Data Privacy at Work
PRIVACY AT WORK - NEW ISSUE Issues for consultation Collection of monitoring records Notification of monitoring practices Handling of monitoring records Employee monitoring where no record is collected by the employer Grounds for exception from specific provisions of the Code Retention period for employee monitoring records A Code or guideline?
COMPUTER RELATED CRIME
COMPUTER RELATED CRIME
COMPUTER RELATED CRIME LEGISLATION 1992 Computer Crime Bill Amended 3 existing ordinances Telecommunication Ordinance (Cap. 106) Crimes Ordinance (Cap. 200) Theft Ordinance (Cap. 210) Telecommunication Ordinance - S.27A prohibiting unauthorized access to computer by telecommunication, Penalty - fine of $ 20,000
COMPUTER RELATED CRIME LEGISLATION Crimes Ordinance S.59&60 - extending the meaning of criminal damage to property to misuse of a computer program or data Penalty - 10 years’ imprisonment S.85 - extending the meaning of making false entry in bank book of falsification of the books of account kept at any bank in electronic means Penalty - 5 years’ imprisonment
COMPUTER RELATED CRIME LEGISLATION Crimes Ordinance S.161- access to computer with criminal or dishonest intent Penalty - 5 years’ imprisonment
COMPUTER RELATED CRIME LEGISLATION Theft Ordinance S.11 - extending the meaning of “Burglary” to include unlawful causing a computer to function other than as it has been established and altering, erasing or adding any computer program or data Penalty - 14 years’ imprisonment S.19 - Extending the meaning of “False accounting” to include destroying, defecting, concealing or falsifying records kept by computer Penalty - 10 years’ imprisonment
REVIEW OF LEGAL REGIME ON CYBERCRIME The Inter-departmental Working Group on Computer Related Crime (Dec 2000) Reviewed laws concerning computer crime since 1993
AREAS OF CONCERN Re-define “Computer” Clarify gray areas in legislation regarding definition of “computer data”, “access to computer” & “hacking” Increase penalties on certain computer related crime, e.g. “unauthorized access to the computer”and others
CRIMINAL JURISDICTION ORDINANCE Follow the working group‘s recommendations To enable HK courts to exercise jurisdiction, when the following three computer related offences are committed or planned outside the HK unauthorized access to computer; criminal damage relating to the misuse of computer; access to computer with criminal or dishonest intent.
CRIMINAL JURISDICTION ORDINANCE Example - a person in the US “spams” a computer in HK causing it to cease functioning Before - HK courts can only exercise jurisdiction within HK geographical boundaries, unless otherwise specified After - By putting these offences within the scopes of CJO, the prosecution is enabled to lay charge against this offence, even the criminal act is taken place outside HK.
UPCOMING LEGISLATION Registration of Persons (Amendment) Bill (Smart ID Card Project) Inland Revenue (Amendment) (No. 2) Bill 2001 Prevention of Child Pornography Bill
SMART ID CARD PROJECT To be roll-out in mid-2003 The world’s first multi-application mandatory ID card Cost HK$3.6 Billion Citizens free to opt for non-immigration- related applications, e.g. e-Cert, driving licence-related functions, library card Free E-Cert offered by HongKongPost for one year
REGISTRATION OF PERSONS (AMENDMENT) BILL 2001 To provide legal provisions for the roll-out of new Smart ID card project Amendments in 4 areas Changes brought about by a Smart ID card and revised work processes - e.g. data storage, procedures in registration… Inclusion of non-immigration applications in the card Protection of data privacy Launching of the ID Card replacement exercise
INLAND REVENUE (AMENDMENT) (No.2) BILL 2001 To provide a legal basis for the use of password for authentication and fulfillment of signature requirement for tax returns; the filing of tax returns through telephones
INLAND REVENUE (AMENDMENT) (No.2) BILL 2001 Reason for using password As an alternative means for authentication Use telephone as a convenient delivery channel Encourage uptake of electronic transactions Promote e-government Narrow the “Digital Divide”
INLAND REVENUE (AMENDMENT) (No.2) BILL 2001 Security concerns? = digital signature? Is it a secure means for using PASSWORD to file tax return? Is it an appropriate measure for “affixing” a PASSWORD to a return as proposed ? Any legal liability for citizens? e.g. in cases where someone forget the password, should s/he report to police?
PREVENTION OF CHILD PORNOGRAPHY BILL To protect children against sexual exploitation Prohibit child porngraphy and child tourism
Proposed offences and penalties: PREVENTION OF CHILD PORNOGRAPHY BILL
YOU!