1 Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9...

1

Review of the Electronic Review of the Electronic Transactions Ordinance Transactions Ordinance

Information Infrastructure Advisory Committee

9 April 2002

2

BBackground ackground

3

Electronic Transactions Electronic Transactions OrdinanceOrdinance

Enacted on 5 January 2000Enacted on 5 January 2000

All provisions came into All provisions came into operation by April 2000operation by April 2000

4

ObjectiveObjective

Provide a clear legal framework Provide a clear legal framework

for the conduct of e-businessfor the conduct of e-business

Enhance confidence in Enhance confidence in

electronic transactionselectronic transactions

5

Provide electronic records and digital Provide electronic records and digital signatures the same legal status as that signatures the same legal status as that of their paper-based counterpartsof their paper-based counterparts

Provide a voluntary recognition scheme Provide a voluntary recognition scheme for certification authoritiesfor certification authorities

Electronic Transactions Electronic Transactions OrdinanceOrdinance

6

E-business developments E-business developments in Hong Kongin Hong Kong

Government took the lead to accept Government took the lead to accept electronic submissions under law for electronic submissions under law for the bulk of legislationthe bulk of legislation

Electronic Service Delivery SchemeElectronic Service Delivery Scheme

7

Established the local public key Established the local public key infrastructureinfrastructure

Two certification authorities recognisedTwo certification authorities recognised

Digital certificates adopted in online Digital certificates adopted in online applications in the public and commercial applications in the public and commercial sectors to ensure security in electronic sectors to ensure security in electronic transactionstransactions

E-business developments in E-business developments in Hong KongHong Kong

8

E-business developments in E-business developments in Hong KongHong Kong

On par in establishing legal framework On par in establishing legal framework with countries advanced in e-business with countries advanced in e-business developmentdevelopment

Hong Kong’s e-business potential and Hong Kong’s e-business potential and readiness widely recognised readiness widely recognised internationallyinternationally

9

RRevieweview

10

Review of Electronic Review of Electronic Transactions OrdinanceTransactions Ordinance

A clear legal framework provides a solid foundation A clear legal framework provides a solid foundation for e-business developmentfor e-business development

Committed to review the Ordinance 18 months after Committed to review the Ordinance 18 months after its enactmentits enactment

To ensure Hong Kong has the most up-to-To ensure Hong Kong has the most up-to-date legislative framework for the conduct of e-date legislative framework for the conduct of e-businessbusiness

11

Factors consideredFactors considered::

- - operational experience gained since operational experience gained since

enactmentenactment

- - technological advancementtechnological advancement

- - social changessocial changes

- - international e-business developmentinternational e-business development

Consulted Government bureaux and departments on Consulted Government bureaux and departments on the implementation of the Ordinancethe implementation of the Ordinance

Review of Electronic Review of Electronic Transactions OrdinanceTransactions Ordinance

12

PPreliminary proposalsreliminary proposals

13

Legal recognition of other Legal recognition of other forms of electronic signaturesforms of electronic signatures

Legal recognition for digital signatures supported by Legal recognition for digital signatures supported by recognised digital certificates recognised digital certificates

Different electronic authentication technologies and means Different electronic authentication technologies and means developed and adopted by governments and business developed and adopted by governments and business communities around the worldcommunities around the world

Personal identification number Personal identification number ((PIN) commonly used inPIN) commonly used in::

- - banking servicebanking service

- - filing of tax return (Australia, Singapore, UK and USA)filing of tax return (Australia, Singapore, UK and USA)

- - renewal of driving licence (some states in USArenewal of driving licence (some states in USA))

14

Personal identification Personal identification number number ((PIN)PIN)

Where the level of security offered by PIN is Where the level of security offered by PIN is commensurate with the risk of the service involved, commensurate with the risk of the service involved, e.g.e.g.

- - where there is established relationship between the where there is established relationship between the parties involved so that the PIN could be securely parties involved so that the PIN could be securely issued, used and verifiedissued, used and verified

- - where a secure system like the Electronic Service where a secure system like the Electronic Service Delivery Scheme which provides strong encryption Delivery Scheme which provides strong encryption services for data transmission is used services for data transmission is used

15

Personal identification Personal identification number number ((PIN)PIN)

Propose Propose to accept the use of PIN for satisfying to accept the use of PIN for satisfying statutory signature requirements in specified casesstatutory signature requirements in specified cases

Secretary for Information Technology and Secretary for Information Technology and Broadcasting (the Secretary) to specify these cases Broadcasting (the Secretary) to specify these cases by subsidiary legislation by subsidiary legislation

Users will be free to choose PIN, digital certificate or Users will be free to choose PIN, digital certificate or hand-written signaturehand-written signature

16

Considered other means of authentication like Considered other means of authentication like using biometricsusing biometrics

Yet to have institutional arrangement to Yet to have institutional arrangement to support community-wide applicationsupport community-wide application

Yet to gain wide acceptance by the communityYet to gain wide acceptance by the community

Propose Propose to examine at a later stageto examine at a later stage

Legal recognition of other forms of Legal recognition of other forms of electronic signatureselectronic signatures

17

Legal requirement of “delivery Legal requirement of “delivery by post or in person”by post or in person”

Certain legal provisions require Certain legal provisions require documents to be delivered either by documents to be delivered either by post or in personpost or in person

An impediment to the adoption of An impediment to the adoption of electronic transactionselectronic transactions

18

ProposePropose that these legal provisions that these legal provisions

should be automatically construed as should be automatically construed as

covering “delivery by electronic means” covering “delivery by electronic means”

TThe Secretary to specify these he Secretary to specify these

provisions by subsidiary legislationprovisions by subsidiary legislation

Legal requirement of “delivery Legal requirement of “delivery by post or in person”by post or in person”

19

Schedule 1 sets out matters which are exempt Schedule 1 sets out matters which are exempt from the electronic means, e.g. will, trust, power from the electronic means, e.g. will, trust, power of attorney, oath, statutory declaration, etc.of attorney, oath, statutory declaration, etc.

Should retain these exemptions in view of the Should retain these exemptions in view of the solemnity and complexity involvedsolemnity and complexity involved

ProposePropose not to amend Schedule 1 for the time not to amend Schedule 1 for the time beingbeing

Exemptions under the Exemptions under the OrdinanceOrdinance

20

Schedule 2 sets out court and quasi-judicial Schedule 2 sets out court and quasi-judicial proceedings which are exempt from the electronic proceedings which are exempt from the electronic meansmeans

Electronic filing yet to become mature and common Electronic filing yet to become mature and common in the legal professionin the legal profession

Propose Propose not to amend Schedule 2 for the time beingnot to amend Schedule 2 for the time being


21

The Secretary had made exclusion The Secretary had made exclusion

order to exclude 202 statutory order to exclude 202 statutory

provisions from the application of provisions from the application of

the Ordinancethe Ordinance


22

Exclusions made can be classified into the Exclusions made can be classified into the

following five categoriesfollowing five categories ：： - s- solemnity of the matter or document olemnity of the matter or document

involvedinvolved

- on - on operational grounds, e.g. productionoperational grounds, e.g. production

of documents to Government authoritiesof documents to Government authorities

on the spoton the spot


23

- - involved submission of voluminous involved submission of voluminous documents or complex plans documents or complex plans

- - compliance with international practicescompliance with international practices

- - to ensure that the Government would be to ensure that the Government would be able to meet itsable to meet its contractual obligationscontractual obligations


24

These principles for exemption remain valid These principles for exemption remain valid

todaytoday

Should continue to be adoptedShould continue to be adopted

Will continue to review existing exemptionsWill continue to review existing exemptions

Withdraw exemptions which are or will soon Withdraw exemptions which are or will soon

become unnecessarybecome unnecessary


25

Voluntary recognition scheme Voluntary recognition scheme

for certification authoritiesfor certification authorities

Director of Information Technology Services (the Director) Director of Information Technology Services (the Director)

will grant recognition to certification authorities (CAs) which will grant recognition to certification authorities (CAs) which

provide a trustworthy serviceprovide a trustworthy service

The Director has published Code of Practice for Recognised The Director has published Code of Practice for Recognised

Certification Authorities (the Code) setting out the standards Certification Authorities (the Code) setting out the standards

and procedures that recognised CAs have to adoptand procedures that recognised CAs have to adopt

Advisory Committee to be consulted on any proposed Advisory Committee to be consulted on any proposed

amendment to the Codeamendment to the Code

26

CA applicants should engage an independent CA applicants should engage an independent

assessor to prepare an assessment reportassessor to prepare an assessment report

Assessment report to state whether the Assessment report to state whether the

applicant is capable of meeting the relevant applicant is capable of meeting the relevant

requirements in the Ordinance and Coderequirements in the Ordinance and Code



27

The Director may renew, suspend or revoke the The Director may renew, suspend or revoke the

recognitionrecognition

Established an appeal mechanism; no appeal case so far Established an appeal mechanism; no appeal case so far

Recognised CAs should furnish an assessment report to Recognised CAs should furnish an assessment report to

the Director every twelve monthsthe Director every twelve months

The Director will publish material information in the The Director will publish material information in the

report for public inspectionreport for public inspection



28

Smooth implementation of the schemeSmooth implementation of the scheme

Propose Propose not to make any substantial not to make any substantial

changes for the time beingchanges for the time being



29

Assessment reports should be prepared Assessment reports should be prepared

by persons approved by the Directorby persons approved by the Director

Assessors shall assess whether the CA is Assessors shall assess whether the CA is

capable of meeting the relevant capable of meeting the relevant

requirements in the Ordinance and Coderequirements in the Ordinance and Code



30

An assessment includes requirementsAn assessment includes requirements::

- - related to the trustworthiness (e.g. system related to the trustworthiness (e.g. system

security, procedural safeguard, financial security, procedural safeguard, financial

liability) of the certification serviceliability) of the certification service

- - not related to trustworthiness but other not related to trustworthiness but other

aspects of the operation (e.g.aspects of the operation (e.g.

adoption of discriminatory practices)adoption of discriminatory practices)



31

Approved persons may not practically Approved persons may not practically

be able to make an assessment on be able to make an assessment on

whether the applicant is in compliance whether the applicant is in compliance

with those provisions which are not with those provisions which are not

related to the trustworthiness of the related to the trustworthiness of the

certification servicecertification service



32

ProposePropose to split the assessment into two parts to split the assessment into two parts ：： - the first part concerns trustworthiness of - the first part concerns trustworthiness of

the certification service and to be the certification service and to be

prepared by a qualified and independent prepared by a qualified and independent

person approved by the Directorperson approved by the Director

- - the second part concerns provisions not relatedthe second part concerns provisions not related

to trustworthiness of the certification to trustworthiness of the certification

service that can be dealt with through a declaration service that can be dealt with through a declaration

made by an authorised person of the CAmade by an authorised person of the CA



33

The Ordinance requires submission of an The Ordinance requires submission of an

assessment report every twelve monthsassessment report every twelve months

There may be crucial changes in the operation There may be crucial changes in the operation

of the CA in between two annual assessments of the CA in between two annual assessments

which may affect its trustworthinesswhich may affect its trustworthiness



34

ProposePropose to empower the Director to ask to empower the Director to ask recognised CA to furnish an assessment recognised CA to furnish an assessment report when there are or will be major changesreport when there are or will be major changes

The assessment report should be prepared by The assessment report should be prepared by persons authorised by the Directorpersons authorised by the Director

It should focus only on the concerns raised by It should focus only on the concerns raised by the Directorthe Director



35

TimetableTimetable

Issued public consultation paper to solicit Issued public consultation paper to solicit

public views (4 March)public views (4 March)

Consulted the Legislative Council Panel on Consulted the Legislative Council Panel on

Information Technology and Broadcasting (11 Information Technology and Broadcasting (11

March)March)

36

Written to relevant organisations to proactively solicit views:

- IT industry organisations

- Organisations which have an interest in e-business

- Legal and professional organisations

- Tertiary institutions

- Other relevant organisations

TimetableTimetable

37

Consultation to end on 30 April 2002Consultation to end on 30 April 2002

To report to IIAC and the Legislative Council To report to IIAC and the Legislative Council on the outcome of the public consultationon the outcome of the public consultation

To introduce legislative amendments in the To introduce legislative amendments in the

2002-03 legislative session2002-03 legislative session

TimetableTimetable

38

IInvite Members’ views on nvite Members’ views on the reviewthe review

1 Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9...

Documents

Transcript of 1 Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9...