IT REGULATORY FRAMEWORK IN HONG KONG The Chinese University of Hong Kong Department of Electronic...

IT REGULATORY FRAMEWORK IN HONG KONG

The Chinese University of Hong Kong

Department of Electronic Engineering

Sin Chung-kaiLegislative Councillor (IT)

January 20, 2003www.sinchungkai.org.hk

www.sinchungkai.org.hk

AGENDA

• Regulatory Approach• Electronic Transactions

Ordinance• Copyright• Privacy• Computer Related Crime• Upcoming legislation


REGULATORY APPROACH

• Avoid undue legislation• Make or amend laws only when

existing ones are not sufficient to deal with the new technological developments

• Encourage self-regulation • By industry associations • e.g. Code of Practice on Regulation of

Obscene and Indecent Material by HKISPA


REGULATORY APPROACH

• Apply existing laws to the cyberspace• Cyberspace: one of the various media

• Publish obscene articles on the web = • Publish obscene articles in printed media = • Infringement

• Technology-neutral approach• Maintain flexibility to keep pace with

technological advancement


ELECTRONIC TRANSACTIONS ORDINANCE (Cap.553)

• Enacted on 5 Jan 2000• To provide legal basis for

• the use of electronic transactions for commercial & other purposes

• the framework to promote and facilitate the operation of recognized certification authorities (CAs) so as to ensure confidence and security in electronic transactions.


ELECTRONIC TRANSACTIONS ORDINANCE

• Writing (s.5)• Signature (s.6)• Presentation & retention of

information in electronic records (s.7-8)

• Electronic contracts (s.17)• Certification authority



• Purpose of establishing CAs• To encourage the use of digital certificates

• Adopt minimum regulatory control on licensing requirement to encourage private sector involvement

• Establish Code of Practice to specify the standards and procedures for recognized CAs to carry out their functions



• 4 recognized CAs• HongkongPost• Sign Certification Services Ltd. • Joint Electronic Teller Services Ltd. • HiTRUST.COM (HK) Incorporated

Ltd.


REVIEW OF ETO

• Legal recognition of other forms of electronic signatures, e.g. PIN, biometrics• Security concerns?

• Legal requirement of “delivery by post or in person”

• Operation of the voluntary framework for recognition of CAs

• Exemptions under ETO


COPYRIGHT

• Current legislation• Copyright Ordinance (Cap. 528)• Intellectual Property (Miscellaneous

Amendments) Bill 2000


COPYRIGHT ORDINANCE (Cap. 528)

• First enacted in 1997• Incorporate the latest WIPO

agreement

• Require NO registration to enjoy copyright


COPYRIGHT ORDINANCE

• (S.22) Enshrine the right to• copy• issue copies to the public• rent copies to the public (computer program

/ sound recording)• make copies available to the public• perform, show or play the work in public• broadcast or include a work in a cable

programme service • make an adaptation of the work or do any of

the above in relation to an adaptation


INTELLECTUAL PROPERTY (MISCELLANEOUS AMENDMENTS) BILL 2000

• Original aim: Clarify definition of copyright infringement

• “For the purpose of trade or business” ==> “For the purpose of, in the course of or in connection with, trade or business”

• Widen the scope extensively


COPYRIGHT ORDINANCE

• Copyright (Suspension of Amendments) Bill 2001(June, 2001) • Suspended changes in April/01,

except • Computer Software• Movies• Sound recordings• Television Programs (Drama)

• Remove the term “in connection with”


REVIEW OF COPYRIGHT ORDINANCE

• Consultation Paper - “Review of Certain Provisions of Copyright Ordinance” (October, 2001)

1. Criminal liabilities of end-users2. Exception for education purpose3. Exception for visually impaired persons4. Free public showing or playing of broadcast

or cable programme5. Parallel importation of copyright works

• computer software: Copyright (Amendment) Bill 2001

6. Unauthorised reception of subscription television programmes


COPYRIGHT (AMENDMENT) BILL 2001

• Parallel importation of copyright works means the importation into HK without the permission of the copyright owner, of a copy of that work which was lawfully made in the country of origin.

• To remove legal liabilities related to parallel importation of and subsequent dealings in computer software - S.35(3) (4)


PERSONAL DATA (PRIVACY) ORDINANCE (Cap.486)

• Collection, storage and use of personal data

• Organization’s identity• Organization’s privacy policy

statement


PERSONAL DATA (PRIVACY) ORDINANCE

• Office of Privacy Commissioner for Personal Data (PCO) issued guidelines for users of personal data on the internet• “Internet Surfing with Privacy in Mind”

• Non-compliance with an enforcement notice served by PCO• $50,000 fine• 2 years imprisonment


PRIVACY AT WORK - NEW ISSUE

• Consultation Paper on Personal Data Privacy at Work (March 2002) • Employee monitoring involves

technology• Example: monitoring of email &

computer usage, video monitoring

• Issue a new Code of Practice on Monitoring and Personal Data Privacy at Work


PRIVACY AT WORK - NEW ISSUE

• Issues for consultation• Collection of monitoring records• Notification of monitoring practices• Handling of monitoring records• Employee monitoring where no record is

collected by the employer• Grounds for exception from specific

provisions of the Code• Retention period for employee monitoring

records• A Code or guideline?


COMPUTER RELATED CRIME

Computer Crimes Cases in HK 1995 - 2002(HongKong Police)

14 21 20

368

235

272

34

317

0

100

200

300

400

1995 1996 1997 1998 1999 2000 2001 2002

To

tal n

um

be

r o

f c

om

pu

ter

rela

ted

cri

me


COMPUTER RELATED CRIME

No. of Computer Crimes Cases in HK 2001/02(HongKong Police)

27

136

16

6

23

33

81

27

32

33

8

21

45

19

Unauthorised Access to Computer by Telecommunication

Access to Computer with Criminal or Dishonest Intent

Criminal Damage (Computer Related)

Obtaining Property by Deception (Online Shopping)

Obtaining Services by Deception (Computer Related)

Thefts (E-banking related)

Others

2002 2001


COMPUTER RELATED CRIME LEGISLATION

• 1992 Computer Crime Bill• Amended 3 existing ordinances

• Telecommunication Ordinance (Cap. 106)

• Crimes Ordinance (Cap. 200)• Theft Ordinance (Cap. 210)

• Telecommunication Ordinance - S.27A

• prohibiting unauthorized access to computer by telecommunication,

• Penalty - fine of $ 20,000



• Crimes Ordinance• S.59&60 - extending the meaning of

criminal damage to property to misuse of a computer program or data

• Penalty - 10 years’ imprisonment

• S.85 - extending the meaning of making false entry in bank book of falsification of the books of account kept at any bank in electronic means




• Crimes Ordinance• S.161- access to computer with criminal

or dishonest intent• Penalty - 5 years’ imprisonment



• Theft Ordinance• S.11 - extending the meaning of

“Burglary” to include unlawful causing a computer to function other than as it has been established and altering, erasing or adding any computer program or data

• Penalty - 14 years’ imprisonment• S.19 - Extending the meaning of “False

accounting” to include destroying, defecting, concealing or falsifying records kept by computer



REVIEW OF LEGAL REGIME ON CYBERCRIME

• The Inter-departmental Working Group on Computer Related Crime (Dec 2000)

• Reviewed laws concerning computer crime since 1993


AREAS OF CONCERN

• Re-define “Computer”• Clarify gray areas in legislation

regarding definition of “computer data”, “access to computer” & “hacking”

• Increase penalties on certain computer related crime, e.g. “unauthorized access to the computer”and others


CRIMINAL JURISDICTION ORDINANCE

• Follow the working group‘s recommendations • To enable HK courts to exercise jurisdiction, when the following three computer related offences are committed or planned outside the HK

• unauthorized access to computer;• criminal damage relating to the misuse of

computer;• access to computer with criminal or

dishonest intent.


CRIMINAL JURISDICTION ORDINANCE

• Example - a person in the US “spams” a computer in HK causing it to cease functioning• Before - HK courts can only exercise jurisdiction within HK geographical boundaries, unless otherwise specified• After - By putting these offences within the scopes of CJO, the prosecution is enabled to lay charge against this offence, even the criminal act is taken place outside HK.


UPCOMING LEGISLATION

• Registration of Persons (Amendment) Bill 2001 - (Smart ID Card Project) • Inland Revenue (Amendment) (No. 2) Bill 2001 • Prevention of Child Pornography Bill


SMART ID CARD PROJECT

• To be roll-out in mid-2003• The world’s first multi-application

mandatory ID card • Cost HK$3.6 Billion• Citizens free to opt for non-immigration-

related applications, e.g. e-Cert, driving licence-related functions, library card

• Free E-Cert offered by HongKongPost for one year


REGISTRATION OF PERSONS (AMENDMENT) BILL 2001• To provide legal provisions for the roll-

out of new Smart ID card project• Amendments in 4 areas

• Changes brought about by a Smart ID card and revised work processes - e.g. data storage, procedures in registration…

• Inclusion of non-immigration applications in the card

• Protection of data privacy • Launching of the ID Card replacement exercise


INLAND REVENUE (AMENDMENT) (No.2) BILL 2001

• To provide a legal basis for • the use of password for authenticatio

n and fulfillment of signature requirement for tax returns;

• the filing of tax returns through telephones



• Reason for using password • As an alternative means for authentication• Use telephone as a convenient delivery ch

annel • Encourage uptake of electronic transactio

ns• Promote e-government • Narrow the “Digital Divide”



• Security concerns? • = digital signature? • Is it a secure means for using PASSWORD

to file tax return?• Is it an appropriate measure for “affixing

” a PASSWORD to a return as proposed ?• Any legal liability for citizens? e.g. in case

s where someone forget the password, should s/he report to police?


PREVENTION OF CHILD PORNOGRAPHY BILL

• To protect children against sexual exploitation • Prohibit child porngraphy and child tourism


Proposed offences and penalties:Printing, making, producing,reproducing, copying,importing or exporting;Publishing;Advertising

8 yrs + $2m or3 yrs + $1m

Possessing 5 yrs + $1m or2yrs + $500,000

PREVENTION OF CHILD PORNOGRAPHY BILL


TH@NK YOU!

IT REGULATORY FRAMEWORK IN HONG KONG The Chinese University of Hong Kong Department of Electronic...

Documents

Transcript of IT REGULATORY FRAMEWORK IN HONG KONG The Chinese University of Hong Kong Department of Electronic...