View
218
Download
0
Tags:
Embed Size (px)
Citation preview
IT REGULATORY FRAMEWORK IN HONG KONG
The Chinese University of Hong Kong
Department of Electronic Engineering
Sin Chung-kaiLegislative Councillor (IT)
January 20, 2003www.sinchungkai.org.hk
www.sinchungkai.org.hk
AGENDA
• Regulatory Approach• Electronic Transactions
Ordinance• Copyright• Privacy• Computer Related Crime• Upcoming legislation
www.sinchungkai.org.hk
REGULATORY APPROACH
• Avoid undue legislation• Make or amend laws only when
existing ones are not sufficient to deal with the new technological developments
• Encourage self-regulation • By industry associations • e.g. Code of Practice on Regulation of
Obscene and Indecent Material by HKISPA
www.sinchungkai.org.hk
REGULATORY APPROACH
• Apply existing laws to the cyberspace• Cyberspace: one of the various media
• Publish obscene articles on the web = • Publish obscene articles in printed media = • Infringement
• Technology-neutral approach• Maintain flexibility to keep pace with
technological advancement
www.sinchungkai.org.hk
ELECTRONIC TRANSACTIONS ORDINANCE (Cap.553)
• Enacted on 5 Jan 2000• To provide legal basis for
• the use of electronic transactions for commercial & other purposes
• the framework to promote and facilitate the operation of recognized certification authorities (CAs) so as to ensure confidence and security in electronic transactions.
www.sinchungkai.org.hk
ELECTRONIC TRANSACTIONS ORDINANCE
• Writing (s.5)• Signature (s.6)• Presentation & retention of
information in electronic records (s.7-8)
• Electronic contracts (s.17)• Certification authority
www.sinchungkai.org.hk
ELECTRONIC TRANSACTIONS ORDINANCE
• Purpose of establishing CAs• To encourage the use of digital certificates
• Adopt minimum regulatory control on licensing requirement to encourage private sector involvement
• Establish Code of Practice to specify the standards and procedures for recognized CAs to carry out their functions
www.sinchungkai.org.hk
ELECTRONIC TRANSACTIONS ORDINANCE
• 4 recognized CAs• HongkongPost• Sign Certification Services Ltd. • Joint Electronic Teller Services Ltd. • HiTRUST.COM (HK) Incorporated
Ltd.
www.sinchungkai.org.hk
REVIEW OF ETO
• Legal recognition of other forms of electronic signatures, e.g. PIN, biometrics• Security concerns?
• Legal requirement of “delivery by post or in person”
• Operation of the voluntary framework for recognition of CAs
• Exemptions under ETO
www.sinchungkai.org.hk
COPYRIGHT
• Current legislation• Copyright Ordinance (Cap. 528)• Intellectual Property (Miscellaneous
Amendments) Bill 2000
www.sinchungkai.org.hk
COPYRIGHT ORDINANCE (Cap. 528)
• First enacted in 1997• Incorporate the latest WIPO
agreement
• Require NO registration to enjoy copyright
www.sinchungkai.org.hk
COPYRIGHT ORDINANCE
• (S.22) Enshrine the right to• copy• issue copies to the public• rent copies to the public (computer program
/ sound recording)• make copies available to the public• perform, show or play the work in public• broadcast or include a work in a cable
programme service • make an adaptation of the work or do any of
the above in relation to an adaptation
www.sinchungkai.org.hk
INTELLECTUAL PROPERTY (MISCELLANEOUS AMENDMENTS) BILL 2000
• Original aim: Clarify definition of copyright infringement
• “For the purpose of trade or business” ==> “For the purpose of, in the course of or in connection with, trade or business”
• Widen the scope extensively
www.sinchungkai.org.hk
COPYRIGHT ORDINANCE
• Copyright (Suspension of Amendments) Bill 2001(June, 2001) • Suspended changes in April/01,
except • Computer Software• Movies• Sound recordings• Television Programs (Drama)
• Remove the term “in connection with”
www.sinchungkai.org.hk
REVIEW OF COPYRIGHT ORDINANCE
• Consultation Paper - “Review of Certain Provisions of Copyright Ordinance” (October, 2001)
1. Criminal liabilities of end-users2. Exception for education purpose3. Exception for visually impaired persons4. Free public showing or playing of broadcast
or cable programme5. Parallel importation of copyright works
• computer software: Copyright (Amendment) Bill 2001
6. Unauthorised reception of subscription television programmes
www.sinchungkai.org.hk
COPYRIGHT (AMENDMENT) BILL 2001
• Parallel importation of copyright works means the importation into HK without the permission of the copyright owner, of a copy of that work which was lawfully made in the country of origin.
• To remove legal liabilities related to parallel importation of and subsequent dealings in computer software - S.35(3) (4)
www.sinchungkai.org.hk
PERSONAL DATA (PRIVACY) ORDINANCE (Cap.486)
• Collection, storage and use of personal data
• Organization’s identity• Organization’s privacy policy
statement
www.sinchungkai.org.hk
PERSONAL DATA (PRIVACY) ORDINANCE
• Office of Privacy Commissioner for Personal Data (PCO) issued guidelines for users of personal data on the internet• “Internet Surfing with Privacy in Mind”
• Non-compliance with an enforcement notice served by PCO• $50,000 fine• 2 years imprisonment
www.sinchungkai.org.hk
PRIVACY AT WORK - NEW ISSUE
• Consultation Paper on Personal Data Privacy at Work (March 2002) • Employee monitoring involves
technology• Example: monitoring of email &
computer usage, video monitoring
• Issue a new Code of Practice on Monitoring and Personal Data Privacy at Work
www.sinchungkai.org.hk
PRIVACY AT WORK - NEW ISSUE
• Issues for consultation• Collection of monitoring records• Notification of monitoring practices• Handling of monitoring records• Employee monitoring where no record is
collected by the employer• Grounds for exception from specific
provisions of the Code• Retention period for employee monitoring
records• A Code or guideline?
www.sinchungkai.org.hk
COMPUTER RELATED CRIME
Computer Crimes Cases in HK 1995 - 2002(HongKong Police)
14 21 20
368
235
272
34
317
0
100
200
300
400
1995 1996 1997 1998 1999 2000 2001 2002
To
tal n
um
be
r o
f c
om
pu
ter
rela
ted
cri
me
www.sinchungkai.org.hk
COMPUTER RELATED CRIME
No. of Computer Crimes Cases in HK 2001/02(HongKong Police)
27
136
16
6
23
33
81
27
32
33
8
21
45
19
Unauthorised Access to Computer by Telecommunication
Access to Computer with Criminal or Dishonest Intent
Criminal Damage (Computer Related)
Obtaining Property by Deception (Online Shopping)
Obtaining Services by Deception (Computer Related)
Thefts (E-banking related)
Others
2002 2001
www.sinchungkai.org.hk
COMPUTER RELATED CRIME LEGISLATION
• 1992 Computer Crime Bill• Amended 3 existing ordinances
• Telecommunication Ordinance (Cap. 106)
• Crimes Ordinance (Cap. 200)• Theft Ordinance (Cap. 210)
• Telecommunication Ordinance - S.27A
• prohibiting unauthorized access to computer by telecommunication,
• Penalty - fine of $ 20,000
www.sinchungkai.org.hk
COMPUTER RELATED CRIME LEGISLATION
• Crimes Ordinance• S.59&60 - extending the meaning of
criminal damage to property to misuse of a computer program or data
• Penalty - 10 years’ imprisonment
• S.85 - extending the meaning of making false entry in bank book of falsification of the books of account kept at any bank in electronic means
• Penalty - 5 years’ imprisonment
www.sinchungkai.org.hk
COMPUTER RELATED CRIME LEGISLATION
• Crimes Ordinance• S.161- access to computer with criminal
or dishonest intent• Penalty - 5 years’ imprisonment
www.sinchungkai.org.hk
COMPUTER RELATED CRIME LEGISLATION
• Theft Ordinance• S.11 - extending the meaning of
“Burglary” to include unlawful causing a computer to function other than as it has been established and altering, erasing or adding any computer program or data
• Penalty - 14 years’ imprisonment• S.19 - Extending the meaning of “False
accounting” to include destroying, defecting, concealing or falsifying records kept by computer
• Penalty - 10 years’ imprisonment
www.sinchungkai.org.hk
REVIEW OF LEGAL REGIME ON CYBERCRIME
• The Inter-departmental Working Group on Computer Related Crime (Dec 2000)
• Reviewed laws concerning computer crime since 1993
www.sinchungkai.org.hk
AREAS OF CONCERN
• Re-define “Computer”• Clarify gray areas in legislation
regarding definition of “computer data”, “access to computer” & “hacking”
• Increase penalties on certain computer related crime, e.g. “unauthorized access to the computer”and others
www.sinchungkai.org.hk
CRIMINAL JURISDICTION ORDINANCE
• Follow the working group‘s recommendations • To enable HK courts to exercise jurisdiction, when the following three computer related offences are committed or planned outside the HK
• unauthorized access to computer;• criminal damage relating to the misuse of
computer;• access to computer with criminal or
dishonest intent.
www.sinchungkai.org.hk
CRIMINAL JURISDICTION ORDINANCE
• Example - a person in the US “spams” a computer in HK causing it to cease functioning• Before - HK courts can only exercise jurisdiction within HK geographical boundaries, unless otherwise specified• After - By putting these offences within the scopes of CJO, the prosecution is enabled to lay charge against this offence, even the criminal act is taken place outside HK.
www.sinchungkai.org.hk
UPCOMING LEGISLATION
• Registration of Persons (Amendment) Bill 2001 - (Smart ID Card Project) • Inland Revenue (Amendment) (No. 2) Bill 2001 • Prevention of Child Pornography Bill
www.sinchungkai.org.hk
SMART ID CARD PROJECT
• To be roll-out in mid-2003• The world’s first multi-application
mandatory ID card • Cost HK$3.6 Billion• Citizens free to opt for non-immigration-
related applications, e.g. e-Cert, driving licence-related functions, library card
• Free E-Cert offered by HongKongPost for one year
www.sinchungkai.org.hk
REGISTRATION OF PERSONS (AMENDMENT) BILL 2001• To provide legal provisions for the roll-
out of new Smart ID card project• Amendments in 4 areas
• Changes brought about by a Smart ID card and revised work processes - e.g. data storage, procedures in registration…
• Inclusion of non-immigration applications in the card
• Protection of data privacy • Launching of the ID Card replacement exercise
www.sinchungkai.org.hk
INLAND REVENUE (AMENDMENT) (No.2) BILL 2001
• To provide a legal basis for • the use of password for authenticatio
n and fulfillment of signature requirement for tax returns;
• the filing of tax returns through telephones
www.sinchungkai.org.hk
INLAND REVENUE (AMENDMENT) (No.2) BILL 2001
• Reason for using password • As an alternative means for authentication• Use telephone as a convenient delivery ch
annel • Encourage uptake of electronic transactio
ns• Promote e-government • Narrow the “Digital Divide”
www.sinchungkai.org.hk
INLAND REVENUE (AMENDMENT) (No.2) BILL 2001
• Security concerns? • = digital signature? • Is it a secure means for using PASSWORD
to file tax return?• Is it an appropriate measure for “affixing
” a PASSWORD to a return as proposed ?• Any legal liability for citizens? e.g. in case
s where someone forget the password, should s/he report to police?
www.sinchungkai.org.hk
PREVENTION OF CHILD PORNOGRAPHY BILL
• To protect children against sexual exploitation • Prohibit child porngraphy and child tourism
www.sinchungkai.org.hk
Proposed offences and penalties:Printing, making, producing,reproducing, copying,importing or exporting;Publishing;Advertising
8 yrs + $2m or3 yrs + $1m
Possessing 5 yrs + $1m or2yrs + $500,000
PREVENTION OF CHILD PORNOGRAPHY BILL