Date post: | 18-Dec-2015 |
Category: |
Documents |
Upload: | basil-barrett |
View: | 216 times |
Download: | 0 times |
1
Review of the Electronic Review of the Electronic Transactions Ordinance Transactions Ordinance
Information Infrastructure Advisory Committee
9 April 2002
3
Electronic Transactions Electronic Transactions OrdinanceOrdinance
Enacted on 5 January 2000Enacted on 5 January 2000
All provisions came into All provisions came into operation by April 2000operation by April 2000
4
ObjectiveObjective
Provide a clear legal framework Provide a clear legal framework
for the conduct of e-businessfor the conduct of e-business
Enhance confidence in Enhance confidence in
electronic transactionselectronic transactions
5
Provide electronic records and digital Provide electronic records and digital signatures the same legal status as that signatures the same legal status as that of their paper-based counterpartsof their paper-based counterparts
Provide a voluntary recognition scheme Provide a voluntary recognition scheme for certification authoritiesfor certification authorities
Electronic Transactions Electronic Transactions OrdinanceOrdinance
6
E-business developments E-business developments in Hong Kongin Hong Kong
Government took the lead to accept Government took the lead to accept electronic submissions under law for electronic submissions under law for the bulk of legislationthe bulk of legislation
Electronic Service Delivery SchemeElectronic Service Delivery Scheme
7
Established the local public key Established the local public key infrastructureinfrastructure
Two certification authorities recognisedTwo certification authorities recognised
Digital certificates adopted in online Digital certificates adopted in online applications in the public and commercial applications in the public and commercial sectors to ensure security in electronic sectors to ensure security in electronic transactionstransactions
E-business developments in E-business developments in Hong KongHong Kong
8
E-business developments in E-business developments in Hong KongHong Kong
On par in establishing legal framework On par in establishing legal framework with countries advanced in e-business with countries advanced in e-business developmentdevelopment
Hong Kong’s e-business potential and Hong Kong’s e-business potential and readiness widely recognised readiness widely recognised internationallyinternationally
10
Review of Electronic Review of Electronic Transactions OrdinanceTransactions Ordinance
A clear legal framework provides a solid foundation A clear legal framework provides a solid foundation for e-business developmentfor e-business development
Committed to review the Ordinance 18 months after Committed to review the Ordinance 18 months after its enactmentits enactment
To ensure Hong Kong has the most up-to-To ensure Hong Kong has the most up-to-date legislative framework for the conduct of e-date legislative framework for the conduct of e-businessbusiness
11
Factors consideredFactors considered::
- - operational experience gained since operational experience gained since
enactmentenactment
- - technological advancementtechnological advancement
- - social changessocial changes
- - international e-business developmentinternational e-business development
Consulted Government bureaux and departments on Consulted Government bureaux and departments on the implementation of the Ordinancethe implementation of the Ordinance
Review of Electronic Review of Electronic Transactions OrdinanceTransactions Ordinance
13
Legal recognition of other Legal recognition of other forms of electronic signaturesforms of electronic signatures
Legal recognition for digital signatures supported by Legal recognition for digital signatures supported by recognised digital certificates recognised digital certificates
Different electronic authentication technologies and means Different electronic authentication technologies and means developed and adopted by governments and business developed and adopted by governments and business communities around the worldcommunities around the world
Personal identification number Personal identification number ((PIN) commonly used inPIN) commonly used in::
- - banking servicebanking service
- - filing of tax return (Australia, Singapore, UK and USA)filing of tax return (Australia, Singapore, UK and USA)
- - renewal of driving licence (some states in USArenewal of driving licence (some states in USA))
14
Personal identification Personal identification number number ((PIN)PIN)
Where the level of security offered by PIN is Where the level of security offered by PIN is commensurate with the risk of the service involved, commensurate with the risk of the service involved, e.g.e.g.
- - where there is established relationship between the where there is established relationship between the parties involved so that the PIN could be securely parties involved so that the PIN could be securely issued, used and verifiedissued, used and verified
- - where a secure system like the Electronic Service where a secure system like the Electronic Service Delivery Scheme which provides strong encryption Delivery Scheme which provides strong encryption services for data transmission is used services for data transmission is used
15
Personal identification Personal identification number number ((PIN)PIN)
Propose Propose to accept the use of PIN for satisfying to accept the use of PIN for satisfying statutory signature requirements in specified casesstatutory signature requirements in specified cases
Secretary for Information Technology and Secretary for Information Technology and Broadcasting (the Secretary) to specify these cases Broadcasting (the Secretary) to specify these cases by subsidiary legislation by subsidiary legislation
Users will be free to choose PIN, digital certificate or Users will be free to choose PIN, digital certificate or hand-written signaturehand-written signature
16
Considered other means of authentication like Considered other means of authentication like using biometricsusing biometrics
Yet to have institutional arrangement to Yet to have institutional arrangement to support community-wide applicationsupport community-wide application
Yet to gain wide acceptance by the communityYet to gain wide acceptance by the community
Propose Propose to examine at a later stageto examine at a later stage
Legal recognition of other forms of Legal recognition of other forms of electronic signatureselectronic signatures
17
Legal requirement of “delivery Legal requirement of “delivery by post or in person”by post or in person”
Certain legal provisions require Certain legal provisions require documents to be delivered either by documents to be delivered either by post or in personpost or in person
An impediment to the adoption of An impediment to the adoption of electronic transactionselectronic transactions
18
ProposePropose that these legal provisions that these legal provisions
should be automatically construed as should be automatically construed as
covering “delivery by electronic means” covering “delivery by electronic means”
TThe Secretary to specify these he Secretary to specify these
provisions by subsidiary legislationprovisions by subsidiary legislation
Legal requirement of “delivery Legal requirement of “delivery by post or in person”by post or in person”
19
Schedule 1 sets out matters which are exempt Schedule 1 sets out matters which are exempt from the electronic means, e.g. will, trust, power from the electronic means, e.g. will, trust, power of attorney, oath, statutory declaration, etc.of attorney, oath, statutory declaration, etc.
Should retain these exemptions in view of the Should retain these exemptions in view of the solemnity and complexity involvedsolemnity and complexity involved
ProposePropose not to amend Schedule 1 for the time not to amend Schedule 1 for the time beingbeing
Exemptions under the Exemptions under the OrdinanceOrdinance
20
Schedule 2 sets out court and quasi-judicial Schedule 2 sets out court and quasi-judicial proceedings which are exempt from the electronic proceedings which are exempt from the electronic meansmeans
Electronic filing yet to become mature and common Electronic filing yet to become mature and common in the legal professionin the legal profession
Propose Propose not to amend Schedule 2 for the time beingnot to amend Schedule 2 for the time being
Exemptions under the Exemptions under the OrdinanceOrdinance
21
The Secretary had made exclusion The Secretary had made exclusion
order to exclude 202 statutory order to exclude 202 statutory
provisions from the application of provisions from the application of
the Ordinancethe Ordinance
Exemptions under the Exemptions under the OrdinanceOrdinance
22
Exclusions made can be classified into the Exclusions made can be classified into the
following five categoriesfollowing five categories :: - s- solemnity of the matter or document olemnity of the matter or document
involvedinvolved
- on - on operational grounds, e.g. productionoperational grounds, e.g. production
of documents to Government authoritiesof documents to Government authorities
on the spoton the spot
Exemptions under the Exemptions under the OrdinanceOrdinance
23
- - involved submission of voluminous involved submission of voluminous documents or complex plans documents or complex plans
- - compliance with international practicescompliance with international practices
- - to ensure that the Government would be to ensure that the Government would be able to meet itsable to meet its contractual obligationscontractual obligations
Exemptions under the Exemptions under the OrdinanceOrdinance
24
These principles for exemption remain valid These principles for exemption remain valid
todaytoday
Should continue to be adoptedShould continue to be adopted
Will continue to review existing exemptionsWill continue to review existing exemptions
Withdraw exemptions which are or will soon Withdraw exemptions which are or will soon
become unnecessarybecome unnecessary
Exemptions under the Exemptions under the OrdinanceOrdinance
25
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
Director of Information Technology Services (the Director) Director of Information Technology Services (the Director)
will grant recognition to certification authorities (CAs) which will grant recognition to certification authorities (CAs) which
provide a trustworthy serviceprovide a trustworthy service
The Director has published Code of Practice for Recognised The Director has published Code of Practice for Recognised
Certification Authorities (the Code) setting out the standards Certification Authorities (the Code) setting out the standards
and procedures that recognised CAs have to adoptand procedures that recognised CAs have to adopt
Advisory Committee to be consulted on any proposed Advisory Committee to be consulted on any proposed
amendment to the Codeamendment to the Code
26
CA applicants should engage an independent CA applicants should engage an independent
assessor to prepare an assessment reportassessor to prepare an assessment report
Assessment report to state whether the Assessment report to state whether the
applicant is capable of meeting the relevant applicant is capable of meeting the relevant
requirements in the Ordinance and Coderequirements in the Ordinance and Code
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
27
The Director may renew, suspend or revoke the The Director may renew, suspend or revoke the
recognitionrecognition
Established an appeal mechanism; no appeal case so far Established an appeal mechanism; no appeal case so far
Recognised CAs should furnish an assessment report to Recognised CAs should furnish an assessment report to
the Director every twelve monthsthe Director every twelve months
The Director will publish material information in the The Director will publish material information in the
report for public inspectionreport for public inspection
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
28
Smooth implementation of the schemeSmooth implementation of the scheme
Propose Propose not to make any substantial not to make any substantial
changes for the time beingchanges for the time being
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
29
Assessment reports should be prepared Assessment reports should be prepared
by persons approved by the Directorby persons approved by the Director
Assessors shall assess whether the CA is Assessors shall assess whether the CA is
capable of meeting the relevant capable of meeting the relevant
requirements in the Ordinance and Coderequirements in the Ordinance and Code
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
30
An assessment includes requirementsAn assessment includes requirements::
- - related to the trustworthiness (e.g. system related to the trustworthiness (e.g. system
security, procedural safeguard, financial security, procedural safeguard, financial
liability) of the certification serviceliability) of the certification service
- - not related to trustworthiness but other not related to trustworthiness but other
aspects of the operation (e.g.aspects of the operation (e.g.
adoption of discriminatory practices)adoption of discriminatory practices)
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
31
Approved persons may not practically Approved persons may not practically
be able to make an assessment on be able to make an assessment on
whether the applicant is in compliance whether the applicant is in compliance
with those provisions which are not with those provisions which are not
related to the trustworthiness of the related to the trustworthiness of the
certification servicecertification service
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
32
ProposePropose to split the assessment into two parts to split the assessment into two parts :: - the first part concerns trustworthiness of - the first part concerns trustworthiness of
the certification service and to be the certification service and to be
prepared by a qualified and independent prepared by a qualified and independent
person approved by the Directorperson approved by the Director
- - the second part concerns provisions not relatedthe second part concerns provisions not related
to trustworthiness of the certification to trustworthiness of the certification
service that can be dealt with through a declaration service that can be dealt with through a declaration
made by an authorised person of the CAmade by an authorised person of the CA
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
33
The Ordinance requires submission of an The Ordinance requires submission of an
assessment report every twelve monthsassessment report every twelve months
There may be crucial changes in the operation There may be crucial changes in the operation
of the CA in between two annual assessments of the CA in between two annual assessments
which may affect its trustworthinesswhich may affect its trustworthiness
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
34
ProposePropose to empower the Director to ask to empower the Director to ask recognised CA to furnish an assessment recognised CA to furnish an assessment report when there are or will be major changesreport when there are or will be major changes
The assessment report should be prepared by The assessment report should be prepared by persons authorised by the Directorpersons authorised by the Director
It should focus only on the concerns raised by It should focus only on the concerns raised by the Directorthe Director
Voluntary recognition scheme Voluntary recognition scheme
for certification authoritiesfor certification authorities
35
TimetableTimetable
Issued public consultation paper to solicit Issued public consultation paper to solicit
public views (4 March)public views (4 March)
Consulted the Legislative Council Panel on Consulted the Legislative Council Panel on
Information Technology and Broadcasting (11 Information Technology and Broadcasting (11
March)March)
36
Written to relevant organisations to proactively solicit views:
- IT industry organisations
- Organisations which have an interest in e-business
- Legal and professional organisations
- Tertiary institutions
- Other relevant organisations
TimetableTimetable
37
Consultation to end on 30 April 2002Consultation to end on 30 April 2002
To report to IIAC and the Legislative Council To report to IIAC and the Legislative Council on the outcome of the public consultationon the outcome of the public consultation
To introduce legislative amendments in the To introduce legislative amendments in the
2002-03 legislative session2002-03 legislative session
TimetableTimetable