380 likes | 382 Views
Review of the Electronic Transactions Ordinance. Information Infrastructure Advisory Committee 9 April 2002. B ackground. Electronic Transactions Ordinance. Enacted on 5 January 2000 All provisions came into operation by April 2000. Objective.
E N D
Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002
Electronic Transactions Ordinance • Enacted on 5 January 2000 • All provisions came into operation by April 2000
Objective • Provide a clear legal framework for the conduct of e-business • Enhance confidence in electronic transactions
Electronic Transactions Ordinance • Provide electronic records and digital signatures the same legal status as that of their paper-based counterparts • Provide a voluntary recognition scheme for certification authorities
E-business developments in Hong Kong • Government took the lead to accept electronic submissions under law for the bulk of legislation • Electronic Service Delivery Scheme
E-business developments in Hong Kong • Established the local public key infrastructure • Two certification authorities recognised • Digital certificates adopted in online applications in the public and commercial sectors to ensure security in electronic transactions
E-business developments in Hong Kong • On par in establishing legal framework with countries advanced in e-business development • Hong Kong’s e-business potential and readiness widely recognised internationally
Review of Electronic Transactions Ordinance • A clear legal framework provides a solid foundation for e-business development • Committed to review the Ordinance 18 months after its enactment • To ensure Hong Kong has the most up-to-date legislative framework for the conduct of e-business
Review of Electronic Transactions Ordinance • Factors considered: - operational experience gained since enactment - technological advancement - social changes - international e-business development • Consulted Government bureaux and departments on the implementation of the Ordinance
Legal recognition of other forms of electronic signatures • Legal recognition for digital signatures supported by recognised digital certificates • Different electronic authentication technologies and means developed and adopted by governments and business communities around the world • Personal identification number (PIN) commonly used in: - banking service - filing of tax return (Australia, Singapore, UK and USA) - renewal of driving licence (some states in USA)
Personal identification number (PIN) • Where the level of security offered by PIN is commensurate with the risk of the service involved, e.g. - where there is established relationship between the parties involved so that the PIN could be securely issued, used and verified - where a secure system like the Electronic Service Delivery Scheme which provides strong encryption services for data transmission is used
Personal identification number (PIN) • Propose to accept the use of PIN for satisfying statutory signature requirements in specified cases • Secretary for Information Technology and Broadcasting (the Secretary) to specify these cases by subsidiary legislation • Users will be free to choose PIN, digital certificate or hand-written signature
Legal recognition of other forms of electronic signatures • Considered other means of authentication like using biometrics • Yet to have institutional arrangement to support community-wide application • Yet to gain wide acceptance by the community • Propose to examine at a later stage
Legal requirement of “delivery by post or in person” • Certain legal provisions require documents to be delivered either by post or in person • An impediment to the adoption of electronic transactions
Legal requirement of “delivery by post or in person” • Propose that these legal provisions should be automatically construed as covering “delivery by electronic means” • The Secretary to specify these provisions by subsidiary legislation
Exemptions under the Ordinance • Schedule 1 sets out matters which are exempt from the electronic means, e.g. will, trust, power of attorney, oath, statutory declaration, etc. • Should retain these exemptions in view of the solemnity and complexity involved • Propose not to amend Schedule 1 for the time being
Exemptions under the Ordinance • Schedule 2 sets out court and quasi-judicial proceedings which are exempt from the electronic means • Electronic filing yet to become mature and common in the legal profession • Propose not to amend Schedule 2 for the time being
Exemptions under the Ordinance • The Secretary had made exclusion order to exclude 202 statutory provisions from the application of the Ordinance
Exemptions under the Ordinance • Exclusions made can be classified into the following five categories: - solemnity of the matter or document involved - on operational grounds, e.g. production of documents to Government authorities on the spot
Exemptions under the Ordinance - involved submission of voluminous documents or complex plans - compliance with international practices - to ensure that the Government would be able to meet its contractual obligations
Exemptions under the Ordinance • These principles for exemption remain valid today • Should continue to be adopted • Will continue to review existing exemptions • Withdraw exemptions which are or will soon become unnecessary
Voluntary recognition scheme for certification authorities • Director of Information Technology Services (the Director) will grant recognition to certification authorities (CAs) which provide a trustworthy service • The Director has published Code of Practice for Recognised Certification Authorities (the Code) setting out the standards and procedures that recognised CAs have to adopt • Advisory Committee to be consulted on any proposed amendment to the Code
Voluntary recognition scheme for certification authorities • CA applicants should engage an independent assessor to prepare an assessment report • Assessment report to state whether the applicant is capable of meeting the relevant requirements in the Ordinance and Code
Voluntary recognition scheme for certification authorities • The Director may renew, suspend or revoke the recognition • Established an appeal mechanism; no appeal case so far • Recognised CAs should furnish an assessment report to the Director every twelve months • The Director will publish material information in the report for public inspection
Voluntary recognition scheme for certification authorities • Smooth implementation of the scheme • Propose not to make any substantial changes for the time being
Voluntary recognition scheme for certification authorities • Assessment reports should be prepared by persons approved by the Director • Assessors shall assess whether the CA is capable of meeting the relevant requirements in the Ordinance and Code
Voluntary recognition scheme for certification authorities • An assessment includes requirements: - related to the trustworthiness (e.g. system security, procedural safeguard, financial liability) of the certification service - not related to trustworthiness but other aspects of the operation (e.g. adoption of discriminatory practices)
Voluntary recognition scheme for certification authorities • Approved persons may not practically be able to make an assessment on whether the applicant is in compliance with those provisions which are not related to the trustworthiness of the certification service
Voluntary recognition scheme for certification authorities • Propose to split the assessment into two parts: - the first part concerns trustworthiness of the certification service and to be prepared by a qualified and independent person approved by the Director - the second part concerns provisions not related to trustworthiness of the certification service that can be dealt with through a declaration made by an authorised person of the CA
Voluntary recognition scheme for certification authorities • The Ordinance requires submission of an assessment report every twelve months • There may be crucial changes in the operation of the CA in between two annual assessments which may affect its trustworthiness
Voluntary recognition scheme for certification authorities • Propose to empower the Director to ask recognised CA to furnish an assessment report when there are or will be major changes • The assessment report should be prepared by persons authorised by the Director • It should focus only on the concerns raised by the Director
Timetable • Issued public consultation paper to solicit public views (4 March) • Consulted the Legislative Council Panel on Information Technology and Broadcasting (11 March)
Timetable • Written to relevant organisations to proactively solicit views: - IT industry organisations - Organisations which have an interest in e-business - Legal and professional organisations - Tertiary institutions - Other relevant organisations
Timetable • Consultation to end on 30 April 2002 • To report to IIAC and the Legislative Council on the outcome of the public consultation • To introduce legislative amendments in the 2002-03 legislative session