Review of the Electronic Transactions Ordinance Information Infrastructure

  • Slides: 38
Download presentation
Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002 1

Review of the Electronic Transactions Ordinance Information Infrastructure Advisory Committee 9 April 2002 1

Background 2

Background 2

Electronic Transactions Ordinance r Enacted on 5 January 2000 r All provisions came into

Electronic Transactions Ordinance r Enacted on 5 January 2000 r All provisions came into operation by April 2000 3

Objective r Provide a clear legal framework for the conduct of e-business r Enhance

Objective r Provide a clear legal framework for the conduct of e-business r Enhance confidence in electronic transactions 4

Electronic Transactions Ordinance r Provide electronic records and digital signatures the same legal status

Electronic Transactions Ordinance r Provide electronic records and digital signatures the same legal status as that of their paper-based counterparts r Provide a voluntary recognition scheme for certification authorities 5

E-business developments in Hong Kong r Government took the lead to accept electronic submissions

E-business developments in Hong Kong r Government took the lead to accept electronic submissions under law for the bulk of legislation r Electronic Service Delivery Scheme 6

E-business developments in Hong Kong r Established the local public key infrastructure r Two

E-business developments in Hong Kong r Established the local public key infrastructure r Two certification authorities recognised r Digital certificates adopted in online applications in the public and commercial sectors to ensure security in electronic transactions 7

E-business developments in Hong Kong On par in establishing legal framework with countries advanced

E-business developments in Hong Kong On par in establishing legal framework with countries advanced in e-business development n Hong Kong’s e-business potential and readiness widely recognised internationally n 8

Review 9

Review 9

Review of Electronic Transactions Ordinance 1. A clear legal framework provides a solid foundation

Review of Electronic Transactions Ordinance 1. A clear legal framework provides a solid foundation for e-business development 2. Committed to review the Ordinance 18 months after its enactment 3. To ensure Hong Kong has the most up-to-date legislative framework for the conduct of e-business 10

Review of Electronic Transactions Ordinance r Factors considered: - operational experience gained since enactment

Review of Electronic Transactions Ordinance r Factors considered: - operational experience gained since enactment - technological advancement - social changes - international e-business development r Consulted Government bureaux and departments on the implementation of the Ordinance 11

Preliminary proposals 12

Preliminary proposals 12

Legal recognition of other forms of electronic signatures r Legal recognition for digital signatures

Legal recognition of other forms of electronic signatures r Legal recognition for digital signatures supported by recognised digital certificates r Different electronic authentication technologies and means developed and adopted by governments and business communities around the world r Personal identification number (PIN) commonly used in: - banking service - filing of tax return (Australia, Singapore, UK and USA) - renewal of driving licence (some states in USA) 13

Personal identification number (PIN) r Where the level of security offered by PIN is

Personal identification number (PIN) r Where the level of security offered by PIN is commensurate with the risk of the service involved, e. g. - where there is established relationship between the parties involved so that the PIN could be securely issued, used and verified - where a secure system like the Electronic Service Delivery Scheme which provides strong encryption services for data transmission is used 14

Personal identification number (PIN) r Propose to accept the use of PIN for satisfying

Personal identification number (PIN) r Propose to accept the use of PIN for satisfying statutory signature requirements in specified cases r Secretary for Information Technology and Broadcasting (the Secretary) to specify these cases by subsidiary legislation r Users will be free to choose PIN, digital certificate or hand-written signature 15

Legal recognition of other forms of electronic signatures r Considered other means of authentication

Legal recognition of other forms of electronic signatures r Considered other means of authentication like using biometrics r Yet to have institutional arrangement to support community-wide application r Yet to gain wide acceptance by the community r Propose to examine at a later stage 16

Legal requirement of “delivery by post or in person” r Certain legal provisions require

Legal requirement of “delivery by post or in person” r Certain legal provisions require documents to be delivered either by post or in person r An impediment to the adoption of electronic transactions 17

Legal requirement of “delivery by post or in person” r Propose that these legal

Legal requirement of “delivery by post or in person” r Propose that these legal provisions should be automatically construed as covering “delivery by electronic means” r The Secretary to specify these provisions by subsidiary legislation 18

Exemptions under the Ordinance r Schedule 1 sets out matters which are exempt from

Exemptions under the Ordinance r Schedule 1 sets out matters which are exempt from the electronic means, e. g. will, trust, power of attorney, oath, statutory declaration, etc. r Should retain these exemptions in view of the solemnity and complexity involved r Propose not to amend Schedule 1 for the time being 19

Exemptions under the Ordinance r Schedule 2 sets out court and quasi-judicial proceedings which

Exemptions under the Ordinance r Schedule 2 sets out court and quasi-judicial proceedings which are exempt from the electronic means r Electronic filing yet to become mature and common in the legal profession r Propose not to amend Schedule 2 for the time 20 being

Exemptions under the Ordinance r The Secretary had made exclusion order to exclude 202

Exemptions under the Ordinance r The Secretary had made exclusion order to exclude 202 statutory provisions from the application of the Ordinance 21

Exemptions under the Ordinance r Exclusions made can be classified into the following five

Exemptions under the Ordinance r Exclusions made can be classified into the following five categories: - solemnity of the matter or document involved - on operational grounds, e. g. production of documents to Government authorities on the spot 22

Exemptions under the Ordinance - involved submission of voluminous documents or complex plans -

Exemptions under the Ordinance - involved submission of voluminous documents or complex plans - compliance with international practices 23

Exemptions under the Ordinance r These principles for exemption remain valid today r Should

Exemptions under the Ordinance r These principles for exemption remain valid today r Should continue to be adopted r Will continue to review existing exemptions r Withdraw exemptions which are or will soon become unnecessary 24

Voluntary recognition scheme for certification authorities r Director of Information Technology Services (the Director)

Voluntary recognition scheme for certification authorities r Director of Information Technology Services (the Director) will grant recognition to certification authorities (CAs) which provide a trustworthy service r The Director has published Code of Practice for Recognised Certification Authorities (the Code) setting out the standards and procedures that recognised CAs have to adopt r Advisory Committee to be consulted on any proposed amendment to the Code 25

Voluntary recognition scheme for certification authorities r CA applicants should engage an independent assessor

Voluntary recognition scheme for certification authorities r CA applicants should engage an independent assessor to prepare an assessment report r Assessment report to state whether the applicant is capable of meeting the relevant requirements in the Ordinance and Code 26

Voluntary recognition scheme for certification authorities r The Director may renew, suspend or revoke

Voluntary recognition scheme for certification authorities r The Director may renew, suspend or revoke the recognition r Established an appeal mechanism; no appeal case so far r Recognised CAs should furnish an assessment report to the Director every twelve months r The Director will publish material information in the report for public inspection 27

Voluntary recognition scheme for certification authorities r Smooth implementation of the scheme r Propose

Voluntary recognition scheme for certification authorities r Smooth implementation of the scheme r Propose not to make any substantial changes for the time being 28

Voluntary recognition scheme for certification authorities r Assessment reports should be prepared by persons

Voluntary recognition scheme for certification authorities r Assessment reports should be prepared by persons approved by the Director r Assessors shall assess whether the CA is capable of meeting the relevant requirements in the Ordinance and Code 29

Voluntary recognition scheme for certification authorities r An assessment includes requirements: - related to

Voluntary recognition scheme for certification authorities r An assessment includes requirements: - related to the trustworthiness (e. g. system security, procedural safeguard, financial liability) of the certification service - not related to trustworthiness but other aspects of the operation (e. g. adoption of discriminatory practices) 30

Voluntary recognition scheme for certification authorities r Approved persons may not practically be able

Voluntary recognition scheme for certification authorities r Approved persons may not practically be able to make an assessment on whether the applicant is in compliance with those provisions which are not related to the trustworthiness of the certification service 31

Voluntary recognition scheme for certification authorities r Propose to split the assessment into two

Voluntary recognition scheme for certification authorities r Propose to split the assessment into two parts: - the first part concerns trustworthiness of the certification service and to be prepared by a qualified and independent person approved by the Director - the second part concerns provisions not related to trustworthiness of the certification service that can be dealt with through a declaration made by an authorised person of the CA 32

Voluntary recognition scheme for certification authorities r The Ordinance requires submission of an assessment

Voluntary recognition scheme for certification authorities r The Ordinance requires submission of an assessment report every twelve months r There may be crucial changes in the operation of the CA in between two annual assessments which may affect its trustworthiness 33

Voluntary recognition scheme for certification authorities r Propose to empower the Director to ask

Voluntary recognition scheme for certification authorities r Propose to empower the Director to ask recognised CA to furnish an assessment report when there are or will be major changes r The assessment report should be prepared by persons authorised by the Director r It should focus only on the concerns raised by the Director 34

Timetable r Issued public consultation paper to solicit public views (4 March) r Consulted

Timetable r Issued public consultation paper to solicit public views (4 March) r Consulted the Legislative Council Panel on Information Technology and Broadcasting (11 March) 35

Timetable r Written to relevant organisations to proactively solicit views: - IT industry organisations

Timetable r Written to relevant organisations to proactively solicit views: - IT industry organisations - Organisations which have an interest in e -business - Legal and professional organisations - Tertiary institutions - Other relevant organisations 36

Timetable r Consultation to end on 30 April 2002 r To report to IIAC

Timetable r Consultation to end on 30 April 2002 r To report to IIAC and the Legislative Council on the outcome of the public consultation r To introduce legislative amendments in the 2002 -03 legislative session 37

Invite Members’ views on the review 38

Invite Members’ views on the review 38

Distributed Transactions 1 Transactions Distributed DBMS Model transactionsDistributed Transactions 1 Transactions Distributed DBMS Model transactions
THE NORTHWEST ORDINANCE of 1787 THE NORTHWEST ORDINANCETHE NORTHWEST ORDINANCE of 1787 THE NORTHWEST ORDINANCE
LOCAL ORDINANCES ORDINANCE NO 790 AN ORDINANCE TOLOCAL ORDINANCES ORDINANCE NO 790 AN ORDINANCE TO
THE NORTHWEST ORDINANCE of 1787 THE NORTHWEST ORDINANCETHE NORTHWEST ORDINANCE of 1787 THE NORTHWEST ORDINANCE
POCSO Act 2012 New Ordinance Ordinance has alreadyPOCSO Act 2012 New Ordinance Ordinance has already
VOCABULARY Land Ordinance of 1785 Debt Northwest OrdinanceVOCABULARY Land Ordinance of 1785 Debt Northwest Ordinance
Land Ordinance of 1785 Land Ordinance of 1785Land Ordinance of 1785 Land Ordinance of 1785
NORTHWEST ORDINANCE The Northwest Ordinance 1787 was anNORTHWEST ORDINANCE The Northwest Ordinance 1787 was an
Contempt of Court Ordinance Contempt of Court OrdinanceContempt of Court Ordinance Contempt of Court Ordinance
Information Technology Infrastructure Infrastructure Scope Network Voice InfrastructureInformation Technology Infrastructure Infrastructure Scope Network Voice Infrastructure
Information Technology Infrastructure Library Information Technology Infrastructure LibraryInformation Technology Infrastructure Library Information Technology Infrastructure Library
SOFTWARE QUALITY INFRASTRUCTURE COMPONENTS INFRASTRUCTURE COMPONENTS Infrastructure componentsSOFTWARE QUALITY INFRASTRUCTURE COMPONENTS INFRASTRUCTURE COMPONENTS Infrastructure components
INFRASTRUCTURE CAPACITY BUILDING CHALLENGE GRANTS DIGITAL INFRASTRUCTURE INFRASTRUCTUREINFRASTRUCTURE CAPACITY BUILDING CHALLENGE GRANTS DIGITAL INFRASTRUCTURE INFRASTRUCTURE
Electronic CLinic Al Information Repository Electronic Clinical InformationElectronic CLinic Al Information Repository Electronic Clinical Information
Electronic CLinic Al Information Repository Electronic Clinical InformationElectronic CLinic Al Information Repository Electronic Clinical Information
PRESENTATION TO TRANSPORTATION TECHNOLOGY INFRASTRUCTURE COMMITTEE PROPOSED ORDINANCEPRESENTATION TO TRANSPORTATION TECHNOLOGY INFRASTRUCTURE COMMITTEE PROPOSED ORDINANCE
Transportation Infrastructure Committee June 29 2017 ORDINANCE NOTransportation Infrastructure Committee June 29 2017 ORDINANCE NO
TRANSPORTATION INFRASTRUCTURE OPERATIONS COMMITTEE AUGUST 19 2020 ORDINANCETRANSPORTATION INFRASTRUCTURE OPERATIONS COMMITTEE AUGUST 19 2020 ORDINANCE
Software Infrastructure for Electronic Commerce Electronic Payment SystemsSoftware Infrastructure for Electronic Commerce Electronic Payment Systems
Software Infrastructure for Electronic Commerce Electronic Payment SystemsSoftware Infrastructure for Electronic Commerce Electronic Payment Systems
Electronic Commerce I Secured Electronic Payment Systems ElectronicElectronic Commerce I Secured Electronic Payment Systems Electronic
Electronic PAPER What is electronic paper Electronic paperElectronic PAPER What is electronic paper Electronic paper
Electronic Distance Measurement Electronic Distance Measurement Electronic distanceElectronic Distance Measurement Electronic Distance Measurement Electronic distance
ELECTRONIC COMMERCE Online Services ELECTRONIC COMMERCE Electronic commerceELECTRONIC COMMERCE Online Services ELECTRONIC COMMERCE Electronic commerce