LEGISLATIVE COUNCIL BRIEF
The Secretary for Information Technology and Broadcasting submits the following note for Members' information -
|Title of Note||Executive Council Meeting
|Electronic Transactions Bill||22 June 1999
|8 July 1999||Information Technology and|
File Ref : ITBB/IT 107/4/1 (99) VIII
LEGISLATIVE COUNCIL BRIEF
ELECTRONIC TRANSACTIONS BILL
At the meeting of the Executive Council on 22 June 1999, the Council ADVISED and the Chief Executive ORDERED that the Electronic Transactions Bill at the Annex should be introduced into the Legislative Council.
BACKGROUND AND ARGUMENT
2. Electronic commerce is widely recognised as the engine of future economic growth. In Hong Kong, while there have been attempts at adopting this new mode of business transactions, we have yet to tap the full potentials of electronic commerce to enhance Hong Kong's overall competitiveness. To promote the development of electronic commerce in Hong Kong, Government has decided to be a leading user of electronic transactions by launching the Electronic Service Delivery (ESD) scheme. Under ESD, the first phase of which will be implemented in the latter half of 2000, public services will be available on-line, 24 hours a day, seven days a week.
3. In parallel, we propose to take action to address public concerns about the security and certainty of electronic transactions, e.g. the legal status of electronic records and digital signatures, authentication of the parties to electronic transactions, the confidentiality and integrity of electronic messages transmitted over open communications networks and non-repudiation of electronic transactions. To provide a secure and trusted environment for the conduct of electronic transactions, Government has spearheaded the establishment of a public key infrastructure (PKI) in Hong Kong through the Hongkong Post, which will start to provide public certification services on a non-exclusive basis by the end of 1999. With the issue of digital certificates by certification authorities (CAs) and through the use of digital signatures and public/private key encryption, individuals and businesses will be able to establish the identity of the opposite party in electronic transactions, authenticate electronic messages received, ensure that the confidentiality and integrity of electronic messages have not been breached and safeguard against the repudiation of electronic transactions.
Electronic Transactions Bill
4. Against the above background and to provide the necessary legislative back-up for the conduct of electronic transactions in Hong Kong, we propose to introduce a new bill, the Electronic Transactions Bill, to -
- give electronic records and digital signatures used in electronic transactions the same legal status as that of their paper-based counterparts; and
- establish a framework to promote and facilitate the operation of CAs so as to ensure trust and security in electronic transactions.
In order not to constrain unnecessarily the development of electronic commerce, the Bill should -
Electronic Records and Digital Signatures
- adopt a technology-neutral approach to cope with rapid technological changes; and
- adopt a minimalist regulatory approach.
5. To give legal recognition to electronic records and digital signatures, we propose to introduce provisions along the line of the United Nations Commission on International Trade Law - Model Law on Electronic Commerce. We have included the following provisions, and also suitable safeguards for these provisions to apply, in the Bill -
- where a rule of law requires or permits information to be given or presented in writing, the use of electronic records will satisfy the rule of law;
- where a rule of law requires information to be retained, or to be presented or retained in the original form, that requirement is met by retaining or presenting the information in the form of electronic records;
- where a rule of law requires a signature of a person, that requirement is met by a digital signature (subject to paragraph 10 below).
- contracts shall not be denied legal effect solely on the ground that electronic records are used in their formation; and
- electronic records shall not be denied admissibility as evidence in court on the sole ground that they are electronic records.
6. While it is our policy objective to promote the wider adoption of electronic transactions in Hong Kong, we recognise that for the time being certain types of transactions would preferably be conducted through conventional means because of their solemnity, significance, complexity or other factors. In addition, some Government departments may not accept electronic information under a rule of law because of operational, technological or other reasons. In some other cases, while individual departments are prepared to accept electronic information under a rule of law, they may only be able to do so if such electronic information has been prepared in a specified format and using a specified type of software. Taking account of these considerations, we have included the following provisions in the proposed legislation whereby -
- certain generic items like wills, trust, statutory declarations, affidavits, power of attorney, court orders, warrant, bills of exchange, documents or instruments concerning land or property transactions, etc. are exempt from the operation of the relevant provisions in the proposed legislation;
- a mechanism is provided to exempt by means of subsidiary legislation specific rules of law from the operation of the relevant provisions in the proposed legislation;
- judicial proceedings are exempt from the operation of the relevant provisions in the proposed legislation and the authorities for making court rules are empowered to apply the relevant provisions to such proceedings when the relevant courts/tribunals are ready ; and
- a mechanism is provided for format and procedural requirements to be specified if necessary in respect of cases whereby electronic information is accepted under a rule of law.
7. In addition to the Hongkong Post, the private sector is free to set up CAs in Hong Kong to serve the needs of the community. The number of CAs to be established in Hong Kong will be determined by the market. In line with our minimalist approach and to encourage private sector initiatives, we do not propose to introduce a mandatory licensing requirement under the proposed legislation, as is the case for some other places.
8. However, to protect consumer interests and enhance users' confidence in electronic transactions, we propose to introduce a voluntary system of recognition whereby CAs are free to apply for recognition from Government. The Director of Information Technology Services (DITS) will be the authority for granting Government recognition to CAs under the proposed legislation. Such a scheme will also facilitate inter-operability among the systems of different recognised CAs under the local PKI. We will grant recognition only to those CAs -
- which have achieved a trust standard acceptable to Government (this covers the practices, procedures and systems engaged in providing the services, the suitability of the personnel involved, the financial status of the operator and the arrangements to cover potential liability of the CA, etc.); and
- which adopt a common and open interface in their operation to ensure inter-operability with other recognised CAs under the local PKI.
9. Under this voluntary regime, recognised CAs will have to meet the following requirements stipulated in the proposed legislation -
- publication of a certification practice statement which clearly specifies the practices and standards adopted for issuing certificates to subscribers;
- use of a trustworthy technical system in performing CA services;
- engagement of a professional approved by the DITS to conduct an annual audit on the provision of CA services; and
- compliance with a code of practice issued by Government.
Failure to comply with these requirements may result in suspension or revocation of the recognition granted by Government. Through the operation of this regime, consumers will be able to assess the trust standard of individual CAs and to make an informed choice when obtaining CA services.
10. To encourage CAs to seek Government recognition under the proposed voluntary regime, we have also stipulated in the proposed legislation that the provision therein regarding legal recognition of digital signatures (referred to in paragraph 5(c) above) applies only to those digital signatures supported by recognised certificates issued by CAs which are recognised by Government. In addition, we have, in line with common practice adopted elsewhere, introduced a provision to allow recognised CAs to limit their liability in the issue of recognised certificates under prescribed situations (i.e. concerning false or forged digital signature or misrepresentation of information provided to the CA but the CA concerned has complied with the requirements of the proposed legislation, and has not acted negligently, intentionally or recklessly on the misrepresentation). We consider these measures crucial in encouraging the development of a PKI and the establishment of CAs in Hong Kong.
11. For CAs which have not obtained recognition from Government and are thus not covered by the proposed statutory provisions, they and their subscribers will rely on common law principles in providing and obtaining CA services respectively.
12. Under the proposed legislation, Hongkong Post is a recognised certification authority and may charge fees for its services on a commercial basis.
13. We have also included provisions in the proposed legislation to address the obligation of secrecy as well as safeguards against the provision of false information and the making of a false claim as a recognised certification authority.
14. The main provisions of the proposed Bill are -
- Part I provides for the commencement of the Bill and defines the terms used in the legislation. Part II and Schedule 1 set out the applicability of the Bill;
- Part III provides for legal recognition of electronic records and digital signatures in relation to rules of law and admissibility of electronic records as evidence in court, and sets out the safeguards for the legal recognition to apply;
- Part IV stipulates the authority for the Secretary for Information Technology and Broadcasting to provide for exemptions of rules of law from the operation of the provisions on legal recognition of electronic records/digital signatures in the Bill and to specify format and procedure in respect of rules of law under which electronic records/digital signatures are accepted. Judicial proceedings set out in Schedule 2 of the Bill are exempt ab initio from the operation of the provisions on legal recognition of electronic records/digital signatures in the Bill but the court authorities have the power to apply these provisions to these proceedings where appropriate;
- Part V provides for legal recognition of electronic records in the formation of contracts. Part VI specifies that an electronic record is that of the originator if it was sent by the originator or with his authority or through his information system. It also sets out provisions on sending and receiving of electronic records and where and when the electronic records are regarded as sent and received;
- Part VII sets out the Government recognition scheme for CAs, covering the application, renewal, suspension and revocation of recognition and the related appeal mechanism;
- Part VIII provides that Hongkong Post is a recognised certification authority and can charge fees for its services which can be above cost;
- Part IX sets out the various general provisions concerning the operation of recognised CAs, including the setting of reliance limit for recognised certificates, the limitation of liability of recognised CAs under prescribed situations, the annual auditing of the performance of recognised CAs, and the publication of certification practice statement to specify the practices and standards in the issue of certificates;
- Part X provides for the issue of code of practice by the DITS for compliance by recognised certification authorities and the recognition of repositories for storing and retrieving certificates and related information;
- Part XI addresses the obligation of secrecy, the safeguard against provision of false information and the offence for making a false claim in respect of recognised CA; and
- Part XII sets out the authority to make regulations and to amend the schedules under the Bill and provides for immunity of public officers in the exercise of authority (other than CA functions) under the Bill.
15. The proposed legislative timetable is -
BINDING EFFECT OF THE LEGISLATION
|Publication in the Gazette||9 July 1999
|First Reading and commencement|
of Second Reading debate
|14 July 1999
|Resumption of Second Reading debate,|
committee stage and Third Reading
|to be notified
16. The proposed Bill applies to a rule of law irrespective of whether the rule of law is applicable to an individual, public body, public authority, private body, organ or any other person or to a transaction executed by means of electronic records to which any such person is a party.
BASIC LAW IMPLICATIONS
17. The Department of Justice has advised that the proposed Bill does not conflict with those provisions of the Basic Law carrying no human rights implications.
HUMAN RIGHTS IMPLICATIONS
18. The Department of Justice has advised that the proposed Bill is consistent with the human rights provisions of the Basic Law.
FINANCIAL AND STAFFING IMPLICATIONS
19. The proposed Bill does not give rise to additional financial or staffing implications. The resource requirement in respect of the operation of the voluntary CA recognition scheme will be met from within the Information Technology Services Department through redeployment. Fees will be charged for the CA recognition services on a cost-recovery basis. The resource requirement of the Hongkong Post to operate the public certification services will be met from within the Post Office Trading Fund. Revenue generated from the Hongkong Post's CA services will accrue to the Trading Fund.
20. Based on the latest forecast, the total value of electronic transactions (both business-to-business and retail transactions) on a global basis will rise to over US$400 billion annually by 2002. The projected growth rate is 40 times that of the global Gross Domestic Product. Given a favourable environment, the growth of electronic commerce in Hong Kong in the foreseeable future is likely to be substantial, against a relatively low initial base. The development of electronic commerce will enhance our productivity and efficiency, thereby strengthening our overall competitiveness. It will also enable us to interface effectively with our major trading partners who are driving intensively towards electronic commerce. The proposed legislation will provide a conducive environment for electronic commerce to take hold in Hong Kong, and to drive our economic growth in the Information Age.
21. There are no environmental implications.
22. We have consulted the Information Technology and Broadcasting Panel of the Legislative Council and the Information Infrastructure Advisory Committee on the principles of the Bill. They both expressed support to our proposals.
23. We have also consulted the Bar Association and the Law Society on the principles of the Bill. The Bar Association supported the principles. The Law Society has taken note of the principles and have raised some technical points for clarification.
24. We have also widely publicised the principles of the Bill through various fora, including seminars, workshops and briefings for different organisations, and have received positive feedback on the legislative exercise.
25. We will issue a press release on 9 July 1999 when the proposed Bill is published in the Gazette.
26. Any enquiries on this brief should be addressed to Mr Alan Siu, Principal Assistant Secretary for Information Technology and Broadcasting, at 2189 2287 or by facsimile at 2511 1458.
Information Technology and Broadcasting Bureau
8 July 1999