(E X T R A C T)

Legislative Council

LC Paper No. CB(1)925/98-99
(These minutes have been
seen by the Administration)

Ref : CB1/PL/ITB

Legislative Council
Panel on Information Technology and Broadcasting

Minutes of meeting
held on Monday, 11 January 1999, at 2:30 pm
in Conference Room A of the Legislative Council Building

Members present :

Hon SIN Chung-kai (Chairman)
Hon MA Fung-kwok (Deputy Chairman)
Hon Kenneth TING Woo-shou, JP
Dr Hon Raymond HO Chung-tai, JP
Hon Fred LI Wah-ming
Hon James TO Kun-sun
Hon Howard YOUNG, JP
Hon CHOY So-yuk
Hon LAW Chi-kwong, JP

Member attending :

Hon NG Leung-sing

Members absent :

Hon David CHU Yu-lin
Hon Eric LI Ka-cheung, JP
Prof Hon NG Ching-fai
Hon YEUNG Yiu-chung
Hon Emily LAU Wai-hing, JP
Hon Timothy FOK Tsun-ting, JP

Public officers attending :

For Item III

Secretary for Information Technology and Broadcasting

Mr Alan SIU
Principal Assistant Secretary for Information Technology and Broadcasting (C)

For Item IV

Mr Geoffrey WOODHEAD
Principal Assistant Secretary for Information Technology and Broadcasting (E)

Director - General of Telecommunications

For Item V

Mrs Jessie TING
Deputy Secretary for Information Technology and Broadcasting

Director of Information Technology Services

Chief Systems Manager of Information Technology Services Department

Clerk in attendance :

Miss Polly YEUNG
Chief Assistant Secretary (1)3

Staff in attendance :

Miss Connie FUNG
Assistant Legal Advisor 3

Ms Sarah YUEN
Senior Assistant Secretary (1)4

* * * * *

III Legal framework for electronic transactions
(LC Paper No. CB(1)709/98-99(01))

4. The Secretary for Information Technology and Broadcasting (S/ITB) briefed members on the proposed legal framework for the conduct of electronic transactions.

The legislative timetable

5. S/ITB advised that drafting of the relevant bill was in progress. The Administration aimed to introduce the bill into the Legislative Council within the first half of 1999 for enactment in late 1999 to provide a legal basis for the Electronic Service Delivery (ESD) scheme to be launched in the latter half of 2000.

Electronic records and digital signatures

6. Mr James TO was concerned about the implications of the acceptance of electronic records for the purpose of providing "information required by the law" and enquired if the term "the law" in this context referred to the law in general, or to specific ordinance(s). In his view, adoption of the former interpretation would imply that electronic records would as a rule be accepted as carrying the same legal effect as that of their written counterparts whenever certain information was required by law, unless specified otherwise. The resultant implications could be very far-reaching having regard that most day-to-day transactions such as tenancy agreements and consumer contracts were drawn up in very broad terms and might not specify the form in which the required information should be provided. As such, in these otherwise simple everyday dealings, not only would extra costs be incurred for accessing or providing the required information electronically but the computer illiterate would be placed in a highly disadvantaged position. Mr TO therefore stressed that the scope within which legal recognition of electronic records would apply must be clearly defined, taking into account its implications on different walks of life. He also asked the Administration to make careful reference to overseas practices.

7. Addressing Mr TO's concerns, S/ITB reiterated the policy intention that the proposed legislative framework should facilitate, rather than impede, the conduct of electronic transactions by giving electronic records and digital signatures legal effect, so that where the law required information to be provided in writing, that requirement could also be met by electronic records. He confirmed that contracts signed before the relevant legislation took effect would not be affected and that where digital signatures were concerned, only those arising from digital certificates issued by recognised certification authorities (CAs) would be recognised by law. He further assured members that there would be detailed provisions in the bill to address Mr TO's concern, in particular on what constituted receipt of the required information. S/ITB pointed out that although the scope of electronic transactions could be quite wide, digital signatures would not be accepted for certain documents or transactions which had required hand-written signatures all along, such as wills, bills of exchange, declarations of trust, instruments creating power of attorney, contracts for the sale or other disposition of immovable property or any interests in such property, etc.

Certification authorities (CAs)

8. On the proposal to adopt a minimalist regulatory approach whereby CAs would be free to apply for recognition from Government as against mandatory licensing, S/ITB pointed out that as different CAs were under different obligations of secrecy with some serving only the specific needs of particular sectors and some being based outside Hong Kong, it was both inappropriate and difficult to subject all CAs to the same level of regulation by mandatory licensing. A voluntary regime was thus preferred to avoid undue constraints on the development of electronic commerce. Members noted that for CAs which had not obtained Government recognition and thus not covered by the proposed statutory provisions, they and their subscribers could rely on common law principles in providing and obtaining CA services respectively.

9. Addressing members' concern about the confidence of the local and international communities in a voluntary regime in Hong Kong, S/ITB advised that the proposed voluntary regime would require publication of recognised CAs' certification practices and in line with international practice, allow them to set a recommended reliance limit for the certificates they issued and to confine their liabilities to the specified limit. Users would therefore be able to assess the trust standard of individual CAs and make an informed choice. Moreover, they could also choose to make use of Government-run CA services to be operated by the Hongkong Post.

10. Commenting on the Chairman's proposal that all CAs serving the general public should be subject to greater regulation through licensing, S/ITB opined that the nature of the transactions handled should be a more important consideration for mandatory licensing than the size of the clientele. He also advised that to guard against malpractice, the legal framework would empower the Government to issue a code of practice for compliance by all CAs.

11. As to the recognition of certification in international trade involving overseas CAs not recognised in Hong Kong, S/ITB advised that in the absence of international agreements in this area, the matter was normally dealt with by mutual recognition of certification effected under commercial agreements. Meanwhile, as many countries' postal service agencies were also operating certification services, the Hongkong Post was also liaising with them on mutual recognition of certification. However, this would only be feasible when both parties concerned were satisfied with each other's certification practices and when inter-operability could be ensured by the adoption of common and open operation standards.

12. On what constituted "a trust standard acceptable to Government" to qualify for recognition, S/ITB advised that the major considerations would be the technical standard and the certification practices. For example, the number and types of supporting documents required for identification of the certificate applicant and the form in which such documents were submitted. In addition, a recognised CA would also have to engage an accredited computer security professional to conduct an annual audit on its provision of CA services.

Other concerns

13. Regarding concerns about possible abuse by CAs of the large volume of personal or corporate data in their possession, S/ITB assured members that the legal framework would contain provisions which would make such malpractice a criminal offence punishable by fines and/or imprisonment.

14. On the Hongkong Post's role, S/ITB clarified that it would only act as one of the recognised CAs. The Information Technology Services Department would be responsible for granting Government recognition to CAs.

* * * * *