IP: New Internet Regulations Codify PRC Internet Practice

[Dave Farber <farber () cis upenn edu>]

New Regulations Codify PRC Internet Practice 
 
On December 30, 1997, the Ministry of Public Security promulgated the 
Regulations on the Security and Management of Computer Information Networks 
and the Internet [Jisuanji Xinxi Wangluo Lianwang Anquan Baohu Guanli 
Banfa]. The State Council approved these new regulations on December 11, 
1997. The new regulations appear to be much more a codification of existing 
practice than an important departure in the management of computer 
information networks in China. The new regulations are more detailed than 
the "PRC Temporary Regulations on Computer Information Network and Internet 
Management" and "Notice on Strengthening the Management of Computer 
Information Network and Internet Registration Information" both of February 
1996 and the "Temporary Regulations on Electronic Publishing" of March 1996. 
. 
 
The new December 1997 regulations as well as earlier PRC regulations on the 
Internet and electronic puiblishing are to be found in GB-encoded Chinese 
text listed on the web page at <http://www.edu.cn/law>http://www.edu.cn/law 
 
The full Chinese text of the new regulations are to be found at 
<http://www.edu.cn/law/glbf.html>http://www.edu.cn/law/glbf.html The new
regulations are translated in full 
below. 
 
---------------------------------------------------------------------------- 
 
Computer Information Network and Internet Security, Protection and 
Management Regulations 
 
(Approved by the State Council on December 11 1997 and promulgated by the 
Ministry of Public Security on December 30, 1997) 
 
Chapter One Comprehensive Regulations 
 
Section One -- In order to strengthen the security and the protection of 
computer information networks and of the Internet, and to preserve the 
social order and social stability, these regulations have been established 
on the basis of the "PRC Computer Information Network Protection 
Regulations", the "PRC Temporary Regulations on Computer Information 
Networks and the Internet" and other laws and administrative regulations. 
 
Section Two -- The security, protection and management of all computer 
information networks within the borders of the PRC fall under these 
regulations. 
 
Section Three -- The computer management and supervision organization of the 
Ministry of Public Security is responsible for the security, protection and 
management of computer information networks and the Internet. The Computer 
Management and Supervision organization of the Ministry of Public Security 
should protect the public security of computer information networks and the 
Internet as well as protect the legal rights of Internet service providing 
units and individuals as well as the public interest. 
 
Section Four -- No unit or individual may use the Internet to harm national 
security, disclose state secrets, harm the interests of the State, of 
society or of a group, the legal rights of citizens, or to take part in 
criminal activities. 
 
Section Five -- No unit or individual may use the Internet to create, 
replicate, retrieve, or transmit the following kinds of information: 
 
(1) Inciting to resist or breaking the Constitution or laws or the 
implementation of administrative regulations; 
 
(2) Inciting to overthrow the government or the socialist system; 
 
(3) Inciting division of the country, harming national unification; 
 
(4) Inciting hatred or discrimination among nationalities or harming the 
unity of the nationalities; 
 
(5) Making falsehoods or distorting the truth, spreading rumors, destroying 
the order of society; 
 
(6) Promoting feudal superstitions, sexually suggestive material, gambling, 
violence, murder, 
 
(7) Terrorism or inciting others to criminal activity; openly insulting 
other people or distorting the truth to slander people; 
 
(8) Injuring the reputation of state organs; 
 
(9) Other activities against the Constitution, laws or administrative 
regulations. 
 
Section Six No unit or individual may engage in the following activities 
which harm the security of computer information networks: 
 
(1) No-one may use computer networks or network resources without getting 
 
proper prior approval 
 
(2) No-one may without prior permission may change network functions or 
 
to add or delete information 
 
(3) No-one may without prior permission add to, delete, or alter 
 
materials stored, processed or being transmitted through the network. 
 
(4) No-one may deliberately create or transmit viruses. 
 
(5) Other activities which harm the network are also prohibited. 
 
Section Seven The freedom and privacy of network users is protected by law. 
No unit or individual may, in violation of these regulations, use the 
Internet to violate the freedom and privacy of network users. 
 
Chapter 2 Responsibility for Security and Protection 
 
Section 8 Units and individuals engaged in Internet business must accept the 
security supervision, inspection, and guidance of the Public Security 
organization. This includes providing to the Public Security organization 
information, materials and digital document, and assisting the Public 
Security organization to discover and properly handle incidents involving 
law violations and criminal activities involving computer information 
networks. 
 
Section 9 The supervisory section or supervisory units of units which 
provide service through information network gateways through which 
information is imported and exported and connecting network units should, 
according to the law and relevant state regulations assume responsibility 
for the Internet network gateways as well as the security, protection, and 
management of the subordinate networks. 
 
Section 10 Connecting network units, entry point units and corporations that 
use computer information networks and the Internet and other organizations 
must assume the following responsibilities for network security and 
protection: 
 
(1) Assume responsibility for network security, protection and management 
and establish a thoroughly secure, protected and well managed network. 
 
(2) Carry out technical measures for network security and protection. Ensure 
network operational security and information security. 
 
(3) Assume responsibility for the security education and training of network 
users 
 
(4) Register units and individuals to whom information is provided. Provide 
information according to the stipulations of article five. 
 
(5) Establish a system for registering the users of electronic bulletin 
board systems on the computer information network as well as a system for 
managing bulletin board information. 
 
(6) If a violation of articles four, five, six or seven is discovered than 
an unaltered record of the violation should be kept and reported to the 
local Public Security organization. 
 
(7) According to the relevant State regulations, remove from the network and 
address, directory or server which has content in violation of article five. 
 
Section 11 The network user should fill out a user application form when 
applying for network services. The format of this application form is 
determined by Public Security. 
 
Section 12 Connecting network units, entry point units, and corporations 
that use computer information networks and the Internet and other 
organizations (including connecting network units that are inter-provincial, 
autonomous region, municipalities directly under the Central Government or 
the branch organization of these units) should, within 30 days of the 
opening of network connection, carry out the proper registration procedures 
with a unit designated by the Public Security organization of the 
provincial, autonomous region, or municipality directly under the Central 
Government peoples' government. 
 
The units mentioned above have the responsibility to report for the record 
to the local public security organization information on the units and 
individuals which have connections to the network. The units must also 
report in a timely manner to Public Security organization any changes in the 
information about units or individuals using the network. 
 
Section 13 People who register public accounts should strengthen their 
management of the account and establish an account registration system. 
Accounts may not be lent or transferred. 
 
Section 14 Whenever units involved in matters such as national affairs, 
economic construction, building the national defense, and advanced science 
and technology are registered, evidence of the approval of the chief 
administrative section should be shown. 
 
Appropriate measures should be taken to ensure the security and protection 
of the computer information network and Internet network links of the units 
mentioned above. 
 
Chapter Three Security and Supervision 
 
Section 15 The provincial, autonomous region or municipal Public Security 
agency or bureau, as well as city and county Public Security organizations 
should have appropriate organizations to ensure the security, protection and 
management of the Internet. 
 
Section 16 The Public Security organization computer management and 
supervision organization should have information on the connecting network 
units, entry point unit, and users, establish a filing system for this 
information, maintain statistical information on these files and report to 
higher level units as appropriate. 
 
Section 17 The Public Security computer management and supervision 
organization should have establish a system for ensuring the security, 
protection and good management of the connecting network units, entry point 
unit, and users. The Public Security organization should supervise and 
inspect network security, protection and management and the implementation 
of security measures. 
 
Section 18 If the Public Security computer management and supervision 
organization discovers an address, directory or server with content in 
violation of section five, then the appropriate units should be notified to 
close or delete it. 
 
Section 19 The Public Security computer management and supervision 
organization is responsible for pursuing and dealing with illegal computer 
information network activities and criminal cases involving computer 
information networks. Criminal activities in violation of sections four or 
section seven should according to the relevant State regulations, be handed 
over to the relevant department or to the legal system for appropriate 
disposition. 
 
Chapter Four Legal Responsibility 
 
Section 20 For violations of law, administrative regulations or of section 
five or section six of these regulations, the Public Security organization 
gives a warning and if there income from illegal activities, confiscates the 
illegal earnings. 
 
For less serious offenses a fine not to exceed 5000 RMB to individuals and 
15,000 RMB to work units may be assessed. 
 
For more serious offenses computer and network access can be closed down for 
six months, and if necessary Public Security can suggest that the business 
operating license of the concerned unit or the cancellation of its network 
registration. Management activities that constitute a threat to public order 
can be punished according to provisions of the public security management 
penalties articles. Where crimes have occurred, prosecutions for criminal 
responsibility should be made. 
 
Section 21 Where one of the activities listed below has occurred, the Public 
Security organization should order that remedial action should be taken with 
a specific period and give a warning; if there has been illegal income, the 
income should be confiscated; if remedial action is not taken within the 
specified period, then a fine of not more than 5000 RMB may be assessed 
against the head of the unit and persons directly under the unit head and a 
fine of not more than 15,000 RMB against the unit; in the case of more 
offenses, the network and equipment can be closed for up to six months. In 
serious cases Public Security may suggest that the business license of the 
organization be canceled and its network registration canceled. 
 
(1) Not setting up a secure system 
 
(2) Not implementing security techniques and protection measures 
 
(3) Not providing security education and training for network users 
 
(4) Not providing information, materials or electronic documentation needed 
for security, protection and management or providing false information 
 
(5) For not inspecting the content of information transmitted on behalf of 
someone else or not registering the unit or individual on whose behalf the 
information was transmitted 
 
(6) Not establishing a system for registering users and managing the 
information of electronic bulletin boards. 
 
(7) Not removing web addresses and directories or not closing servers 
according to the relevant state regulations. 
 
(8) Not establishing a system for registering users of public accounts 
 
(9) Lending or transferring accounts 
 
Section 22 Violation of section four or section seven of these regulations 
shall be punished according to the relevant laws and regulations. 
 
Section 23 Violations of section eleven or section twelve of these 
regulations or not fulfilling the responsibility or registering users shall 
be punished by a warning from Public Security or suspending network 
operations for six months. 
 
Chapter Five Additional Regulations 
 
Section 24 These regulations should be consulted with regards to the 
implementation of the security, protection and management of computer 
information networks connecting to networks in the Hong Kong Special 
Administrative Region as well as with networks in the Taiwan and Macao 
districts. 
 
Section 25 These regulations go into effect on the day of promulgation. 
 
--------------530D13C940AB--