Tradelink-eBiz Tradelink corporate website
Members
Login ID

Password

Login
Free Membership Forgot your password?
Training Courses
Exhibitions/Seminars
What's New
eBiz-Highlights
eBiz Pulse
e-Post
BizCentral
TexWeb
CIECC
TradeAids
e-Law
Tariffs & Regulations
Trade Info Circular
TradeStat
Labour Legislation
e-Connect

Ad in eBiz

Chinese VersionHome
e-PostBizCentralTradeAids
Search eBiz

 
| Talking Point | Interviews | Success Stories | China Today | Import & Export | Legally Speaking | Regional Development |
Invasion of Privacy or Protection of Data?
Should governments regulate encryption technology or allow registered certification authorities to do so?

In October 1999, the China State Council issued the lengthy Directive No. 273 (DN273) declaring commercial encryption codes "national classified information" and requiring foreigners (individuals or companies) using any form of encryption technology to register with the State Encryption Management Commission before 31 January 2000. Immediately, DN273 attracted much criticism, including such comments as "the new Chinese encryption regulation directly threatens the privacy of computer users".

Why did the regulation attract so much controversy? Basically, encryption is all about secrecy and privacy. It is a technology that enables information or data to be read only by the intended recipient. This is achieved by converting a message or data into a different format, which no-one can understand without a "key" that converts the encrypted data back into understandable text.

In general, DN273 was an attempt by the Chinese government to regulate the levels of privacy. But, unsurprisingly, the PRC is not the only government endeavoring to regulate encryption or communication security; regulations have been proposed and implemented around the world.

For example, as one of its 33 signatories, the United States originally imposed the stringent regulations required under the Wassenaar Arrangement, which is the first international multilateral arrangement on export controls for firearms, sensitive dual-use goods and technologies used to promote transparency, exchange of views, information and greater responsibility. This attracted much opposition from the IT industry, which is firmly against export regulations or any other ruling pertaining to encryption technology and products. As protests against encryption export regulations grew, the US government eventually relaxed its regulations in this area, although it still proposes that key management systems or publicly recognised certification authorities are established to counterbalance this lack of regulation.

Accordingly, governments around the world have been proposing schemes to promote data security by using encryption keys generated by publicly recognised certification authorities, which complement the regulations governing the export of commercial encryption products.

Needless to say, these schemes have spawned heated debate, not least concerning their cost. However, when weighed against the expenses incurred by an individual business to maintain its own encryption system and recovery plans for lost keys or circumstances when the en/decryption of commercial information is temporarily or permanently suspended (e.g. computer system breakdown), the cost of encryption tools provided by certification authorities becomes justifiable for a lot of businesses, particularly small and medium-sized enterprises (SMEs).

Furthermore, as encryption tools and technology become standard, the users of keys provided by publicly recognised certification authorities save themselves the trouble and time of updating their individual hardware and software to keep up with advances in the encryption and decryption processes. In addition, the level of achievable security is known and accepted across the business community.

With the passing of such laws as the Electronic Transactions Ordinance (ETO) in Hong Kong and similar laws in other countries, encryption technology will strengthen businesses' confidence in negotiating and concluding business transactions electronically. This is because parties to on-line transactions have the same legal protection as they do with a written contract, allowing disputes concerning a transaction negotiated and concluded on the Internet to be brought before the courts without the concern of a lack of hard-copy evidence.

An added benefit is that on-line transactions allow companies of all sizes around the world to conduct business seamlessly and simultaneously in the global markets, thus enabling them to promote and benefit from globalisation, traditionally a privilege of large multinational companies.

These benefits are similar to those offered by i-LegalService, whose objective is to promote the ability of one of the oldest industries - the legal profession - to work at any time anywhere in the world. Through the use of encryption keys and related products provided by recognised certification authorities, confidentiality and document authenticity is assured to the extent that there are generally no longer issues concerning lawyers who work over the Internet. Indeed, lawyers, long considered bastions of tradition, are encouraged to keep pace with the modern world and become truly modern!
 
Mar 2002
This article is courtesy of i-LegalService Limited, a Tradelink associated company, which strives to promote greater use of IT in the legal field through its core business, the Practice Management System (PMS).
divide
 


| Home | About Us | Site Map | Legal Notice | Privacy Policy | Help | Contact Us |
Tradelink Electronic Commerce Limited. All rights reserved.