Tradelink-eBiz Tradelink corporate website
Members
Login ID

Password

Login
Free Membership Forgot your password?
Training Courses
Exhibitions/Seminars
What's New
eBiz-Highlights
eBiz Pulse
e-Post
BizCentral
TexWeb
CIECC
TradeAids
e-Law
Tariffs & Regulations
Trade Info Circular
TradeStat
Labour Legislation
e-Connect

Ad in eBiz

Chinese VersionHome
e-PostBizCentralTradeAids
Search eBiz

 
| Talking Point | Interviews | Success Stories | China Today | Import & Export | Legally Speaking | Regional Development |
PRC's Over Stringent Encryption Regulation?
Remember back in October 1999 when the China State Council issued the lengthy Directive No. 273 (DN273), declaring commercial encryption code as part of "national classified information" and requiring any foreigners (including both individuals and companies) using any encryption technology of any kind to register the use with the State Encryption Management Commission before 31 January 2000?

Immediately, DN273 came under the international spotlight and attracted much criticism and comments such as, "the new Chinese encryption regulation directly threaten the privacy of computer users".

So why did such regulation attracted so much controversy? Basically, encryption is all about secrecy and privacy. It is a technology enabling information or data to be read by the intended recipient only. This is achieved by converting a message or data into a different form, such that no one can understand them without having access to a "key" in order to convert the encrypted data into understandable text.

In general, DN273 is an attempt by the Chinese government to regulate the levels of privacy. However, not surprisingly though, PRC is not the only government endeavoring to regulate encryption or communication security. Regulations has been proposed and implemented by various countries in one way or another.

For example, the United States, one of the 33 signatory countries to the Wassenaar Arrangement (WA) - the first international multilateral arrangement on export controls for firearms, sensitive dual-use goods and technologies whose intention is to promote transparency, exchange of views, information and greater responsibility - has long been at the opposition against export regulation or any ruling on encryption technology and products. As protest against encryption export regulation grew immense, the US government relaxed their export regulations. Nevertheless, such move does not come un-supplemented. Proposals had been put forward to establish key management systems or publicly recognised certificate authorities, as a counterpart.

Without doubt, privacy for communication of sensitive commercial information is of great importance. However, if businesses are to set up their own costly encryption system, many of the SMEs (small-to-medium enterprises) would be out of the scope for such benefits.

Accordingly, Governments around the world have been proposing schemes to promote data security by use of encryption keys generated by publicly recognised certificate authorities, while at the same time setting regulations on export of commercial encryption products. The results of these schemes, as expected, have spawned heated arguments as it has been regarded as a threat to the free-flow of encryption technology. However, when weighting against the running costs of maintaining an encryption system and recovery plans where keys have been lost or under situations where decryption of the previously protected (encrypted) commercial information become temporarily or permanently suspended (e.g. in he case of computer system breakdown), encryption tools by these authorities then became justifiable to a lot of SMEs to resort to for the sake of its financial viability.

Furthermore, when encryption tools and technology are standardised, users of keys provided by publicly recognised certificate authorities would save themselves from the trouble and time of going through the necessary hardware and software requirements in order to execute the encryption and decryption process, while the level of achievable security are known and accepted across users of the business community.

With the passing of laws, such as the Electronic Transactions Ordinance (ETO) in Hong Kong and similar laws in other countries, encryption technology will strengthen businesses' confidence in negotiating and concluding business transactions electronically over the internet. This is because parties to such "over-the-air" transactions will have equal legal force as is the case under a written contract. Accordingly, disputes on a transaction which was negotiated and concluded on the internet could be brought before the court without having to concern about the fact that there are no paper evidence.

An added benefit to such over-the-air business deals is that it allows businesses around the world to be conducted seamlessly, boundlessly and simultaneously in the global markets and thus promote and benefit from globalisation which was traditionally privileged to large multinational companies (MNCs).

These ideas are similar to those of i-LegalService, whereby it is the objective of the company to promote working anytime and anywhere in one of the oldest industry, the legal profession. Through the employment of encryption keys and related products provided by recognised certificate authorities, confidentiality and document authenticity is assured to the extent that current technology employed avails, accordingly, these should no longer be issues concerning lawyers when working over the internet. Lawyers are encouraged to catch up with the modern fast paced world and have the mobility that is now becoming common in many industries and be a truly modern Lawyer!
 
Apr 2002
This article is courtesy of i-LegalService Limited, a Tradelink associated company, which strives to promote greater use of IT in the legal field through its core business, the Practice Management System (PMS).
divide
 


| Home | About Us | Site Map | Legal Notice | Privacy Policy | Help | Contact Us |
Tradelink Electronic Commerce Limited. All rights reserved.