From: Cu Digest (tk0jut2@mvs.cso.niu.edu)  <TK0JUT2@MVS.CSO.NIU.EDU>
Subject: Cu Digest, #10.04, Sun 18 Jan 98

Computer underground Digest    Sun  Jan 18, 1998   Volume 10 : Issue 04
                           ISSN  1004-042X

---------------------------------------------------------------------

Date: Tue, 6 Jan 1998 15:47:06 -0800
From: "(--Todd Lappin-->)" <telstar@wired.com>
Subject: File 1--IP: New Internet Regulations Codify PRC Internet Practice

Source -  fight-censorship@vorlon.mit.edu

Forwarded from Dave Farber... the full text of the new Chinese regulations
are included.  My favorites:

(5) Making falsehoods or distorting the truth, spreading rumors, destroying
the order of society;

(6) Promoting feudal superstitions, sexually suggestive material, gambling,
violence, murder,

(8) Injuring the reputation of state organs;

--Todd-->


New Regulations Codify PRC Internet Practice

On December 30, 1997, the Ministry of Public Security promulgated the
Regulations on the Security and Management of Computer Information Networks
and the Internet [Jisuanji Xinxi Wangluo Lianwang Anquan Baohu Guanli
Banfa]. The State Council approved these new regulations on December 11,
1997. The new regulations appear to be much more a codification of existing
practice than an important departure in the management of computer
information networks in China. The new regulations are more detailed than
the "PRC Temporary Regulations on Computer Information Network and Internet
Management" and "Notice on Strengthening the Management of Computer
Information Network and Internet Registration Information" both of February
1996 and the "Temporary Regulations on Electronic Publishing" of March 1996.
.

The new December 1997 regulations as well as earlier PRC regulations on the
Internet and electronic puiblishing are to be found in GB-encoded Chinese
text listed on the web page at <http://www.edu.cn/law>http://www.edu.cn/law

The full Chinese text of the new regulations are to be found at
<http://www.edu.cn/law/glbf.html>http://www.edu.cn/law/glbf.html The new
regulations are translated in full
below.

  --------------------------------------------------

Computer Information Network and Internet Security, Protection and
Management Regulations

(Approved by the State Council on December 11 1997 and promulgated by the
Ministry of Public Security on December 30, 1997)

Chapter One Comprehensive Regulations

Section One -- In order to strengthen the security and the protection of
computer information networks and of the Internet, and to preserve the
social order and social stability, these regulations have been established
on the basis of the "PRC Computer Information Network Protection
Regulations", the "PRC Temporary Regulations on Computer Information
Networks and the Internet" and other laws and administrative regulations.

Section Two -- The security, protection and management of all computer
information networks within the borders of the PRC fall under these
regulations.

Section Three -- The computer management and supervision organization of the
Ministry of Public Security is responsible for the security, protection and
management of computer information networks and the Internet. The Computer
Management and Supervision organization of the Ministry of Public Security
should protect the public security of computer information networks and the
Internet as well as protect the legal rights of Internet service providing
units and individuals as well as the public interest.

Section Four -- No unit or individual may use the Internet to harm national
security, disclose state secrets, harm the interests of the State, of
society or of a group, the legal rights of citizens, or to take part in
criminal activities.

Section Five -- No unit or individual may use the Internet to create,
replicate, retrieve, or transmit the following kinds of information:

(1) Inciting to resist or breaking the Constitution or laws or the
implementation of administrative regulations;

(2) Inciting to overthrow the government or the socialist system;

(3) Inciting division of the country, harming national unification;

(4) Inciting hatred or discrimination among nationalities or harming the
unity of the nationalities;

(5) Making falsehoods or distorting the truth, spreading rumors, destroying
the order of society;

(6) Promoting feudal superstitions, sexually suggestive material, gambling,
violence, murder,

(7) Terrorism or inciting others to criminal activity; openly insulting
other people or distorting the truth to slander people;

(8) Injuring the reputation of state organs;

(9) Other activities against the Constitution, laws or administrative
regulations.

Section Six No unit or individual may engage in the following activities
which harm the security of computer information networks:

(1) No-one may use computer networks or network resources without getting

proper prior approval

(2) No-one may without prior permission may change network functions or

to add or delete information

(3) No-one may without prior permission add to, delete, or alter

materials stored, processed or being transmitted through the network.

(4) No-one may deliberately create or transmit viruses.

(5) Other activities which harm the network are also prohibited.

Section Seven The freedom and privacy of network users is protected by law.
No unit or individual may, in violation of these regulations, use the
Internet to violate the freedom and privacy of network users.

Chapter 2 Responsibility for Security and Protection

Section 8 Units and individuals engaged in Internet business must accept the
security supervision, inspection, and guidance of the Public Security
organization. This includes providing to the Public Security organization
information, materials and digital document, and assisting the Public
Security organization to discover and properly handle incidents involving
law violations and criminal activities involving computer information
networks.

Section 9 The supervisory section or supervisory units of units which
provide service through information network gateways through which
information is imported and exported and connecting network units should,
according to the law and relevant state regulations assume responsibility
for the Internet network gateways as well as the security, protection, and
management of the subordinate networks.

Section 10 Connecting network units, entry point units and corporations that
use computer information networks and the Internet and other organizations
must assume the following responsibilities for network security and
protection:

(1) Assume responsibility for network security, protection and management
and establish a thoroughly secure, protected and well managed network.

(2) Carry out technical measures for network security and protection. Ensure
network operational security and information security.

(3) Assume responsibility for the security education and training of network
users

(4) Register units and individuals to whom information is provided. Provide
information according to the stipulations of article five.

(5) Establish a system for registering the users of electronic bulletin
board systems on the computer information network as well as a system for
managing bulletin board information.

(6) If a violation of articles four, five, six or seven is discovered than
an unaltered record of the violation should be kept and reported to the
local Public Security organization.

(7) According to the relevant State regulations, remove from the network and
address, directory or server which has content in violation of article five.

Section 11 The network user should fill out a user application form when
applying for network services. The format of this application form is
determined by Public Security.

Section 12 Connecting network units, entry point units, and corporations
that use computer information networks and the Internet and other
organizations (including connecting network units that are inter-provincial,
autonomous region, municipalities directly under the Central Government or
the branch organization of these units) should, within 30 days of the
opening of network connection, carry out the proper registration procedures
with a unit designated by the Public Security organization of the
provincial, autonomous region, or municipality directly under the Central
Government peoples' government.

The units mentioned above have the responsibility to report for the record
to the local public security organization information on the units and
individuals which have connections to the network. The units must also
report in a timely manner to Public Security organization any changes in the
information about units or individuals using the network.

Section 13 People who register public accounts should strengthen their
management of the account and establish an account registration system.
Accounts may not be lent or transferred.

Section 14 Whenever units involved in matters such as national affairs,
economic construction, building the national defense, and advanced science
and technology are registered, evidence of the approval of the chief
administrative section should be shown.

Appropriate measures should be taken to ensure the security and protection
of the computer information network and Internet network links of the units
mentioned above.

Chapter Three Security and Supervision

Section 15 The provincial, autonomous region or municipal Public Security
agency or bureau, as well as city and county Public Security organizations
should have appropriate organizations to ensure the security, protection and
management of the Internet.

Section 16 The Public Security organization computer management and
supervision organization should have information on the connecting network
units, entry point unit, and users, establish a filing system for this
information, maintain statistical information on these files and report to
higher level units as appropriate.

Section 17 The Public Security computer management and supervision
organization should have establish a system for ensuring the security,
protection and good management of the connecting network units, entry point
unit, and users. The Public Security organization should supervise and
inspect network security, protection and management and the implementation
of security measures.

Section 18 If the Public Security computer management and supervision
organization discovers an address, directory or server with content in
violation of section five, then the appropriate units should be notified to
close or delete it.

Section 19 The Public Security computer management and supervision
organization is responsible for pursuing and dealing with illegal computer
information network activities and criminal cases involving computer
information networks. Criminal activities in violation of sections four or
section seven should according to the relevant State regulations, be handed
over to the relevant department or to the legal system for appropriate
disposition.

Chapter Four Legal Responsibility

Section 20 For violations of law, administrative regulations or of section
five or section six of these regulations, the Public Security organization
gives a warning and if there income from illegal activities, confiscates the
illegal earnings.

For less serious offenses a fine not to exceed 5000 RMB to individuals and
15,000 RMB to work units may be assessed.

For more serious offenses computer and network access can be closed down for
six months, and if necessary Public Security can suggest that the business
operating license of the concerned unit or the cancellation of its network
registration. Management activities that constitute a threat to public order
can be punished according to provisions of the public security management
penalties articles. Where crimes have occurred, prosecutions for criminal
responsibility should be made.

Section 21 Where one of the activities listed below has occurred, the Public
Security organization should order that remedial action should be taken with
a specific period and give a warning; if there has been illegal income, the
income should be confiscated; if remedial action is not taken within the
specified period, then a fine of not more than 5000 RMB may be assessed
against the head of the unit and persons directly under the unit head and a
fine of not more than 15,000 RMB against the unit; in the case of more
offenses, the network and equipment can be closed for up to six months. In
serious cases Public Security may suggest that the business license of the
organization be canceled and its network registration canceled.

(1) Not setting up a secure system

(2) Not implementing security techniques and protection measures

(3) Not providing security education and training for network users

(4) Not providing information, materials or electronic documentation needed
for security, protection and management or providing false information

(5) For not inspecting the content of information transmitted on behalf of
someone else or not registering the unit or individual on whose behalf the
information was transmitted

(6) Not establishing a system for registering users and managing the
information of electronic bulletin boards.

(7) Not removing web addresses and directories or not closing servers
according to the relevant state regulations.

(8) Not establishing a system for registering users of public accounts

(9) Lending or transferring accounts

Section 22 Violation of section four or section seven of these regulations
shall be punished according to the relevant laws and regulations.

Section 23 Violations of section eleven or section twelve of these
regulations or not fulfilling the responsibility or registering users shall
be punished by a warning from Public Security or suspending network
operations for six months.

Chapter Five Additional Regulations

Section 24 These regulations should be consulted with regards to the
implementation of the security, protection and management of computer
information networks connecting to networks in the Hong Kong Special
Administrative Region as well as with networks in the Taiwan and Macao
districts.

Section 25 These regulations go into effect on the day of promulgation.

