New PRC Internet Regulation
A January 1998 report from U.S. Embassy Beijing
Sumary: Chinese government sensitivities about control of information coming into China are reflected in the strict controls it maintains over publishing, broadcasting, and electronic communications, including the Internet. The new PRC Internet regulation adopted on December 30 does not appear significantly different from the interim regulation it replaced. (The Embassy Beijing translation of the new regulation is appended to this report and posted on the Embassy Beijing website at http://www.redfish.com/USEmbassy-China/sandt/sandt.htm and the, full the Chinese text of regulations at: http://www.edu.cn/lawglbf.html). Embassy contacts at local Internet service providers, U.S. Internet software companies, and technical advisors to the PRC government all downplayed the new regulation as essentially clarifications of previous interim regulations, with responsibilities, procedures and penalties spelled-out in greater detail. At the same time, officials maintain that PRC policy is to encourage and popularize use of the Internet, fully recognizing that this enables potential access to proscribed information. As one official pointed out: if determined enough, a person will find a way to obtain pornography. It is impossible to stop them, although they can be arrested later.
The New Regulation
On December 29 China's Ministry of Public Security announced a five-chapter, 25-article regulation on managing the security of domestic and international computer information network connections which outlined the duties and responsibilities of China's Internet service providers and punishments for Internet use to leak state secrets, damage state interests, threaten state security or distribute harmful information. Although reported outside of China as a "crackdown" on Internet usage, the new regulation contains no new prohibitions, and goes beyond the previous interim Internet regulation only in the level of detail on procedures, responsibilities and penalties for violators. (informal embassy translation of regulation in para 8 and at the U.S. Embassy Beijing website http://www.redfish.com/USEmbassy-China/sandt/netreg.htm, full Chinese text of regulations at http://www.edu.cn/lawglbf.html, and two three other reports on the Internet in the PRC at http://www.redfish.com/USEmbassy-China/sandt/sandt.htm).
Three Beijing Internet service providers separately told the Embassy they did not expect the regulations to have any significant impact on their operations or on their customers since the new regulation contained no new restrictions. One service provider said that the new regulation highlighted a need to improve their record keeping. However, they pointed out that some aspects of the regulation, such as holding the service providers responsible for what sites their customers visited online, were unrealistic. There was no practical way to monitor the on-line activity of China's hundreds of thousands of Internet users. The service providers were already responsible for registering their customers with the Ministry of Public Security and entering the addresses of blocked sites (distributed by the Ministry of Public Security) into their network server computers; but they had no way of knowing what sites remained unblocked or what other activities their customers did online.
A Relaxation Of Restrictions?
Deputy Secretary General of the State Council Steering Committee of National Information Infrastructure Yu Renlin told U.S. Embassy Beijing officers on December 29 that the new regulation was related to a relaxation of controls over Internet usage intended to encourage more widespread Internet use. Yu said Internet policy-makers recognized that it was impossible to block all objectionable Internet sites and there were multiple ways around such blocks. According to Yu, the regulation and electronic blocking of certain pornographic, violent or subversive web sites were intended to deter people who might casually access such sites, but that “if an individual is intent enough on obtaining pornography, that person will find a way to get it.” Yu added that current technology made it fairly easy to monitor which Internet accounts were used to make online visits to restricted sites, allowing the Ministry of Public Security to gather evidence sufficient for an arrest.
However, Yu emphasized that in recent months the PRC had lifted restrictions on some previously blocked Internet sites and had decided it would not block sites unless their 'errors' were repeated. Yu identified recent PRC efforts to encourage use of the Internet as including network upgrades, lower phone line lease prices, usage rates and installation charges. [Note: U.S. Embassy officers have observed that the CNN website is now accessible through some Internet servers, though not at others. The New York Times website is generally blocked, while the Washington Post website is not. End note.]
Cheaper Rates For Users And Service Providers
Officials at the Ministry of Posts and Telecommunications told embassy officers that in order to further encourage wider Internet access the State Planning Commission had decided that effective January 1, the cost to Internet service providers to lease phones lines would be reduced by some 65 percent and the cost to consumers for installing a second phone line at the same address would be reduced by 50 percent. Local newspapers recently reported that the American Telephone and Telegraph Co. had signed a contract to upgrade links between China's main domestic intranet and the Internet with connections more than 20 times faster than currently used, in anticipation of more three million Internet users in China by the year 2000.
Embassy Translation of New Internet Regulation:
Computer Information Network and Internet Security, Protection and Management Regulations
(Approved by the State Council on December 11 1997 and promulgated by the Ministry of Public Security on December 30, 1997)
Chapter One Comprehensive Regulations
Section One -- In order to strengthen the security and the protection of computer information networks and of the Internet, and to preserve the social order and social stability, these regulations have been established on the basis of the "PRC Computer Information Network Protection Regulations", the "PRC Temporary Regulations on Computer Information Networks and the Internet" and other laws and administrative regulations.
Section Two -- The security, protection and management of all computer information networks within the borders of the PRC fall under these regulations.
Section Three -- The computer management and supervision organization of the Ministry of Public Security is responsible for the security, protection and management of computer information networks and the Internet. The Computer Management and Supervision organization of the Ministry of Public Security should protect the public security of computer information networks and the Internet as well as protect the legal rights of Internet service providing units and individuals as well as the public interest.
Section Four -- No unit or individual may use the Internet to harm national security, disclose state secrets, harm the interests of the State, of society or of a group, the legal rights of citizens, or to take part in criminal activities.
Section Five -- No unit or individual may use the Internet to create, replicate, retrieve, or transmit the following kinds of information:
(1) Inciting to resist or breaking the Constitution or laws or the implementation of administrative regulations;
(2) Inciting to overthrow the government or the socialist system;
(3) Inciting division of the country, harming national unification;
(4) Inciting hatred or discrimination among nationalities or harming the unity of the nationalities;
(5) Making falsehoods or distorting the truth, spreading rumors, destroying the order of society;
(6) Promoting feudal superstitions, sexually suggestive material, gambling, violence, murder,
(7) Terrorism or inciting others to criminal activity; openly insulting other people or distorting the truth to slander people;
(8) Injuring the reputation of state organs;
(9) Other activities against the Constitution, laws or administrative regulations.
Section Six No unit or individual may engage in the following activities which harm the security of computer information networks:
(1) No-one may use computer networks or network resources without getting proper prior approval
(2) No-one may without prior permission may change network functions or to add or delete information
(3) No-one may without prior permission add to, delete, or alter
materials stored, processed or being transmitted through the network.
(4) No-one may deliberately create or transmit viruses.
(5) Other activities which harm the network are also prohibited.
Section Seven The freedom and privacy of network users is protected by law. No unit or individual may, in violation of these regulations, use the Internet to violate the freedom and privacy of network users.
Chapter 2 Responsibility for Security and Protection
Section 8 Units and individuals engaged in Internet business must accept the security supervision, inspection, and guidance of the Public Security organization. This includes providing to the Public Security organization information, materials and digital document, and assisting the Public Security organization to discover and properly handle incidents involving law violations and criminal activities involving computer information networks.
Section 9 The supervisory section or supervisory units of units which provide service through information network gateways through which information is imported and exported and connecting network units should, according to the law and relevant state regulations assume responsibility for the Internet network gateways as well as the security, protection, and management of the subordinate networks.
Section 10 Connecting network units, entry point units and corporations that use computer information networks and the Internet and other organizations must assume the following responsibilities for network security and protection:
(1) Assume responsibility for network security, protection and management and establish a thoroughly secure, protected and well managed network.
(2) Carry out technical measures for network security and protection. Ensure network operational security and information security.
(3) Assume responsibility for the security education and training of network users
(4) Register units and individuals to whom information is provided. Provide information according to the stipulations of article five.
(5) Establish a system for registering the users of electronic bulletin board systems on the computer information network as well as a system for managing bulletin board information.
(6) If a violation of articles four, five, six or seven is discovered than an unaltered record of the violation should be kept and reported to the local Public Security organization.
(7) According to the relevant State regulations, remove from the network and address, directory or server which has content in violation of article five.
Section 11 The network user should fill out a user application form when applying for network services. The format of this application form is determined by Public Security.
Section 12 Connecting network units, entry point units, and corporations that use computer information networks and the Internet and other organizations (including connecting network units that are inter-provincial, autonomous region, municipalities directly under the Central Government or the branch organization of these units) should, within 30 days of the opening of network connection, carry out the proper registration procedures with a unit designated by the Public Security organization of the provincial, autonomous region, or municipality directly under the Central Government peoples' government.
The units mentioned above have the responsibility to report for the record to the local public security organization information on the units and individuals which have connections to the network. The units must also report in a timely manner to Public Security organization any changes in the information about units or individuals using the network.
Section 13 People who register public accounts should strengthen their management of the account and establish an account registration system. Accounts may not be lent or transferred.
Section 14 Whenever units involved in matters such as national affairs, economic construction, building the national defense, and advanced science and technology are registered, evidence of the approval of the chief administrative section should be shown.
Appropriate measures should be taken to ensure the security and protection of the computer information network and Internet network links of the units mentioned above.
Chapter Three Security and Supervision
Section 15 The provincial, autonomous region or municipal Public Security agency or bureau, as well as city and county Public Security organizations should have appropriate organizations to ensure the security, protection and management of the Internet.
Section 16 The Public Security organization computer management and supervision organization should have information on the connecting network units, entry point unit, and users, establish a filing system for this information, maintain statistical information on these files and report to higher level units as appropriate.
Section 17 The Public Security computer management and supervision organization should have establish a system for ensuring the security, protection and good management of the connecting network units, entry point unit, and users. The Public Security organization should supervise and inspect network security, protection and management and the implementation of security measures.
Section 18 If the Public Security computer management and supervision organization discovers an address, directory or server with content in violation of section five, then the appropriate units should be notified to close or delete it.
Section 19 The Public Security computer management and supervision organization is responsible for pursuing and dealing with illegal computer information network activities and criminal cases involving computer information networks. Criminal activities in violation of sections four or section seven should according to the relevant State regulations, be handed over to the relevant department or to the legal system for appropriate disposition.
Chapter Four Legal Responsibility
Section 20 For violations of law, administrative regulations or of section five or section six of these regulations, the Public Security organization gives a warning and if there income from illegal activities, confiscates the illegal earnings.
For less serious offenses a fine not to exceed 5000 RMB to individuals and 15,000 RMB to work units may be assessed.
For more serious offenses computer and network access can be closed down for six months, and if necessary Public Security can suggest that the business operating license of the concerned unit or the cancellation of its network registration. Management activities that constitute a threat to public order can be punished according to provisions of the public security management penalties articles. Where crimes have occurred, prosecutions for criminal responsibility should be made.
Section 21 Where one of the activities listed below has occurred, the Public Security organization should order that remedial action should be taken with a specific period and give a warning; if there has been illegal income, the income should be confiscated; if remedial action is not taken within the specified period, then a fine of not more than 5000 RMB may be assessed against the head of the unit and persons directly under the unit head and a fine of not more than 15,000 RMB against the unit; in the case of more offenses, the network and equipment can be closed for up to six months. In serious cases Public Security may suggest that the business license of the organization be canceled and its network registration canceled.
(1) Not setting up a secure system
(2) Not implementing security techniques and protection measures
(3) Not providing security education and training for network users
(4) Not providing information, materials or electronic documentation needed for security, protection and management or providing false information
(5) For not inspecting the content of information transmitted on behalf of someone else or not registering the unit or individual on whose behalf the information was transmitted
(6) Not establishing a system for registering users and managing the information of electronic bulletin boards.
(7) Not removing web addresses and directories or not closing servers according to the relevant state regulations.
(8) Not establishing a system for registering users of public accounts
(9) Lending or transferring accounts
Section 22 Violation of section four or section seven of these regulations shall be punished according to the relevant laws and regulations.
Section 23 Violations of section eleven or section twelve of these regulations or not fulfilling the responsibility or registering users shall be punished by a warning from Public Security or suspending network operations for six months.
Chapter Five Additional Regulations
Section 24 These regulations should be consulted with regards to the implementation of the security, protection and management of computer information networks connecting to networks in the Hong Kong Special Administrative Region as well as with networks in the Taiwan and Macao districts.
Section 25 These regulations go into effect on the day of promulgation.