1 February 2000. Thanks to SA.


Title: PRC Rules on Internet Secrecy Management 

Document Number: FBIS-CHI-2000-0128
Document Type: Daily Report
Document Title: FBIS Translated Text
Document Region: China
Document Date: 25 Jan 1999
Division: China
Subdivision: China
Sourceline: OW2801142300 Beijing Xinhua Domestic Service in Chinese 0940
GMT 25
Jan 99
AFS Number: OW2801142300
Citysource: Beijing Xinhua Domestic Service
Language: Chinese
N/A

Subslug: "Provisions on Secrecy Management of Computer Information Systems on the Internet" -- Xinhua headline

[FBIS Translated Text] Beijing, 25 January (Xinhua) --

Provisions on Secrecy Management of Computer Information Systems on the Internet

(Promulgated by the State Secrecy Bureau)

Chapter I -- General Provisions

Article 1 -- To strengthen secrecy management of computer information systems on the Internet and ensure the safety of state secrets, these provisions are drawn up in compliance with the "Law of the People's Republic of China on Guarding States Secrets" and provisions of relevant state laws and regulations.

Article 2 -- Computer information systems on Internet refer to the linkage of computer information systems within the PRC territory with foreign computer information networks.

Article 3 -- Individuals, legal persons, and other organizations (hereinafter referred to as users) going on the Internet, Internet Service Providers [ISP] and Internet Content Providers [ICP] must abide by these provisions.

Article 4 -- Principles of controlling sources, stressing centralized management by specialized departments with different levels assuming responsibility, highlighting key points, and promoting development are applied to the secrecy management of computer information systems on the Internet.

Article 5 -- State secrecy departments are responsible for the secrecy work of computer information systems on the Internet throughout China. Local secrecy departments at and above the county level are responsible for the secrecy work of computer information systems on the Internet in the administrative regions under their jurisdiction. Central state organs are responsible for or guide, within the limits of their functions and powers, the secrecy work of computer information systems on the Internet in the departments under their jurisdiction.

Chapter II -- Secrecy System

Article 6 -- Computer information systems involving state secrets shall not be linked directly or indirectly with the Internet or other public information network. Physical segregation must be applied in this regard.

Article 7 -- Information relating to state secrets, including information concerning state secrets legally exchanged upon examination and approval with specific outside-the-border partners in contacts and cooperation with foreign countries, shall not be stored, handled, and transmitted in the computer information systems on the Internet.

Article 8 -- Secrecy management of information put onto the web must adhere to the principle of "those who go online will be those held responsible." Those who provide or distribute information via Internet connections must get secrecy examination and approval. Secrecy examination and approval is managed by departments. Units concerned must establish and improve a secrecy examination and approval leadership responsibility system for information put on the web. Information providers must improve the information secrecy examination and approval system in accordance with specified working procedures.

Article 9 -- With the exception of the information which has been openly distributed in other media, before distributing the information they gathered, organizers of online information services shall get the endorsement of information providers. Expansion or updating of online information must be done in strict accordance with the information secrecy examination and approval system.

Article 10 -- Units and users that set up electronic bulletin systems, chat rooms, and cybernews groups must go through examination and approval procedures with corresponding secrecy organizations, clearly stating secrecy requirements and responsibilities. No units or individuals shall spread, discuss, or disseminate information referring to state secrets on electronic bulletin boards, chat rooms, and cybernews groups. Sponsors of electronic bulletin boards, chat rooms, and cybernews groups geared to society or their higher competent departments must conscientiously carry out their duty of preserving state secrets, establish and improve a management system, and strengthen supervision and inspection. If information relating to secrecy is discovered, they must promptly take measures and report the case to local secrecy departments.

Article 11 -- When exchanging information on the Internet through e-mails, users shall abide by relevant state secrecy provisions and shall not transmit, transfer or copy and send information referring to state secrets through e-mails. The ISP and the ICP must set clear secrecy demands on the users of mailing service implements under their management and improve the management system.

Article 12 -- The ISP and the ICP must take secrecy education as an important content of their Internet technology training. In the contracts signed between the ISP and the ICP and between the ICP and users and in the users' regulations, there must be clauses clearly stipulating that the State Secrecy Law must be observed and no information referring to state secrets shall be revealed.

Chapter III -- Secrecy Supervision

Article 13 -- Secrecy departments at all levels must have their own corresponding organizations and personnel responsible for the secrecy management of computer information systems on the Internet; supervise and urge the ISP, the ICP, and users to establish and improve a information secrecy management system; and supervise and inspect the implementation of the provisions concerning the Internet secrecy management system. Secrecy departments must instruct departments or units, which have not yet established the information secrecy management system or lack clearly defined responsibility and adequate measures and are beset with confused management and a noticeable hidden danger endangering the safety of information referring to states secrets, to rectify themselves and cut off their access to the Internet if they still fail to meet the secrecy requirements after the conclusion of their rectification efforts.

Article 14 -- Secrecy departments at all levels must strengthen the secrecy inspection of computer information systems on the Internet and investigate and handle various secret disclosures according to the law.

Article 15 -- The ISP, the ICP, and users must subject themselves to and cooperate with secrecy supervision and inspection enforced by secrecy departments, assist secrecy departments in investigating and handling the infractions of divulging state secrets through the Internet, and delete the information relating to state secrets on the Internet as required by secrecy departments.

Article 16 -- When discovering that state secrets are divulged or are likely to be divulged, the ISP, the ICP, and users must promptly report the case to secrecy departments or organizations.

Article 17 -- After receiving submissions of reports on offenders or discovering secret disclosures on the Internet in their inspections, secrecy departments and organizations at all levels must immediately organize forces to investigate and handle the cases, and supervise and urge departments concerned to promptly adopt remedial measures, and supervise units concerned to delete the information relating to state secrets on the Internet.

Chapter IV -- Supplementary Provisions

Article 18 -- The secrecy management of computer information systems linking with the Internet connections of the Hong Kong and Macao Special Administration Regions and the Taiwan area shall be handled with reference to these provisions.

Article 19 -- The armed forces can make detailed regulations based on these provisions, with which they will manage the secrecy of computer information systems on the Internet.

Article 20 -- These provisions became effective as of 1 January 2000.