Back to Index

Electronic Transactions Bill Comments
by the Hong Kong General Chamber of Commerce

8 October 1999
* * * * * * * * * * * *

1. We support the enactment of legislation to give legal effect to electronic signatures and we welcome the Electronic Transactions Bill which establishes the legal framework to bring that about.

2. As set out in the brief to the Legislative Council, the intention of the Bill is to develop the regulatory structure or electronic signatures through a technologically neutral and minimalist regulatory approach. We strongly support this intention. We also agree that the United Nations Commission on International Trade Law (UNCITRAL) - Model on Electronic Commerce provides the right model for the Bill.

3. However, on examining the Bill we have reservations on some aspects which appear to cast doubts as to whether the legislative intent could truly be met. Contrary to the professed aims of technological neutrality and minimalist regulation, the Bill's provisions seem to suggest technological bias and over-regulation.

4. We would emphasise that the aim of electronic signature authentication is to simplify, not complicate electronic commerce. The principle as suggested by UNCITRAL is that "information shall not be denied legal effect, validity or enforceability solely on the ground that it is in the form of a data message." In other words, the presumption should be that electronic signatures would be legal, valid, enforceable and admissible, without having to conform to any particular technical requirements. The main aim of the law should therefore be first to provide legal recognition of electronic signatures, and then, secondarily, to regulate the conduct of certification authorities (CAs).

5. In a free market different levels of security will be needed by different businesses, at different costs. These would be provided by different technologies on electronic signature authentication. The legislation should facilitate this diversity. It should lay down the principle to give legal effect to electronic signature but leave the matters of level of security, choice of technology, etc. entirely to the market.

6. The present Bill, however, goes much further than that. By imposing the need for positive recognition, it gives rise to a regulatory regime which is overly restrictive. The sweeping powers given to the Secretary for Information Technology and Broadcasting, including determination of even the form, manner and format of electronic record, is excessive. Rather than observing technological neutrality as espoused, the Bill is biased towards the public key infrastructure (PKI) being developed by government itself, although PKI is only one of possibly many authentication systems being developed. We are concerned that the effect of the Bill may be to mandate high authentication costs and discourage technological advance in electronic signature and security.

7. On the institutional framework for regulation of CAs, while we have no objection to the Director of Information Technology Services (DITS) to be the licensing authority, we would point out a potential conflict-of-interest situation as the Postmaster General, whose department is within the same policy bureau as DITS, is becoming the first CA. As CAs compete with each other in a free market, the playing field should be level and seen to be level. If no other department within government were more appropriate to act as the licensing authority, then DITS should at least be assisted by an independent committee, with proper industry representation, in discharging its regulatory duties. It is important, for instance, to ensure that the regulatory authority benefits from expertise advice in drawing up the code of practice for CAs. A statutory advisory body - which the Bill has not yet provided of - would be a useful element of the institutional structure.