Consultation Paper on the Review of the Electronic Transactions OrdinanceComments by the Hong Kong General Chamber of CommerceMay 2002Introduction1. We welcome the opportunity to be consulted on the Review of the Electronic Transactions Ordinance. The Chamber endorsed the enactment of the Ordinance two years ago. At the time we expressed strong support for the principles of technological neutrality and minimal regulation in the approach to the legislation. We would re-affirm our position that the United Nations Commission on International Trade Law (UNCITRAL) - Model on Electronic Commerce should remain the basis upon which the Ordinance is modeled. 2. At the time of the enactment of the Ordinance we had expressed reservations on whether the intent of technological neutrality and minimal regulation could truly be met. Our concern has not been allayed by the present consultation paper on review of the Ordinance. The government's approach3. Much of the consultation paper focuses on creation of new schedules or changes to existing schedules under the Ordinance in respect of electronic transactions. It reflects a fundamental over-regulatory bias in the approach adopted by the government. While we appreciate the step-by-step manner in which this approach is being implemented – as evidenced in the consultation paper – we are of the view that this approach is fundamentally flawed. It harbours the danger that changes in the market will soon be too difficult to catch up with. The result is that the technological-neutrality intention of the Ordinance cannot be met and the government may increasingly find itself moving towards technological advocacy one type or another. 4. With regard to the questions raised in the consultation paper, we would be inclined towards an answer that offers the biggest room for the market, given the current approach by the government. In other words: · With respect to PIN, we would support wider acceptance as electronic signature. · On newer means of authentication like biometrics, instead of being “examined at a later stage”, we suggest that some means of enabling them early within the current legislative framework be examined. · As regards “delivery by post or in person”, obviously we support extending its meaning to cover delivery by electronic means. · On the exemption schedules and exclusion lists, we consider that the need for these will gradually diminish. We would be prepared to support a more aggressive approach to encourage wider application of electronic means. 5. We would emphasise again that the above views apply as a result of the current approach adopted for the Ordinance, but that is an approach upon which we have strong reservations. A pro-market approach6. We reiterate the pro-market principle which we advocated when we first commented on the Electronic Transactions Bill more than two years ago. At the time we commented: We would emphasise that the aim of electronic signature authentication is to simplify, not complicate electronic commerce. The principle as suggested by UNCITRAL is that “information shall not be denied legal effect, validity or enforceability solely on the ground that it is in the form of a data message.” In other words, the presumption should be that electronic signatures would be legal, valid, enforceable and admissible, without having to conform to any particular technical requirements. The main aim of the law should therefore be first to provide legal recognition of electronic signatures, and then, secondarily, to regulate the conduct of certification authorities (CAs).7. Thus in a free market different levels of security will be needed by different businesses, at different costs. These would be provided by different technologies on electronic signature authentication. The role of the government should be to facilitate this diversity. The aim of legislation should be to give legal effect to electronic signature but the matters of security level, choice of technology, etc. should be left entirely to the market. There should thus be no need to confer such sweeping powers, including determination of even the form, manner and format of electronic record, to the Secretary for Information Technology and Broadcasting, as applying under the current scheduling approach. This regulatory approach is too restrictive. The attitude displaced in the consultation paper on the development of biometrics – that the market is not yet mature and hence authentication not yet acceptable under the Ordinance – is illustrative. We would have thought that technological development and related institutional support should be driven by the market itself. Government's role should be to provide a framework to enable the market to freely develop these, rather than making a judgement as to which types of technology should mature and when. 8. Previously we expressed our concern over a possible technological bias towards the public key infrastructure (PKI) developed by the Post Office. This concern is reinforced in our reading of the consultation paper. We are reminded by the discussion on PIN of the vast potential of applications using the electronic identity card – again a government domain. Together they suggest the possibility of a strong hold by the public sector on electronic transactions. Given the high barrier to entry in the form of substantial initial investment required of CA's, the concern of the private sector for a playing field which is possibly not level, must be seriously addressed. Regulation of certification authorities9. On the proposal to split the compliance assessment of CA's into two parts, we consider it reasonable, although this will add some burden to the CA's. The market structure is the bigger issue compared to the regulatory procedure of CA's. 10. The proposed change has, however, put into focus the potential conflict of interest inherent in the system, which we identified in our last paper – the fact that the regulator (Director of Information Technology Services) and the key regulated player (Postmaster General) happen to be two departments under the same policy bureau. Given that this is the case, it will be more appropriate for DITS to be assisted by an independent advisory committee, with proper industry representation, in discharging its regulatory duties. The Review offers an opportunity to provide a statutory basis for such an advisory committee. Conclusion11. We commend the government in reviewing the Ordinance in a timely manner. While this review will surely improve the mechanics of the Ordinance, what is more important is the more fundamental questions of principle and approach which have been identified. These have been borne out by the development of the market itself. An impression of over-concern on security of e-payment – whether created by the Ordinance or not – is actually stifling the development of electronic transactions, giving a negative impression that the safety of the system is at risk. This could well be one factor affecting adoption of electronic transactions. At the end of the day, e-transactions must be easy and user-friendly, and so should be the regulatory system.
Top