Computer Information Network International Interconnection Security Protection Management Rules

Posted on Updated on

Ministry of Public Security Decree No. 33

Promulgated by the Ministry of Public Security on 30 December 1997

The “Computer Information Network International Interconnection Security Protection Management Rules” were approved by the State Council on 11 December 1997, are hereby promulgated, and take effect on 30 December 1997

Chapter I: General Provisions

Article 1: In order to strengthen the protection of the security of computer information network international interconnection, safeguard public order and social stability, according to the provisions of the “Computer Information System Security Protection Regulations of the People’s Republic of China”, the “Provisional Computer Information Network Management Rules of the People’s Republic of China” and other laws and regulations, these Rules are formulated.

Article 2: These Rules apply to the management of computer information network international interconnection security protection within the borders of the People’s Republic of China

Article 3: The Ministry of Public Security computer management and supervision organs is responsible for management work over computer information network information interconnection security protection. Public security organs’ computer management and supervision organs shall protect the public security of computer information network international interconnections, and safeguard the lawful rights and interests of work units and individuals engaging in international interconnection business, and the public interest.

Article 4: No work unit or individual may use international interconnection to harm national security or divulge State secrets, may not violate the national, social or collective interest or the lawful rights and interests of citizens, and may not engage in unlawful or criminal activities.

Article 5: No work unit or individual may utilize international interconnections to produce, reproduce, consult or disseminate the following information:

(1) inciting resistance, destroying the implementation of the Constitution, laws and administrative regulations;

(2) inciting subversion of State power, toppling the Socialist system;

(3) inciting separatism or destroying national unity;

(4) inciting ethnic hatred, ethnic discrimination or destroying ethnic unity;

(5) concocting or distorting facts, disseminating rumours, disordering social order;

(6) propagating feudal superstition, obscenity, sex, gambling, violence, murder, horror or inciting crime;

(7) brazenly humiliating other persons or concocting facts to slander other persons;

(8) harming the prestige of State organs

(9) other matters violating the Constitution, laws and administrative regulations.

Article 6: No work unit or individual may engage in the following activities endangering computer information network security:

(1) without permission, accessing computer information networks or using computer information network resources;

(2) without permission, conducting deletion, revision or adding to computer information network functions;

(3) without permission, conducting deletion, revision or adding to data stored in, processed or disseminated by computer information networks and application procedures;

(4) wilfully producing or disseminating computer viruses and other destructive processes;

(5) other matters endangering computer information network security.

Article 7: Users’ freedom to communicate and communication secrecy is protected by law. No work unit or individual may violate legal provisions or use international interconnections to violate users’ freedom to communicate and communication secrecy.

Chapter II: The responsibility to protect security

Article 8: Work units and individuals engaging in international interconnection work shall accept security supervision, inspection and guidance from public security organs, truthfully provide information, materials and data documents related to security protection to public security organs, assist with public security organs to investigate and prosecute unlawful and criminal activities of computer information networks through international interconnections.

Article 9: Controlling departments or controlling work units of international entry and exit port channel provision work units, connection work units shall be responsible for security protection management work of international entry and exit port channel and their subordinate interconnection networks according to laws and relevant State regulations.

Article 10: Interconnection work units, access work units and legal persons using computer information network international interconnections and other organizations shall implement the following security protection duties:

(1) being responsible for security protection management work of their networks, establishing and competing security protection management systems;

(2) implementing technological security protection measures, guaranteeing the operational security and information security of their networks;

(3) being responsible for security education and training of their network users;

(4) conducting registration of work units an individual entrusting information dissemination, and conducting examination of the content of the provided information according to Article 5 of these Rules

(5) establishing computer information network electronic announcement system user registration and information management systems;

(6) where discovering one of the circumstances listed in Article 4, Article 5, Article 6 and Article 7 of these Rules, they shall preserve the original relevant records, and report it to the local public security organs within 24 hours;

(7) According to relevant State regulations, deleting addresses and directories containing content as per Article 5 of these Rules or closing servers.

Article 11: Users, when accessing work units to conduct net access formalities, shall fill out a user filing form. The filing form is produced under the supervision of the Ministry of Public Security.

Article 12: Interconnection work units, access work units, legal persons and other organizations (including cross-provincial, autonomous region and municipal interconnection network work units and their subordinate branch organs) using computer information network international interconnections, shall within 30 days of official connection to the network, go to a hearing organ appointed by the provincial, autonomous region or municipal People’s Government public security organ of their locality to carry out filing formalities.

Work units listed in the previous Item shall be responsible for reporting the situation of access work units and users accessing their networks to the public security organs for filing, and timely report changes in the situation of work units and users accessing their network.

Article 13: Those using public or communal access registration shall strengthen management of communal accounts, and establish account use registration systems. User accounts may not be lent or transferred.

Article 14: Work units involved in State affairs, economic construction, national defence construction, scientific and technological frontiers and other important areas, when carrying out filing formalities, shall provide examination and approval certification of their administrative supervision department. The international interconnection of the networks of work units listed in the previous Item, shall adopt corresponding protection measures.

Chapter III: Security supervision

Article 15: Principal, autonomous region and municipal public security offices (bureaus), district (city) and county (city) public opinion bureaus shall have corresponding organs to be responsible for international interconnection security protection management work.

Article 16: Public security organs’ computer management and supervision organs shall grasp the filing situation of interconnection work units, access work units and users, establish filing dossiers, conduct filing statistics, and progressively report this upwards according to relevant State regulations.

Article 17: Public security organs’ computer management and supervision organs shall supervise interconnection work units, access work units and relevant users to establish and complete security protection management systems; supervising and inspecting the network security protection management as well as technology measure implementation situation.

When public security organs’ computer management and supervision organs, when organizing security inspections, related work units shall send people to participate. Public security organ computer management and supervision organs shall put forward opinions for improvement, make detailed records and file them for further reference concerning problems discovered in security inspection.

Article 18: Public security organ computer management and supervision organ discovering addresses, directories or servers containing content listed in Article 5 of these Rules, shall notify the relevant work unit to shut it down or delete it.

Article 19: Public security organ computer supervision and management organs shall be responsible for following, investigating and prosecuting unlawful acts committed through computer information networks and criminal cases related to computer information networks, unlawful and criminal activities violating the provisions of Article 4 and Article 7 of these Rules, shall be transferred to the relevant departments or judicial organs to deal with them according to relevant State regulations.

Chapter IV: Legal responsibility

Article 20: Those violating laws and administrative regulations, with one of the acts listed in Article 5 or Article 6 of these Rules, will be warned by the public security organs, where there is unlawful income, the unlawful income is confiscated, a fine of 5.000 Yuan or less may also be imposed on individuals, and a fine of 50.000 Yuan or less may also be imposed on work units; where circumstances are grave, the punishments of ceasing interconnection for six months or less and shutdown may be imposed, when necessary, it may also be advise that the original permit-issuing or approving organ cancels business permits or cancels interconnection qualification; where it constitutes an act violating public order, it will be punished according to regulations on public order management punishment; where it constitutes a crime, criminal responsibility will be investigated according to the law.

Article 21: Where one of the following acts is present, the public security organ orders rectification within a limited time and issues a warning, where there is unlawful income, the unlawful income is confiscated; where there is no rectification within the provided time limit, the main responsible person and other directly responsible personnel of the work unit may be subject to a fine of 5.000 Yuan or less, and the work unit may be subject to a fine of 50.000 Yuan or less, where circumstances are grave, the punishments of ceasing interconnection for six months or less and shutdown may be imposed, when necessary, it may also be advise that the original permit-issuing or approving organ cancels business permits or cancels interconnection qualification.

(1) not having established security protection management systems;

(2) not having adopted security technology protection measures;

(3) not providing security education and training to network users;

(4) not providing information, materials and data documents needed for security protection measures, or providing untrue content;

(5)  not having examined the content of information entrusted for publication or registered the entrusting work unit and individual;

(6) not having established electronic announcement system user registration and information management systems;

(7) not deleting network addresses or directories or shutting down servicers according to relevant State regulations;

(8) not establishing public account use registration systems

(9) Lending or transferring user accounts.

Article 22: Those violating the provisions of Article 4 and Article 7 of these Rules, are punished according to relevant laws and regulations.

Article 23: Those violating the provisions of Article 21 and Article 23 of these Rules, and not implementing filing duties, are punished by the public security organs with a warning or shutting down for rectification for a period not exceeding six months.

Chapter V: Supplementary provisions

Article 24: Security protection management of computer information networks interconnecting with the Hong Kong Special Administrative Region and the Taiwan and Macau regions, are implemented with reference to these Rules.

Article 25: These Rules take effect from the date of promulgation.

《计算机信息网络国际联网安全保护管理办法》
(1997年12月30日公安部发布)

第一章 总 则

第一条 为了加强对计算机信息网络国际联网的安全保护,维护公共秩序和社会稳定,根据《中华人民共和国计算机信息系统安全保护条例》、《中华人民共和国计算机信息网络国际联网管理暂行规定》和其他法律、行政法规的规定,制定本办法。

第二条 中华人民共和国境内的计算机信息网络国际联网安全保护管理,适用本办法。

第三条 公安部计算机管理监察机构负责计算机信息网络国际联网的安全保护管理工作。公安机关计算机管理监察机构应当保护计算机信息网络国际联网的公共安全,维护从事国际联网业务的单位和个人的合法权益和公众利益。

第四条 任何单位和个人不得利用国际联网危害国家安全、泄露国家秘密,不得侵犯国家的、社会的、集体的利益和公民的合法权益,不得从事违法犯罪活动。

第五条 任何单位和个人不得利用国际联网制作、复制、查阅和传播下列信息:

(一)煽动抗拒、破坏宪法和法律、行政法规实施的;

(二)煽动颠覆国家政权,推翻社会主义制度的;

(三)煽动分裂国家、破坏国家统一的;

(四)煽动民族仇恨、民族歧视,破坏民族团结的;

(五)捏造或者歪曲事实,散布谣言,扰乱社会秩序的;

(六)宣扬封建迷信、淫秽、色情、赌博、暴力、凶杀、恐怖,教唆犯罪的;

(七)公然侮辱他人或者捏造事实诽谤他人的;

(八)损害国家机关信誉的;

(九)其他违反宪法和法律、行政法规的。

第六条 任何单位和个人不得从事下列危害计算机信息网络安全的活动:

(一)未经允许,进入计算机信息网络或者使用计算机信息网络资源的;

(二)未经允许,对计算机信息网络功能进行删除、修改或者增加的;

(三)未经允许,对计算机信息网络中存储、处理或者传输的数据和应用程序进行删除、修改或者增加的;

(四)故意制作、传播计算机病毒等破坏性程序的;

(五)其他危害计算机信息网络安全的。

第七条 用户的通信自由和通信秘密受法律保护。任何单位和个人不得违反法律规定,利用国际联网侵犯用户的通信自由和通信秘密。

第二章 安全保护责任

第八条 从事国际联网业务的单位和个人应当接受公安机关的安全监督、检查和指导,如实向公安机关提供有关安全保护的信息、资料及数据文件,协助公安机关查处通过国际联网的计算机信息网络的违法犯罪行为。

第九条 国际出入口信道提供单位、互联单位的主管部门或者主管单位,应当依照法律和国家有关规定负责国际出入口信道、所属互联网络的安全保护管理工作。

第十条 互联单位、接入单位及使用计算机信息网络国际联网的法人和其他组织应当履行下列安全保护职责:

(一)负责本网络的安全保护管理工作,建立健全安全保护管理制度;

(二)落实安全保护技术措施,保障本网络的运行安全和信息安全;

(三)负责对本网络用户的安全教育和培训;

(四)对委托发布信息的单位和个人进行登记,并对所提供的信息内容按照本办法第五条进行审核;

(五)建立计算机信息网络电子公告系统的用户登记和信息管理制度;

(六)发现有本办法第四条、第五条、第六条、第七条所列情形之一的,应当保留有关原始记录,并在二十四小时内向当地公安机关报告;

(七)按照国家有关规定,删除本网络中含有本办法第五条内容的地址、目录或者关闭服务器。

第十一条 用户在接入单位办理入网手续时,应当填写用户备案表。备案表由公安部监制。

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s