Instant Button
Instant Button
Instant Button
Instant Button
Instant Button
Instant Button
Instant Button
Instant Button
Instant Button
Instant Button
Instant Button


STATE SECRECY PROTECTION REGULATIONS FOR COMPUTER
INFORMATION SYSTEMS ON THE INTERNET

(Promulgated and Issued by the State Secrecy Bureau
and takes effect on January 1, 2000)

 

 

 

SUBJECT: INFORMATION SYSTEMS, INTERNET

ISSUING-DEPT:STATE SECURITY BUREAU

ISSUE-DATE: 01/01/2000

IMPLEMENT-DATE: 01/01/2000

LENGTH: 1238 words

TEXT:

Chapter 1. General Principles

Article 1. These Regulations are issued in line with the "Law of the People's Republic of China on the Protection of State Secrets" and other related regulations of China to strengthen the management of secrets in the computer systems on the Internet and to ensure the safety of state secrets.

Article 2. Computer systems on the Internet refers to the connection of computer information systems within the territory of the People's Republic of China with foreign computer information networks to achieve the international exchange of information.

Article 3. All individuals, corporations and other organizations (hereinafter collectively referred to as users") using international networking, national backbone networks and Internet access providers shall abide by these Regulations.

Article 4. The management of secrets in the computer systems on the Internet is based on the principle of controlling sources, the centralized management by specialized departments, responsibility at different levels, emphasizing key points and benefiting development.

Article 5. State departments for the protection of secrets shall take charge of protecting secrets in the international networking of national computer information systems. Local departments for the protection of secrets above the county level shall take charge of the work concerning the computer systems on the Internet within their respective administrative districts.

Central government institutions, in the area of their functions and powers, shall take charge of or guide the work of guarding secrets in the computer systems on the Internet within their own systems.

Chapter II. Security Mechanism

Article 6. A computer information system involving state secrets shall not be connected, either directly or indirectly, with the Internet or other public information networks. It must be physically separated.

Article 7. Information involving state secrets, including information that has been checked and authorized to be legally exchanged, in instances of foreign exchanges and cooperation, through special equipment outside China's territory, shall not be stored, processed and transmitted in computer information systems with international networking.

Article 8. The management of secrets concerning information on the Internet shall be based on the principle of "whoever places materials on the Internet takes the responsibility." Information provided to or released on Web sites must undergo a security inspection and approval, which shall include departmental management. Related units shall, in line with state laws and regulations on guarding secrets, establish and improve a leadership responsibility system for the examination and approval of information intended for the Internet. Units that provide !he information shall establish a security system for information examination and approval in accordance with certain work procedures.

Article 9. As for information collected for the purpose of Internet information services, not including what has been published by other news media, organizers shall obtain the approval of the units providing the information before releasing it on the Internet. Any expansion or updating of information on the Internet shall adhere strictly to the security system for information examination and approval.

Article 10. Units and users that establish an BBS, chat room or network news group shall be verified and approved by the relevant organizations to clarify the requirements and responsibilities concerning the protection of secrets.

No unit or individual shall release, discuss or disseminate information about state secrets on an BBS, chat room or network news group.

For BBS, chat rooms or network news groups that are open to the public, the organizer or its high‑level competent department shall strictly carry out its responsibilities concerning the protection of secrets, establish a complete management system and strengthen supervision and inspection. If it discovers leaked information, it shall take timely measures and report this to the local authorities for the protection of secrets.

Article 11. Users who exchange information on the Web via email shall abide by regulations concerning the guarding of state secrets. They shall not deliver, forward or copy information concerning state secrets via email.

National backbone networks and Internet access providers shall clarify to their email users their requirements for protecting secrets and shall improve their management systems.

Article 12. National backbone networks and Internet access providers shall provide instruction about protecting secrets as an important part of the technical training or international networking. Agreements and Internet access providers and between Internet access providers and users shall stipulate clearly that state laws on protecting secrets must be obeyed and that state secrets shall not be leaked.

Chapter III. Supervising The Protection Of Secrets

Article 13. Departments for protecting secrets at all levels shall have related organizations or personnel who are responsible for managing secrets in the international networking of computer information systems. They shall urge national backbone networks, Internet access providers and users to establish and complete a management system on the protection of secret information, and shall supervise and check the implementation of regulations concerning the protection of secrets in international networking.

Departments or units that fail to establish a management system for protecting secrets, to stipulate clear‑cut responsibilities or to take effective measures against chaotic management and hidden perils that evidently threaten the information security of state secrets, shall rectify these at the urging of authorities for the protection of secrets. Those departments or units that cannot meet the requirements for protecting secrets after the rectification is completed shall be urged to stop international networking.

Article 14. Departments in charge of protecting secrets at all levels shall strengthen their inspections for secrets in the international networking of computer information systems. They shall investigate and treat various actions concerning leaks of secrets according to the law.

Article 15. National backbone networks, Internet access providers and users shall accept the supervision and checking by departments in charge of protecting secrets and shall cooperate with them. They shall assist secret protection departments in investigating illegal actions that divulge state secrets through international networking. They shall also delete information from the Internet which concerns state secrets, as required by the departments in charge of protecting secrets.

Article 16. When a leak, or possible leak, of state secrets is discovered, national backbone networks, Internet access providers and users shall immediately report this to the departments or organizations in charge of protecting secrets.

Article 17. After receiving a report on or discovering a leak of secrets on the Internet, the departments and organizations in charge of protecting secrets shall immediately organize an investigation and urge the relevant departments to take remedial measures. Meanwhile, they shall supervise the relevant departments' deletion, within a stipulated period, from the Internet of information concerning state secrets.

Chapter IV. Supplementary Provisions

Article 18. The management of secrets in the networking of computer information systems involving the Hong Kong and Macau Special Administrative Regions and Taiwan shall be carried out with reference to these Regulations.

Article 19. Specific rules may be made in conformity with these Regulations for managing secrets in the international networking of military computer information systems.

Article 20. These Regulations take effect on January 1, 2000.