|
||||
|
||||
DECISION No. 71/2004/QD-BCA(A11) OF JANUARY 29, 2004 PROMULGATING THE REGULATION ON ENSURING SAFETY AND SECURITY IN ACTIVITIES OF MANAGING, PROVIDING AND USING INTERNET SERVICES IN VIETNAM THE MINISTER OF PUBLIC SECURITY Pursuant to the Government's Decree No. 136/2003/ND-CP of November 14, 2003 defining the functions, tasks, powers and organizational structure of the Ministry of Public Security; Pursuant to the Government's Decree No. 55/2001/ND-CP of August 23, 2001 on management, provision and use of Internet services; At the proposal of the general director of the General Department of Security, DECIDES: Article 1.- To promulgate together with this Decision the Regulation on ensuring safety and security in activities of managing, providing and using Internet services in Vietnam. Article 2.- This Decision takes effect 15 days after its publication in the Official Gazette and supersedes Decision No. 848/1997/QD-BNV (A11) of October 23, 1997 of the Minister of the Interior (now the Minister of Public Security), promulgating the Regulation on inspecting and controlling measures and equipment to ensure national security in Internet activities in Vietnam. Article 3.- The functional units of the Ministry of Public Security, Internet service-providing organizations, units and enterprises, Internet agents and Internet service users in Vietnam shall have to implement this Decision. Minister of Public Security REGULATION ON ENSURING SAFETY AND SECURITY IN ACTIVITIES OF MANAGING, PROVIDING AND USING INTERNET SERVICES IN VIETNAM (Promulgated together with Decision No. 71/2004/QD-BCA(A11) of January 29, 2004 of the Minister of Public Security) Chapter I GENERAL PROVISIONS Article 1.- This Regulation shall apply to enterprises and units providing Internet services (Internet access service-IXP, Internet service-ISP, on-line service-OSP, Internet content service-ICP, and Internet service for exclusive use-ISP for exclusive use); internet agents (agents that provide Internet service and/or online service), and Internet service users in Vietnam. Article 2.- Ensuring safety and security in Internet activities in Vietnam covers protecting the equipment system, information and data in databases and on the networks of the participants in Internet activities to ensure their stable operation; ensuring the uninterrupted, truthful, rapid and timely transmission of information on the Internet; taking initiative in preventing, detecting and stopping acts of taking advantage of Internet services to infringe upon national security or social order and safety. Article 3.- Ensuring safety and security in Internet activities is the responsibility of agencies, organizations and individuals. The Ministry of Public Security shall perform the State management over ensuring security in Internet activities, have the right to examine, control and supervise information on the Internet according to law provisions. Article 4.- All organizations, enterprises and individuals participating in Internet activities in Vietnam must bear responsibility for information they store or transmit on the Internet; submit to management, examination, supervision and satisfy the requirements on ensuring safety and security in Internet activities under the provisions of this Regulation and other relevant law provisions. Article 5.- The following acts are strictly forbidden: 1. Taking advantage of the Internet to carry out activities of infringing upon national security, disrupting social order and safety, breaching fine customs and traditions or cultural identity of Vietnam, infringing upon the legitimate rights and interests of organizations or citizens, or to carry out criminal activities in whatever form and by whatever means. 2. Storing on Internet-connected computers information, materials or data classified as State secrets. 3. Using passwords in contravention of law provisions on cipher. 4. Accessing foreign Internet service providers by dialing direct international telephone numbers; using or guiding other persons to use support tools for visiting websites banned by competent State management agencies; sending, transmitting or spreading on the Internet computer viruses or software programs capable of hacking information or destroying computer data; disordering or obstructing activities of providing and/or using Internet services; building websites or organizing forums on the Internet, which contain contents guiding, inciting or provoking other persons to commit the above-said acts. 5. Abusing one's positions or powers in the State management over information security to obstruct lawful activities of the participants in Internet services, or to infringe upon the legitimate rights and interests of agencies, organizations or citizens. Chapter II SPECIFIC PROVISIONS Article 6.- Internet service-providing enterprises shall have the following responsibilities: 1. To have complete technical equipment commensurate to the scope of their operation so that they can conduct management, examination and supervision to ensure safety for their systems, block up information banned by law from being stored or transmitted on the Internet through the systems managed by the enterprises. 2. To formulate internal rules on the operation, exploitation and use of Internet services provided by the enterprises. To organize the popularization, guidance and examination of the implementation of such rules by the service-using enterprises (for members that provide Internet information contents, ICP), Internet agents, Internet service users, officials and employees within the enterprises. 3. To coordinate with the functional units of the Ministry of Public Security and competent State agencies in discovering, stopping and handling acts of taking advantage of the Internet to carry out activities of infringing upon national security or social order and safety. 4. To promptly stop providing Internet services for the subjects that take advantage of the Internet to carry out activities of opposing the State of the Socialist Republic of Vietnam or harming national security. 5. To arrange floor areas, network-accessing points and necessary technical conditions for the functional units of the Ministry of Public Security to perform their tasks of protecting national security in Internet activities. 6. To provide services for the public only after obtaining the written permission of the Ministry of Post and Telematics on the basis of the reports of inter-branch examination teams as provided for in Circular No. 04/2001/TT-TCBD of November 20, 2001 of the General Department of Post (now the Ministry of Post and Telematics), which guides the implementation of the Government's Decree No. 55/2001/ND-CP of August 23, 2001 on management, provision and use of Internet services (hereinafter called Decree No. 55), on the results of field examination of the enterprises' networks, equipment and measures to ensure safety and security in Internet activities. Article 7.- Organizations or enterprises which provide Internet service (ISP) and/or online service (OSP) and units that provide Internet information service (ICP) or Internet service for exclusive use (ISP for exclusive use) shall have the following responsibilities: 1. To have a system of firewalls commensurate with the scope of operation of each enterprise, ensuring the detection and stoppage of illegal information as provided for in Decree No. 55, as well as the safe protection of their systems of equipment, information and data. 2. To store in their servers information posted and transmitted on the Internet for 15 days, counting from the time such information is transmitted from or to the servers. 3. To organize training for employees of their Internet agents in the State's regulations on information safety and security in Internet activities and in appropriate technical measures so that such agents can well perform their tasks of guiding customers to use services for healthy purposes, detecting and stopping in time customers' acts of violating the provisions of Decree No. 55. 4. Enterprises and units providing Internet services (ISP and ISP for exclusive use) must join hands in stopping acts of taking advantage of their equipment systems, networks and services to disrupt, sabotage or obstruct activities of providing or using Internet services. Article 8.- Internet agents shall have the following activities 1. To comply with the law provisions on ensuring Internet information safety and security. To formulate and publicly post up their internal rules on the Internet use at Internet service-providing places. 2. To store information related to service users in their servers for 30 days, counting from the time such information is transmitted from or to the servers. 3. To keep service use registration books for recording full and detailed information about their customers, including their full names, addresses, serial numbers of their people's identity cards or passports and the time of using the service. To come up with solutions to stop the accessing of Internet websites with bad contents and to install software programs to enable the instant management of customers' information contents. 4. To arrange managerial personnel who are professionally and technically qualified and knowledgeable about the State's regulations on the Internet at all Internet service-providing places to help customers to use the Internet for healthy purposes, detect and stop in time customers' acts of violating the law provisions on the Internet. 5. To supply truthful, specific and complete data on technical configurations, connection plans and information flow under the scope of their management to competent State management agencies when so requested. 6. To cooperate with the police offices and competent State management agencies in satisfying the requirements on ensuring information safety and security. Article 9.- Internet users shall have the following responsibilities: 1. To be answerable to law for information contents they post and transmit on the Internet. 2. Upon receiving information causing harm to national security or social order and safety, or breaching fine customs and traditions or cultural traits of Vietnam, not to print out, copy or disseminate such information and to immediately notify the nearest police agency thereof for handling. 3. To protect their passwords, secret codes, private information as well as their equipment systems. Article 10.- Agencies, organizations and individuals participating in Internet activities shall have to implement the following information and reporting regime: 1. After being licensed to provide Internet services, the enterprises or units shall have to report to the General Department of Security under the Ministry of Public Security on their network connection plans, measures and equipment to ensure safety and security in Internet activities, the summary personal records of their officials and employees, the resumes of the network and system administration members and system operators at least 15 days before the inter-branch examination teams to conduct field examination under the guidance in Circular No. 04/2001/TT-TCBD of November 20, 2001 of the General Department of Post and Telecommunications (now the Ministry of Post and Telematics). 2. Once every six months, the Internet service-providing enterprises shall have to send reports to the General Department of Security under the Ministry of Public Security on the results of the work of ensuring safety and security in activities of providing and using Internet services, changes in the network structures, the lists of Internet agents and subscribers to their Internet services; the lists of information providers, forms of electronic news on the Internet, made according to a set form, and organize the close monitoring and management thereof. 3. To detect, and notify in time to the police offices of, activities of violating information safety and security, attacking or destroying the equipment systems, thus obstructing activities of providing Internet services, and other law-breaking acts; to closely coordinate with the police agencies in verifying and clarifying the details of the violations, to supply necessary information and documents related to the cases when so requested. Article 11.- The Ministry of Public Security hereby assigns the General Department of Security to act as a standing body assisting the Ministry's leadership in directing and organizing the work of ensuring safety and security in Internet activities, with the following responsibilities: 1. To organize the application of professional measures to examine, control and supervise Internet information according to law provisions. 2. To guide agencies, organizations and individuals participating in Internet activities to prevent, detect and stop activities of taking advantage of Internet services to infringe upon national security or social order and safety. 3. To guide the provincial/municipal police agencies to organize and perform the work of ensuring safety and security in Internet activities in Vietnam. Article 12.- The General Department of Security shall direct its professional and functional departments and local police agencies: 1. Once every six months to conduct the examination of the application of measures to ensure information safety and security in Internet activities by the Internet service providers, with the contents specified in this Regulation. 2. To coordinate with the specialized post, telecommunications and information technology inspectorate and the specialized culture and information inspectorate in inspecting, examining and handling violations in Internet activities according to law provisions. Article 13.- Agencies, organizations or individuals that violate the regulations on information safety and security in activities of managing, providing and using Internet services shall, depending on the nature and seriousness of their violations, be sanctioned as provided for in Article 41 and Article 45 of Decree No. 55, specifically as follows: 1. A fine of between VND 200,000 and VND 1,000,000 for one of the following violation acts: a/ Using passwords, secret codes and/or private information of other persons to illegally access or use Internet services; b/ To use software tools for illegally accessing or using Internet services. 2. A fine of between VND 1,000,000 and VND 5,000,000 for one of the following violation acts: a/ Violating the State's regulations on encoding and decoding information on the Internet in the use of Internet services; b/ Violating the State's regulations on Internet information safety and security in the use of Internet services. 3. A fine of between VND 10,000,000 and VND 20,000,000 for one of the following violation acts: a/ Violating the State's regulations on encoding and decoding information on the Internet in the provision of Internet services; b/ Violating the State's regulations on Internet information safety and security in the provision of Internet services. c/ Using the Internet for the purpose of threatening, harassing or hurting the honor or dignity of, other persons, which is not, however, serious enough to be examined for penal liability; d/ Posting on the Internet or abusing the Internet to disseminate debauched information or pictures or other information contrary to the law provisions on the Internet information contents, which is not, however, serious enough to be examined for penal liability; e/ To steal passwords, secret codes or personal information of organizations or individuals and make them known to other persons for use; f/ Violating the regulations on operation, exploitation and use of computers, causing disorder to Internet activities, blockading, deforming or destroying data on the Internet, which is not, however, serious enough to be examined for penal liability. 4. A fine of between VND 20,000,000 and VND 50,000,000 for acts of creating and intentionally spreading or transmitting virus programs on the Internet, which are not, however, serious enough to be examined for penal liability. 5. In addition to forms of administrative sanction, depending on the nature and seriousness of their violations, the violating organizations or individuals may be subject to the application of the following additional sanctions or remedial measures: a/ Suspension or cessation of the provision or use of Internet services, for acts of violating the points of Clause 1, the points of Clause 2, the points of Clause 3 of Clause 4, Article 13 of this Regulation. b/ Forcible restoration of the original state which has been altered owing to the administrative violations, for acts of violating the provisions of Point f, Clause 3 or Clause 4, Article 13 of this Regulation. 6. Acts of taking advantage of the Internet to oppose the State of the Socialist Republic of Vietnam and disrupt security and order; other serious violation acts involving criminal signs shall be subject to penal liability examination as provided for by law. Chapter III IMPLEMENTATION PROVISIONS Article 14.- Basing themselves on this Regulation, organizations and enterprises providing Internet services in Vietnam shall work out their own regulations on Internet management, on management of users, management of information contents, and technical measures to examine, supervise, ensure safety and security for information in Internet activities. Article 15.- 1. The General Department of Security under the Ministry of Public Security shall direct its professional units to coordinate with the functional agencies of the Ministry of Post and Telematics, the Ministry of Culture and Information and the concerned ministries, branches and localities in considering technical measures applied by the Internet service-providing organizations, enterprises and units to ensure safety and security for Internet activities immediately from the licensing time and conduct periodical examinations of the organization of the implementation of this Regulation. 2. If meeting with any difficulties or problems in the course of implementing this Circular, agencies, organizations or individuals should report them to the Ministry of Public Security (via the General Department of Security) for timely guidance and settlement. Minister of Public Security |