|
THE MINISTRY OF PUBLIC SECURITY
-------------
|
SOCIALIST REPUBLIC OF VIET NAM
Independence - Freedom – Happiness
--------------
|
|
No.
71/2004/QD-BCA(A11)
|
Ha
Noi ,January 29th, 2004
|
DECISION
PROMULGATING THE REGULATION ON ENSURING
SAFETY AND SECURITY IN ACTIVITIES OF MANAGING, PROVIDING AND USING INTERNET
SERVICES IN VIETNAM
THE MINISTER OF PUBLIC SECURITY
Pursuant to the Government's Decree No. 136/2003/ND-CP of November 14,
2003 defining the functions, tasks, powers and organizational structure of the
Ministry of Public Security;
Pursuant to the Government's Decree No. 55/2001/ND-CP of August 23, 2001 on
management, provision and use of Internet services;
At the proposal of the general director of the General Department of Security,
DECIDES:
Article 1.- To promulgate
together with this Decision the Regulation on ensuring safety and security in
activities of managing, providing and using Internet services in Vietnam.
Article 2.- This Decision takes
effect 15 days after its publication in the Official Gazette and supersedes
Decision No. 848/1997/QD-BNV (A11) of October 23, 1997 of the Minister of the
Interior (now the Minister of Public Security), promulgating the Regulation on
inspecting and controlling measures and equipment to ensure national security
in Internet activities in Vietnam.
Article 3.- The functional units
of the Ministry of Public Security, Internet service-providing organizations,
units and enterprises, Internet agents and Internet service users in Vietnam
shall have to implement this Decision.
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
MINISTER OF PUBLIC SECURITY
Le Hong Anh
REGULATION
ON ENSURING SAFETY AND SECURITY IN ACTIVITIES
OF MANAGING, PROVIDING AND USING INTERNET SERVICES IN VIETNAM
(PRomulgated together with Decision No.
71/2004/QD-BCA(A11) of January 29, 2004 of the Minister of Public Security)
Chapter I
GENERAL PROVISIONS
Article 1.- This Regulation shall
apply to enterprises and units providing Internet services (Internet access
service-IXP, Internet service-ISP, on-line service-OSP, Internet content
service-ICP, and Internet service for exclusive use-ISP for exclusive use);
internet agents (agents that provide Internet service and/or online service),
and Internet service users in Vietnam.
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
Article 3.- Ensuring safety and
security in Internet activities is the responsibility of agencies,
organizations and individuals. The Ministry of Public Security shall perform
the State management over ensuring security in Internet activities, have the
right to examine, control and supervise information on the Internet according
to law provisions.
Article 4.- All organizations,
enterprises and individuals participating in Internet activities in Vietnam
must bear responsibility for information they store or transmit on the
Internet; submit to management, examination, supervision and satisfy the
requirements on ensuring safety and security in Internet activities under the
provisions of this Regulation and other relevant law provisions.
Article 5.- The following acts
are strictly forbidden:
1. Taking advantage of the
Internet to carry out activities of infringing upon national security,
disrupting social order and safety, breaching fine customs and traditions or
cultural identity of Vietnam, infringing upon the legitimate rights and
interests of organizations or citizens, or to carry out criminal activities in
whatever form and by whatever means.
2. Storing on Internet-connected
computers information, materials or data classified as State secrets.
3. Using passwords in
contravention of law provisions on cipher.
4. Accessing foreign Internet service
providers by dialing direct international telephone numbers; using or guiding
other persons to use support tools for visiting websites banned by competent
State management agencies; sending, transmitting or spreading on the Internet
computer viruses or software programs capable of hacking information or
destroying computer data; disordering or obstructing activities of providing
and/or using Internet services; building websites or organizing forums on the
Internet, which contain contents guiding, inciting or provoking other persons
to commit the above-said acts.
5. Abusing one's positions or
powers in the State management over information security to obstruct lawful
activities of the participants in Internet services, or to infringe upon the
legitimate rights and interests of agencies, organizations or citizens.
Chapter II
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
Article 6.- Internet
service-providing enterprises shall have the following responsibilities:
1. To have complete technical
equipment commensurate to the scope of their operation so that they can conduct
management, examination and supervision to ensure safety for their systems,
block up information banned by law from being stored or transmitted on the
Internet through the systems managed by the enterprises.
2. To formulate internal rules
on the operation, exploitation and use of Internet services provided by the
enterprises. To organize the popularization, guidance and examination of the
implementation of such rules by the service-using enterprises (for members that
provide Internet information contents, ICP), Internet agents, Internet service
users, officials and employees within the enterprises.
3. To coordinate with the
functional units of the Ministry of Public Security and competent State
agencies in discovering, stopping and handling acts of taking advantage of the
Internet to carry out activities of infringing upon national security or social
order and safety.
4. To promptly stop providing
Internet services for the subjects that take advantage of the Internet to carry
out activities of opposing the State of the Socialist Republic of Vietnam or
harming national security.
5. To arrange floor areas,
network-accessing points and necessary technical conditions for the functional
units of the Ministry of Public Security to perform their tasks of protecting
national security in Internet activities.
6. To provide services for the
public only after obtaining the written permission of the Ministry of Post and
Telematics on the basis of the reports of inter-branch examination teams as
provided for in Circular No. 04/2001/TT-TCBD of November 20, 2001 of the
General Department of Post (now the Ministry of Post and Telematics), which
guides the implementation of the Government's Decree No. 55/2001/ND-CP of
August 23, 2001 on management, provision and use of Internet services
(hereinafter called Decree No. 55), on the results of field examination of the
enterprises' networks, equipment and measures to ensure safety and security in
Internet activities.
Article 7.- Organizations or
enterprises which provide Internet service (ISP) and/or online service (OSP)
and units that provide Internet information service (ICP) or Internet service
for exclusive use (ISP for exclusive use) shall have the following
responsibilities:
1. To have a system of firewalls
commensurate with the scope of operation of each enterprise, ensuring the
detection and stoppage of illegal information as provided for in Decree No. 55,
as well as the safe protection of their systems of equipment, information and
data.
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
3. To organize training for
employees of their Internet agents in the State's regulations on information
safety and security in Internet activities and in appropriate technical
measures so that such agents can well perform their tasks of guiding customers
to use services for healthy purposes, detecting and stopping in time customers'
acts of violating the provisions of Decree No. 55.
4. Enterprises and units
providing Internet services (ISP and ISP for exclusive use) must join hands in
stopping acts of taking advantage of their equipment systems, networks and
services to disrupt, sabotage or obstruct activities of providing or using
Internet services.
Article 8.- Internet agents shall
have the following activities
1. To comply with the law
provisions on ensuring Internet information safety and security. To formulate
and publicly post up their internal rules on the Internet use at Internet
service-providing places.
2. To store information related
to service users in their servers for 30 days, counting from the time such
information is transmitted from or to the servers.
3. To keep service use
registration books for recording full and detailed information about their
customers, including their full names, addresses, serial numbers of their
people's identity cards or passports and the time of using the service. To come
up with solutions to stop the accessing of Internet websites with bad contents
and to install software programs to enable the instant management of customers'
information contents.
4. To arrange managerial
personnel who are professionally and technically qualified and knowledgeable
about the State's regulations on the Internet at all Internet service-providing
places to help customers to use the Internet for healthy purposes, detect and
stop in time customers' acts of violating the law provisions on the Internet.
5. To supply truthful, specific
and complete data on technical configurations, connection plans and information
flow under the scope of their management to competent State management agencies
when so requested.
6. To cooperate with the police
offices and competent State management agencies in satisfying the requirements
on ensuring information safety and security.
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
1. To be answerable to law for
information contents they post and transmit on the Internet.
2. Upon receiving information
causing harm to national security or social order and safety, or breaching fine
customs and traditions or cultural traits of Vietnam, not to print out, copy or
disseminate such information and to immediately notify the nearest police
agency thereof for handling.
3. To protect their passwords,
secret codes, private information as well as their equipment systems.
Article 10.- Agencies,
organizations and individuals participating in Internet activities shall have
to implement the following information and reporting regime:
1. After being licensed to
provide Internet services, the enterprises or units shall have to report to the
General Department of Security under the Ministry of Public Security on their
network connection plans, measures and equipment to ensure safety and security
in Internet activities, the summary personal records of their officials and
employees, the resumes of the network and system administration members and
system operators at least 15 days before the inter-branch examination teams to
conduct field examination under the guidance in Circular No. 04/2001/TT-TCBD of
November 20, 2001 of the General Department of Post and Telecommunications (now
the Ministry of Post and Telematics).
2. Once every six months, the Internet
service-providing enterprises shall have to send reports to the General
Department of Security under the Ministry of Public Security on the results of
the work of ensuring safety and security in activities of providing and using
Internet services, changes in the network structures, the lists of Internet
agents and subscribers to their Internet services; the lists of information
providers, forms of electronic news on the Internet, made according to a set
form, and organize the close monitoring and management thereof.
3. To detect, and notify in time
to the police offices of, activities of violating information safety and
security, attacking or destroying the equipment systems, thus obstructing
activities of providing Internet services, and other law-breaking acts; to
closely coordinate with the police agencies in verifying and clarifying the
details of the violations, to supply necessary information and documents
related to the cases when so requested.
Article 11.- The Ministry of
Public Security hereby assigns the General Department of Security to act as a
standing body assisting the Ministry's leadership in directing and organizing
the work of ensuring safety and security in Internet activities, with the
following responsibilities:
1. To organize the application
of professional measures to examine, control and supervise Internet information
according to law provisions.
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
3. To guide the
provincial/municipal police agencies to organize and perform the work of
ensuring safety and security in Internet activities in Vietnam.
Article 12.- The General
Department of Security shall direct its professional and functional departments
and local police agencies:
1. Once every six months to
conduct the examination of the application of measures to ensure information
safety and security in Internet activities by the Internet service providers,
with the contents specified in this Regulation.
2. To coordinate with the
specialized post, telecommunications and information technology inspectorate
and the specialized culture and information inspectorate in inspecting,
examining and handling violations in Internet activities according to law
provisions.
Article 13.- Agencies,
organizations or individuals that violate the regulations on information safety
and security in activities of managing, providing and using Internet services
shall, depending on the nature and seriousness of their violations, be
sanctioned as provided for in Article 41 and Article 45 of Decree No. 55,
specifically as follows:
1. A fine of between VND 200,000
and VND 1,000,000 for one of the following violation acts:
a/ Using passwords, secret codes
and/or private information of other persons to illegally access or use Internet
services;
b/ To use software tools for
illegally accessing or using Internet services.
2. A fine of between VND
1,000,000 and VND 5,000,000 for one of the following violation acts:
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
b/ Violating the State's
regulations on Internet information safety and security in the use of Internet
services.
3. A fine of between VND
10,000,000 and VND 20,000,000 for one of the following violation acts:
a/ Violating the State's
regulations on encoding and decoding information on the Internet in the provision
of Internet services;
b/ Violating the State's
regulations on Internet information safety and security in the provision of
Internet services.
c/ Using the Internet for the
purpose of threatening, harassing or hurting the honor or dignity of, other
persons, which is not, however, serious enough to be examined for penal
liability;
d/ Posting on the Internet or
abusing the Internet to disseminate debauched information or pictures or other
information contrary to the law provisions on the Internet information
contents, which is not, however, serious enough to be examined for penal
liability;
e/ To steal passwords, secret
codes or personal information of organizations or individuals and make them
known to other persons for use;
f/ Violating the regulations on operation,
exploitation and use of computers, causing disorder to Internet activities,
blockading, deforming or destroying data on the Internet, which is not,
however, serious enough to be examined for penal liability.
4. A fine of between VND
20,000,000 and VND 50,000,000 for acts of creating and intentionally spreading
or transmitting virus programs on the Internet, which are not, however, serious
enough to be examined for penal liability.
...
...
...
Please sign up or sign in to your Pro Membership to see English documents.
a/ Suspension or cessation of
the provision or use of Internet services, for acts of violating the points of
Clause 1, the points of Clause 2, the points of Clause 3 of Clause 4, Article
13 of this Regulation.
b/ Forcible restoration of the
original state which has been altered owing to the administrative violations,
for acts of violating the provisions of Point f, Clause 3 or Clause 4, Article
13 of this Regulation.
6. Acts of taking advantage of
the Internet to oppose the State of the Socialist Republic of Vietnam and
disrupt security and order; other serious violation acts involving criminal
signs shall be subject to penal liability examination as provided for by law.
Chapter III
IMPLEMENTATION PROVISIONS
Article 14.- Basing themselves on
this Regulation, organizations and enterprises providing Internet services in
Vietnam shall work out their own regulations on Internet management, on
management of users, management of information contents, and technical measures
to examine, supervise, ensure safety and security for information in Internet
activities.
Article 15.-
1. The General Department of
Security under the Ministry of Public Security shall direct its professional
units to coordinate with the functional agencies of the Ministry of Post and
Telematics, the Ministry of Culture and Information and the concerned
ministries, branches and localities in considering technical measures applied
by the Internet service-providing organizations, enterprises and units to
ensure safety and security for Internet activities immediately from the
licensing time and conduct periodical examinations of the organization of the
implementation of this Regulation.
2. If meeting with any
difficulties or problems in the course of implementing this Circular, agencies,
organizations or individuals should report them to the Ministry of Public
Security (via the General Department of Security) for timely guidance and
settlement.