Importation of Encryption Products - New OSCCA/GAC joint notice

The Office of the State Commercial Cypher Administration (OSCCA) published a new regulation requiring a license from OSCCA for the importation of encryption products. Although the announcement provides a list of products requiring such a license, the announcement also suggests that importer may still need a license for any encryption products even if it is not the list. The odd thing about this that another OSCCA communication actually prohibits foreign encryption products from being imported and sold in China in the first place - and the new draft does not make any statements (none I found, at least) as to whether this new regulation would replace the old prohibition, amend it, or - my guess - ignore it and add some nice contradictory element. Some China-based stakeholders (me amongst them) have compiled questions directed at OSCCA that will be discussed during a meeting with the EU Chamber. More to come, I am sure...

The Bulletin is dated Dec. 10, 2009, but was only posted to the Website Dec. 16, 2009. It can be found at http://www.oscca.gov.cn/Doc/17/News_1176.htm. (Office of State Commercial Cypher Administration Bulletin (No.18))

Based on "the Regulation on the Administration of Commercial Codes", here publish the first "Catalogue of encryption products and equipment with encryption technology subject to import administration". (See list, hereafter refer as "the catalogue")

I. All items in the catalogue subject to the import license administration of encrypted products and equipment with encryption technology. (see appendix 2 sample of the import license) Importer should have the license when clearing with customs for the products in the catalogue.

II. Import license can be exempt for the following situation:

1. Import for processing trade and for re-export;

2. Under customs detain, temporary import for re-export;

3. Items in the catalogue in and out of the bonded area, export processing zone and other special zone under customs supervision from overseas.

III. Import license should be inspected upon out into Chinese territory.

IV. Importers whether they aware of not should apply to OSCCA for licenses for products with encryption even when they are not listed in the catalogue. And notify the Customs when import such items.

V. Customs will handle those listed products without licenses according to the relevant rules and regulations.

The list will take effect on Jan. 1^st, 2010. OSCCA and GAC will readjust the catalogue when they deem it is necessary and announce it publicly.

Appendix 1. catalogue

Appendix 2. sample of the import license

OSCCA//GAC

Dec. 10, 2009

附件1：list of 9 items for import with HS codes (fax machines, phones, routers, and code machine/card ) subject for import permit.

密码产品和含有密码技术的设备进口管理目录（第一批）

序号 海关商品编号 商品名称 计量单位

The English translation is enclosed within square brackets. The translation is from the 2009 Customs Import and Export Tariff of the PRC compiled by the Editorial Department of the Customs Import and Export Tariff of the PRC.

1 8443311010 静电感光式多功能一体加密传真机（可与自动数据处理设备或网络连接） 台 [Electrostatic – sensitive multifunctional integrated encrypting fax machines (with automatic data processing equipment or network connection)]

2 8443319020 其他多功能一体加密传真机（兼有打印、复印中一种及以上功能的机器） 台 [Other multifunctional integrated encrypting fax machines (machines with the function of printing, copying or both.)]

3 8443329010 其他加密传真机（可与自动数据处理设备或网络连接） 台 [Fax machines (can be commected to automatic data processing facilities or internet)

4 8517110010 无绳加密电话机 台 [Cordless encrypting telephone]

5 8517180010 其他加密电话机 台 [Other encrypting telephones]

6 8517622910 光通讯加密路由器 台 [Optical communication encrypting routers]

7 8517623210 非光通讯加密以太网络交换机 台 [Non-optical communication encrypted exchanges]

8 8517623610 非光通讯加密路由器 台 [Non-optical communication encrypting routers]

9 8543709950 密码机（包括电话密码机、传真密码机等）、密码卡 台 [Password machines, password cards, telephone password machines, fax password machines]

Don't be Evil: now Skype!

Rebecca McKinnon of the China Media Project provides in Rconversation a good overview over the "Skype/Tom.com Incident" (soon to become "Skypegate"? That happens quick sometimes…). A complete breach of custumer trust may be fatal, and especially tricky if you now have a truckload of skype clone alternatives waiting at the door. Good luck, Skype!

PRC to Enact Information Security Protection Law

Not really news, but we never heard it from the NPC (as previously this has
only been discussed within the State Council)

PRC to Enact Information Security Protection Law; Target: Spammers
March 18, 2008
Too much spam on your mobile phone? You're not the only one being hit or
getting angry. 30 NPC delegates are thinking of enacting a PRC Information
Security Protection Law, which would provide a heavy deterrent to spammers.
No details have been released regarding the law under discussion. However,
Chinese law now officially forbids people from sending pornographic or
"otherwise disturbing or irritating" messages via SMS text message. There
have been cases where sexual harassment in the form of text messages have
landed the offender punishment.
Story at http://www.techblog86.com/?p=90

More Chinese children exposed to online danger, says Symantec

Symantec just released some new research, which was quoted by China Daily,
saying:
"Children in China are far more likely to be exposed to online dangers than
their foreign peers, a recent research report says.
According to data released by US security software maker Symantec Corp,
about half the children between eight and 17 in China said they received
inappropriate material via the Internet, the highest among respondents from
eight countries which include the United States, France, Japan and Brazil.
In the survey of over 4,600 online adults and 2,700 online children, 44
percent of children in China said they had been approached online by
strangers."
Full China Daily item here:
http://www.chinadaily.com.cn/china/2008-03/03/content_6500479.htm

Malware around the world - Made in China

ChinaTechNews gives news from an analysis by Sophos, showing a sharp rise in web-based threats. Sophos uncovered an average of 29,700 new infected web pages every day, around 80 percent of which were located on hacked legitimate sites.
As of June 2007 the top ten countries hosting malware-infected websites are:
1. China (including Hong Kong) at 59.3%;
2. United States at 23.9%;
3. Russia at 3.6%;
4. Germany at 1.7%;
5. Ukraine at 1.4%;
6. Italy at 1.0%;
7. Taiwan at 0.8%;
8. Brazil at 0.8%;
9. United at Kingdom 0.8%;
10. Canada at 0.6%.
The news item at http://www.chinatechnews.com/2007/07/04/5592-china-top-malware-source/

China to Regulate Email Servers

From ITU News Service:
China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running their own email servers in China are now breaking the law. The new email licensing clause is just a small part of a new anti-spam law formulated by China's Ministry of Information Industry (MII).

The impact on corporate email servers, which are commonly used by companies with more than a handful of employees, appears to have gone unnoticed until now. However, Singapore-based technology consultant, James Seng, who first drew attention to the new email licence requirement, believes the inclusion of the prohibition on mail servers is no accident.

More information can be found here.

The most Spamming Countries: US and China

"Experts at SophosLabs™ scanned all spam messages received in the company's global network of spam traps, and have revealed that while the United States has continued to make good progress in its efforts to reduce spam-relaying statistics, there is still more spam sent from US computers than any other nation. However as a continent, North America is now close to being overtaken by Europe, with both lying behind Asia in terms of spam relayed."

China is runner-up as the second most spamming country in the world, with ca. 22 per cent of worldwide spam originating from Chinese computers. The data needs to be interpreted carefully, as spam senders often use foreign servers to physically send the spam from, while they are themselves located in another place, without too many legal cooperation programmes…

The results: http://www.sophos.com/pressoffice/news/articles/2006/04/dirtydozapr06.html 

FTC Calls for International Anti-Spam Efforts

FTC Calls for International Anti-Spam Efforts

The Federal Trade Commission (FTC) joined 29 other countries in calling for increased cooperation between nations in combating spam. The FTC signed off on a set of anti-spam recommendations by the Organization for Economic Cooperation and Development (OECD), a coalition of 30 countries organized to promote economic growth and trade.

More information about OECD activities on  countering spam can be found here.

Please clik here to read the article.

Follow-up: the text of the ruling on e-mail servers

Here is the original regulation and its translation:
http://www.fairylaw.com/lawyers/lxwm/200604/901.html

Side Effect of Spam Law

The Anti-Spam law China has introduced recently (see
http://www.isc.org.cn/20020417/ca346007.htm) apparently has a little-noticed
side-effect, as vunet.com remarks: "The new rules, which came into force two
weeks ago, mean that most companies running their own email servers in China
are now breaking the law.... China's new rules also prohibit use of email to
discuss certain vaguely defined subjects related to 'network security' and
'information security', and also reiterate that emails which contain content
contrary to existing laws must not be copied or forwarded. "
http://www.vnunet.com/vnunet/news/2154063/china-outlaws-outlook

First Chinese Anti-Spam Survey Report Of 2006

First Chinese Anti-Spam Survey Report Of 2006
March 24, 2006 
The Anti-Spam Center of the Internet Society of China (ISC) has released the first anti-spam email survey results of the year.
A new anti-spam law goes into effect in China on March 30, 2006. http://www.mii.gov.cn/art/2006/03/02/art_524_7341.html
http://www.chinatechnews.com/index.php?action=show&type=news&id=3735

China internet rules do not span the full spam spectrum

Tuesday, March 21, 2006
YVONNE CHIA
The mainland is taking several steps to combat the growing problem of spam.
At the end of last year, there were 111 million internet users in China,
64.7 per cent of them considered frequent users who received an average 16.8
junk e-mails a week.
In real numbers, about 50 billion e-mails were sent and received in China
last year, about 60 per cent of them spam.
What is more, the spam problem does not stop at China's borders. Anti-virus
software maker Sophos says China accounted for 15.7 per cent of the world's
spam, making it the No 3 producer.
Recent government measures to combat spam, however, are not likely to alter
these numbers in any significant way.
The Ministry of Information Industry has adopted what it calls the Measures
for the Administration of Internet E-mails, China's first anti-spam
initiative. The new regulations take effect on March 30.
The rules, set by the central government, are administrative in nature. Any
person operating an e-mail service for mainland internet users must comply
with the regulations, which are designed for e-mail service providers.
A provider is defined as any person in the service supply chain who is
involved in delivering and helping users to receive e-mail. Service
providers must register with the government and obtain a licence before
providing e-mail services. Those who violate the regulations face warnings
or penalties of up to 30,000 yuan, and risk losing their licence.
China has adopted several other measures that, while they may not reduce
spam, at least show that government officials are concerned about the
problem.
One such step is the establishment of the Internet Spam Complaint Reporting
Centre. Already up and running, the centre is operated by the Internet
Society of China, a group that has spearheaded China's anti-spam initiative.
E-mail users can send their spam complaints to abuse@anti-spam.cn.
The mainland has also launched Internet Sweep Day, held on February 28, to
raise public awareness of spam.
Other measures include the "opt-in" system. Under the regulations, firms are
barred from sending unsolicited commercial messages without prior consent
from the recipients. All such e-mail must bear the subject header "AD" or
the Chinese character for advertisement. This could reduce unwanted e-mail
from legitimate businesses, but will not cut spam from shady operators
offering fake drugs or knock-off goods.
The primary problem with official efforts to combat spam is that the scope
is very narrow. The administrative rules apply only to e-mail containing
commercial advertisements as part of their content. In most other legal
jurisdictions, such as the United States, anti-spam rules encompass all
unsolicited e-mail.
Also, what exactly "commercial advertisement" constitutes is not clearly
defined in the regulations and companies may find it difficult to identify
the limits.
Take this real-life example: I recently sent a personalised note to several
clients alerting them to China's new anti-spam rules. In the e-mail, I
outlined possible legal pitfalls. At the end of the message, as always, I
let recipients know that they could call me if they needed any help. Can
this be considered a "commercial advertisement"?
If my e-mail contains a standardised description of our firm's international
standing, as found in many corporate e-mails, does this constitute a
"commercial advertisement"?
Add to this the constraint that under the opt-in scheme I must first seek
permission to send e-mails such as these.
It would defeat the purpose of efficient e-mail communication if I had to
call up each client to seek prior consent. An opt-out mechanism would be
better. The mainland rules do provide one, but the execution is flawed.
The regulations state that an "e-mail deliverer" must stop delivery of any
messages containing commercial advertisements if a recipient first consents
to receiving an e-mail but later changes his mind. On the face of it, this
is unworkable. How is an internet service provider to know which e-mails are
to be stopped?
Surely the burden should be on senders to remove recipients from their spam
lists.
Internet service providers are just like letter carriers. They do not read
the content of e-mails and cannot be held responsible for keeping records of
which e-mail users do or do not wish to receive unsolicited e-mail.
At the end of the day, the core of the problem is unsolicited e-mail between
two parties that have no pre-existing business relationship - the come-ons
for Viagra, low-cost mortgages and the like.
But the mainland's spam regulations fail to address this.
China's efforts as a whole are to be applauded, but in reality they will not
deter the most ardent spammers.

ONI Says Mandatory Chinese Website Registration Causes Self-Censorship

ONI Says Mandatory Chinese Website Registration Causes Self-Censorship
February 23, 2006

An OpenNet Initiative (ONI) bulletin released this week says that
mandatory website registration in China induces self-censorship.

Starting March 20, 2005, China's Ministry of Information Industry (MII)
has required that all non-commercial websites must register with the MII
or face significant penalties.
http://www.chinatechnews.com/index.php?action=show&type=news&id=3591

MII urges 35 SPs to complete rectification before the end of March

MII urges 35 SPs to complete rectification before the end of March
Updated: 2006-2-23 10:27:26

The Ministry of Information Industry (MII), China's telecom regulator,
urged 35 telecom value-added services providers (SPs) to take
rectification measures and improve their service quality before the end
of March, the MII said Wednesday.
http://www.cn-c114.net/newsheadline_html/2006223102726-1.Html

Internet Addiction, part III

The China Youth Net Association has released its first Internet
addiction report. The report says that 13.2% of Chinese teenagers are
addicted to using the Internet, and 13% have a tendency of being
"indulged" on the network. Of the total addicts, about 60% are males and
40% are females. Source:
http://www.chinatechnews.com/index.php?action=show&type=news&id=3224

Internet Addiction (continued...)

China will air its first "Internet Addiction Television Show", writes
ChineTechNews.com: "Called "Shan Dian Mao De Gu Shi" (The Story of Shan
Dian Mao), the first Internet addiction themed television show in China
will soon be aired to show teenage viewers the horrors of using the
Internet too much. The 38-episode sitcom, shot by the Care for the Next
Generation, China Youth League's Online Movie and TV Center, and the
China Youth Internet Association, reveals ways for youth to avoid
Internet addiction. Chinese media is recently rife with stories about
youngsters who fall ill or die in Asia because they spend too much time
playing games or chatting online."

Is Net Addiction taken seriously, at last?

"Zhang Chunliang, head of the China Economic Herald's Centre for
Prevention of Internet Addiction, said he had been instructed by the
parents of 63 online game addicts to initiate a group action lawsuit
against the industry, Xinhuanet reported." writes the China Morning
Post