Hong Kong Ordinances

ELECTRONIC TRANSACTIONS ORDINANCE - SECT 2

Interpretation

(Past version on 01/07/2004).
(Past version on 30/06/2004).
(Past version on 01/07/2002).
(Past version on 07/01/2000).

For the saving and transitional provisions relating to the amendments made by
the Resolution of the Legislative Council (L.N. 130 of 2007), see paragraph
(12) of that Resolution.

(1) In this Ordinance, unless the context otherwise requires-

"accept" (接受), in relation to a certificate-

   (a)  in the case of a person named or identified in the certificate as the
        person to whom the certificate is issued, means to-

        (i)    confirm the accuracy of the information on the person as
               contained in the certificate;

        (ii)   authorize the publication of the certificate to any other
               person or in a repository;

        (iii)  use the certificate; or

        (iv)   otherwise demonstrate the approval of the certificate; or

   (b)  in the case of a person to be named or identified in the certificate
        as the person to whom the certificate is issued, means to-

        (i)    confirm the accuracy of the information on the person that is
               to be contained in the certificate;

        (ii)   authorize the publication of the certificate to any other
               person or in a repository; or

        (iii)  otherwise demonstrate the approval of the certificate; (Aded 14
               of 2004 s. 2)

"addressee" (收訊者), in relation to an electronic record sent by an
originator, means the person who is specified by the originator to receive the
electronic record but does not include an intermediary;

"asymmetric cryptosystem" (非對稱密碼系統) means a system capable of
generating a secure key pair, consisting of a private key for generating a
digital  signature and a public key to verify the digital signature;

"certificate" (證書) means a record which-

   (a)  is issued by a certification authority for the purpose of supporting a
        digital signature which purports to confirm the identity or other
        significant characteristics of the person who holds a particular key 
        pair;

   (b)  identifies the certification authority issuing it;

   (c)  names or identifies the person to whom it is issued;

   (d)  contains the public key of the person to whom it is issued; and

   (e)  is signed by the certification authority issuing it; (Amended 14 of
        2004 s. 2)

"certification authority" (核證機關) means a person who issues a
certificate to a person (who may be another certification authority);

"certification authority disclosure record" (核證機關披露紀錄), in
relation to a recognized certification authority, means the record maintained
under section 31 for that certification authority;

"certification practice statement" (核證作業準則) means a statement
issued by a certification authority to specify the practices and standards
that the certification authority employs in issuing certificates;

"code of practice" (業務守則) means the code of practice published under
section 33; (Amended 14 of 2004 s. 2)

"consent" (同意), in relation to a person, includes consent that can be
reasonably inferred from the conduct of the person; (Added 14 of 2004 s. 2)

"correspond" (對應), in relation to private or public keys, means to belong
to the same key pair;

"digital signature" (數碼簽署), in relation to an electronic record, means
an electronic signature of the signer generated by the transformation of the
electronic record using an asymmetric cryptosystem and a hash function such
that a person having the initial untransformed electronic record and the
signer's public key can determine-

   (a)  whether the transformation was generated using the private key that
        corresponds to the signer's public key; and

   (b)  whether the initial electronic record has been altered since the
        transformation was generated;

"electronic record" (電子紀錄) means a record generated in digital form by
an information system, which can be-

   (a)  transmitted within an information system or from one
        information system to another; and

   (b)  stored in an information system or other medium;

"electronic signature" (電子簽署) means any letters, characters, numbers
or other symbols in digital form attached to or logically associated with an
electronic record, and executed or adopted for the purpose of authenticating
or approving the electronic record;

"government entity" (政府單位) means a public officer or a public body;
(Added 14 of 2004 s. 2)

"hash function" (雜湊函數) means an algorithm mapping or transforming one
sequence of bits into another, generally smaller, set as the hash result, such
that-

   (a)  a record yields the same hash result every time the algorithm is
        executed using the same record as input;

   (b)  it is computationally not feasible for a record to be derived or
        reconstituted from the hash result produced by the algorithm; and

   (c)  it is computationally not feasible that 2 records can be found to
        produce the same hash result using the algorithm;

"information" (資訊) includes data, text, images, sound codes, computer
programmes, software and databases;

"information system" (資訊系統) means a system which-

   (a)  processes information;

   (b)  records information;

   (c)  can be used to cause information to be recorded, stored or otherwise
        processed in other information systems (wherever situated); and

   (d)  can be used to retrieve information, whether the information is
        recorded or stored in the system itself or in other
        information systems

(wherever situated);

"intermediary" (中介人), in relation to a particular electronic record,
means a person who on behalf of a person, sends, receives or stores that
electronic record or provides other incidental services with respect to that
electronic record;

"issue" (發出), in relation to a certificate, means to-

   (a)  create the certificate, and then notify the person named or identified
        in the certificate as the person to whom the certificate is issued of
        the information on the person as contained in the certificate; or

   (b)  notify the person to be named or identified in the certificate as the
        person to whom the certificate is issued of the information on the
        person that is to be contained in the certificate, and then create the
        certificate, and then make the certificate available for use by the
        person; (Replaced 14 of 2004 s. 2)

"key pair" (配對密碼匙), in an asymmetric cryptosystem, means a
private key and its mathematically related public key, where the public key
can verify a  digital signature that the private key generates;

"originator" (發訊者), in relation to an electronic record, means a person,
by whom, or on whose behalf, the electronic record is sent or generated but
does not include an intermediary;

"Permanent Secretary" (常任秘書長) means the Permanent Secretary for
Commerce and Economic Development (Communications and Technology); (Added 14
of 2004 s. 2. Amended L.N. 130 of 2007)

"Postmaster General" (郵政署署長) means the Postmaster General within the
meaning of the Post Office Ordinance ( Cap 98);

"private key" (私人密碼匙) means the key of a key pair used to generate a
digital signature;

"public key" (公開密碼匙) means the key of a key pair used to
verify a digital  signature;

"recognized certificate" (認可證書) means-

   (a)  a certificate recognized under section 22;

   (b)  a certificate of a type, class or description of certificate
        recognized under section 22; or

   (c)  a certificate designated as a recognized certificate issued by the
        certification authority referred to in section 34;

"recognized certification authority" (認可核證機關) means a
certification  authority recognized under section 21 or the
certification authority referred to in section 34;

"record" (紀錄) means information that is inscribed on, stored in or
otherwise fixed on a tangible medium or that is stored in an electronic or
other medium and is retrievable in a perceivable form;

"reliance limit" (倚據限額) means the monetary limit specified for
reliance on a recognized certificate;

"repository" (儲存庫) means an information system for storing and
retrieving certificates and other information relevant to certificates;

"responsible officer" (負責人員), in relation to a
certification authority, means a person occupying a position of responsibility
in relation to the activities of the certification authority relevant to this
Ordinance;

"rule of law" (法律規則) means-

   (a)  an Ordinance;

   (b)  a rule of common law or a rule of equity; or

   (c)  customary law;

"Secretary" (局長) means the Secretary for Commerce and Economic
Development; (Amended L.N. 106 of 2002; L.N. 130 of 2007)

"sign" and "signature" (簽、簽署) include any symbol executed or adopted,
or any methodology or procedure employed or adopted, by a person with the
intention of authenticating or approving a record;

"subscriber" (登記人) means a person (who may be a certification authority)
who-

   (a)  is named or identified in a certificate as the person to whom the
        certificate is issued;

   (b)  has accepted that certificate; and

   (c)  holds a private key which corresponds to a public key listed in that
        certificate;

"trustworthy system" (穩當系統) means computer hardware, software and
procedures that-

   (a)  are reasonably secure from intrusion and misuse;

   (b)  are at a reasonable level in respect of availability, reliability and
        ensuring a correct mode of operations for a reasonable period of time;

   (c)  are reasonably suitable for performing their intended function; and

   (d)  adhere to generally accepted security principles;

"verify a digital signature" (核實數碼簽署), in relation to a given
digital  signature, electronic record and public key, means to determine that-

   (a)  the digital signature was generated using the private key
        corresponding to the public key listed in a certificate; and

   (b)  the electronic record has not been altered since its digital 
        signature was generated, and any reference to a digital signature
        being verifiable is to be construed accordingly.

(2) For the purposes of this Ordinance, a digital signature is taken to be
supported by a certificate if the digital signature is verifiable with
reference to the public key listed in a certificate the subscriber of which is
the signer. (Amended 14 of 2004 s.2; L.N. 131 of 2004)

"accept" (接受)

"addressee" (收訊者)

"asymmetric cryptosystem" (非對稱密碼系統)

"certificate" (證書)

"certification authority" (核證機關)

"certification authority disclosure record" (核證機關披露紀錄)

"certification practice statement" (核證作業準則)

"code of practice" (業務守則)

"consent" (同意)

"correspond" (對應)

"digital signature" (數碼簽署)

"electronic record" (電子紀錄)

"electronic signature" (電子簽署)

"government entity" (政府單位)

"hash function" (雜湊函數)

"information" (資訊)

"information system" (資訊系統)

"intermediary" (中介人)

"issue" (發出)

"key pair" (配對密碼匙)

"originator" (發訊者)

"Permanent Secretary" (常任秘書長)

"Postmaster General" (郵政署署長)

"private key" (私人密碼匙)

"public key" (公開密碼匙)

"recognized certificate" (認可證書)

"recognized certification authority" (認可核證機關)

"record" (紀錄)

"reliance limit" (倚據限額)

"repository" (儲存庫)

"responsible officer" (負責人員)

"rule of law" (法律規則)

"Secretary" (局長)

"sign" and "signature" (簽、簽署)

"subscriber" (登記人)

"trustworthy system" (穩當系統)

"verify a digital signature" (核實數碼簽署)