By combing and analyzing China's current information security-related laws and regulations, we can preliminarily summarize the main characteristics of China's current information security legal system:

1, the information security laws and regulations system was initially formed.

At present, there are 65 existing laws, regulations and rules in China that are directly related to information security, involving information security in specific fields such as network and information system security, information content security, information security systems and products, confidentiality and password management, prevention and control of computer viruses and harmful programs, and information security crime sanctions. Documents are in the form of laws, decisions on legal issues, judicial interpretations and related documents, administrative regulations, normative documents and departmental rules.

Among them, there are 18 laws and regulations that comprehensively regulate information security, including 1994 Regulations on Security Protection of Computer Information System in People's Republic of China (PRC), 2003 Regulations on Security Protection of Computer Information System in Guangdong and 1998 Regulations on Security Protection of Computer Information System in Chongqing. In 2000, the NPC Standing Committee's Decision on Maintaining Internet Security and other legal documents, 1997, Administrative Measures for the Security Protection of Computer Information Network International Networking and other departmental regulations and other seven Internet security monographs. There are three departments that focus on information security systems and products, including 1997 "Administrative Measures for Testing and Sales License of Special Products for Computer Information System Security" and other departmental regulations; There are 10 departments focusing on confidentiality, including 1989 Law of People's Republic of China (PRC) on Guarding State Secrets, 1998 Interim Provisions on Security Management of Computer Information Systems, 2000 Provisions on Security Management of Computer Information Systems for International Networking, and 1997 Computer Information of the Ministry of Agriculture. There are five departments that focus on password management and application, including 1999 Regulations on the Management of Commercial Passwords, 2005 Administrative Measures for Electronic Authentication Services, Administrative Measures for Electronic Authentication Services and other local regulations, 2002 Administrative Measures for Digital Authentication in Shanghai and 200 1 Trial Administrative Measures for Digital Certificate Authentication in Hainan Province. There are nine departments that focus on the prevention and control of computer viruses and harmful programs, including the Administrative Measures for the Prevention and Control of Computer Viruses in 2000 and other local laws or regulations, including the Administrative Measures for the Prevention and Control of Computer Information Systems in Beijing in 1994 and the Administrative Measures for the Prevention and Control of Computer Viruses in Tianjin in 2002. There are 9 departments for information security in specific fields, including 1998 Interim Provisions on Computer Information Security Protection of Financial Institutions, 2003 Measures for Security Protection of Railway Computer Information Systems, 2005 Interim Measures for Information Security Management of Securities and Futures Industry and other local laws or regulations, including 2003 Interim Measures for Information Security Management of E-government in Guangdong Province. There are three key departments of information security supervision, including local laws and regulations such as the Measures for the Administration of Information System Security Assessment in Shanghai in 2004. This paper focuses on the punishment of information security crimes, mainly involving articles 285, 286 and 287 of China's criminal law.

Generally speaking, the basic principles of China's information security embodied in these information security laws and regulations can be simply summarized as the principle of combining national security, unit security and personal safety, the principle of graded protection, the principle of safeguarding information rights, the principle of relief, the principle of supervision according to law, the principle of technology neutrality and the principle of unity of rights and obligations. The basic system can be simply summarized as unified leadership, division of responsibilities, hierarchical protection system, technology detection and risk assessment system, safety product certification system, production and sales license system, information security notification system, backup system and so on.

2. The judicial and administrative management systems related to information security have been rapidly improved.

With articles 2 17, 2 18, 285, 286, 287 and 288 of the criminal law of People's Republic of China (PRC), the decision of the NPC standing Committee on maintaining internet security, the regulations on the security protection of computer information systems in People's Republic of China (PRC), the regulations on telecommunications, and the internet information service, along with the regulations of the Supreme People's Court and the Supreme People's Procuratorate on handling the use of the internet, With the promulgation of the Interpretation of Several Issues Concerning the Specific Application of Laws in Criminal Cases of Producing, Copying, Publishing, Selling and Disseminating Obscene Electronic Information by Voice Stations, some cases endangering information security were quickly adjudicated, such as the Lu case and He Pu case decided by Guangzhou Intermediate People's Court and He Mou decided by Urumqi Intermediate People's Court, taking advantage of the position of bank computer operator to misappropriate huge amounts of public funds and deter criminals.

After years of work, in the administrative management of information security in China, the construction of information security guarantee system has also achieved initial results. The standard system, emergency response system, level protection system, electronic authentication system, security assessment system, computer virus epidemic investigation and control system, illegal and bad information reporting system, which are matched with the information security laws and regulations system, have all developed rapidly, making contributions to e-government, e-commerce and informatization.

3. At present, there are few laws and many regulations in the legal provisions, and there is a lack of basic laws on information security.

Although it can be said that China's information security legal system has initially taken shape, it is still immature. In this system, departmental regulations, local regulations and rules account for the vast majority, while laws and regulations only account for 8 of 65, accounting for 12%. Departmental regulations, local regulations and rules have a low level of effectiveness and a limited scope of application, which may conflict with each other and cannot be used as the basis for court decisions, which directly affects the effect of these measures. The most important thing is that we don't have a basic law on information security at present. For the basic law of information security, we understand it as a law that establishes the basic principles, basic systems and some core contents of information security, and many of the provisions we mentioned earlier should be extended from the basic framework of this law. With this law, our information security legal system can be said to have a backbone. Similar foreign laws include the Federal Information Security Management Act of 2002 of the United States, the Computer Security Act of Russia 1987 and the Federal Information, Informatization and Information Protection Act of 1995.

4. The relevant laws and regulations are brief and the code of conduct is simple.

The existing laws and regulations related to information security in China are generally short and general, such as Article 7 of NPC Standing Committee's Decision on Maintaining Internet Security, Article 3 1 of People's Republic of China (PRC)'s Regulations on the Security Protection of Computer Information Systems, and Interim Provisions on the Administration of International Networking of Computer Information Networks in People's Republic of China (PRC). Article * * 25 of the Administrative Measures for the Security Protection of Computer Information Networks in International Networking (Ministry of Public Security), article * * 27 of the Administrative Measures for Internet Information Services, article * * 26 of the Administrative Measures for the Testing and Sales License of Special Products for Computer Information Systems (Ministry of Public Security), article * * 27 of the Administrative Regulations on Commercial Passwords, and the Administrative Regulations on the Security of Computer Information Systems in International Networking (national

In addition, generally speaking, these laws and regulations need to be improved in three aspects: first, the main contents of these laws and regulations focus on the requirements of the physical environment and administrative management, and the code of conduct related to information security is generally simple, and the guidance in specific implementation is not strong; Second, at present, these laws and regulations are generally not specific enough in punishment measures, which leads to the lack of legal basis for the implementation of punishment in the field of information security; Thirdly, in some specific information application fields, such as e-commerce, e-government, online payment, etc. The corresponding information security norms are relatively lacking and need to be further formulated.

5. Other laws related to information security need to be improved.

While establishing and improving the legal system of information security, it is also necessary to introduce and improve other laws and regulations related to information security, such as the Telecommunications Law and the Personal Data Protection Law. These laws and regulations, together with the legal system of information security, constitute the big legal environment of information security in China, which complement each other and are indispensable.

Legal basis:

The Constitution of People's Republic of China (PRC) is the most fundamental basis for ensuring information security.

The Regulations on the Security Protection of Computer Information Systems in People's Republic of China (PRC) put forward the security and confidentiality system, security supervision requirements and legal responsibilities of computer information systems.

The Interim Provisions on the Administration of International Networking of Computer Information Networks in People's Republic of China (PRC) stipulates the principles of overall planning, unified standards, hierarchical management and promotion of Internet development.

The Classification Principles of Special Products for Computer Information System Security gives a clear definition of special products for computer information system security.

The Administrative Measures for the Testing and Sales License of Special Security Products for Computer Information Systems clearly stipulates the application and approval of testing institutions, the testing of special security products, the approval and issuance of sales licenses, and the penalties for violating the Measures.

The Administrative Measures for the Security Protection of Computer Information Network International Networking stipulates that no unit or individual may use the network to endanger national security, divulge state secrets or engage in illegal and criminal activities.

The Criminal Law of People's Republic of China (PRC) defines the related crimes of using computers to commit crimes.