Internet Society Vietnam Website

 topbar left of language choice Tiếng ViệtTopbar middle separationEnglish version topbar right of language choice
Separation line header and body. Click to skip navigation frame

Link to ISOC Vietnam homepage ISOC Vietnam news site Information about ISOC International and ISOC Vietnam Information and materials from our Work Groups This is the archive with all our documents Join ISOC Vietnam and our mailinglists! Link to our sponsorpage

Translate this page with BabelFish

Last update:
Friday, August 30, 2002 2:47 AM

Send an e-mail to the webmaster

Valid HTML 4.01!

Valid CSS!

Bobby WorldWide Approved

 separation arrow end

Government Decree

on
the Management, Provision and Use
of Internet Services

dated 23.08.2001, effective from 07.09.2001
based on proposals of DGPT

 

Stefan Probst,
member of the Internet Society (ISOC) in Vietnam,
participant in the Internet Societal Taskforce (ISTF),
Version 1.1 of 02.12.2001

Status of this paper: Second published version,
after taking first comments of DGPT Policy Dept. into account.

(these pages have been optimised for low resources:
slow download and low-resolution screen)

1. In General - In Brief

  • Difficult task: Technology changes in much shorter cycles than policy - it is impossible to regulate a fast process with a slow one.

  • A very good document, for Vietnamese circumstances - IMHO an even rather progressive paper.

  • Assures state protection of the companies' and the users' Internet infrastructure and usage.

  • Recognises the development of the Internet and its usage as an important part of national modernisation and industrialisation.

  • Makes promotion and development of Internet access and services a clear priority task for the state (in line with the Party Directive 58).

  • Brings the Internet in Vietnam finally out of the legal "start-up phase", i.e. replaces some very vague and restrictive former documents of 1997.

  • Provides legal protection for the use of the Internet and against abuses.

  • Gives the individual user much more rights than before.

  • Keeps over-all control in the state's hand.

  • Increases influence and responsibility for DGPT,
    gives some responsibility to MCI,
    reduces responsibility of MoSTE,
    leaves authority and detailed rights of State Security rather unclear.

  • Opens up wide areas for competition, including private companies.

  • Makes Internet companies accountable to customers and the state.

  • Reduces the status of the (international) "Gateways".

  • Introduces new "Internet Application Provider".

  • No restriction to a few services anymore.

  • Clearer regulations for encryption, including leading role of the state.

  • "Content" (in regard to ICP etc.) seems to be more clearly defined.

  • A few inconsistencies, unclear passages, impractical regulations
    (and unclear translations).

Note:
The following review covers only areas of interest, changes, etc.
General and obvious issues (like "users have to comply with the law") are not mentioned.
The given points are personal opinions (especially when printed in italic), based on an unofficial translation, which was published in the beginning of August on VN-NIC's website and has been edited since.
There is no claim to be objectively correct or to cover everything.
The drawn conclusions are based on the words of the text. Not all of them might have been intended by the authors of this paper. However, legal documents should be read like they are written, not like they are intended.

During the discussion at the UNDP/ISOC Round-table on 01.12.2001, it appeared, that some issues are based on a translation, which does not carry the Vietnamese meaning. Those points need clarification in the next days/weeks. Suspected comments in the following are printed in orange colour.

2. Coverage: The Internet in Vietnam (§1, 2)

  • management, provision and use of Internet services ($1.1)

  • everybody involved in Internet-related activities (§1.2) (?!?)
    (means it affects also the worker who installs a power socket for a user's Internet-connected PC???)

  • international treaties prevail (with exceptions)
    (IMHO a risky statement: "freedom of information", "press freedom", "freedom of opinion", ... ranking of those rights against each other might be in Vietnam different from "International Treaties".)

  • definition: "using Internet Protocol, globally uniform addresses",
    i.e. private or corporate LANs, and services, which are provided inside those LANs, despite connected to the Internet e.g. via a router, are not covered, as long as they are using local, "non-routable" IP addresses (192.168.x.x, 10.x.x.x, etc. )
    However, if the LAN is connected (eg. via a proxy or NAT router) to the Internet (in Vietnam, or via a private WAN leased line to abroad), then when using services in, or providing services for the Internet, the users are subjected to this Decree.

  • "The provision of Internet services to foreign users must conform with the Vietnamese law and the countries" (§18.1)
    This can be understood that service to foreigners has not only to fulfil Vietnamese regulations, but also regulations of the country of the foreigner.
    IMHO at first sight a nice intention, but no way to practically enforce it, due to technical, practical and legal problems.
    (e.g. How to enforce filtering and hosting rules depending on the nationality of the user? How to keep track of changing regulations worldwide?
    What if the foreign and local laws contradict each other?
    Example: in a certain country, it might be prohibited to host pictures of women, if the face is visible. That country could, basing itself on §18.1, request that all internet users from that country are being locked out of a Vietnamese website, which offers pictures with the face of a woman)    .
     A representative of DGPT's Policy Department says, that it means that if an ICP/OSP provides services abroad (i.e. runs a server there), then this has to conform with that country's laws. It is not yet clear, whether the Vietnames original is more clear in this regard.
    However, §1.1 of this Decree states, that it is applicable ony "in the territory of Vietnam".

3. Changes and Issues by Topic

3.1 Classification of Users and Providers

Internet User (§21, 22):

  • organisations and individuals who sign a contract with ISP

  • contracts may be documents, speech, concrete activities
    (i.e. in line with Civil Code) (i.e. covering also e.g. Internet Cafes)

Internet Provider (technical services)

Internet Service Provider "ISP" (§12, 13)

  • connects Internet Users to the Internet

  • all kinds of enterprises (i.e. including private, even foreign)

  • licensed by DGPT

    Internet Exchange Provider "IXP" (§12, 13)

  • previously "IAP" (Internet Access Provider)

  • connects the Vietnamese network to the Internet abroad

  • state owned or state controlled;
    foreign minority stakes possible according to this Decree, but not according to the Foreign Investment Law, which excludes Telecom.

  • licensed by DGPT

    Online Service Provider "OSP" (§12, 13)

  • provide "application services" to users:
    post & telecom, culture & information, commerce, banking & finance, health care, education & training, technical assistance, etc...

  • "enterprises", obviously of all kinds, incl. private

  • no need for special license (§13.3),
    only "must abide regulations on specialised State management",
    but §17, 36.1 allows "relevant ministries [to] stipulate conditions for other Internet application service provision licenses." ???
    The purpose seems to be to regulate on-line gambling, trade in prohibited goods, offering of prohibited services, etc.

 

Internet Content Provider "ICP" (§14) (Internet publishers)

  • function not described, probably forgot to refer to "Internet information service" as described in §12

  • "organisations, enterprises", obviously of all kinds, incl. private

  • licensed by MCI

  • subject to regulations on press release and publication on the Internet ...

Private Internet Service Provider "private ISP" (§15)

  • function not described

  • no "trading" (reselling?) of Internet access

  • meaning of §15.2 very unclear in translation.
    It is said, that it means, that an organization, which provides dial-up only for its own members, and works not-for-profit, does not need an "Private ISP License" anymore.
    "Private ISPs" would be specialized not-for-profit networks, e.g. in sciece (VARENET), health care, administration, etc.

  • licensed by DGPT

Press Organisations and Publishing Houses (§19)

  • have already relevant licenses

  • may install equipment in their own office or contract ICPs

  • no need for additional license from MCI or DGPT

Internet Agents (§20)

  • organisations and individuals
  • reselling services of ISPs and OSPs (§20.1)
    i.e. they are obviously allowed to provide dial-up services.
    This would be very advantageous for remote areas, where ISPs in the cities would have difficulties to be present (and to provide customer support etc.).
    However, DGPT says, that this is - although discussed internally - not yet allowed, although this Decree does not forbid it.
    It is unclear, where the major differences are for e.g. an "Internet Cafe", for providing services for their customers, when they are physically present in that Cafe, or only connected via a modem line.
  • nothing is said about reselling services of ICPs
  • connect only to their ISP (but not their OSP! - ?)
  • on need for license, but agent contract with their ISP or OSP

Connection Diagram: (§27)

Network Vietnam

  •  

3.2 Rights and Restrictions of Users (§22):

  • allowed to use mobile or fixed access equipment in their legal places to access domestic ISPs
    (i.e. no right granted to use Internet cafes or at the ISP's places!)

  • use leased lines or dial-up ("direct connection through data communication channels or telecommunication channels")

  • not allowed to access foreign ISPs via dialled international calls
    (Means: this Decree does not prohibit access to foreign ISPs via satellite channels or terrestrial leased lines, e.g. via WANs)

  • allowed to use domestic or foreign OSP's applications,
    "except for those prohibited,
    or have [been declared as ?] not yet been permitted"
    (There is a slight mistake in the translation)
    This, together with §36.2 (which asks for the promulgation "of a list of Internet application services prohibited or have not yet been permitted to use) marks a shift from allowing only a few services to restrict only a few.....

  • allowed to host on their own equipment, domestic or foreign ISP:
    (in fact, according to definition of §13 and 14, this should be "foreign OSPs or ICPs") news to promote and introduce about their

    • organisation, products, services, "certain individuals"
      (nothing mentioned about individuals introducing themselves and e.g. their hobbies and opinion or to directly connect to each other - but it is also not forbidden)
      (Could also be a translation inaccuracy).

    • are responsible for protecting passwords, code keys and their equipment

    • are legally responsible for this content
      (nothing is mentioned about how the legally responsible one can be identified, not only to state organs, but e.g. also to viewers of his website)

  • prohibited to re-trade Internet services

  • has to compensate others' losses and damages, caused by him, (§44)
    (e.g. by unintentionally spreading a virus ?)

3.3 Responsibilities of ISPs and other Internet Providers

(§26)

  • registering and publishing service quality standards

  • ensuring services provision to users as quality registered and published

  • reporting and being inspected and examined by State services quality management units

    (§41.3a), 41.5a), 41.4a))

  • pay 1 to 5/10 to 20 MVND fine for violations of regulations on standards and quality

  • pay 5 to 10 MVND fine for stopping or temporarily stopping to provide Internet services without proclaiming Internet users in advance, except force majeure
    (Nothing is said about how to announce and how long in advance.
    A hidden post on a hidden website 1 minute before a 7 day-long "maintenance upgrade outage" would literally fulfill the stated requirements.
    Nothing is said about the frequency:
    An ISP with a single one-week outage would pay once, another one with 10 times a 5-minute outages at one day would pay 10 times???
     
    "Force majeure" needs further clarification:
    Can an ISP which has no virus protection whatsoever, does not patch its system appropriately, has no UPSs, no back-up systems, insufficient bandwidth, absolutely unqualified staff etc. claim "force majeure" at the slightest event???)

    (§9)

  • have no right to hinder the legal use of Internet services
    (i.e. an IXP or ISP blocking a foreign site with legal content is acting illegally)
    (§41.5k))

  • pay fine of 10 to 20 MVND for using their computers (their firewall?) to blockade ... data in the Internet.
    (§41.5g) and h))

  • are not responsible for Civil Law cases (private diffamation etc.) and "depraved information and pictures" - only the poster and user is responsible
    (which is a very positive step)

3.4 Role of the State

  • unified, central management
    (i.e. no contradicting provincial policies...)

  • coordination of concerned ministries etc.,
    incl. international cooperation by DGPT (§29.2)

  • management of Internet resources (Domain names, IP addresses)
    (§23, 28.10, 30.3)

  • encourage to publish Vietnamese information, especially information on Party's policies, State's laws in the Internet (§5)
    (It would have been nice to mention explicitly also the preservation and promotion of Vietnamese culture of all ethnic groups, the increasing of opportunities for mountainous areas ...)
    (Also nothing is said about encouragement to make the Internet more accessible for Vietnamese, i.e. bridging the language barrier)

  • create "favourable conditions" for organisations and individuals to introduce their products and/or services (§5)
    (what about introducing themselves?)

  • enhance "propaganda", education to guide Internet users in exploring and using information in the Internet legally ... (§7)
    (This can be understood as educating users about accessing Information i.e. handling the equipment and finding Information - as well as selecting and judging received Information.
    To train and to prepare users to cope with the flood of information of different quality - especially in the Vietnamese setting (e.g. Confutian morales and partly low education vs. big pre-judices in large parts of the present Internet-world against Vietnam), would be IMHO very important!)

  • ensure secrets, private information on (or "of"?) organisations and individuals in the Internet by the Constitution and laws (§8)

  • facilitate lowering of Internet access fees to level of regional countries or below (§24), including possible subsidies (§4, 34)

  • tax preferences to equipment producers, importers, service providers, users (§25)

  • managing Internet price and fee (§28.5)
    (this should have been limited to approval of access fees:
    * ISPs and their agents might re-package very differently
    * OSPs can offer a multitude of services, which are de-facto
            impossible to be "managed" by state agencies)

  • managing information in the Internet (§28.7)
         (how can that amount of information be "managed"? - translation?)

  • managing safety and security in Internet activities (§28.8)
    (what does this mean? are there already plans to establish a national CERT? according to §33 the MoPS might be responsible for this, not MoSTE!)

  • managing encoding and decoding information in the Internet (§28.9)

  • MoPS is responsible for safety in Internet activities, including national safety and information security ...
    "on the basis of ensuring Internet services quality" (§33.2)
    (i.e. filtering cannot be the reason anymore to bring the whole Net to a crawl).

  • handle complaints according to the Complaint Law of 1998

3.5 Encryption

(very important issue for eCommerce)
(previous Decision 953 of October 2000 of DGPT says in article 51.3:
"Other subjects wishing to use ciphers in their message shall have to make registration with and obtain permission from competent State bodies ....)
(at present it looks like permission is needed, but the "Vietnam Central Cryptographic Authority", which is obviously responsible to issue the permissions, has reportedly right now no procedures to grant that license, which could make encryption de-facto basically illegal.)
However, DGPT considers the new Decree as a replacement of the older Decision in this regard, i.e. until more clear regulations by the relevant authority are released, encryption is allowed.
Note: There is already a law about the protection of State Secrets, but eCommerce is usually no State Secret...

  • encoding and decoding of Information must comply with regulations and laws on encryption (§10)

  • DGPT, together with Governmental Encryption Department, is responsible to manage certification system in the Internet (§30.4)

  • The Governmental Encryption Department manages encoding and decoding of Information: (§35)
    "national code policies and standards used in the Internet"
    (is this certificates for secure servers? or PKI system? private encryption?)

3.6 Firewalls - International Gateways

  • not mentioned explicitly anymore

  • only indirect referal in §33: MoPS implements "professional methods to ensure the national safety of (should this be "in"?) Internet activities".
    (but this can also be done without firewalls - see ECHELON)

  • have to be setup in such a way, that the Internet Service Quality is ensured (§33.2).

  • present implementation (i.e. broad-band blockage by IP address or domain) is now illegal according to §9 and §11

  • in fact, the paper could be interpreted as if it would abolish compulsory firewalls - now or later.

  • service outage due to insufficient bandwidth to abroad (which is not "force majeure") is according to §4.a) punishable with 5 to 10 MVND

3.7 Some minor flaws/oversights/traslation lapses

  • §6.1 subjects information accessed, transmitted and received in the Internet to Press Law, Publication Law, etc.
    This should include also domestically hosted/publised information

  • §6.2 makes Internet users responsible not only for information which they themselves are accessing, but for information accessed and transmitted (in general, i.e. not only by them). This could be also a translation inaccuracy.

  • §38 regulates complaints about administrative decisions and activites,
    §39 regulates complaints about service provision,
    but very little is said about complaints about other users
    (e.g. harassment, libel and slander, etc. on private websites)

  • nothing is said about the protection of children
    (see e.g. the US American COPA and COPPA laws etc.)

  • nothing is said about accessibility requirements for people with special needs, e.g. physically challenged people. Even if not yet strictly required, it could have at least been mentioned as a general goal.

  • nothing is said about spamming, i.e. causing additional costs to Internet providers and users by sending unsolicited mass mail.

  • the creation of a national CERT could have been clearly targetted

  • §41.3a) to f) are in the translation word-by-word identical to §41.5a) to f), but different fines: 1 to 5 MVND vs. 10 to 20 MVND.
    There seem to be some slight differences however in the Vietnamese original.

  • fines in §41.3a) to d) and §41.5a) to d) cover violations of State regulations on "standard and quality", "price and fees", "resource management", "Internet access and exchange management" in using Internet services.
    Should this be "providing" Internet services???

  • nothing is said about a general revocation of rules in other documents, which are in contradiction to this one

3.8 Others

  • Circular 06/2000/TT-TCBD dated September 29, 2000
    of the Department General of Posts and Telecommunications (DGPT)
    "providing guidance to conditional business activities and trades in the fields of posts, telecommunications and Internet"
    will have to be replaced.

  • Inter-Ministerial Circular No.08-TTLT of May 24,1997
    "guiding the granting of permits for hooking up, providing and using the Internet in Vietnam"
    is not valid anymore (since it is based on Decree 21/CP, which is abolished by this Decree)    .

4. Obviously Not Regulated in this Decree

Domain Names:
 Vietnamese persons are not restricted to register and use "international" (gTLDs and ccTLDs) domains. Previous regulations could be interpreted, that they could only register under the .vn domain. It is also not stipulated, whether companies, organisations, individuals have the right to register domain names.

WANs:
Corporate LANs which are connected via a leased line to another LAN abroad and from there to the Internet.

Agent of foreign OSPs:
If it is legal to use foreign hosting services, then it should be obviously also legal for a company to be an agent of a foreign OSP.

Peer-to-Peer Services:
Services between domestic and international users, which don't need ISPs, OSPs, ICPs, etc.
Examples: direct file transfer, private direct two-way streaming media of legal content.

5. Conclusions

  • Despite some shortcomings and unclarities in some details, a very encouraging piece of legislation.

  • It puts Vietnam neither at the forefront of liberal, nor at the tail of very oppressive countries regarding the development and use of the Internet.

  • Like usual, there is some room for stricter or more "laissez faire" interpretation, however some basic rights of users are guaranteed.

  • Final usefulnes will depend largely on timely and useful regulations of DGPT, MCI, MoPS.

  • Enforecement of quality management seems unfortunately (and to the disadvantage of development in Vietnam) to be very unlikely - at least for the next time.

  • This Decree of the Government could after proofing its usefulness be replaced by a very similar law (e.g. in one year from now), which could then also cover a few more loopholes and be more clear in some details.

  • ISOC members in Vietnam would be very willing to contribute to the formulation of guiding documents and a possible new Internet Law in the future.

Glossary and Annotations:

(... for readers who are not so familiar with the local situation)

Decree: usually issued by the Government;
In the hierarchy of legal documents it is below a "law", but higher than a "decision" of a Minister.
Party Directive 58: dated October 17, 2000 of the Politburo of Vietnam on the strengthening of the application and development of information technology (IT) in Vietnam for the national process of industrialization and modernization;
online at VNPT's website.
DGPT: Directorate General for Post and Telecommunications - status of a ministry
MCI: Ministry of Culture and Information
MoSTE: Ministry of Science, Technology and Environment
MoPS: Ministry of Public Security (formerly called "Ministry of Interior")
CERT: Computer Emergency Response Team,
e.g. HKCERT in Hongkong, SingCERT in Singapore, MyCERT in Malaysia, etc.
More CERT URLs here.
Gateway: In previous documents, the "gateways" had a double function:
- to provide access to the International Internet
- to run firewalls
Services: Previously, only four Internet services were officially allowed:
- eMail
- Web
- FTP (file transfer protocol)
- Telnet (remote computer control)
not allowed and blocked were amongst others:
- IRC, other non-web streaming media
- Newsgroups
blocked without legal ground was amongst others
- eMail using IMAP protocol
- Web services outside the standard port 80 (and later 8080)
not allowed, but not blocked was
- Web services via the https protocol (which encrypts the messages)
LAN: Local Area Network.
Uses Internet Protocol (TCP/IP) or another protocol.
Uses local addresses, which are not globally valid.
Civil Law: The new Civil Law recognises oral contracts, although in practical business life in Vietnam, contracts are considered as such, only when they are signed and sealed.
Location of hosts: The previous regulations were rather unclear and could be interpreted, that it was not allowed to host a site abroad.
MVND: 1 million Vietnamese Dong (roughly equivalent to 67 US$)

(end)