“上天入地”,还是“度权量利”——《网络安全法》(草案)述评

Try Every Means to Seek or Consider the Rights and Obligations:A Brief Review on the Draft Internet Security Act

为应对网络安全日益严峻的威胁与风险挑战,近年来全球主要国家和地区纷纷加强网络安全战略制定和立法活动。在此背景下,全国人大2015年制定公布了《网络安全法》(草案),草案确立了网络安全监管体制、关键信息基础设施、安全审查制度、重要数据境内留存制度、个人信息保护制度等亮点制度,但仍存在立法理念"重赋权赋能,轻保护程序"、个人信息保护立法与网络安全立法价值取向的悖论、关键信息基础设施中的网络服务提供者标准和范围有待明确,合法侦听的职权和程序不明确、网络通信临时限制的适用条件偏低等诸多问题。制定网络安全法应坚持"安全和发展并重、管理和保护齐行"的立法理念,在赋权赋能监管机构管理的同时,明确网络安全保护的程序和流程,以改观我国长期以来网络安全立法"重安全、轻发展,重管理、轻保护"的现状。

In response to the growing threat and risky challenge of cybersecurity in recent years, major countries and regions in the world have strengthened the related strategy formations and legislative activities. In this background, the National People＇s Congress announced the Internet Security Act in 2015. The draft established the cybersecurity supervision system, critical information infrastructure, security review system, important data retention system and personal information protection system. Nevertheless, a great many problems still exist, for example, the legislative philosophy emphasizes too much on empowerment rather than how to preserve procedures; the standard and scope of internet services supplier need to be clarified in critical information infrastructure; the legislative value between personal information conservation and cybersecurity is contradictory; the right and procedure of lawful interception is ambiguous; the temporary restrictions of online communication is poorly operated. Consequently, for the sake of improving the situation of ＂giving priority to security and management over development and preservation＂ at long durations, the development of cybersecurity law should adhere to the concept that the security and improvement should be equally emphasized, meanwhile, the management and conservation should be coordinately propelled. Additionally, to endow the regulators with power and explicate the procedures and processes of cybersecurity is also necessary.