On The Security Obligation Of Internet Service Providers

With the development of information technology,the public is suffering more and more damage from network security problems such as hacker attacks,computer viruses and system vulnerabilities.In November 7^th,2016,the NPC Standing Committee reviewed the"Cyber Security Law of the People's Republic of China",and it has put into force on June 1^st,2017,which marked China has begun to plan the governance of cybersecurity issues from the perspective of public law at the basic law level.This law legislation is also a response to the increasingly serious cybersecurity situation in the jurisprudential and substantive circles.The new law defines the concept of cybersecurity and divides cybersecurity into two major areas:Network Information Security and Network Operation Security.From the perspective of public law,it is stipulated that network operators should assume the obligation of ensuring network security and take administrative law responsibilities for those network operators who violate the guarantee obligations.However,the legal regulation of network security should be a comprehensive system,not only from the perspective of public law,but also pay attention to its private law on the regulatory path.This is because in the event of security problems in cyberspace,the most direct target of abuse is still the majority of Internet users.Network users are concerned about the compensation of their own rights and interests rather than punishing the responsible persons for their public interests.Therefore,the obligation of Internet Service Providers to guarantee network security has formed a new research topic.As far as the social operation system of cyberspace and the status quo of network service market regulation are concerned,the popularization of WEB2.0 technology and the decentralization of code rights have greatly improved the autonomy of network users,but have not actually changed the provision of network services The technical monopoly position,but to some extent,led to the user group"polarization"phenomenon.Information technology,as a highly specialized application discipline,is difficult to grasp by the general Internet users.The purpose of Internet access is simply to enjoy network services and usually play the role of victim in network security incidents.Based on this,Providers class responsibility is understandable.However,relative increase in the number of users who master the technology makes malicious attacks such as Trojan viruses,loopholes and phishing websites on the network running security increase daily,which directly enhances the threat to network operation security.In addition,due to the mismanagement of operators Or deliberately caused damage to the interests of citizens have also occurred frequently,such as the Ministry of Railways"12306"website leak 130,000 user personal information incident,which means that the network security obligations to run the operation,the need for illegal costs and management The value of the choice between the cost,combined with the development of Internet society to conduct a comprehensive consideration.Article 36 of the Tort Liability Act is a framework stipulation of the network infringement in the current civil law system.It reflects the original intention of legislators to keep pace with the times,but still bases on the thinking mode of traditional tort law.Taking internet society as a basis for consideration,this directly leads to the dual dilemmas in practice and theory when dealing with cybersecurity issues.First,the"Notice Rules"and"Knowing Rules"mainly draw on the applicable models of the"Safe Harbor Rules"and"Red Flag Rules"in the U.S."Digital Millennium Protection Law"and focus on ensuring the security of network information contents.To a certain extent,Ignores the diversity of the unique social forms of network space and network infringement.Second,Internet Service Providers,as gatekeepers in cyberspace,possess richer and more technical information than users,and to ensure that the network services they provide have a relatively safe operating environment should become a Pay attention to obligations.However,the legal status of this obligation,its responsibility form,responsibility and legal consequences and a series of issues,whether in theory or in practice has been in a vague zone.In addition,there is a legislative gap in the system of private law in view of the infringement of the law of interference in the operation of the network.Because Article 36 of Tort Liability Act actually ruled out the infringement related to the security of network operation,and only applied in the case of property infringement or personality benefit infringement.However,the operational safety of the network is different from the security of the content of the network information.Its focus is on computer vulnerability remediation,encryption and decryption of information technology,development of anti-virus programs,and maintenance of infrastructures.Based on the operational safety of infringement cases formed,without the support of theory,the court can only conduct standard measurement through public judgment of value and discretion of the judge,For example,in some cases,the judge will make a wrong presumption of Internet Service Providers based on the trade habits of the industry.This means that our country's legislative obligation on the Internet Service Providers lacks a sufficient standard of consideration throughout.Although cyber-security issues can be understood as"industry rules,"cyber-space is not a space in the sense of reality.Its essence is that it is based on the network infrastructure and that data constructed using code languages and programming logic Flow interaction system,network security standards cannot be based on the brick material as traditional construction safety evaluation,the characteristics of its technical game makes the lack of theoretical basis for the case,to industry standards as a way to determine the fault appears to be too weakTherefore,based on the fact that the traditional tort law system cannot solve the relative frontier cyber security problem,this paper intends to use a new way to make up for the current network tort system,that is to expand the applicable media of the traditional"security obligation"into cyberspace.At present,in the theory of tort law in our country,the concept of"network operator"and"security obligation"belongs to two systems.However,the network space dominated by network operators actually has the characteristics of"opening up,participating in social interaction"and"posing potential risks to the rights and interests of others",and the potential dangers involved are not limited to infringement on intellectual property and personality rights.Therefore,network operators,as the opener and controller of the dangerous sources,should not only have the obligation of excluding from the ongoing infringement in cyberspace but also have the obligation of review and control over the future damage,and whether such obligation can apply the traditional security guarantee obligations Legal theory,we must combine the theoretical origin of our security obligations and the value of the system,as well as the inherent characteristics of cyberspace comprehensive consideration.Specifically,since the basic safety issues of the real physical places are solved in the civil law theory by the"safeguards obligation"system,the security problems in the cyberspace are different from the real physical places,so the basic security problems in the cyber environment are solved Where is the path?And how can the traditional system of security obligation fulfill its institutional value in cyberspace?What new features are applicable in cyberspace?How to construct the institutionalized obligation of cybersecurity is the focus of this article.In the research methods,I will also consider the social and technical characteristics of cyberspace at the same time,so as to provide an effective reference for the construction of an effective regulatory system.