(By You Yunting) On December 4, 2013, Internet Society of China (the “ISC”) published the Convention of Self-Discipline for Internet Terminal Security Service (the “Convention”) in Beijing. Those eight Internet terminal security service providers, such as Tencent (0700.HK), Baidu (NASD: BIDU), QIHOO (NYSE:QIHU), Kingsoft Corporation Limited (03888.HK), RISING, Jiangmin Technology, TOPSEC and NetIQ Mobile Inc, signed on the Convention. Afterwards, there are about 23 companies, i.e. SOHU (NASDAQ:SOHU), Sogou, Xunlei and Xiaomi Technology signing related documents in favor of the Convention. The Convention, comprising of 6 chapters and 27 articles, aims to protect legal interests of users, maintain a fair and harmonious market competitive environment and promote the healthy development of internet industry.
Specific contents are as follows:
1 Scope of Application: The Convention shall apply to members of ISC, and practitioners of participating in the Convention.
Lawyers’ Comment: The Convention will be a rule for competition even though it does not be a law or regulation legally. When China’s courts hear cases regarding unfair competition between internet companies, the Convention may serve as a reference.
2 Scope of Product: The Convention specially include internet terminal security service and its products. Companies that provide internet terminal security service shall possess security products with legal intellectual property rights. The products may provide security services after obtaining officially licenses through inspection of competent state departments.
Lawyers’ Comment: QIHOO, the biggest manufacturer of Internet security products, always accepts disruptive operation strategy of has been a huge headache for its counterparts. Our website once introduced similar cases such as 360 vs Tencent: The Summary of Anti-Monopoly Court Hearing and Does 360’s QQ Guard Constitute Unfair Competition against Tencent? Someone on Weibo is making jokes that the Convention was aimed specially at QIHOO’s 360 Security Guards and 360 Antivirus Software.
Companies that provide internet terminal security service shall abide by the principle of legal compliance, good faith, fair competition, and independent innovation and optimization services.
4. Protecting legal interests of users:
Users shall enjoy the right to know. Users should be informed of collecting, using and saving users’ personal information by the company that provides internet terminal security services. When providing security services to users, the implications for users shall be served as distinct, objective and impartial. Users shall, in receiving services from internet terminal security service software, be informed about the operation and its results. In order to prevent users from any violation of malicious programs including virus, Trojan and worm, within the premise of any express provisions in the user’s service agreement, the company that provides internet terminal security service may take direct protection operation against malicious programs.
Users shall enjoy the right of free choice. The company that provides internet terminal security service shall respect right of free choice. When installing, operating, upgrading and revising default settings of internet terminal security service products, the company that provides internet terminal security service shall inform users and obtain confirmation from users, except updating antivirus software and upgrading Trojan killer.
Users shall enjoy the right of protecting its personal information. Users’ personal information includes personal identity information, personal online communication contents, personal online activity logging, personal documents (establishing or saving in the internet terminal security service) and other directly or indirectly recognizing users’ personal identity or information related to users’ interests. Collecting, using and saving users’ personal information shall be informed users, including the goals and scope of personal information, with agreement from users. No authorized collecting, using and saving be made. Collecting, using and saving personal information shall follow the principle of legitimacy, impartiality and necessity.
Internet terminal security service products shall not open any communication interface, such as WLAN, GPRS, BLUETOOTH, INFRARED AND NFC without permission and agreement. Users’ personal information in address book, messages and e-mails shall not be scanned and uploaded without agreement from users. Internet terminal security service products shall not violate any provisions about malicious acts in the Description Criterion of Malicious Code for Mobile Internet promulgated by the ISC.
The company that provides internet terminal security service shall perform its social responsibility, promote the popularization and application of internet security and insist on an objective and impartial attitude towards internet security publicity.
Lawyers’ Comment: 1). The contents of personal information protection in this provision are about the right of privacy, which is a vulnerable spot in China’s laws and regulations. Because there is not a complete definition about the right of privacy in China until now, infringement towards the right of privacy in competition often occur in China.
2). Another question in Chinese Internet is users’ unwillingness of paying software. Therefore, where merchants cannot get payment from users, there is money making from reading and analyzing users’ personal information. Upon this reason, the Convention stipulates a restriction for this mechanism of money making. Thus, many companies will attempt to develop new means to money making.
5. Malicious behavior prohibition:
Malicious exclusion shall be prohibited. Malicious exclusion means that designing, installing and operating internet terminal security service products put obstacles intentionally to install and operate other legal products without permission. Other legal products shall not be malicious excluded or destroyed in normal usage, cheated and misguided to use or not use by any means.
Malicious blocks shall be prohibited. Malicious blocks refer that it in the process of installing, operating and updating internet terminal security service products cheats, misguides or forces users to revise default settings, or forces users to revise users’ setting, so as to affect and fail other legal products to work.
Discrimination shall be prohibited. Discrimination means that companies that provide internet terminal security services set up discriminated standards in treating other competitive products through the function of its security software under the same condition. The function and authority of its security software shall not be used to disturb or destroy other companies’ terminal security service.
Companies that provide internet terminal security services shall insist on an objective and impartial attitude towards assessment of other companies’ terminal products, and shall not cheat, misguide, or force users to disposition of the assessed products.
Lawyers’ Comment: Where QIHOO’s 360 Security Guards fully performs its advantage of underlying software in the competition with Tencent and Baidu, QIHOO has been repeatedly accused of using afore-said means in competition by other competitors. As for this accusation, due to the lag nature of law, if competitors were attempted to sue QIHOO, the judgment would be made next year with a low compensation and at the same time QIHOO would have already occupied the market. Therefore, this provision will be likeliness of standardizing market order.