Translate

December 15, 2014

Is it time for internet transparency legislation in HK?

Posted: 10 Nov 2014

After a user on popular local forum Hong Kong Golden is arrested, Julius Babcock explores the line between internet freedom and crime – and who exactly is requesting your information
__

On October 18, a poster on popular online forum Hong Kong Golden, with the screen name ‘Lee Siu-ming’,  answered the door to his Tin Shui Wai home in the New Territories to discover police officers armed with a warrant, ready to seize his phone and computer. It’s claimed the 23-year-old man had been active on the forum during the previous month, allegedly inciting others to charge at police and paralyse the MTR by blocking the exits. ‘Lee’ was reportedly arrested on the grounds of obtaining access to a computer with intent to commit an offence or with a dishonest intent, a charge which can carry a five-year jail term.

It was a dramatic moment. Many internet users were shocked to find out that posts made on a popular forum, no matter how incendiary, had directly led to an arrest. When asked about the implications of the case, the police maintain a firm stance on the enforcement of the law on the web. “Police remind the public that the internet environment is not a lawless world,” a duty officer at the Hong Kong Police Force tellsTime Out. “According to the laws of Hong Kong, the majority of the laws in the real world are also applicable to the cyber world.” Whether ‘Lee Siu-ming’ is guilty of intending to commit an offence is now up to the courts to decide as they interpret the law. He’s due to attend a hearing soon. But it’s inescapable that there’s a growing,  underlying concern seeping into our modern and digital city. Between 2010 and this year, the number of information requests the government made to Google increased sixfold. Police were reportedly able to track down

‘Lee Siu-ming’ using an IP address they acquired from HK Golden’s administrators. In other words, it was his personal data, stored in cyberspace, which led to his implication and arrest.

While personal data collection by authorities is hardly a revelation, this particular arrest opened the eyes of many internet users as it was made for simply posting words online. “I felt kind of speechless,” says Dennis Ng (name changed upon request), a fellow poster on the HK Golden forums who followed the arrest online. “His only crime was saying something. Not doing anything. And even then it’s hard to construe it as inciting a riot. Arresting him is a bit too much and too quick without an in-depth investigation.” As a result of the action, posters are now on guard with what exactly they say on the forum. “I do worry about my old posts, as now they may bother me in unforeseeable ways,” admits Ng. It’s clear the authorities can request and use personal information from internet users. That begs the question, then – who’s keeping tabs on the authorities as they handle our personal data?


More requests are being made by the government

At present, there are no standardised procedural guidelines for government departments to make requests to internet service providers for user information. Nor are there provisions requiring government departments to obtain a court order to make these requests. Jennifer Zhang is the project manager of The Hong Kong Transparency Report, an initiative by the University of Hong Kong which highlights the clumsy nature of user data requests in the city. As Zhang outlines, the truth is that the lack of protocol and structure makes gathering information a logistical quagmire for authorities.

“The police’s request making procedure for information is messy and opaque,” says Zhang. “Service providers often complain the police sometimes call their mobile phones at dinnertime asking for their users’ data, telling them it is for criminal investigation. They feel scared and have no idea what is going on.” Moreover, says Zhang, without the need for court orders or permission from a governing body, authorities can decide for themselves whether the need for personal information is great enough. She believes this is a dangerous line to tread. “Currently,” she says, “we simply don’t know if the reason is sufficient enough to justify the police’s request for personal data and service providers alone don’t have the legal resources to determine whether their users’ contact details can really help with the police’s criminal investigation.” Indeed, service providers are actually under no legal obligation at all to hand over their users’ data to the police – making it seem as though personal privacy is just subject to the particular whims and fancies of authorities and service providers.


Protestors take to the streets last year

To contrast this, on an international level, the United States now has regulations protecting user data that far outstrip anything seen in Hong Kong. Under US law, there are three legal processes that government agencies can use to obtain a certain level of user account information from service providers: subpoena, court order and search warrant. Authorities may only collect really basic information such as IP addresses with a subpoena, needing a full court order and search warrant in order to get hold of any detailed information about a certain user. “[In the US], police must have a high burden of proof to obtain a search warrant,” claims Zhang.

Hong Kong’s lack of transparency in data collection has not gone unnoticed by those in charge. Democrat Party member James To brought the issue before the LegCo last month, calling on the government to review the existing legislation ‘with a view to requiring that a government department must obtain a court order before it may make a request to a service provider for users’ information’, in order to ‘prevent abuse of personal information and to safeguard the privacy of the members of the public’.

However, the reply from Commerce and Economic Development Secretary, Gregory So, was short and clear. So pointed out ‘the requests made by the concerned government departments or law enforcement agencies… are mainly related to crime prevention and detection as well as law enforcement. Since the existing mechanism functions effectively, we do not think it is necessary to review it’, he continues.

For Zhang, the findings of HKU’s Transparency Project have become a rallying cry for institutional reform. She says the authorities have a duty to protect internet users. “The government should let the public review its data-requesting mechanism as soon as possible,” she says, “and set up an independent body to oversee its request-making process.” Zhang is calling on online service providers to start disclosing how many user data requests they’ve received from the government and how many times they comply with the government’s requests. “Only in a transparent environment can the public fully exercise their freedom of speech,” says Zhang, “and only transparency can restore the public’s trust in government and technology.”

To find out more about The Hong Kong Transparency Report, visittransparency.jmsc.hku.hk.

http://www.timeout.com.hk/big-smog/features/69978/is-it-time-for-internet-transparency-legislation-in-hk.html