Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Cyber Risks in Hong Kong
1. Cyber Risks in Hong Kong:
Challenges for Civil Society and
What Next?
Charles Mok
Global Digital Policy Incubator, Cyber Policy Center
Stanford University
July 2, 2023
2. Before NSL
A look back at one of the freest Internet
environments in Asia
3. From freedom to censorship
• Before NSL (2020)
• No official or legal mechanism to censor
• No external firewall or filtering mechanism
• Regional telecom hub for underseas cables and datacenters
• Government attempts to introduce censorship
• 2012: Consultation of Control of Obscene and Indecent Articles
Ordinance
• Proposal for mandatory “operator-level content filtering” withdrawn
after public opposition
• 2016: Copyright Ordinance Amendments
• Criminalization of online derivative works of copyrighted materials
• Withdrawn by government in legislature after filibuster in legislature
4. Can China’s Great Firewall extend to Hong Kong?
• China
• State-owned telecom controls external gateways from 3 coastal cities
with backbone of at least 7 other inland cities (2014)
• China failed to live up to its commitment when joining WTO (2001) for
“ICT and telecom market opening to foreign producers”
• Numerous laws and operational infrastructure to conduct censorship
• Hong Kong’s telecom regime was completely liberalized since 2003
• Buy back incumbent’s external exclusivity license in 1998
• Telecom Ordinance: No limit on number of licenses and foreign
ownership
• No law or censorship infrastructure, until the NSL
• Vibrant civil society, until the NSL
5. How to shut down the Internet in Hong Kong?
• Emergency Regulations Ordinance (Cap. 241)
• (1) On any occasion which the Chief Executive in Council may consider to be an
occasion of emergency or public danger he may make any regulations whatsoever
which he may consider desirable in the public interest.
• (2) Without prejudice to the generality of the provisions of subsection (1), such
regulations may provide for
(a)censorship, and the control and suppression of publications, writings, maps,
plans, photographs, communications and means of communication;
• The ERO was used many times in the last three yers to bypass the legislature
• Telecommunications Ordinance (Cap. 106) Section 13
• 13. Possession of telecommunications stations taken by government in emergencies
• (1) Where, in the opinion of the Governor, an emergency has arisen in which it is
expedient for the public service that the Government should have control over
telecommunications stations, the Governor, by warrant under his hand, may direct
or cause such telecommunications stations as are specified in the warrant to be
taken possession of and to be used for the service of the Government…
6. The decline of trust of Internet freedom
• Downloading of
FireChat during
Hong Kong’s
Umbrella
Movement (2014),
as in Taiwan’s
Sunflower
Movement (2014)
• People worried about
Internet shutdown
though it never
happened.
7. 2019 Anti-extradition bill protests
• Widespread use of Telegram groups
• Apple App Store removal of apps
9. High Court injunction to censor Internet content (2019.10.31)
• The Police and the Secretary for Justice applied for and was granted a High
Court injunction
• Prohibiting anyone from communicating through “any Internet-based
platform” any materials that “promotes, encourages or incites the use or
threat of violence, intended or likely to cause” bodily injury or property
damage
• Broad and vague scope causing chilling effect on freedom of expression
• Bypass going through the legislative process
• Local civil society (Internet Society Hong Kong) applied for discharge or
restriction on the injunction, after a successful crowdfunding drive
• High Court ruled to continue the injunction with minor amendments to
emphasize the willfulness of the act
• Injunction was extended and remains in force
11. National Security Law (2020)
• Mainland law imposed on Hong Kong — not based on Common Law —
targeting against “secession, subversion, terrorism and collusion with
foreign forces”
• Implementation Rules for Article 43 of the Law of the People's Republic of
China on Safeguarding National Security in the Hong Kong SAR:
• A “designated police officer” can order to take down messages or
contention any electronic platform that was deemed “likely to constitute
an offense endangering national security”
• Failure to comply means the service provider may face seizure of their
electronic devices, plus fines and prison terms up to 6 months
• Chief Executive may authorize the police to intercept communications and
conduct surveillance to “prevent and detect offenses endangering
national security”
• The universal reach of the law’s extraterritorial power (long arm jurisdiction)
12. After NSL
• Civil society in retreat
• Civil society have relied on social media and online services
• Self censorship — removing social media posts or entire profiles
• Online fundraising becomes difficult to impossible
• Media
• Major online and traditional outlets were closed: Apple Daily, StandNews, etc.
• But Hong Kong journalists are extraordinarily resilient: we are now witnessing a realignment
of online press outlets, both in Hong Kong or diaspora
• Blocking of websites hosted overseas
• HKChronicles (doxxing of police officers and pro-Beijing figures)
• Taiwan’s Transitional Justice Commission*, Presbyterian Church*, DPP*, Recruitment Centre
of National Armed Force
• 2021 Hong Kong Charter
• June 4th Incident Online Museum
• Hong Kong Watch (UK human rights group)
• Some were later reported to be accessible again (*)
14. Legislative changes and
proposals since NSL,
with many more to come
The new national security only priority
will make life harder for civil society
and everyone else
15. Telecommunications (Registration of SIM Cards) Regulation
• Mobile SIM card registration — “real name system”
• Proposed: Jan 2021
• Effective: Sep 2021
• Registration began: March 2022
• What other countries require SIM card registration for users?
• Biometric registration required: Bahrain, Bangladesh, Belarus, Benin,
China, Ghana, Jordan, Lesotho, Myanmar, Namibia, Nigeria, Oman,
Pakistan, Peru, Philippines, Saudi Arabia, Singapore, Tajikistan,
Tanzania, Thailand, Uganda, United Arab Emirates, Venezuela, and
Zambia
• Considering biometric registration: Argentina, Ethiopia, Indonesia, Japan,
Lebanon, Liberia, North Korea, and Russia
• No such requirement for Hong Kong yet
16. Personal Data (Privacy) Amendment 2021
• From privacy and data protection to only anti-doxxing
• After several high-profiled data breach incidents (e.g. Cathay Pacific), the
government was consulting for strengthening the privacy law, including the
levels of fines, in the 2016-2020 legislative session.
• After the NSL, the new privacy commissioner (since September 2020) and the
government ignored all other privacy and data protection issue and only
focused on stopping online doxxing.
• Amendments proposed: Jul 2021
• Legislation passed: Sep 2021
• Take effect: Oct 2021
• “Following the amendment of the law in October 2021, up to (last) December
(2022) the commission had handled 2,128 doxxing cases, resulting in 114
criminal investigations and 32 referrals to the police for action.”
16
18. Cybercrime consultation by the Law Reform Commission
• Consultation paper released on Jun 2022
• “Legal vacuum” in Hong Kong for lack of cybercrime law
• Main concerns of the LRC’s proposals in the consultation:
• No need to prove intent: e.g. “mere unauthorized access should be
criminalized as a summary offense, which does not require malice to be
an element of the offense, subject to the statutory defense of
reasonable excuse.”
• Pre-registration for cybersecurity firms, professionals and researchers
in order to establish defense or exemption?
• Making available or possessing devices or data for committing a crime
• “Anyone who owns a knife that can be used to commit a crime?”
• Risks for any IT platforms, service providers, cloud service providers
etc.
18
19. Cybercrime consultation by the Law Reform Commission
• Jurisdictional constraints
• What does it mean by “threatening Hong Kong’s security” or “serious damage
to Hong Kong’s public authority”?
• Long arm of extraterritorial jurisdiction again?
• Harsh proposed sentencing
• Up to 14 years imprisonment for aggravated offense.
• Maximum sentence for the aggravated offense for illegal interference with
computer data and a computer system is recommended to be life
imprisonment.
• The NSL factor
• The consultation paper stated: “The duty of Hong Kong to safeguard national
security reaffirmed the need for reform of cybercrime laws in Hong Kong
and the sub-committee has taken this into consideration in its pursuit of the
cybercrime project.”
19
20. Consultation on Regulation of Crowdfunding Activities
• Erecting further political vetting to make sure no crowdfunding for political activities or civic
activism will be possible, beyond existing under the Securities and Futures Ordinance,
Money Lenders Ordinance and other current oversight under social welfare regulations
• Proposed Crowdfunding Affairs Office (CAO) will require prior applications for any
crowdfunding activity that “raises funds from individuals or entities of Hong Kong, or
individuals or entities located in Hong Kong.”
• “The location of publicizing such activities can be any places, including Hong Kong
and other places, and with declared purposes that are related to Hong Kong or not.”
— in other words, anyone, anywhere, anything.
• Propose “real-name system” for donors, for CAO inspection.
• Propose that "online platforms specifically designed for crowdfunding purpose” should
register with the CAO, including providing “at least one person with a physical address
in Hong Kong” as the designated representative of the platform — the “hostage-taking"
rule.
• Global crowdfunding platforms may simply not take any Hong Kong related fundraising
activities in future.
21. A lot more to come
• Cybersecurity law
• Critical infrastructure? Global jurisdiction?
• Misinformation law
• Remove any undesirable content without invoking NSL
• More pressure on platforms and Internet service providers
• Article 23 local national security law legislation and upgrades for NSL
• Relating to “treason, secession, sedition, subversion against the Central
People's
Government,
or theft of state
secrets” and
overseas
political ties
• ….
22. A case study
The “national anthem” that isn’t and
Google in the crossfire
23. Google: The culprit or a scapegoat?
• Feb 28, 2023: Wrong “national anthem” for Hong Kong played at ice hockey
match in Korea: “Glory to Hong Kong” (the “Song”)
• The organizer claim they downloaded the wrong song from Google search result.
• Hong Kong government and legislature pressured Google to rectify; Google said
they only relied on established algorithm.
• Indeed, how do you ban a search term for something that does not exist: “Hong
Kong national anthem”?
• After months of stalemate, the Secretary of Justice filed an injunction to the high
court to ban:
• Broadcasting, performing, printing, publishing, selling, offering for sale,
distributing, disseminating, displaying or reproducing in any way (including
online), whether its melody or lyrics or in combination (including any
adaptation of the Song, the melody and/or lyrics of which are substantially
the same as the Song) with intent to insult the national anthem.
24. To stay or to leave, is that the question?
• 32 instances of the Song was listed in the
appendix of application for the injunction
• Jun 12: Court asked HK government if the
sought ban is global. HK govt: No.
• Court will reconvene on Jul 21.
• Use of injunction to bypass even the rubber-
stamp legislative process
• Lack of western reaction, e.g. US or EU
• Civil society letter to platforms
• It’s more about just Google/YouTube —
Meta, Apple, Spotify, and more
• So, will Google leave Hong Kong?
• Ban the “Song” now, anything in future.
26. De facto sanction on Hong Kong’s critical digital infrastructure
• Since 2019, the US has effectively banned any submarine cable with US
involvement to terminate in Hong Kong.
27. Goodbye, regional infrastructure hub?
• Not only is Hong Kong’s role
as a telecom, Internet and
data center and cloud service
hub diminished, the
reconfiguration of undersea
cables to mitigate risks in the
South China Sea has
tremendous implications on
the security and resilience
of connectivity in East and
Southeast Asia.
• Or maybe there is no need to
worry? Cambodia is said to be
building a new cable to Hong Kong.
28. Isolated from western technologies
• Part of China
• No ChatGPT, no Bard
• Still has VPN, for now
• Government does not want foreign firms to
leave, but it will be a hard act to balance
30. Last but not least, “aided” by the west?
• Hong Kong’s upcoming legislature spree will not be short of references to
examples from recent western legislations:
• Germany’s NetzDG (Network Enforcement Act) — on “misinformation”
• UK’s Online Safety Bill — to break end-to-end encryption
• Similarly, the US’s EARN IT Act
• France’s draft bill to “regulate and secure the digital space” and its
draft Military Planning Law (LPM)
• Many people worry about the effect of draconian Chinese digital laws on
Hong Kong. I worry even more about such laws from western
democracies.