Two laptops containing voter information that disappeared from a backup polling station on Sunday may have been stolen, the Registration and Electoral Office (REO) has said. It said that they were encrypted and thus “extremely difficult to break through.”
The machines, which contained the information of all 3.7 million registered voters in the city, were being stored in a locked room at AsiaWorld-Expo. The venue was the backup polling station for Sunday’s chief executive election.
The REO said that it was fully assisting in the police investigation, which classified the case as theft, and apologised for the distress it caused to electors in a statement on Tuesday.
It said its staff members put the notebook computers in a locked room with closed-circuit televisions after setting up the venue ahead of the election. Staff members picked up their materials from the venue on Monday and found that the machines were missing.
It said one computer contained the names, addresses and Hong Kong identity card numbers of geographical constituency electors, while the other contained the names of 1,194 chief executive electors with no other personal information.
“The information is protected by multiple encryptions which are extremely difficult to break through. No voting records are stored on these notebook computers,” the statement read.
“According to established procedures, on completion of the Chief Executive Election, the information will be deleted from the notebook computers.”
But the REO has yet to explain why the information of all 3.7 million voters were taken to the backup venue, when only 1,194 electors could vote in Sunday’s election.
The statement also did not reveal whether there were security guards or staff members guarding the room, and who was responsible for the computers’ safekeeping.
According to initial investigation, there was no sign of a break-in, Chinese-language paper Ming Pao cited sources as saying.
The sources also said there were four REO staff members who had access cards to enter the room, and the police were investigating whether anyone else had access.
The incident was first reported by local media and the REO issued a statement to confirm it an hour later.
IT sector lawmaker Charles Mok said the fact that the computers were encrypted did not mean there was no risk of a leak.
“There were no signs of a break-in. Was it premeditated? Was there an insider who knew about the computers and stole them?” he asked.
“Has any risk assessment been done? What kind of encryption was it? What if they fell into the hands of state-level hackers?” he added. “Do not trust the so-called security experts who say [the data] will be safe with encryption.”
Democratic Party lawmaker Lam Cheuk-ting said it was a “serious negligence of duty” on the REO’s part.
“The data would be very valuable if it ended up in the black market,” he said. He urged the police to trace the information and watch for any usage or sale of the data.
Meanwhile, Legislative Council President Andrew Leung Kwan-yuen rejected several lawmakers who asked for an urgent enquiry at a Council meeting on Wednesday.
The REO said it will review its arrangements for handling voter registration information in the Chief Executive Election, and submit reports to the Electoral Affairs Commission and the Constitutional and Mainland Affairs Bureau.
- Coronavirus: Hong Kong set out new HK$137.5bn relief plan, including employee salary subsidies and MTR fare cuts
- ‘Meaningless’: Hong Kong rights groups dispute police claim of 104 cases of baton use at protests
- Coronavirus: Hong Kong extends limits on gatherings as beauty and massage parlours ordered to close