by Benjamin Zhou

The Commissioner on Interception of Communications and Surveillance published its 2016 annual report in late November, showing that 1,416 interceptions were granted – 12 cases fewer than in 2015. Compared to the figures of 1,719 and 1,782 in 2008 and 2009, the significantly lower figure recorded in 2016 may suggest that Hong Kong law enforcers are less inclined to intercept communications than before (figure 1).

This, though, may not be the case. The lower number of reported interceptions may result from a change in officers’ methods. Nowadays, the authorities may be turning away from traditional interceptions, looking instead towards communications and personal data stored in the cloud – access to which has not yet been regulated as thoroughly by law as tapping telephones.

File Photo: Tookapic, via Pixabay.

Surveillance practices by government agencies in Hong Kong are mainly subject to the Interception of Communications and Surveillance Ordinance. It was enacted in 2006 to “regulate the conduct of interception of communications and the use of surveillance devices by or on behalf of public officers and to provide for related matters.”

An officer must apply to a panel judge for an authorization to conduct a postal or telecommunications interception. Surveillance also requires approval by one of the judges or an authorizing officer of the agency, depending on how covert it is to be.

Such a mechanism works well, according to the government. However, the subjects of the Ordinance have not changed since its inception. Instant messaging applications, such as WhatsApp, have grown in popularity and are increasingly used in place of the more traditional communications methods covered by the Ordinance, namely telephone calls and post. In addition to social media platforms, cloud services also help people exchange information.

Wiretapping may not be necessary for officers who are investigating an internet activist, for example. Information stored in the servers of online service providers and smartphones is far more relevant in such cases.

Facebook’s Government Requests Report shows that the requests for user data from the Hong Kong government had increased eleven-fold from 26 in 2013 to 321 in 2016. According to replies to legislators’ questions and the data collected by the Hong Kong Transparency Report, the government sent more than 4000 data requests to technology companies each year since 2011.

In a panel meeting of the Legislative Council on December 5, both pro-establishment and pro-democracy lawmakers expressed concern about whether the Ordinance could still keep up with new technologies. Secretary for Security John Lee Ka-chiu, however, said the law was enough to handle crimes, and it was unnecessary to review the definition of “interception” at the moment.

Secretary for Security John Lee Ka-chiu. File Photo: GovHK.

Mr. Lee may be right, but citizens’ privacy should be another concern for legislation. Indeed, a lot of advanced countries or districts have set rules for access to communication content and personal information in cyberspace by law, in order to protect privacy.

In the United Kingdom, the Regulation of Investigatory Powers Act of 2000 regulates interception and surveillance, with similar wording to Hong Kong’s Ordinance.

The Act also set out procedures for “acquisition and disclosure of communications data” and “investigation of electronic data protected by encryption”. The statistics about such practices are revealed in annual reports of the Interception of Communications Commissioner.

In Australia, the Telecommunications (Interception and Access) Act 1979 provides a legal framework for the government to access the information held by communications providers, including telecommunications data (eg. phone numbers, time and location) and stored communications (eg. email, short message). They are “subject to significant oversight and reporting obligations,” according to the Attorney-General’s annual report.

In Taiwan, a law enforcement officer should apply to the court for a warrant before the officer access “communications records” and “communications user’s information,” according to The Communication Security and Surveillance Act, which was enacted in 1999 and amended in 2016.

Photo: Pexels.

Hong Kong had a chance to catch up with leading jurisdictions. When the government proposed to amend the Interception of Communications and Surveillance Ordinance in 2015, legislators and civil society groups asked for inclusion of internet communications. The amendment bill passed in 2016 failed to respond the appeal, only giving the commissioner greater oversight power.

Article 30 of the Basic Law states: “The freedom and privacy of communication of Hong Kong residents shall be protected by law,” and Article 29 protects Hong Kong residents from “arbitrary or unlawful search.” The government should amend the interception and surveillance law to fulfill its constitutional obligation in the digital age.

Benjamin Zhou is a researcher at the Hong Kong Transparency Report, a project under the Journalism and Media Studies Centre, University of Hong Kong.

HK Transparency Report

HK Transparency Report promotes government accountability and the protection of personal privacy online by documenting and monitoring the extent to which the Hong Kong government requests user data from Internet Service Providers or demands the removal of content from ISPs.