lego logo
Council question: Government’s requests for information disclosure and removal made to information and communication technology companies
2018-01-31

Following is a question by the Hon Charles Mok and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (January 31):

Question:

It has been reported that quite a number of advanced countries/regions have enacted laws to regulate the access to residents’ electronic communication records and personal data by law enforcement agencies.  Such laws include the Regulation of Investigatory Powers Act 2000 of the United Kingdom, the Telecommunications (Interception and Access) Act 1979 of Australia and the Communication Security and Surveillance Act of Taiwan. Those countries/regions also require law enforcement agencies to proactively make public, on a regular basis, statistics and reports on access to such information, so as to ensure that there is a certain degree of transparency in law enforcement actions. On the other hand, the Interception of Communications and Surveillance Ordinance (Cap. 589) of Hong Kong regulates only matters such as “postal interception” and “telecommunications interception”, and does not regulate the interception of communication records and personal data stored in media such as web servers. In this connection, will the Government inform this Council:

(1) of the following details of the requests for information disclosure made by the Government respectively in the first and the second halves of 2017 to information and communication technology (ICT) companies (set out the information in a table, broken down by government department):

(i) total number of ICT companies involved,
(ii) names and types of ICT companies involved (e.g. Internet service providers, device producers, social media and search engines),
(iii) total number of requests made,
(iv) total number of user accounts involved,
(v) types of information requested for disclosure (e.g. user names, Internet Protocol addresses and contact methods) and the respective numbers of the requests concerned,
(vi) nature of information requested for disclosure (i.e. metadata and/or content of communication) and the respective numbers of the requests concerned,
(vii) reasons for making the requests concerned (e.g. investigation of cases, law enforcement and other reasons) and the respective numbers of the requests concerned,
(viii) number of requests made under court orders,
(ix) number of requests acceded to, and
(x) reasons why some requests were not acceded to (e.g. the request not made under a court order, failure to provide appropriate legal documents, insufficient justifications, not in compliance with the policies of ICT companies, and other reasons) and the respective numbers of the requests concerned;

if such information cannot be provided, of the reasons for that;

(2) of the following details of the requests for information removal made by the Government respectively in the first and the second halves of 2017 to ICT companies (set out the information in a table, broken down by government department):

(i) total number of ICT companies involved,
(ii) names and types of ICT companies involved,
(iii) total number of requests made,
(iv) volume of information requested for removal,
(v) types of information involved (e.g. videos, text, images) and the respective numbers of the requests concerned,
(vi) nature of information involved (e.g. indecent content, illegal advertisements, copyright infringement and false information) and the respective numbers of the requests concerned,
(vii) reasons for making the requests concerned (e.g. for investigation of complaints, law enforcement and other reasons),
(viii) number of requests made under a court order,
(ix) number of requests acceded to, and
(x) reasons why some requests were not acceded to and the respective numbers of the requests concerned;

if such information cannot be provided, of the reasons for that;

(3) given that information technology is advancing and changing rapidly and the methods adopted by law enforcement agencies for collecting evidence have also changed, whether it has plans to review and amend the relevant laws such as Cap. 589, so as to ensure that members of the public in Hong Kong continue to fully enjoy the rights to freedom of speech and privacy of communication, etc, as safeguarded under Articles 27 to 30 of the Basic Law; and

(4) whether the Government has plans to amend its internal guidelines and codes of practice, so as to regulate the making of requests by various law enforcement agencies for information disclosure and removal (including the aspect of enhancing transparency); if not, of the reasons for that?

Reply:

President,

Having consulted relevant bureaux and departments, our reply to the four parts of the question is as follows:

(1) and (2) Details of the requests for information disclosure and information removal made by the Government to information and communications technology (ICT) companies in 2017 are set out in Table 1 and Table 2 respectively.

(3) According to the Security Bureau, the Interception of Communications and Surveillance Ordinance (Cap. 589) (ICSO) regulates interception of communications and covert surveillance by the four designated law enforcement agencies (LEAs) for prevention and detection of serious crimes and protection of public security. The covert operations regulated by the ICSO do not cover general government LEAs’ requests to the Internet Service Providers during their day-to-day work for information that does not involve non-open communications, such as user information, IP addresses, login records, etc.

The ICSO was amended in June 2016, and the Code of Practice issued by the Secretary for Security under section 63 of the ICSO was also updated in the same month. The Government will closely keep in view the application of the ICSO and has no plan to further amend the ICSO in the near future.

(4) If officers of individual government departments and law enforcement agencies, in carrying out their duties, need to request for information or co-operation from relevant persons or organisations (including ICT companies), they will make the requests in accordance with duty-related laws, procedures or guidelines, and will ensure that relevant requests would only be made when necessary for performing duties. The mechanism and procedures or guidelines above have been functioning properly and effectively. At present, the Government does not have a plan to make any change.

Office Of Hon. Charles Mok, Legislative Councillor (IT)