Speech by SITB at Asia-Pacific Computer Audit Conference

********************************************************

Following is the full text of a speech by the Secretary for Information Technology and Broadcasting, Mr K C Kwong, at the 14th Annual Asia-Pacific Computer Audit, Control and Security Conference today (Monday):

Mr Yam, Ladies and Gentlemen,

I am honoured to have the opportunity this afternoon to speak at the 14th Annual Asia-Pacific Computer Audit, Control and Security Conference.

In the Information Age of today, there are few areas in our everyday life which are not touched by information technology in one form or another. The audit, control and security of information systems are thus becoming more and more important as we become increasingly dependent on such systems, not only to run our businesses but also to run our daily life. The holding of this Conference in Hong Kong is particularly timely. This is because we are now planning to launch on-line delivery of Government services, or the Electronic Service Delivery scheme as we call it, and to promote electronic commerce in Hong Kong. The discussions and exchange of views in this Conference will no doubt provide us with useful pointers as to how best to address the complex issues of audit, control and security in such electronic transactions.

First, I would like to talk briefly about the Internet. We have witnessed significant advancement in IT over the past few decades. From the fifties, mainframe and mid-range computers propelled the growth of the economy by automating our business activities. In the eighties, the development of personal computers revolutionised the way we work. In the nineties, the most phenomenal development has been the growth of the Internet as a globally connected network. The Internet exploits the convergence of computing power, telecommunications and multi-media presentation to provide through our personal computers a boundless wealth of information and resources to us. To put the pace of development of the Internet into perspective, let me give you some statistics. It took 38 years before the radio managed to reach an audience of 50 million people. It took only 4 years for the Internet to achieve the same number. Now, the number of Internet users world-wide is estimated at some 100 million. Transactions over the Internet have been surging too. Recent industry estimates suggest that global purchases through the Internet will increase to US$220 billion by 2001. There are now over 640 000 Internet accounts. Bearing in mind each Internet is used by more than one person, there should be nearly 1 million Internet users in Hong Kong.

With the development of the Internet, which operates round the clock and without geographic boundaries, the significance of physical distance and time difference diminishes. Markets all over the world will merge into a single globally connected one. We will as likely compete or cooperate with someone on the other side of the globe as we will with someone we know down the street. We will be able to cross time and geographic boundaries to deliver our goods and services in markets which we were unable to reach in the past. As a result of this revolution, new markets are emerging, presenting new opportunities as well as challenges. And the ability to make the optimum use of IT would be so crucial that we are to seize these new opportunities and to meet the new challenges ahead. And optimum use of IT depends on the provision of adequate audit, control and security in our information systems.

Furthermore, to encourage the community to take part in electronic commerce through the Internet, we must build up people's confidence in such transactions by providing a secure and trustworthy environment for their conduct. Through electronic commerce, there will be an increasing need for us to deal with parties in cyberspace on whom we may not have as much knowledge as we now have when dealing with others in conventional ways. How can we confirm the identity of the opposite party? How can we ensure that our messages to them will not be tampered? And how can we be assured that any personal or financial data which we supply to the other side would not be abused or misused? These are all very important and real questions which, if left unanswered, would undermine people's confidence in transactions over the Internet and impede the development of electronic commerce.

We fully recognise the need for answers to those questions. Thus, to tie in with our efforts to provide Government services on-line and to facilitate the development of electronic commerce in Hong Kong, we consider it necessary to establish a public key infrastructure and local certification authorities to provide trust and security in the conduct of electronic transactions. Specifically, through the use of digital signature and public key encryption, we would be able to identify the party with which we are dealing in cyberspace; we can authenticate the electronic message received; we can have confidence that the confidentiality and integrity of our messages have been maintained; and we can rest assured that the transaction cannot be repudiated.

While we shall leave it to the market to decide on the number of certification authorities to be established in Hong Kong, we accept that Government should take the lead in the establishment of the public key infrastructure. We have therefore invited the Hongkong Post to act as the root certification authority for Hong Kong and to establish the public key infrastructure within 1999. This would tie in with the implementation of the first phase of the Electronic Service Delivery scheme in the Year 2000. We would of course welcome the establishment of certification authorities by other bodies in the private sector to serve the specific needs of their customers.

Through the establishment of a public key infrastructure and the efforts of the business and industry in providing adequate audit, control and security in information systems, we can provide a secure and trustworthy environment for the conduct of electronic transactions and for electronic commerce to flourish in Hong Kong. This is crucial to Hong Kong in retaining its competitiveness in the region and in developing itself into a leading digital city in the globally connected world of the 21st century.

In closing, I would like to thank the Information Systems Audit and Control Association for its efforts and hard work in holding this important Conference in Hong Kong. I am sure the Conference will be a useful and rewarding event for all the delegates.

Thank you.

End/Monday, November 9, 1998

NNNN