LCQ14: Government's requests for Internet service providers to disclose or remove users' information
************************************************************

     Following is a question by the Hon Charles Mok and a written reply by the Acting Secretary for Commerce and Economic Development, Mr Godfrey Leung, at the Legislative Council meeting today (February 19):

Question:

     According to the Transparency Report published biannually by Google, an Internet search-engine service provider, the Hong Kong Government made 253 requests to the company for disclosure of its users' information in the first half of 2013, but about two-thirds of such requests were not acceded to by the company. In addition, the Law Enforcement Requests Report published by Microsoft, a computer technology company, indicated that the company received 597 requests for disclosure of its users' information from the Hong Kong Government during the same period, and it provided part of its users' information in response to about 80% of such requests. In this connection, will the Government inform this Council:

(1) of the details of the requests made by government departments to various types of Internet service providers/Internet platforms/web sites (collectively referred to as "service providers") for disclosure of their users' information since February 2013, including:
(i) names of service providers (if such information can be provided);
(ii) types of service providers;
(iii) types of requests;
(iv) whether content information was included;
(v) amount of information requested;
(vi) number of accounts involved;
(vii) reasons for making the requests;
(viii) details of the information requested;
(ix) whether the requests were made under a court order;
(x) dates on which the requests were made;
(xi) deadlines for processing the requests (regardless of whether such requests were acceded to or not);
(xii) whether the requests were acceded to by service providers; and
(xiii) reasons given by service providers for not acceding to the requests, with a breakdown by name of government department (if such information cannot be provided, of the reasons for that);

(2) of the details of the requests made by government departments to service providers for removal of their users' information since February 2013, including:
(i) names of service providers (if such information can be provided);
(ii) types of service providers;
(iii) types of requests;
(iv) amount of information requested for removal;
(v) number of accounts involved;
(vi) reasons for making the requests;
(vii) details of the information requested for removal;
(viii) whether the requests were made under a court order;
(ix) dates on which the requests were made;
(x) deadlines for processing the requests (regardless of whether such requests were acceded to or not);
(xi) whether the requests were acceded to by service providers; and
(xii) reasons given by service providers for not acceding to the requests, with a breakdown by name of government department (if such information cannot be provided, of the reasons for that);

(3) of the details of the internal guidelines and mechanisms under which requests are made by government departments/law enforcement agencies to service providers for disclosure or removal of users' information; whether the authorities conducted any review on such guidelines last year, in particular whether they will consider requesting service providers for such information only if there is no intrusion into commercial secrets and personal privacy; if they did, of the details; if not, the reasons for that; and

(4) whether the authorities will make public the mechanisms currently in place for monitoring requests made by government departments/law enforcement agencies to service providers for disclosure or removal of users' information, and whether they will regularly publish the information mentioned in (1) and (2), so as to increase the transparency of the Government's work; if they will, of the details; if not, the reasons for that?
 
Reply:

President,

     Regarding the four-part question, the Administration's reply is as follows:

(1) Details of the requests made by government departments to service providers for disclosure of their users' information since February 2013 are listed in Table 1.

(2) Details of the requests made by government departments to service providers for removal of their users' information since February 2013 are listed in Table 2.

(3) & (4) In carrying out their duties, the officers of individual government departments (including law enforcement agencies) may request for information or co-operation from the relevant persons or organisations (including Internet service providers/Internet platforms/web sites) in accordance with the relevant laws and established procedures or guidelines as and when necessary. Such requests are mainly related to crime prevention and detection as well as law enforcement. The government departments and law enforcement agencies concerned will ensure that these requests are made only when necessary for the purpose of performing duties. Since the existing mechanism functions effectively, we do not think it is necessary to review the relevant procedures/guidelines.

Ends/Wednesday, February 19, 2014
Issued at HKT 12:53

NNNN