************************************************************
Following is a question by the Hon Charles Peter Mok and a written reply by the Secretary for Commerce and Economic Development, Mr Gregory So, in the Legislative Council today (February 11):
Question:
According to the Transparency Report published biannually by Google, an Internet search-engine service provider, the Hong Kong Government made 359 requests to the company for disclosure of its users' information (requests for information disclosure) in the first half of 2014, but about half of such requests were not acceded to by the company. In addition, the Law Enforcement Requests Report published by Microsoft, a computer technology company, indicated that the company received 229 requests for information disclosure from the Hong Kong Government during the same period, and it provided part of its users' information in response to about 85 per cent of such requests. In this connection, will the Government inform this Council:
(1) of the annual numbers of requests for information disclosure made by the Government to Internet service providers/Internet platforms/web sites (collectively referred to as service providers) and the nature of the information sought (whether requests were made for providing metadata and/or content of communication) during the period from February 2011 to September 2014, with a breakdown by government department; if such information cannot be provided, of the reasons for that;
(2) of the annual numbers of requests made by the Government to service providers for removal of their users' information (requests for information removal) and the number of service providers involved during the period from February 2011 to September 2014, with a breakdown by government department; if such information cannot be provided, of the reasons for that;
(3) of the details of the requests for information disclosure made by the Government to service providers since October 2014, including:
(i) names and types of service providers,
(ii) total number of service providers,
(iii) dates on which the requests were made,
(iv) deadlines for processing the requests (irrespective of whether such requests were acceded to or not),
(v) types of requests made,
(vi) reasons for making the requests,
(vii) number of requests made,
(viii) number of requests made under a court order,
(ix) number of accounts involved,
(x) amount of information requested,
(xi) nature of information requested (whether requests were made for providing metadata and/or content of communication),
(xii) number of requests acceded to, and
(xiii) reasons given by service providers for not acceding to the requests,
with a tabulated breakdown by government department; if such information cannot be provided, of the reasons for that;
(4) of the details of the requests for information removal made by the Government to service providers since October 2014, including:
(i) names and types of service providers,
(ii) total number of service providers,
(iii) dates on which the requests were made,
(iv) deadlines for processing the requests (irrespective of whether such requests were acceded to or not),
(v) types of requests made,
(vi) reasons for making the requests,
(vii) number of requests made,
(viii) number of requests made under a court order,
(ix) number of accounts involved,
(x) amount of information requested for removal,
(xi) nature and details of information requested for removal,
(xii) number of requests acceded to, and
(xiii) reasons given by service providers for not acceding to the requests,
with a tabulated breakdown by government department; if such information cannot be provided, of the reasons for that;
(5) as a member of the public has relayed to me that he had enquired with certain government departments about the records on the requests they made to service providers for information disclosure/removal but such departments indicated that no such records were maintained, and it was not until he subsequently made further enquiries under the Code on Access to Information that he was provided with part of the information by the departments concerned, whether the authorities have reviewed the practices currently adopted by various government departments for maintaining these records; if they have reviewed, of the details; if not, the reasons for that; and
(6) whether it will consider (i) establishing a separate department dedicated to scrutinising the procedures adopted by various government departments for making requests to service providers for information disclosure/removal, (ii) establishing a unified application system to facilitate the compilation of relevant statistics, and (iii) discussing and agreeing, before making the requests, with service providers on whether the Government can make public the information on the service providers involved in such requests; if it will consider, of the details; if not, the reasons for that?
Reply:
President,
Regarding the six-part question, the Administration's reply is as follows:
(1) The annual numbers of requests for information disclosure made by the Government to service providers and the nature of information sought during the period from February 2011 to September 2014 are listed in Table 1.
(2) The annual numbers of requests made by the Government to service providers for removal of their users' information and the number of service providers involved during the period from February 2011 to September 2014 are listed in Table 2.
(3) Details of the requests for information disclosure made by the Government to service providers since October 2014 are listed in Table 3.
(4) Details of the requests for information removal made by the Government to service providers since October 2014 are listed in Table 4.
(5) When handling work-related records, government departments will retain the records in accordance with the guidelines stipulated in the Records Management Manual issued by the Government Records Service for future reference and as official evidence. The guidelines cover the creation, handling, custody, retention and disposal of records to ensure their proper management and protection. Since the guidelines are applicable to all work-related records, including the records on requests made by government departments to Internet service providers (ISPs), we do not think it is necessary to put in place separate handling procedures for such records.
(6) In carrying out their duties, the officers of individual government departments and law enforcement agencies may request for information or co-operation from the relevant persons or organisations (including ISPs) as and when necessary in accordance with the laws, established procedures or guidelines related to their duties. Since the existing mechanism functions effectively, we do not think it is necessary to establish a separate department or put in place separate procedures.
Ends/Wednesday, February 11, 2015
Issued at HKT 18:13
NNNN