LCQ21: Government's requests for information disclosure and removal to Internet service providers
************************************************************

     Following is a question by the Hon Charles Peter Mok and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (January 27):

Question:

     According to the Government Requests Report published biannually by Facebook, Inc., which operates an Internet social networking platform under the same name, the Hong Kong Government made 71 requests, involving 239 accounts, to the company for disclosure of its users' information (requests for information disclosure) in the first half of 2015. The numbers of such requests and the accounts involved were respectively 82 per cent and 368 per cent higher than those in the preceding half year, and more than half of such requests were not acceded to by the company. Moreover, the Transparency Report published biannually by Google, an Internet search-engine service provider, indicated that the company received from the Hong Kong Government 246 requests, involving 402 accounts, for information disclosure in the first half of 2015, yet the company acceded to only 35% of those requests. In this connection, will the Government inform this Council:

(1) why the number of requests for information disclosure made by the Government to Facebook, Inc. in the first half of 2015 and the number of accounts involved were significantly higher than those in the preceding half year; of a breakdown of the number of such requests by government department; the legal bases and considerations (including but not limited to the facts and legal bases) for making such requests;

(2) whether government departments are required to obtain the relevant court orders before making requests for information disclosure; if so, of the details; of the internal guidelines and mechanism based on which government departments make such requests;

(3) of the biannual numbers of requests for information disclosure made by the Government to Internet service providers/Internet platforms/web sites (collectively referred to as "service providers") from 2011 to 2015, and the nature of the information involved (i.e. whether requests were made for providing metadata and/or content of communication), with a tabulated breakdown by government department; if it cannot provide such information, of the reasons for that;

(4) of the biannual numbers of requests made by the Government to service providers from 2011 to 2015 for removal of their users' information (requests for information removal) and the number of service providers involved, with a tabulated breakdown by government department; if such information cannot be provided, of the reasons for that;

(5) of the details of the requests for information disclosure made by the Government to service providers since February 2015, including:
(i) names and types of service providers,
(ii) total number of service providers,
(iii) dates on which the requests were made,
(iv) the last dates on which the requests were processed (irrespective of whether such requests were acceded to or not),
(v) types of requests made,
(vi) number of requests made, with a breakdown by reason (e.g. for investigation of cases, law enforcement and other reasons),
(vii) total number of requests made,
(viii) number of requests made under a court order,
(ix) number of accounts involved,
(x) volume of information requested for disclosure,
(xi) nature of information requested for disclosure (i.e. requests for providing metadata and/or content of communication),
(xii) number of requests acceded to, and
(xiii) number of requests not acceded to, with a breakdown by reason received (e.g. the request was not made under a court order, failure to provide appropriate legal documents, insufficient justifications, not complying with the policies of service providers, and other reasons),
with a tabulated breakdown by government department; if such information cannot be provided, of the reasons for that;

(6) of the details of the requests for information removal made by the Government to service providers since February 2015, including:
(i) names and types of service providers,
(ii) total number of service providers,
(iii) dates on which the requests were made,
(iv) the last dates on which the requests were processed (irrespective of whether such requests were acceded to or not),
(v) types of requests made,
(vi) number of requests made, with a breakdown by reason (e.g. for investigation into copyright infringement, sale of obscene and indecent articles, auction and sale of unregistered commodities, etc., and other reasons),
(vii) number of requests made under a court order,
(viii) number of accounts involved,
(ix) volume of information requested for removal,
(x) nature and details of information requested for removal,
(xi) number of requests acceded to, and
(xii) number of requests not acceded to, with a breakdown by reason received (e.g. the request was not made under a court order, failure to provide appropriate legal documents, insufficient justifications, not complying with the policies of service providers, and other reasons),
with a tabulated breakdown by government department; if such information cannot be provided, of the reasons for that;

(7) given that according to the information published in the Korea Internet Transparency Report, the Ministry of Science, ICT and Future Planning of Korea and the Korea Communications Standards Commission have proactively released statistics on the requests made by the Korean Government to service providers for disclosure/removal of users' information, and that the Taiwanese Government has also progressively released the relevant statistics, whether the Government will consider making similar arrangements for the release, in a unified manner, of the numbers of such requests made by various government departments, so as to increase the transparency of the Government's work; if it will, of the details; if not, the reasons for that;

(8) as a member of the public has relayed to me that when he enquired with certain government departments about the records on the requests they made to service providers for information disclosure/removal, the departments concerned indicated that no such records were maintained, and when he subsequently made enquiries again under the Code on Access to Information, he was only provided with part of the information; furthermore, some members of the public have pointed out that the replies given by different government departments on one same enquiry were contradictory and the bases for the replies were different, of the Government's justifications for claiming that the relevant mechanism has all along been functioning effectively; whether the Government has reviewed the practices currently adopted by various government departments for maintaining records and disclosing information; if it has, of the details; if not, the reasons for that; and

(9) given that the Innovation and Technology Bureau has already been established, whether the Government will scrutinise if the procedures adopted by various government departments for making requests to service providers for information disclosure/removal are consistent with the principle of providing a fair and open business environment to the information technology sector, and if such procedures have invaded the privacy of members of the public; whether the Government will discuss with service providers to allow government departments to make public the information about the service providers involved in such requests; if it will, of the details; if not, the reasons for that?

Reply:

President,

     Regarding the nine-part question, having consulted the relevant bureaux and departments, our reply is as follows:

(1), (5) and (6) Details of the requests for information disclosure and information removal made by the Government to Internet service providers/Internet platforms/web sites (service providers) (including Facebook) since February 2015 are set out in Table 1 and Table 2 respectively.

(3) and (4) The biannual numbers of requests for information disclosure and information removal made by the Government to service providers and the nature of information sought during the period from 2011 to 2015 are set out in Table 3 and Table 4 respectively.

(2), (7) to (9) In carrying out their duties, if the officers of individual government departments and law enforcement agencies need to request for information or co-operation from the relevant persons or organisations (including service providers), it is mainly related to crime prevention and detection as well as law enforcement.  They will ensure that these requests are made only when necessary for performing duties. They will also make the request in accordance with duty-related laws, established procedures or guidelines, including the Personal Data (Privacy) Ordinance and the relevant code of practice/guidelines.

     When handling work-related records, government departments will retain the records in accordance with the guidelines stipulated in the Records Management Manual issued by the Government Records Service for future reference and as official evidence. The guidelines cover the creation, handling, custody, retention and disposal of records to ensure their proper management and protection. The guidelines are applicable to all work-related records, including the records on requests made by government departments to Internet service providers. If a request for information is received from the public, the government department will process the request in accordance with the Code on Access to Information.

     Since the above mechanisms and guidelines are functioning effectively, we do not think it is necessary to put in place separate procedures for Internet service providers.

Ends/Wednesday, January 27, 2016
Issued at HKT 14:33

NNNN