Following is a question by the Hon Charles Mok and a written reply by the Secretary for Innovation and Technology, Mr Nicholas W Yang, in the Legislative Council today (February 27):
 
Question:
 
     Regarding the requests made by the Government to information and communication technology (ICT) companies for disclosure and removal of information, will the Government inform this Council:
 
(1) of the following details of the requests for information disclosure made by the Government respectively in the first and the second halves of 2018 to ICT companies (set out the information in a table, broken down by government department):
 
(i) total number of ICT companies involved,
(ii) names and types of ICT companies involved (e.g. Internet service providers, device producers, social media and search engines),
(iii) total number of requests made,
(iv) total number of user accounts involved,
(v) types of information requested for disclosure (e.g. user names, Internet Protocol addresses and contact methods) and the respective numbers of the requests concerned,
(vi) nature of information requested for disclosure (i.e. metadata and/or content of communication) and the respective numbers of the requests concerned,
(vii) reasons for making the requests concerned (e.g. investigation of cases, law enforcement and other reasons) and the respective numbers of the requests concerned,
(viii) number of requests made under court orders,
(ix) number of requests acceded to, and
(x) reasons why some requests were not acceded to (e.g. the request not made under a court order, failure to provide appropriate legal documents, insufficient justifications, not in compliance with the policies of the ICT companies, and other reasons) and the respective numbers of the requests concerned;
 
     if such information cannot be provided, of the reasons for that;
 
(2) of the following details of the requests for information removal made by the Government respectively in the first and the second halves of 2018 to ICT companies (set out the information in a table, broken down by government department):
 
(i) total number of ICT companies involved,
(ii) names and types of ICT companies involved,
(iii) total number of requests made,
(iv) volume of information requested for removal,
(v) types of information involved (e.g. videos, text, images) and the respective numbers of the requests concerned,
(vi) nature of information involved (e.g. indecent content, illegal advertisements, copyright infringement and false information) and the respective numbers of the requests concerned,
(vii) reasons for making the requests concerned (e.g. for investigation of complaints, law enforcement and other reasons),
(viii) number of requests made under a court order,
(ix) number of requests acceded to, and
(x) reasons why some requests were not acceded to and the respective numbers of the requests concerned;
 
     if such information cannot be provided, of the reasons for that;
 
(3) given that information technology is advancing and changing rapidly and the methods adopted by law enforcement agencies for collecting evidence have changed, whether it has plans to review and amend the relevant laws such as the Interception of Communications and Surveillance Ordinance (Cap. 589), to ensure that Hong Kong people continue to fully enjoy the rights to freedom of speech, privacy of communication, etc., as safeguarded under Articles 27 to 30 of the Basic Law;
 
(4) given that quite a number of advanced countries/regions have enacted laws (e.g. the Regulation of Investigatory Powers Act 2000 of the United Kingdom, the Telecommunications (Interception and Access) Act 1979 of Australia and the Communication Security and Surveillance Act of Taiwan) to regulate the access to residents' electronic communication records and personal data by law enforcement agencies, and those countries/regions also require law enforcement agencies to proactively make public, on a regular basis, statistics and reports on access to such information, so as to ensure that there is a certain degree of transparency in law enforcement actions, whereas Cap. 589 of Hong Kong regulates only matters such as "postal interception" and "telecommunications interception" and does not regulate the interception of communication records and personal data stored in media such as web servers, whether the Government has plans to amend its internal guidelines and codes of practice, to regulate the making of requests by various law enforcement agencies concerning information disclosure and removal (including the aspect of enhancing transparency); if not, of the reasons for that; and
 
(5) whether the authorities will proactively and regularly make public, in machine readable format, the statistics and reports on requests for information disclosure and requests for information removal made to ICT companies, so as to enhance the transparency of law enforcement actions; if not, of the reasons for that?
 
Reply:
 
President,
 
     In consultation with relevant bureaux and departments, our reply is as follows:
 
(1) and (2) Details of the requests for information disclosure and information removal made by the Government to information and communications technology (ICT) companies in 2018 are set out in Tables 1 and 2 respectively.
 
(3) The Security Bureau advises that the Interception of Communications and Surveillance Ordinance (Cap. 589) (ICSO) regulates interception of communications and covert surveillance by the four designated law enforcement agencies (LEAs) for prevention and detection of serious crimes and protection of public security. The covert operations regulated by the ICSO do not cover general government LEAs' requests to the Internet service providers during their day-to-day work for information that does not involve non-open communications, such as user information, IP addresses, login records, etc.
 
     ICSO was amended in June 2016, and the Code of Practice issued by the Secretary for Security under section 63 of ICSO was also updated in the same month. The Government will keep in view closely the application of the ICSO and does not have any plan to further amend the ICSO in the near future.
 
(4) If officers of individual government departments and LEAs, in discharging their duties, need to request for information or co-operation from relevant persons or organisations (including ICT companies), they will make the requests in accordance with duty-related legislations, procedures or guidelines, and will ensure that relevant requests would only be made if they are necessary for discharging their duties. The above mechanism and procedures or guidelines have been functioning properly and effectively. At present, the Government does not have any plan to change the above.
 
(5) Regarding the requests made by the Government to ICT companies for disclosure and removal of information, no relevant statistics and reports are provided in machine-readable format at present. Provided that it will not affect future investigation and enforcement actions, the Government will consider disseminating regularly relevant data in machine-readable format having regard to specific circumstances.

Ends/Wednesday, February 27, 2019
Issued at HKT 12:58

NNNN