A proposed law to clamp down on cybercrimes must enjoy a “long-arm jurisdiction” to cover offences outside Hong Kong and be able to compel technology giants to assist in investigations, legislators have said.
The lawyers overseeing the effort said the proposed offences should in principle allow for extraterritorial reach if a case involved a Hong Kong victim or affected the city, but they added that more research was needed to determine how it would be enforced.
The discussion took place at a Legislative Council meeting on Monday, where legislators and legal experts discussed the Law Reform Commission’s proposal to create five specific new offences to rein in cyber-dependent crimes.
The five crimes, proposed in July, would be illegal access to a programme or data, computer data interception and interference, computer system interference, and provision or possession of devices or data for criminal purposes.
Beijing loyalist lawmaker Junius Ho Kwan-yiu argued at the Legco meeting that the proposed law would be useless if it could not be applied to companies based overseas.
“I don’t care if Google or Twitter’s data is stored in California or Alaska. Would you require all internet service providers to keep a copy of their data in our city if they want to operate here?” he asked.
“This is how to give the law some teeth, otherwise the law could be well-written with gates and walls made of metal, but with a back door made of straw.”
Legislator Carmen Kan Wai-mun agreed the proposed law must allow Hong Kong to have extraterritorial jurisdiction because the internet world was “boundless”.
The national security law imposed by Beijing two years ago, which outlaws acts of secession, subversion, terrorism and collusion with foreign forces, also has a long-arm element designed to cover offences committed outside Hong Kong.
Leung also defended the need to create a new law with the five new offences, even though the criminal activities involved were covered by existing legislation, as cybercrimes posed challenges for internet service providers, users and police.
“Technological developments related to computers and the internet have been rapid, and were used in criminal activities, so we wanted to look from a criminal law perspective, how personal rights and law enforcement were being challenged,” he said.
“Many other jurisdictions, including Australia, Canada … and China, have already enacted laws to prohibit the five types of crimes we proposed.”
The subcommittee also proposed that when a criminal act was so serious it endangered lives, a sentence of life imprisonment would be imposed, in line with the present penalty for criminal damage.
Leung added the recommendations on cyber-dependent crimes were only the first of a three-part project, which will also deal with cyber-enabled crimes. The problems of enforcement procedure and jurisdiction would be discussed in the third instalment, he added, but did not outline a timetable.
Lawmaker Eunice Yung Hoi-yan, of the New People’s Party, suggested that rather than focusing on cybercrimes, the commission should consider looking at areas such as cyber and data security.
But Wesley Wong Wai-chung, secretary general of the commission, explained that cybercrime was also a broad topic, with the city’s Security Bureau also looking at a cybersecurity bill to protect key infrastructure and public services.