Hong Kong Police Made Thousands of Personal Data Requests With No Judicial Oversight

Editor's note: Despite the lip service given to adopting the principle of transparency in Internet governance, there are no official procedures that government agencies must follow when requesting user data and content deletion from Internet service and content providers. In 2013, the Hong Kong Police Force made 7,462 requests for user data under the pretext of “crime investigation”, yet the process was not monitored by any judicial bodies. Worst still, government officials refused to review the existing practice when confronted by a legislative council member.

The report below was originally written by Michelle Fong and published on inmediahk.net in Chinese on February 19, 2014. It was translated into English by Alpha Au.

The Head of Hong Kong Police Force is watching you. Image from inmediahk.net's Facebook page.

The Head of Hong Kong Police Force is watching you. Image from inmediahk.net's Facebook page.

Among all of Hong Kong's government agencies, the police force made the most user data requests and the Department of Health made the most content deletion requests to Internet service and content providers (ISPs and OSPs) last year. This information was revealed when Legislative Councillor Charles Mok demanded that the government disclose the information to the public on February 19, 2014.

It was found that the Hong Kong government submitted 7,462 requests in 2013, involving 6,099 Internet users. Only some of the requests made by the Hong Kong Police Force obtained court orders, but the government refused to reveal the exact number of cases that involved court orders.

Godfrey Leung, the Secretary of the Commerce and Economic Development Bureau, openly refused to review the existing information request system and rejected the idea of publishing a transparency report for the public regarding government requests made to ISPs and OSPs. Disappointed by Godfrey Leung's response, Charles Mok said, “If the government refuses to release a regular annual report, I will file the same set of questions every year in the Legislative Council.”

During the council meeting on February 19, 2014, Mok asked the government to reveal the number of government requests made to ISPs and websites and services related to user data and content deletion. According to the government document, between February 2013 and February 2014, the Hong Kong government made 5,507 requests for user data, which involved 5,541 Internet users.

More than 82 percent of the total requests – 4,557 requests – came from the Hong Kong Police Force. They claimed that the requests were made “to prevent and detect high technology and Internet crime” as they were handling 5,212 cases of high technology crime in the same period. However, only a portion of the requests was made under court order, and not all the requests were acceded to by service providers. The government provided no further details on the exact number of court orders and request rejections.

The Customs and Excise Department came in second with 873 user data requests made to “prevent and detect crime”. It is worth noting that 70 requests were made by the Office of Communications Authority, a department that is responsible for Internet governance. They asked for the email registrant's real name, address, phone number as well as the registration date and status, message sent records and related IP addresses, claiming that the information was needed for “investigating unsolicited electronic messages”, i.e. spam. The 70 requests involved 106 users, again without any court order. All the requests made by these two departments were approved. Other user data requests came from the Inland Revenue Department and Companies Registry.

A total of 1,955 content deletion requests were made from six government departments, involving 558 Internet users. The Drug Office and the Chinese Medicine Division from the Department of Health demanded the deletion of 1,321 and 210 content items respectively, accounting for 80 percent of the total number of content deletion requests. The reason was “suspected auction or sale of unregistered proprietary Chinese medicines”. All their requests were approved. The Customs and Excise Department also asked OSPs to delete 391 content items, including webpages, user accounts and hyperlinks, to “combat of intellectual property infringement offense”.

Last year, Mok also asked the Hong Kong government to disclose the data of requests made to ISPs and OSPs between February 2010 to the February 2013. Over those three years, the government had made more than 14,000 user data requests and 7000 content deletion requests.

Currently, there is no guideline for government departments for filing user data and content deletion requests, and most ISPs and OSPs do not issue transparency reports that inform the public on government monitoring and surveillance activities.

2 comments

  • n 2013 Google received more than 4 times more requests for user data from the Hong Kong government, than it did in 2010. For this reason, we have built the Hong Kong Transparency Database for anyone interested in researching requests made by the Hong Kong government to Internet service providers, either asking for users’ information or for the removal of content. It combines data from company’s transparency reports which have reported on Hong Kong government’s request since 2010, with the data attentively collected directly from the Hong Kong government departments by Charles Mok and the Hong Kong Transparency Report (a project by the Journalism and Media Studies Centre, of the University of Hong Kong).

    Each visual and table from the database is available as an embed for journalists. Feel free to use the database for embeds in your work or just as a research tool on this topic.

    Here’s the link to Ebola Outbreaks Database: http://hong-kong-transparency-report.silk.co/

Join the conversation

Authors, please log in »

Guidelines

  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.