Following up the matter on Mr SNOWDEN’s disclosure of the  United States Government's hacking into the computer systems in Hong Kong (2013/07/17)

Deputy President, Mr SNOWDEN has already left Hong Kong, but the "PRISM programme" he had disclosed, in which the intelligence agencies of the United States (US) implement surveillance of the general public, has left behind quite a number of warnings and points to ponder for Hong Kong. When the matter was first disclosed, the Government's reply just kept saying that the computer systems of the Government had not been under alicious attack, the Hong Kong Internet Exchange of The Chinese University of Hong Kong was operating properly, cyber security was safeguarded in Hong Kong, and we had in place a series of ordinances to safeguard people's privacy. Nevertheless, all these answers have failed to address people's concern. The US employed cover-up measures to hack into Hong Kong's computer systems, naturally such hacking activities would hardly leave any traits. Hence, the motion today, which urges the SAR Government to request clarification from the US Government, so as to safeguard the security of cyber communications in Hong Kong, and ensure the protection of Hong Kong people's privacy, is indeed worthy of our support.

We are now in the midst of the Big Data era, leaving behind footprints of our lives everywhere on the Internet, thereby increasing greatly the risk of our personal data being leaked out. Some of the data which were considered as non-privacy-related have changed substantially. By analysing information like clients' consumption patterns, daily life habits, access locations, and so on, data companies can categorize their clients for marketing and trailing purposes. The "PRISM programme" disclosed by Mr SNOWDEN makes use of covered-up measures and loopholes in telecommunications products to monitor the privacy of the general public; besides, renowned telecommunications enterprises are also required to share information with the Government. In fact, as early as in 2008 some media in the US have already reported that the intelligence work of the US Government were not relying so much on spies as in the past, with 90% of their intelligence originating from open information published on various media.

This year, the academic journal Scientific Reports publishes the outcomes of a latest study, pointing out that if so long as a certain mobile phone user has appeared in four access points, researchers can make use of the big data to analyse and compute the data to identify the relevant user from millions of other users, and the accuracy of such analysis can be as high as 95%. From this we can see that with well-developed technologies, the fragmented information of an individual can still be consolidated easily for other's uses without employing any spying strategies. So, we can justly assume that the security of cyber communications in Hong Kong and protection of personal privacy are at risk. As such, the Government should never adopt an indifferent attitude in this regard.

With the cloud computing technology becoming more common, data information can even break through physical constraints and become more easily accessible. Under such circumstances, the rights to data information are not very equitable. While the Government and large enterprises are already in a better position to collect various kinds of information from clients, the clients are helpless in this regard. In order to legalize the information collected with the help of innovative technologies, Internet companies tend to amend their rules and regulations to make it difficult for their clients to make judgment. Last year, Google updated its privacy policy. Judging from the surface, the new provisions are to give clients greater convenience in using the company's services, but the information monitoring agency of the European Union (EU) has rolled out a combined proceedings operation against this privacy policy, pointing out thatGoogle's new privacy policy has violated EU's Privacy Protection Act. The privacy protection departments of the United Kingdom, Germany and Italy have contacted the company to urge it to amend the controversial policy on client's privacy rights.

Deputy President, information technology was first developed by the US, and most of the computer systems, office software and anti-virus software we use are programmed by US companies, if the engineers developing the products are from the same source as the hackers with special background, the hackers will know of the loopholes in the systems, as well as the ways to hack into the system without alerting the victims. Hence, in order to prevent Hong Kong's information from leaking out, the safest way is to use the software developed locally. The other day, more than a dozen Internet organizations held a press conference to urge the Government to take the lead in using original software developed locally, pointing out that Hong Kong already has in place our own world-class cyber security technologies and anti-network surveillance technologies. I give them my support. Now that we already have developed our own mature and reliable technologies, the Government should take the lead in using the locally developed products. The Government should also encourage enterprises of various sizes to use such products, and proactively develop cyber security infrastructure.

Deputy President, under the "one country, two systems" framework, Hong Kong has been playing the role as Mainland China's south door and upholding the free economy principle; as such, commercial and political forces from different directions all wish to obtain various types of information in Hong Kong. In addition to implementing appropriate regulation and enhancing security measures, the Government should also change its regional concept proactively and seek co-operation opportunities with countries and regions on good terms with us. Through exchanging information with these countries and regions, the overnment should seek to better understand the latest intelligence, exercise adequate judgment in respect of the cyber world, master new technologies, new policies and new trends promptly, and amend the relevant laws and regulations timely. It is my hope that by implementing the series of measures referred to just now, Hong Kong can avoid being used by international cyber criminals as a channel for violating people's privacy and stealing confidential information, while the people of Hong Kong can enjoy genuine protection for their privacy.

Deputy President, I so submit.