Adjournment Motion – Cyber Security (Andrew Leung)

President, as Chairman of the House Committee, I move the following motion: “That this Council do now adjourn for the purpose of debating the following issue: cyber security”.

At its meeting on 14 June, the House Committee discussed Mr MA Fung-kwok’s proposal of asking an urgent oral question at the Council meeting held today regarding allegations of hacking into computers in Hong Kong by the Government of the United States. According to press reports, Edward SNOWDEN, a former technician of the Central Intelligence Agency (CIA) of the United States, disclosed to the media that since 2009, the National Security Agency (NSA) of the United States had been monitoring the computers in both Mainland China and Hong Kong, and the targets included The Chinese University of Hong Kong, government officials, enterprises and students. The relevant allegations have so far not been denied by the relevant authorities of the United States. Members are of the view that these allegations, which are extremely serious in nature, have a bearing on major public interests, such as cyber security and public privacy. Some members of the public are also concerned whether or not the relevant surveillance programmes are still going on.

In view of the gravity and wide implications of this incident, Members consider that there is an urgent need for the Administration to give a prompt response and explain to the public how it will address the concerns caused by the incident and what measures will be taken to prevent the recurrence of a similar incident to protect public privacy and interest. Members agree that the Legislative Council should follow up the relevant matters expeditiously through various platforms.

In addition to supporting Mr MA Fung-kwok in asking an urgent oral question about this incident, Members also agree that I move this adjournment motion in my capacity as Chairman of the House Committee in this Council meeting to give an opportunity to Members to debate the key issue of cyber security and to the Administration to respond to Members’ and public concerns.

Next I would like to express my personal opinion.

Since the publication by The Guardian of an interview of SNOWDEN, a former employee of the CIA, there has been a query on everyone’s mind about cyber security. Early this week, the media made another revelation that the surveillance incidents disclosed by SNOWDEN were just the tip of the iceberg, because the NSA had been monitoring submarine fibre data for a long time. The news have aroused great concern among Internet users in Hong Kong as well as other parts of the world that their communications with their friends, business partners and clients will be monitored and their personal data and commercial secrets will be leaked.

Like many Hong Kong people, I often rely on the Internet and electronic communications in my daily work. Colleagues in my company will communicate internally and externally through emails. The documents issued by the Legislative Council, my daily communication with assistants, and even the script being read out by me are processed and sent through the Internet. As Hong Kong is a city with freedom of information, it is incumbent upon the Administration to safeguard its cyber security and protect the privacy of Internet users. I hope government officials can clearly explain in their responses later how the ordinary masses and enterprises (especially small and medium enterprises (SMEs)) can be protected and whether communications will be intercepted unlawfully by the authorities and relevant organizations.

Members should still recall the hacking of the HKExnews website of the Stock Exchange of Hong Kong Limited in 2011 and the enhanced security of the relevant website afterwards. This incident has, however, revealed that networks in Hong Kong have all along been monitored by overseas intelligence agency. Even big corporations can hardly protect themselves against cyber intrusion at the national or military level, not to mention ordinary masses and SMEs. Given the new situation, it is imperative for the Government to adopt more proactive measures, employ forward-looking strategies to nip problems in the bud, play the defending role, and put in place a net to ensure cyber security and protect the public and enterprises against external intrusion.

Regarding the allegations that major information technology companies have provided information to the Government of the United States, has the Hong Kong Government investigated whether their Hong Kong-based companies have unlawfully handed data on public privacy and enterprises to overseas governments? What infrastructure facilities have we got to protect Hong Kong people? As a former Chairman of the Hong Kong Productivity Council, I know that the Government has set up the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). In view of the rapid and ever-changing technological developments, the Government must offer assistance to the HKCERT by allocating more resources to enable it to keep abreast of technological developments and upgrade its system, so that it can fulfil its responsibility properly to ensure that Hong Kong remains one of the safest cities in the world.

President, I so submit.