information security legislation moving ahead information security 2001 professional information...
TRANSCRIPT
![Page 1: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/1.jpg)
Information Security Legislation
Moving ahead Information Security 2001
Professional Information Security Association
Sin Chung Kai
Legislative Councillor (IT)
July 28, 2001
![Page 2: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/2.jpg)
2
A. The “Report”The Inter-departmental
Working Group on Computer Related Crime
Sept 2000
The major review of laws concerning computer crime since 1993
Legislative amendments in the coming year
http://www.info.gov.hk/sb/cr-rpt/report.htm
![Page 3: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/3.jpg)
3
A. The “Report” Comments by professional bodies & associatio
ns http://www.legco.gov.hk/yr00-01/english/panels/se/papers/se_c.htm
Government’s response http://www.info.gov.hk/gia/general/200107/16/0716105.htm
Accept most recommendations from the Working Group
Legislative amendments will be submitted to LegCo in 2001/02
![Page 4: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/4.jpg)
4
Major Recommendations Redefine “Computer” Clarify gray areas in legislation
definition of “computer data” definition of “access to computer” definition of “hacking”
Increase penalties of computer crimes “unauthorized access to the computer” “accessing a computer with the intent to
commit an offence” deception and dishonest intent
![Page 5: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/5.jpg)
5
Controversial Recommendations encrypted computer records
serious offences require judicial scrutiny
Hacking extend jurisdictional rules
![Page 6: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/6.jpg)
6
1. Encrypted computer records Compulsory disclosure of encrypted computer
records law enforcement agencies decryption tool or the decrypted text judicial scrutiny
similar to production order serious offences
maximum penalty on conviction of not less than 2 years
penalty will be in commensurate with the specific offence under investigation
![Page 7: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/7.jpg)
7
Government view law enforcement agencies have to
provide admissible evidence from encrypted data in criminal cases
prove beyond reasonable doubt use the right decryption method
![Page 8: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/8.jpg)
8
Opposite view disclosure of decryption key may make one
incriminating himself threshold of offence carrying maximum
penalty of not less than 2 years is sufficiently high
potential infringement of privacy
![Page 9: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/9.jpg)
9
Overseas Experience prohibit unauthorized encryption
China, Russia & Saudi Arabia provide for mandatory key escrow create the power to require production of
encryption keys by warrant or order Singapore Malaysia UK
![Page 10: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/10.jpg)
10
Implication Information Security professionals may be
required to provide the decryption key under the aforesaid situation.
![Page 11: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/11.jpg)
11
2. Hacking--Existing Law unauthorized access to computer by
telecommunications hacking Telecommunications Ordinance S. 27A
access to computer with a criminal or dishonest intent Crimes Ordinance S. 161
![Page 12: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/12.jpg)
12
2. Hacking--New proposals increase penalty
hacking include a custodial term
accessing a computer with the intent to commit an offence regard to the severity of the offence to be
committed accessing a computer with deception and
dishonest intent maximum penalty:3 years
![Page 13: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/13.jpg)
13
2. Hacking--New proposals extend the jurisdiction
include hacking in Criminal Jurisdiction Ordinance (Cap. 461)
Hackers attacking Hong Kong from foreign countries commit an offence
![Page 14: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/14.jpg)
14
3. Hacking - New proposals implication
unauthorized access to computer by telecommunications
access to computer with a criminal or dishonest intent
The above crimes originated from overseas are offences in HK
![Page 15: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/15.jpg)
15
Legislation in progress Gambling Amendment Bill 2000
![Page 16: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/16.jpg)
16
Other new legislation Smart ID Card
Collection of data Privacy issues
Review of Electronic Transactions Ordinance Enacted Jan, 2000 review within 18 months
![Page 17: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/17.jpg)
17
Overseas Experience Australia European Union US
![Page 18: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/18.jpg)
18
Australia Cybercrime Bill 2001
Amend Criminal Code Act 1995 Crimes Act 1914
enhance investigation powers relating to the search and seizure of electronically stored data
take into account the draft Council of Europe Convention on Cybercrime
http://scaletext.law.gov.au/html/ems/0/2001/top.htm
![Page 19: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/19.jpg)
19
Council of Europe Convention on Cyber-crime
Final Version--29, June, 2001 The first international treaty on cyber crime
http://conventions.coe.int/Treaty/EN/cadreprojets.htm
Request members to criminalize: illegal access illegal interception data interference system interference misuse of devices
hacking tools
![Page 20: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/20.jpg)
20
US HR 1259
Computer Security Enhancement Act of 2001 Expands the National Institute of Standards and
Technology's (NIST) role in promoting computer security.
H Cont. Res 22 Expressing the sense of Congress regarding Int
ernet security and ``cyberterrorism'’ Designates cyberterrorism as an emerging threat
to the national security of the United States; and calls for a revised legal framework for the prosecution of `hackers' and `cyberterrorists’
![Page 21: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/21.jpg)
21
US HRes 12
Opposing the imposition of criminal liability on Internet service providers based on the actions of their users. Opposes foreign governments' attempts to prose
cute or penalize ISPs for content that is protected in the U.S. by the First Amendment, and the idea that ISPs should be held liable for content posted by others.
![Page 22: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/22.jpg)
22
US HR 2136
Confidential Information Protection Act Limits the use and disclosure of personally
identifiable information by federal agencies, and exempts such information from requests made under the Freedom of Information Act.
![Page 23: Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor](https://reader036.vdocuments.site/reader036/viewer/2022062409/5697bfe41a28abf838cb576a/html5/thumbnails/23.jpg)
23
D. Current Legislation in HK Telecommunications Ordinance (Cap 106) Crimes Ordinance (Cap 200) Theft Ordinance (Cap 210) Electronic Transactions Ordinance (Cap 553) Personal Data (Privacy) Ordinance (Cap 468) Copyright Ordinance (Cap 548) Control Obscene and Indecent Article
Ordinance (Cap 390) Gambling Ordinance (Cap 148)