South China Morning Post
Advertisement
Advertisement
Hong Kong national security law (NSL)
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Could those who take reasonable steps to protect their computers fall afoul of the national security law for Hong Kong? Photo: Reuters
OpinionLetters

Letters | Where does Hong Kong’s national security law leave information security?

  • With police allowed to intercept communications, it is unclear how IT consultants should handle spyware found on client’s computers, or how the law applies to researchers outside Hong Kong who publish findings related to malicious software
Hong Kong national security law (NSL)
Letters
Letters
Why you can trust SCMP

Dear Carrie Lam,

Are we guilty of obstruction of the lawful exercise of powers by the police when antivirus software on our computers finds and deletes spyware that has been legally installed by the police under the provision on “interception of communications” in the national security law?

If I, as an information technology consultant, find spyware on a customer’s computer, what should I do? How do I determine whether it was legally installed by the police, or illegally installed by a criminal?

Information security researchers recognise that some malicious software is beyond the development capabilities of individuals or even criminal gangs, and must have been developed by nation states or their agents. In 2011, the Chinese Defence Ministry revealed that it had a “cyber blue team” for self defence, but denied having offensive capabilities. Any offensive capability is therefore a state secret.

Article 38 of the national security law allows non-Hong Kong residents to be prosecuted for acts outside Hong Kong. What assurance can you offer to information security researchers who analyse malicious software found outside Hong Kong, and publish their results for the better protection of information systems worldwide, that they would not be arrested on arrival in Hong Kong and prosecuted in a secret trial?

05:50

What you should know about China's new national security law for Hong Kong

What you should know about China's new national security law for Hong Kong
The provisions of the national security law appear to have been drafted in ignorance of information security (“Hong Kong police granted sweeping new powers under national security law”, July 7).

If we take reasonable steps to secure our computers and devices, we are at risk of inadvertently breaking this law. It is regrettable that there was no public consultation where these problems could have been raised before it was hastily passed and promulgated.

Allan Dyer, Wong Chuk Hang

Post