Letters | Where does Hong Kong’s national security law leave information security?
- With police allowed to intercept communications, it is unclear how IT consultants should handle spyware found on client’s computers, or how the law applies to researchers outside Hong Kong who publish findings related to malicious software
Dear Carrie Lam,
If I, as an information technology consultant, find spyware on a customer’s computer, what should I do? How do I determine whether it was legally installed by the police, or illegally installed by a criminal?
Information security researchers recognise that some malicious software is beyond the development capabilities of individuals or even criminal gangs, and must have been developed by nation states or their agents. In 2011, the Chinese Defence Ministry revealed that it had a “cyber blue team” for self defence, but denied having offensive capabilities. Any offensive capability is therefore a state secret.
05:50
What you should know about China's new national security law for Hong Kong
If we take reasonable steps to secure our computers and devices, we are at risk of inadvertently breaking this law. It is regrettable that there was no public consultation where these problems could have been raised before it was hastily passed and promulgated.
Allan Dyer, Wong Chuk Hang