02/18/2003

(Clearwisdom.net) By issuing only a bare-bones outline of its proposed national security legislation, the government has only heightened the current sense of insecurity in the local information technology (IT) industry.

Although most concerns over the impending Article 23 legislation are focused on its effect on freedom of speech, the media and political and religious rights, its impact on the technology industry has been barely touched upon. In fact, the Blue Bill, as published before the Legislative Council last week, makes no mention of the harm the legislation could do to local telecom or Internet businesses.

One of the few people to have spoken up on the issue has been Sin Chung-kai, the democratic legislator representing the IT sector. Last year, Mr Sin warned that "if there are areas where normal operations of IT business would be likely affected under the proposal, then the government has to communicate it very clearly and put in place adequate safeguards in law to allay our fears. Otherwise, not only will the new law pose a threat to the free flow of information in cyberspace, it also makes a further blow to the already sluggish IT industry".

Well, you can forget about looking for adequate safeguards. From the sketchy information that can be gleaned from the proposal, it would appear that the government has completely ignored Mr Sin's warning. Perhaps it did not take him seriously? Mr Sin also warned that as the September 11 terrorists honed their flying skills with Microsoft's FlightSim, cyber cafes could become targets as potential terrorist breeding grounds. The prospect of computer-gamers being prosecuted for sedition is slight, but it remains a possibility that the proposals do not rule out. One thing Hong Kong does not need is a vision of mass police raids on local cyber cafes to pounce on young geeks suspected of playing potentially seditious games.

As Mr Sin observed, Article 23 legislation must address the concerns of the IT industry. But the proposals offer nothing but a huge, gaping pit of uncertainty.

What little we have seen of the National Security Bill completely ignores the Internet. It just does not exist.

The only reference to technology is the suggestion that disseminating state secrets illegally obtained by hacking could land you in jail. Hacking, of course, is already illegal.

The proposed law over incitement to commit treason, subversion or secession, which has raised great concern in the publishing industry, ignores the Internet, although the rules would presumably apply. Old World publishers have been given a "public interest" escape clause, but not Internet publishers, who have been ignored.

An optimist might hope this is a conscious decision by the government, recognising the minefield it would be entering if it attempted to enforce its standards on cyberspace.

Unfortunately, [...] sooner or later the government will be forced to confront the issue, [...] [If, for example] a local Web site publishes a "seditious" statement, the government will again be caught fumbling for a response while looking for someone to blame. Over the years, the government has established a pattern of leaving Internet censorship to the individual. Essentially, it recognises that Hong Kong is too small a place to police-force the Net.

The same principle applies to companies that host or publish information online. Web hosting businesses, mobile phone operators, publishers and Internet Service Providers (ISPs) cannot possibly police the data posted or accessed by their customers. Aside from the practicality of monitoring the vast volumes of data processed every day, there is the issue of respecting the confidentiality of clients' data to consider. How many companies would be content to know their files were being read by their bandwidth supplier? Of equal importance is the natural concern of hosting firms that once they start censoring their clients' data, they will be held accountable for all of it.

There have been cases of ISPs removing libellous or pornographic data on the advice of the police, but that, strictly speaking, should be the full extent of an ISP's involvement.

Meanwhile, the popularity of personal publishing, in the form of Web logs, mailing lists and personal home pages, means a growing number of individuals will be at risk of prosecution for breaking laws that do not clearly address their culpability.

Asking Internet publishers or their hosts to decide whether a document has been illegally obtained or whether it could incite subversion is impractical and unreasonable.

Attempting to regulate and control the flow of online information is a futile exercise. Unlike print publications, the Internet was built to withstand a nuclear attack, so it can certainly withstand localised legislation.

When the time comes for Legco to debate the proposed law, let us hope they will be able to address the fears of Mr Sin's IT constituency by removing all of the uncertainties thrown up by the Blue Bill. The law should be written clearly in Legco, rather than left for the courts to interpret.