Skip to content

有緊急法律疑難?請立即致電 (852) 3416 1711 與本行聯繫。

Cybercrime review is long overdue

By Alex Liu

Hong Kong, 6 September 2022: It is obvious to many that Hong Kong’s laws to combat cybercrime are badly outdated. This city completed its last review of online security more than two decades ago, since when the digital revolution has transformed almost every aspect of our lives. So new proposals to introduce specific legislation against cybercrime are both welcome and overdue.

The Law Reform Commission (LRC) has published a consultation paper which recommends introducing a string of new cybercrime offences and giving courts scope to hand out tougher penalties, including life imprisonment in the most serious cases.

Background

Currently, there is no single ordinance in Hong Kong which deals specifically with cybercrime. Until now, law enforcement officers have relied chiefly on Section 161 of the Crimes Ordinance (Cap 200), for the offence of “access to a computer with criminal or dishonest intent”, and section 27A of the Telecommunications Ordinance (Cap 106), forbidding “unauthorized access to any program or data held in a computer”. It is worth noting that Section 161 was enacted in 1993, a time when the internet was only in its formative stages and before the advent of smartphones and social media.

But then came a landmark decision by the Court of Final Appeal in April 2019 which ruled Section 161 did not apply to the use by a person of his or her own computer, including a smartphone. Until that point, Section 161 had been used to prosecute a wide range of smartphone and computer-related crimes, including the taking of up-skirt photos. The need for new legislation was clear.

In fact, the LRC’s Sub-committee on Cybercrime had commenced its study three months before that key judgment, seeking to identify the challenges posed by rapid developments in cybercrime, review existing legislation and make recommendations. In doing so, it examined the regulatory regimes in seven other jurisdictions, namely Australia, Canada, England and Wales, Mainland China, New Zealand, Singapore and the United States.

Proposals

After three and a half years of deliberations, the LRC has produced its consultation paper. At the heart of this document is the suggestion that new legislation should be enacted to cover five types of offences, namely:

  1. illegal access to program or data;
  2. illegal interception of computer data;
  3. illegal interference of computer data;
  4. illegal interference of computer system; and
  5. making available or possessing a device or data for committing a crime.

The paper recommends maximum penalties of two to 14 years’ imprisonment for most offences – compared with two to five years under existing laws – while summary convictions could result in a sentence of up to two years. However, for “aggravated offences”, such as illegal interference with computer data or a computer system, the highest penalty could be life imprisonment.

Given the nature of cybercrime, Hong Kong would be justified in giving the new laws extra-territorial application, says the LRC. As an illustration, the courts here may assume jurisdiction if the perpetrator’s act has caused or may cause serious damage to Hong Kong.

The LRC has stopped short of allowing whistle-blowers who expose wrongdoing to rely on a public interest defence. It maintains that a “reasonable excuse” defence allows courts flexibility to determine what may or may not be acceptable by reference to societal standards. However, it is seeking industry stakeholders’ views on whether there should be any specific defence or exemption for certain professionals or businesses, for example cybersecurity personnel.

It is also worth noting the LRC’s Sub-committee on Cybercrime began its study well over a year before enactment of the national security law in the summer of 2020. “The duty of Hong Kong to safeguard national security reaffirmed the need for reform of cybercrime laws in Hong Kong and the sub-committee has taken this into consideration in its pursuit of the cybercrime project,” says the consultation paper.

Comments

In drafting its recommendations, the LRC has weighed the need to protect the public’s interest and right not to be attacked when using their computer system against the rights of netizens and the interests of persons in the IT industry. In short, it is seeking a balance between effective law enforcement and safeguarding individual rights. The consultation period, which ends on 19 October, is a welcome opportunity for industry stakeholders to have their say.

A Partner in BC&C since 2000, Alex Liu’s key areas of practice include commercial and corporate litigation, investigations by governmental bodies such as the SFC, ICAC and Commercial Crime Bureau, insolvency and debt restructuring, intellectual property, defamation, property and commercial contract drafting. He can be contacted at alex@boasecohencollins.com.

按此了解本行逾37年的專業法律經驗。

本行的律師團隊友好親切、平易近人,樂於解答您的疑問,並為您提供合理的建議。

聯繫我們

BC&C-contact-us

新聞及知識

了解更多關於本行的工作和其他資訊。訂閱本行的企業通訊,以確保您收到我們的最新消息。

  • This field is for validation purposes and should be left unchanged.

Tears of joy … and frustration

Hong Kong, 28 September 2022: “Laugh, and the world lau […]

Read more

Criminal Law Lecture returns in style

Hong Kong, 26 September 2022: A large audience and a br […]

Read more

特拉維夫會議的召開,意味聯盟業務復常

香港,2022年9月21日:國際事務律師所聯盟上週於特拉維夫舉行歐洲、中東及非洲區域會議。我們的合伙人廖健昇律 […]

Read more

A fond farewell and a rugby revival

Hong Kong, 14 September 2022: Debt, illness, quarrels a […]

Read more

Avoiding a bitter aftertaste

By Arthur Chan Hong Kong, 9 September 2022: If there ha […]

Read more