Law Reform Commission proposes new law to fight cybercrimes
Introduction
On 20 July
2022, the Cybercrime Sub-committee of the Law
Reform Commission (the “Sub-committee”)
published a consultation paper on cyber-dependent crimes and jurisdictional issues
(the “Consultation Paper”). The
Consultation Paper focused on cyber-dependent crimes, making preliminary
proposals for law reform to address the challenges to protection of
individuals’ rights caused by the rapid developments associated with
information technology and the potential for information technology to be
exploited for carrying out criminal activities. The
consultation period will end on 19 October 2022.
Background
The Consultation
Paper identified the following cyber-dependent offences as the core species of
cybercrime recognised globally:
1. illegal access to program or data;
2. illegal interception of computer data;
3. illegal interference of computer data;
4. illegal interference of computer system; and
5. making available or possessing a device or data for committing a
crime.
Currently, Hong
Kong does not have a specific ordinance that is designated for cybercrime
solely. The cyber-related offences are scattered in the Crimes Ordinance (Cap.
200) (“CO”) and the Telecommunications
Ordinance (Cap. 106) (“TO”). Some of
the offences are outdated.
The Consultation Paper examined the laws of other jurisdictions,
including but not limited to Australia, Canada, England and Wales and the
United States of America and concluded that such jurisdictions have either enacted bespoke cybercrime legislation or
dedicated a part of their codified law to cybercrime. As such, the Sub-committee proposed that a
new legislation focusing on cybercrime in Hong Kong should be enacted.
Recommendations
of the Sub-committee
In view of the
above, the Sub-committee has made the following recommendations in response to
each of the abovementioned cyber-dependent offences.
Illegal access
to program or data
Section 161 of
the CO provides that it is an offence to obtain access to a computer with
criminal or dishonest intent. It is held in Secretary
for Justice v Cheng Ka Yee (鄭嘉儀) [2019] HKCFA 9 that it is not applicable to (i) the use of one’s
own computer to set up a phishing website; and (ii) upskirting using one’s own
smartphone. On the other hand, section 27A of the TO has a narrower application
that the unauthorised access to a computer must be obtained by the use of
another telecommunications device (i.e. another computer).
Taking into
account the nature of the virtual space, the authorisation to access program or
data is implicitly granted by an online user, the Sub-committee proposed: (i)
to make mere unauthorised access a summary offence subject to a statutory
defence of reasonable excuse; and (ii) it shall constitute an aggravated
offence if such unauthorised access is with intent to carry out further
criminal activity.
Illegal interception of computer data
Pursuant to
section 27(b) of the TO, any person is guilty of an offence if he/she damages,
removes or interferes with a telecommunication installation with intent to
intercept or discover the contents of a message. Since the TO came into force in 1960s, the
relevant expressions were initially referred to telephones and yet with the advancement
in technology, a computer can now amount to a telecommunication installation as
well. However, the TO does not apply to cyberspace, nor metadata.
In order to
better safeguard the integrity of communications, the Sub-committee recommended
that unauthorised interception, disclosure or use of computer data (including
metadata) should be an offence and such provision shall not limit to protecting
private communications, but also general communications.
Illegal
interference of computer data
Interference of
computer data (eg Hacking) is treated as a form of criminal damage under
sections 60(1) and (2) of the CO and it is considered by the Sub-committee to
be satisfactory. However, it is also suggested that intentional interference
(damaging, deletion, deterioration, alteration or suppression) of computer data
without lawful authority or reasonable excuse should be an offence.
Illegal
interference of computer system
Similar to
interference of computer data, interference of computer system (e.g. DDoS –
Distributed Denial of Service) is also treated as a form of criminal damage
under the CO. The Sub-committee recommended that the new provisions regarding
illegal interference of computer system be phrased in the same way as those for
illegal interference of computer data.
Making available
or possessing a device or data for committing a crime
Under section 62
of the CO, it prohibits the custody or control of anything intended for use in
destroying or damaging property. However, the current provision does not
differentiate between things that can be used for both legitimate and
illegitimate purposes and things with only illegitimate uses. In addition, in
deciding whether a person with custody or control of a thing in question is
liable depends largely on the person’s intent. The subjective nature of a
person’s mental state may give rise to evidentiary issues in enforcement.
As such, the
Sub-committee proposes that the offence shall be applicable to a device or
data so long as its primary use (which will be determined objectively) is to
commit an offence.
Sentencing
Considering the
nature and consequences of the five offences are different, the Sub-committee
proposes that each of the five offences shall have two maximum sentences, one
to summary conviction and the other one to the convictions on indictment. It is
proposed that offences should have a maximum sentence of 2 years’ imprisonment
on summary conviction and 14 years’ imprisonment for convictions on indictment.
Takeaway
In view of the increasing
number of cybercrimes in Hong Kong, it is contemplated that a new piece of
bespoke legislation on cybercrime would provide more tools to the law
enforcement agencies to prosecute against criminal activities in the cyberspace
and provide better protection towards the right of netizens and persons in the
information technology industry.
For enquiries,
please feel free to contact us at: |
E: technology@onc.hk T: (852)
2810 1212 19th Floor, Three Exchange Square, 8 Connaught
Place, Central, Hong Kong |
Important: The law and procedure on
this subject are very specialised and
complicated. This article is just a very general outline for reference and
cannot be relied upon as legal advice in any individual case. If any advice
or assistance is needed, please contact our solicitors. |
Published by ONC Lawyers © 2022 |