{"id":365,"date":"2010-06-21T03:25:17","date_gmt":"2010-06-21T03:25:17","guid":{"rendered":"http:\/\/rigf.asia\/?page_id=365"},"modified":"2024-01-25T06:49:59","modified_gmt":"2024-01-25T06:49:59","slug":"hong-kong-igf-june-17th-2010-session-3","status":"publish","type":"page","link":"https:\/\/event.rigf.asia\/2010\/hong-kong-igf-june-17th-2010-session-3\/","title":{"rendered":"Hong Kong IGF \u2013 June 17th, 2010: Session 3"},"content":{"rendered":"<p><span class=\"highlight\">Security, Openness and Privacy<\/span><\/p>\n<p>________________________________________________________________________<\/p>\n<p> REAL TIME TRANSCRIPT:  Security, Openness and Privacy<\/p>\n<p>                        Hong Kong IGF<br \/>\n                        14:30-17:00, Thursday 17 June 2010<br \/>\n                        Hong Kong<\/p>\n<p>DISCLAIMER: Due to the inherent difficulties in capturing a live<br \/>\n            speaker&#8217;s words, it is possible this realtime transcript may<br \/>\n            contain errors and mistranslations. An edited version of the<br \/>\n            realtime transcript which amends the inherent errors, will<br \/>\n            be posted later. LLOYD MICHAUX and APrIGF accept no<br \/>\n            liability for any event or action resulting from the<br \/>\n            contents of this transcript.<\/p>\n<p>________________________________________________________________________<\/p>\n<p>&gt;&gt; :  Our session will soon begin.<\/p>\n<p>Please be seated.<\/p>\n<p>Welcome back, this session is about issues of<br \/>\non-line security, openness and privacy.<\/p>\n<p>May I now invite Mr Ken Ngai, Project Manager of be<br \/>\nnet wise internet education campaign and Mr Stephen Lau,<br \/>\nchairman of the organising committee, to start the<br \/>\nsession for us.<\/p>\n<p>Mr Lau and Mr Ngai, please.<\/p>\n<p>&gt;&gt; Stephen Lau:  Thank you.<\/p>\n<p>Ken and I are co-moderating this, because we have<br \/>\na good panel and we just want to ensure that logistics<br \/>\nare well covered.<\/p>\n<p>If you recollect that this morning, Mr Markus Kummer<br \/>\ndid talk about in IGF, there are a number of major<br \/>\nissues which are usually covered in the annual IGF<br \/>\nforum, the global one.<\/p>\n<p>This is a Hong Kong IGF conference and I think it&#8217;s<br \/>\nonly relevant that we use the same categories, the same<br \/>\nissues, to look at these issues in the light of the<br \/>\nspecificity relating to Hong Kong.<\/p>\n<p>We have access and diversity and now this is about<br \/>\nsecurity, openness and privacy.<\/p>\n<p>I just want to mention that the issues of security,<br \/>\nopenness and privacy on-line context, are interwoven,<br \/>\nwith proposal to strike a balance between them.<\/p>\n<p>This session will examine in practical and policy<br \/>\nmaking level, how to balance access to knowledge,<br \/>\nfreedom of expression and also of equal importance, the<br \/>\nintellectual property rights in the virtual world, from<br \/>\nthe perspective of scholars, academics, practitioners,<br \/>\ntaking a 360 kind of perspective.<\/p>\n<p>We will cover the practical aspects of the<br \/>\ncoordination, to secure the network, for example, to<br \/>\nfight spam, relationship to issues relating to openness,<br \/>\nlike the open architecture of the internet and cyber<br \/>\nsecurity, cyber crime, identity theft, identity fraud<br \/>\nand information leakage.<\/p>\n<p>Other issues child protection on line &#8212; it&#8217;s a very<br \/>\nwide scope in terms of security, openness and its<br \/>\nlinkage and interaction with privacy, all interacting.<\/p>\n<p>We do actually have, as I said, an illlus introduce<br \/>\nco-moderator, we have to speakers and three panellists.<\/p>\n<p>May I just very briefly, for the sake of time,<br \/>\nbecause the CVs and bios are in our programme<br \/>\npublication in the booklet.<\/p>\n<p>Briefly, on my right-hand side, Mr Ken Ngai, who is<br \/>\nthe Website Director for Hong Kong Federation of Youth<br \/>\nGroups.  He&#8217;s responsible for all technical aspects of<br \/>\nthe website development for the group and also in terms<br \/>\nof engaging youth on-line.<\/p>\n<p>He&#8217;s also the Project Manager for a well-known<br \/>\nproject in Hong Kong, which is the largest internet<br \/>\neducation campaign called Be Netwise in Hong Kong that<br \/>\nwas funded by the Hong Kong Government.<\/p>\n<p>On my left is Mr Micheal Jackson, name very easy to<br \/>\nremember, associate professor in the faculty of law of<br \/>\nthe Hong Kong University.  He specialises in criminal<br \/>\nlaw and procedures, equity and trust and cyber crime.<\/p>\n<p>Very active in the local and the regional legal<br \/>\nscene, including as a membership of our law reform<br \/>\ncommission.<\/p>\n<p>On his left is Mr Nigel Mendonca, regional director<br \/>\nfor Symantec Host Services in Asia, responsible for<br \/>\nmanaging all sales across corporate and enterprise<br \/>\naccounts, as well as partnership accounts.<\/p>\n<p>He is in Hong Kong for many years, so can provide<br \/>\na very relevant perspective to the issues we are<br \/>\ndiscussing specific for Hong Kong.<\/p>\n<p>As for our three panellists in that order, Priscilla<br \/>\nLiu, director of Against Child Abuse in Hong Kong, since<br \/>\n1983.<\/p>\n<p>Responsible not only in managing the agency, but<br \/>\nalso supervising advocacy of children&#8217;s right and<br \/>\nprotection to ensure their rights are our community.<\/p>\n<p>She has numerous awards and recognitions in<br \/>\nHong Kong and internationally.<\/p>\n<p>Just to include one, for example, the Hong Kong<br \/>\nhumanity award for 2009.<\/p>\n<p>On her right is Charles Mok.  Charles, I don&#8217;t think<br \/>\nhe needs much introduction, but everybody here doesn&#8217;t<br \/>\nneed much production.  There&#8217;s a protocol.  He&#8217;s<br \/>\nexecutive director of Computer Society Ltd and Media and<br \/>\nInternet Consulting Company.<\/p>\n<p>He&#8217;s chairman of Internet Society in Hong Kong, as<br \/>\nwell as honorary past president of the Hong Kong<br \/>\ninformation technology federation, a well recognised<br \/>\nprofessional in ICT in Hong Kong and in the region.  He<br \/>\nhas many community roles, including member of the<br \/>\nHong Kong Government&#8217;s digital 21 strategy advisory<br \/>\ncommittee, as well as a member of the consumer council<br \/>\nand also you should all know that he&#8217;s an active<br \/>\nblogger.<\/p>\n<p>Finally and not the least, Mr Anthony Fung, from<br \/>\nMicrosoft.  He&#8217;s the regional investigation manager,<br \/>\nparticular in the investigation of cyber crime and also<br \/>\nvery well experienced for the job for his current<br \/>\nposition as a former Hong Kong Police inspector.<\/p>\n<p>We have a very knowledgeable moderator, we have to<br \/>\neminent speakers and three notable panellists.<\/p>\n<p>Let me kick-start this.<\/p>\n<p>Earlier on, I mentioned about this session, which is<br \/>\nsecurity, openness and privacy.<\/p>\n<p>They are all interlinked, how are they interlinked<br \/>\nif what are the dependencies in what are the implication<br \/>\non each other?  I think it will be really relevant to<br \/>\nhave our moderator expert in this to provide a short<br \/>\npresentation to set the scene, to understand what we are<br \/>\ngoing to talk about and then we go into depth with our<br \/>\nspeakers and our panellists.<\/p>\n<p>&gt;&gt; Ken Ngai:  Thank you.<\/p>\n<p>As Stephen mentioned, we are going to cover this<br \/>\ntopic, actually three distinct words, security, openness<br \/>\nand privacy.<\/p>\n<p>This seems to be very distinct, but actually they<br \/>\nare interlinked and today I want to start off with some<br \/>\nvery short presentations about some phenomenons happens<br \/>\nin Hong Kong.<\/p>\n<p>So that we can start our discussions.<\/p>\n<p>Same as the other sections, that if anybody from the<br \/>\nfloor would like to express your idea, feel free, either<br \/>\nin Cantonese or English, whatever language that you feel<br \/>\ncomfortable.<\/p>\n<p>First, openness.<\/p>\n<p>I would like to show you some examples.  This is one<br \/>\nof the screen captures that a got from a very common,<br \/>\npopular website in Hong Kong.  You probably know this<br \/>\nwebsite already.<\/p>\n<p>It seems, I would say seems, it&#8217;s a girl of 18 years<br \/>\nold calling for a sex partner.  This sort of message is<br \/>\nposted in the website without any barriers, anybody can<br \/>\nsee it, can view it, can participate, can respond.<\/p>\n<p>Another website screen is about a girl stating, she<br \/>\nsaid that she involved in compensated dating.<\/p>\n<p>She talk about her experience, her 10 experience<br \/>\nwith taking this kind of trade activities, shall we<br \/>\ndescribe it.<\/p>\n<p>The third case I would like to share with you is<br \/>\nsomething I think everybody knows about this case, cyber<br \/>\nbullying case, basically a lady is not happy with what<br \/>\nthe pricing of the shop and then she post some<br \/>\nvideolinks on the web and eventually, she got the<br \/>\nbullied by other people for her act.<\/p>\n<p>All her personal information were revealed on the<br \/>\nwebsite afterwards and she cannot stop the attempt.<\/p>\n<p>Another thing I would like to highlight here is in<br \/>\nthe website, in actually is what we call exhibition of<br \/>\nspiral of silence on the web.<\/p>\n<p>What I mean is because many people actually on the<br \/>\nweb think that they are minority or they don&#8217;t know<br \/>\neither they are minority or they are majority.  So when<br \/>\nthey express their view, they&#8217;re not sure if they will<br \/>\nget attacked or they are the minority or majority.<\/p>\n<p>A fear is about this.<\/p>\n<p>Peel will be unwilling to publicly express their<br \/>\nopinion if they believe they&#8217;re in the minority.<\/p>\n<p>They will also be more vocal if they believe Tai are<br \/>\npart of the majority.<\/p>\n<p>Thus, more marginalised you become and less you<br \/>\nspeak and so spiral into a fully marginal position I did<br \/>\nsome sort of research and I show you some status I cans<br \/>\nlater on.<\/p>\n<p>Here is another within site called she.com.<\/p>\n<p>What I would like to show you is the number of views<br \/>\nthat you can see.  The number of views is 2,200<br \/>\nsomething, by actually there are only over 600 replies.<\/p>\n<p>Over the 600 reply, actually only 35 people involved<br \/>\nin this.<\/p>\n<p>It generate a lot of response, it generate a lot of<br \/>\nopinions and if you count it, from these 2,000 views,<br \/>\nminus this 35 people, actually over 2,000 from other<br \/>\npeople, I suppose.<\/p>\n<p>Probably their views, their opinions are largely<br \/>\ndriven by these 35 people.<\/p>\n<p>I&#8217;ll show you another example here.<\/p>\n<p>This is another forum.  Start from April 15<br \/>\nto April 21.  We see total views is over 18,000 and<br \/>\ntotal number of replies 255.<\/p>\n<p>Only 200 something people reply, you United Kingdom<br \/>\nuser replies.<\/p>\n<p>Again, there are over 18,000 views, actually not<br \/>\ngenerated from these users, are others.<\/p>\n<p>When we express our opinion, it&#8217;s a large number of<br \/>\npeople getting affected, but not the original users, but<br \/>\nothers, just readers.<\/p>\n<p>Another one, same thing happens.  About 6,000 views<br \/>\nwith only 28 unique users.<\/p>\n<p>If you are good eyesight, you probably can see the<br \/>\ntopic, what they describe.<\/p>\n<p>It&#8217;s in Chinese, but I state that it&#8217;s a question<br \/>\nasked if someone want to rape his sisters.<\/p>\n<p>So this is the thread topic to discuss.  So you see<br \/>\na lot of people get involved in viewing of this content,<br \/>\nbut not actually involved in give out their opinions.<\/p>\n<p>Again, this is the same thing, same situation.<\/p>\n<p>Same thing happens.<\/p>\n<p>Again, here, another blog.  This blog is from<br \/>\nI think it&#8217;s a girl.  She actually post in her blog<br \/>\nabout her experience of abortions.<\/p>\n<p>I don&#8217;t have the statistic how many people actually<br \/>\nhas viewed this, but this is quite popular, because when<br \/>\nI search this, this rank quite high in the search<br \/>\nengine.<\/p>\n<p>This one recently happened.  It&#8217;s a friends page in<br \/>\nFacebook.  Having a group of people actually saying that<br \/>\nhow they want to harm themselveses and they cut their<br \/>\nhands with cutters and so on.<\/p>\n<p>I block some very bloody pictures.  If you want to<br \/>\nsee, I will show you later.<\/p>\n<p>If we see that there are about 500 people join in as<br \/>\nfriends and I didn&#8217;t count how many people actually post<br \/>\nphotos there.<\/p>\n<p>From here, we can see I think in Hong Kong, nobody<br \/>\nwill deny that we are open to content.  People can post<br \/>\nvery open content, any kind of content that we are able<br \/>\nto put it on the web.<\/p>\n<p>The second thing that we are going to discuss is<br \/>\nabout the privacy issues.<\/p>\n<p>I think most of you here, I suppose, over<br \/>\n90 per cent of you here, will have a Facebook account.<\/p>\n<p>But I doubt how many of you actually has viewed the<br \/>\nprivacy setting of Facebook.<\/p>\n<p>How many of you actually can understand what that<br \/>\nmeans to you?<\/p>\n<p>You know the privacy setting has been changing.<br \/>\nI think the last change happened in April.<\/p>\n<p>When we, most of us here, for example, don&#8217;t know<br \/>\nwhat that means to us, how do we configure to the way<br \/>\nthat we want?<\/p>\n<p>I show you one more statistic.  This I grab from<br \/>\nFacebook.  From the statistic, that have over<br \/>\n400 million active users already in the world.<\/p>\n<p>Over 50 per cent of active users log-on to Facebook<br \/>\non any given day.<\/p>\n<p>On average, every people has about 130 friends on<br \/>\nFacebook.<\/p>\n<p>Actually, we can see from esface book it is<br \/>\ncollecting a lot of policy information and we don&#8217;t know<br \/>\nhow we control it and Facebook has the legal<br \/>\nestablishment in Hong Kong.<\/p>\n<p>How do we control?  How do we protect ourselves,<br \/>\nwhat information that we should disclose to other<br \/>\npeople?<\/p>\n<p>It&#8217;s a great question, that we probably need to<br \/>\naddress.<\/p>\n<p>Activity on Facebook, I&#8217;m going to cover later.<\/p>\n<p>Platform.<\/p>\n<p>Facebook as everybody knows, this is a great<br \/>\nplatform for people to interact and for marketers.<br \/>\nA lot of marketers nowadays target very much on Facebook<br \/>\nmarketing, more than traditional marketing.<\/p>\n<p>What marketers or Facebook developer actually can<br \/>\nretrieve from your Facebook account, we don&#8217;t know.  I&#8217;m<br \/>\ngoing to show you a little bit about this.<\/p>\n<p>Facebook define their own social on-line privacy.<\/p>\n<p>But it is not according to our ordinance in<br \/>\nHong Kong or other ordinance in other part of the world.<\/p>\n<p>Do we need to redefine what privacy is about?<br \/>\nBecause this is actually a dynamic thing that changing<br \/>\nmaybe every year, every two years, privacy means<br \/>\ndifferent things.<\/p>\n<p>Do we need to redefine it?<\/p>\n<p>Lastly, the security risks.  I like to do it<br \/>\na little different.  I try to define it.  It&#8217;s current<br \/>\nof occurrence of an event beyond our expectations, in<br \/>\nterms of the adverse consequences, especially adverse<br \/>\nconsequences, if it is not, we probably likely happen,<br \/>\nbut some sort of risk that we don&#8217;t want it to happen<br \/>\nand beyond our control.<\/p>\n<p>If it happens, actually beyond our capability to<br \/>\nmanage.<\/p>\n<p>There are human and technical risks on-line.<\/p>\n<p>Many of you probably can have involved before in<br \/>\nFacebook games, Facebook survey, for example.<\/p>\n<p>But are these just games?<\/p>\n<p>Actually, these games developed through this game to<br \/>\naccess to some of your information.<\/p>\n<p>I like to show a little bit more to you.<\/p>\n<p>For example, I think many of you will see this icon<br \/>\nbefore.  This big thumb here: like.<\/p>\n<p>Everybody thinks I click it because I like this.<\/p>\n<p>But what&#8217;s behind the scene is our information is<br \/>\npassed on to this website particular and passed onto the<br \/>\ndeveloper and they know who actually has pressed this<br \/>\nbutton.<\/p>\n<p>Facebook through this can actually collect a lot of<br \/>\nintelligence, maybe product intelligence, know what you<br \/>\nlike, because Facebook also got all the other personal<br \/>\ninformation from you.  So that they can better prepare<br \/>\nthemselves for any marketing campaign, targeted directly<br \/>\nto you or to your friends.<\/p>\n<p>Here is one discussion about Facebook leaked user<br \/>\nnames, user ID, personal details to advertisers.<\/p>\n<p>As for developer, probably to know, Facebook has<br \/>\nanother mark up language, of course Facebook query<br \/>\nlanguage, from which actually a developer can, through<br \/>\nFacebook interface, to access some of the user<br \/>\ninformation, such as, for example, when you get involved<br \/>\ninto Facebook game, they know you play the game and they<br \/>\ncan also access your friends list, for example.<\/p>\n<p>You cannot imagine, when I play the game, it&#8217;s<br \/>\njust &#8212; it&#8217;s not just you, your friends get involved<br \/>\ntoo.<\/p>\n<p>Social engineering is very getting popular in the<br \/>\nworld.<\/p>\n<p>This is one quiz happened on Facebook a while ago<br \/>\nbefore.<\/p>\n<p>I put this as an example here, to show you what&#8217;s<br \/>\nactually behind it that they can do about it.<\/p>\n<p>Apparently this quiz is actually just test your<br \/>\nknowledge, how secure your password is.<\/p>\n<p>But at the end of the day, if they get this<br \/>\ninformation, actually they can, through this, to do some<br \/>\nsort of social engineering by statistics, Sam data<br \/>\nmining techniques and then they can filter out those who<br \/>\nhave very weak password and then they can start off the<br \/>\nattempt.<\/p>\n<p>I actually have tried to cover a little bit about<br \/>\nthese three words in three sequence of slides and then<br \/>\nI think we can start our discussions.<\/p>\n<p>Let me pass the time to Mr Nigel.<\/p>\n<p>&gt;&gt; Stephen Lau:  Ken, you have given us a short, but very<br \/>\ninformative look at these three issues of security,<br \/>\nprivacy and openness, through websites and web pages to<br \/>\ndemonstrate its effect and, both in positive, as well as<br \/>\nMostly so far, in terms of the negative impact, in those<br \/>\nthree areas.<\/p>\n<p>There is an opening statement to get give you a feel<br \/>\nof what you are talking about.<\/p>\n<p>Now let&#8217;s look deeper in some of the issues with our<br \/>\ntwo speakers.<\/p>\n<p>The first one is from Nigel Mendonca, who<br \/>\nI understand will speak on development in the on-line<br \/>\nthreat landscape and methods of protecting individuals<br \/>\nand organisations against them.<\/p>\n<p>&gt;&gt; Nigel Mendonca:  Thank you.<\/p>\n<p>Good afternoon, ladies and gentlemen, thank you for<br \/>\nyour time this afternoon.<\/p>\n<p>Just very quickly, Symantek Hosts Services is the<br \/>\nsoftware as a service business unit of Symantec and the<br \/>\nreason that that&#8217;s important is because of the or<br \/>\nrelevant is because there&#8217;s a very rapidly changing<br \/>\nlandscape in on-line threats and the technology that we<br \/>\nuse and that a number of other companies similar to us<br \/>\nare starting to deploy more rapidly, is really all about<br \/>\ndeploying technology, information and technology from<br \/>\nthe internet to a machine dynamically in real time, as<br \/>\nopposed to having that information sit on the machine<br \/>\nitself.<\/p>\n<p>From a security point of view, for example, we run<br \/>\na global network of data centres that has access to<br \/>\nrealtime information.  We have a huge amount of<br \/>\nlegitimate and illegitimate information, harmful<br \/>\ninformation, going through our data centre network on<br \/>\na global basis.  We process around about between 6 and<br \/>\n9 billion emails every single day through our data<br \/>\ncentres.<\/p>\n<p>If you accept the fact that over 9 a per cent of all<br \/>\nemails around the world in the internet are spam these<br \/>\ndays, that means that there&#8217;s an awful lot of spam and<br \/>\nmalicious content that goes through our data centres on<br \/>\na daily basis.<\/p>\n<p>What that means for us &amp; Cos like us that are<br \/>\nproviding internet based technology or you might have<br \/>\nheard the term cloud computing or hosted services.  What<br \/>\nthat means is that we have the ability to dynamically<br \/>\ncapture those new and emerging threats in realtime and<br \/>\ndeliver the most up to date realtime protection to all<br \/>\nof the companies and individuals that are using our<br \/>\ntechnology.<\/p>\n<p>The differences that the traditional way of<br \/>\nproviding information, security, internet security is by<br \/>\nhaving what is called signature based technology<br \/>\nresiding on the machine itself.<\/p>\n<p>So if you&#8217;re an individual, it resides on your PC.<br \/>\nIf you&#8217;re an organisation, it resides on your servers<br \/>\nand then every single time a new type of internet<br \/>\nthreat, whether it&#8217;s a new spam technique or whether<br \/>\nit&#8217;s a new virus technique is detected, then the<br \/>\nsecurity company responsible for managing that has to<br \/>\nwrite a patch, specifically to protect against that new<br \/>\nthreat, has to do the testing and then deploys it to all<br \/>\nof their end users &amp; Cos around the world and then<br \/>\neventually, you are protected against that new threat.<\/p>\n<p>That update timeframe can take anywhere from<br \/>\na couple of hours to a couple of days.<\/p>\n<p>The whole thing about the cyber crime industry is<br \/>\nthat it&#8217;s an incredibly rapidly moving industry, so<br \/>\nreally that window of vulnerable from the time a new<br \/>\nthreat is released into the marketplace, until the time<br \/>\nthat that consumer and businesses are protected against<br \/>\nthat, that is specifically targeted.  That window is<br \/>\nspecifically targeted by all the cyber criminals<br \/>\nglobally and really they can do an awful lot of damage<br \/>\nin the space of just a few hours.<\/p>\n<p>Globally, we are seeing a significant trend towards<br \/>\ncloud computing or software as a service based<br \/>\ntechnology, because it offers companies and individuals<br \/>\nthe ability to be protected, a lot more comprehensively<br \/>\na lot quicker.<\/p>\n<p>From Symantec&#8217;s point of view, we have a huge data<br \/>\ncentre network, as I said, we process between 6 and<br \/>\n9 billion emails every single day and we scan around<br \/>\na billion websites every day.<\/p>\n<p>We protect around 9.2 billion end users across our<br \/>\n14 data centres globally.<\/p>\n<p>What that give us is a unique ability to see a huge<br \/>\namount of new and emerging threats and be able to<br \/>\nprotect organisations and individuals in real time, but<br \/>\nalso to provide a lot of insight into the new and<br \/>\nemerging threats.<\/p>\n<p>We work proactively with other organisations in our<br \/>\nindustry as well as industry bodies and government<br \/>\nbodies to help try and update and protect and educate<br \/>\nthe markets to try and stem the tide that seems to be<br \/>\nreally proliferating through the internet.<\/p>\n<p>If we go to the next slide.<\/p>\n<p>Really, what we are seeing, some of the key trends<br \/>\nthat we are seeing in the internet threat landscape are<br \/>\nmore sophisticated email threats, so if you look back<br \/>\nprobably even as little as three or four years ago, over<br \/>\n9 a per cent of emails, malicious emails or viruses,<br \/>\nI should say, were delivered as email attachments.<\/p>\n<p>So you receive an email, you open up the attachment<br \/>\nand all of a sudden your machine is infected.<\/p>\n<p>These days, over 90 per cent of malicious software<br \/>\nor malware as it&#8217;s called is delivered via an internet<br \/>\nlink within the email, the URL link.  So that&#8217;s probably<br \/>\none of the biggest changes.<\/p>\n<p>Why that is significant is there is a convergence of<br \/>\nemail threats and web threats, because all of those URL<br \/>\nlinks take the user to a malicious website.  It&#8217;s not<br \/>\njust a malicious email, it&#8217;s a malicious website as<br \/>\nwell.<\/p>\n<p>Again, a new an emerging trend over the last few<br \/>\nyears is that previously, malicious websites in the<br \/>\nmarket tended to be reasonably obvious.  So they might<br \/>\nhave been questionable websites, whether it was gambling<br \/>\nwebsites or pornographic websites or different things<br \/>\nlike that.<\/p>\n<p>These days, there are more and more legitimate<br \/>\nwebsites being comp miced.  So people browsing the web,<br \/>\ncompletely legitimately, going to their banking website<br \/>\nor going to a shopping website or might be an<br \/>\nentertainment website, a news website even, there&#8217;s more<br \/>\nand more businesses having their legitimate websites<br \/>\nbeing compromised and hosting malware on those websites.<\/p>\n<p>If you go back to the email scenario, it doesn&#8217;t<br \/>\nhave to be somebody deciding to buy some pharmaceuticals<br \/>\non line or a university degree on-line or something<br \/>\nquestionable like that.  It can be something that looks<br \/>\ncompletely legitimate and they click on the link to go<br \/>\nto what they think is a legitimate website and all of<br \/>\na sudden, it&#8217;s taking them to a malicious website and<br \/>\nbefore they know it, they are infected.<\/p>\n<p>The other things that we are seeing are more and<br \/>\nmore instant messaging is certainly a growing trend in<br \/>\nthe consumer space, but it&#8217;s becoming more and more<br \/>\npopular for businesses and business use as well.<\/p>\n<p>The cyber criminals, because most businesses now<br \/>\nhave a reasonably good level of protection for stop<br \/>\nemail threats and web threats, the cyber criminals are<br \/>\nseeing instant messaging as I guess a gap in their<br \/>\ntechnology and protection armour and they are targeting<br \/>\ninstant messaging for the same sorts of things, viruses<br \/>\nand what they call spim.<\/p>\n<p>I have spoken about the websites as well.<\/p>\n<p>It really is a converging threat landscape.<\/p>\n<p>The bad guys out there, the cyber criminals are<br \/>\ntargeting multiprotocol technologies, so as a consumer<br \/>\nor as a business, we highly recommend that organisations<br \/>\nstart to think about multi-protocol protection as well,<br \/>\nbecause, really, it&#8217;s a bit of a game of cat and mouse,<br \/>\nthe cyber criminals versus the security companies and<br \/>\nthe cyber criminals are really trying to target the path<br \/>\nof least resistance and any vulnerable that they will<br \/>\nsee they will target it as best they can in the shortest<br \/>\npossible time and as soon as a defence comes up against<br \/>\nthat, they will target something else.<\/p>\n<p>If we go to the next slide, some of the things that<br \/>\nwe are seeing in our annual intelligence report, we saw<br \/>\nlast year over 73 million different types of malicious<br \/>\nsoftware and these are not just different downloads or<br \/>\ndifferent instances of malware, they are actually<br \/>\ndifferent types.<\/p>\n<p>For a security company to protect you against this,<br \/>\nthey need to issue 73 million different patches.  That<br \/>\ngives you an understanding of the sizeable task that<br \/>\nwe&#8217;re up against.<\/p>\n<p>We stopped over 60 billion different types of spam<br \/>\nand again, it&#8217;s not different &#8212; that&#8217;s not 60 billion<br \/>\nemail, it&#8217;s 60 billion different types of spams.  Again,<br \/>\nthat&#8217;s the magnitude a things that we&#8217;re up against.<\/p>\n<p>In Hong Kong specifically, Hong Kong has the dubious<br \/>\ndistinction of consistently being at the top of the<br \/>\ncharts when it comes to global spam rates.  Every now<br \/>\nand then, somebody comes and knocks us off our perch,<br \/>\nbut we always tend to fight our way back up and be<br \/>\nresilient and head back to the top.  The global spam<br \/>\nrates in April were 9.9 per cent.  In Hong Kong, we were<br \/>\njust above that, 91 per cent.<\/p>\n<p>You can see the trend lines there.  The rest of the<br \/>\nworld dipped down for a little bit, Hong Kong was still<br \/>\npretty consistent.  The rest of the world is catching<br \/>\nup.  I&#8217;m not sure whether that is a gad thing or a bad<br \/>\nthing,.<\/p>\n<p>The interesting thing is to ask ourselves the<br \/>\nreasons why that&#8217;s the case.  There&#8217;s a couple of<br \/>\nthings.<\/p>\n<p>First of all, Hong Kong is a , let&#8217;s call it a ,<br \/>\nwell, probably a multilingual society, but from a spam<br \/>\npoint of view, definitely English language and Chinese<br \/>\nlanguage spam.<\/p>\n<p>A lot of other countries have one or the other.<br \/>\nHong Kong has a significant proportion of both English<br \/>\nlanguage and Chinese language spam.<\/p>\n<p>The second significant thing is that, obviously, we<br \/>\nall know Hong Kong has a significant banking and finance<br \/>\nindustry and any geographic area with a high proportion<br \/>\nof banking finance businesses and industry professionals<br \/>\nworking within that industry tends to be targeted,<br \/>\nbecause I guess the association is that there is money<br \/>\nto be made within that industry.<\/p>\n<p>The third thing which is probably driving having<br \/>\na really significant impact on this, is the proximity to<br \/>\nChina and the massive growth in broadband internet<br \/>\nadoption in China.<\/p>\n<p>Obviously, broadband internet adoption and the<br \/>\nability for individuals to access the net leaves more<br \/>\nand more people vulnerable and essentially delivers<br \/>\na larger target market for the cyber criminals.<\/p>\n<p>Because Hong Kong is in such close proximity and<br \/>\nbecause of the other factors that I mentioned, it tends<br \/>\nto be more of a target.  So we definitely think that<br \/>\nthat&#8217;s going to continue to be the case.<\/p>\n<p>From a virus point of view, you can see there, just<br \/>\nin the last couple of months, Hong Kong has come under<br \/>\nthe global rates, but it tracks fairly significantly.<\/p>\n<p>As you can see, a few months back, it was above the<br \/>\nglobal rates and again, that&#8217;s synonymous with the<br \/>\nfactors that I mentioned earlier on.<\/p>\n<p>What does 2010 hold.  Some of the things that we are<br \/>\nalready seeing is that from a spamming point of view,<br \/>\nspammers will continue to be nimble and adopt new and<br \/>\nmore sophisticated types of threats and the other thing<br \/>\nis that botnets, so botnets are essentially groups of<br \/>\nrecruited PCs, individual consumer PCs, that somebody,<br \/>\nfor example, downloads a malicious file and a all of<br \/>\na sudden, their home PC is compromised and recruited and<br \/>\ncan be remotely controlled to the a lot of things that<br \/>\nthe end user doesn&#8217;t even know that they are doing, but<br \/>\na centralised cyber criminal is controlling those and<br \/>\nrecruiting them into Burma we call a botnet, using them<br \/>\nto be either a file server or to send out spam or to do<br \/>\na number of different things.  Essentially using their<br \/>\npower and their reach to recruit and perform these<br \/>\nillegitimate activities.<\/p>\n<p>The different governments around the world have been<br \/>\nsuccessful in intercepting different ISPs and bringing<br \/>\nthem down and stopping the facilitation of a lot of<br \/>\nspam.<\/p>\n<p>But whenever we see that, we literally within<br \/>\na matter of days, that the global spam rates, they come<br \/>\ndown pretty sharply, when these things happen, but<br \/>\nwithin a matter of days, they are back up at their peak<br \/>\nlevels.<\/p>\n<p>What it tells us is that global cyber crime is<br \/>\nincredibly difficult to control and it&#8217;s not a case of<br \/>\nnecessarily governments or individuals or businesses<br \/>\nbeing able to step up and do more, it&#8217;s a case of really<br \/>\nabout collaboration and education and trying to stay one<br \/>\nstep ahead of these guys.<\/p>\n<p>We saw last year that the spammers broke or decoded<br \/>\nthe capture technology, which is the automated, for<br \/>\nautomated personal emails account.  I&#8217;m sure everyone<br \/>\nhas seen it.  If you sign up for a new account, it<br \/>\ndelivers you a set of five or six different characters<br \/>\nand you have to key those characters in to prove that<br \/>\nyou are the person that&#8217;s opening the account and you&#8217;re<br \/>\ndoing it manually.<\/p>\n<p>Obviously, the cyber criminals are wanting to build<br \/>\nas many of these accounts as they possibly can in the<br \/>\nshortest period of time, so the capture technology has<br \/>\nnow been updated, so apparently the cyber criminals are<br \/>\ngoing to have a more difficult time for a while at least<br \/>\nin breaking this.<\/p>\n<p>The next thing that we have seen is that the cyber<br \/>\ncriminals or the spammers are trying to use real people.<br \/>\nBasically, like internet sweat shops, for people in<br \/>\nemerging technologies, to get a huge amount of low paid<br \/>\npeople, literally in front of computers, opening<br \/>\naccounts, whether it&#8217;s gmail accounts or hotmail<br \/>\naccounts or all different types of free internet<br \/>\naccounts, they&#8217;re opening them manually and then the<br \/>\ncyber criminals, the guys that are running these sweat<br \/>\nshops are selling all those accounts.<\/p>\n<p>They are going to a very manual means of opening<br \/>\nthese accounts and selling them off, but they&#8217;re really<br \/>\ncoming up with any type of new means of doing this that<br \/>\nthey can.<\/p>\n<p>The other thing that we think we&#8217;ll see an increased<br \/>\namount of in 20010 is non-English spam.<\/p>\n<p>Even in Hong Kong, that does receive a significant<br \/>\namount of English and Chinese language spam, by far the<br \/>\nmajority is English spam, over 80 per cent.<\/p>\n<p>We definitely see and we are seeing all around the<br \/>\nworld a larger amount of non-English spam.<\/p>\n<p>Globally, English spam accounts for about<br \/>\n95 per cent of all spam.  But that is changing and<br \/>\nnon-English language spam is catching up.<\/p>\n<p>If you think about it, again, the security companies<br \/>\nout there protecting companies and individuals, their<br \/>\nexpertise and the thing that they&#8217;re best at is stopping<br \/>\nEnglish based spam, because that&#8217;s what they see the<br \/>\nmost of.<\/p>\n<p>Again, the cyber criminals are targeting something<br \/>\nthat they see as a gap in the marketplace and that is<br \/>\nthe ability to stop non-English language spam.  So they<br \/>\nare really focusing on that.<\/p>\n<p>We heard a little bit more about earlier about<br \/>\nsocial engineering.  With the proliferation of social<br \/>\nengineering websites like Facebook and linked in and my<br \/>\nspace and these types of things, there&#8217;s a huge amount<br \/>\nof personal information available on the internet.  Just<br \/>\nabout everybody on the in this room has some personal<br \/>\ninformation on the internet.<\/p>\n<p>What we are seeing more and more of in relation to<br \/>\nthat is really highly targeted attacks.<\/p>\n<p>It&#8217;s almost like if you think of it like targeted<br \/>\nmarketing, not too many companies in the industry these<br \/>\ndays spend their marketing dollars just doing shotgun<br \/>\nmarketing, broad based marketing to anybody and<br \/>\neverybody.<\/p>\n<p>They have all got a target market and they are all<br \/>\nsending a specific message by a specific means to people<br \/>\nthat they think are going to be more interested or more<br \/>\nlikely to be interested in their message.<\/p>\n<p>The bad guys, the cyber criminals are starting to do<br \/>\nthe same thing by taking information from social<br \/>\nnetworking sites to find out what are my interests,<br \/>\nwhere do I live, what&#8217;s my geographic proximity, what<br \/>\nindustry do I work in, what are my demographic &#8212; what&#8217;s<br \/>\nmy demographic profile, what industry associations am<br \/>\nI associated with, all these types of things.<\/p>\n<p>So that what they can do is send people like me and<br \/>\neverybody else in this room, a message that&#8217;s highly<br \/>\ntargeted.  So when you receive it, there&#8217;s a strong<br \/>\nchance that you will think that is a legitimate email,<br \/>\nfrom a legitimate body, that is simply sendsing you<br \/>\nsomething of personal interest.<\/p>\n<p>What they are doing is including malicious links in<br \/>\nthat email to take you to a website that probably looks<br \/>\nlike a legitimate website, but as soon as you click on<br \/>\nsomething, you will download a piece of malicious<br \/>\nsoftware.<\/p>\n<p>The days are gone when by downloading a peace of<br \/>\nmalicious software, your whole machine shuts down or<br \/>\nyour address book all of a sudden starts to send out an<br \/>\noffensive message to everybody in your address book.<\/p>\n<p>That doesn&#8217;t happen any more.  That was kind of<br \/>\nnuisance attack.<\/p>\n<p>These days, it&#8217;s more about silently downloading<br \/>\na piece of malicious software that gives these guys<br \/>\naccess to your personal information.<\/p>\n<p>Their whole objective is to stay under the radar and<br \/>\nnot let you know that you have been compromised.  So<br \/>\nthey take control of your machine, they can use it to do<br \/>\na lot of things and they can also siphon information<br \/>\nfrom you personally or from your company.<\/p>\n<p>In the way they do that is by sending senting out<br \/>\nthese targeted attacks, so that you don&#8217;t even know that<br \/>\nyou&#8217;re being compromised.<\/p>\n<p>The or thing is this they target a lot of high<br \/>\nprofile event, Valentines day is one that happens every<br \/>\nyear, but also different events like we saw it with the<br \/>\nOlympics, a couple of years ago, we&#8217;re already seeing it<br \/>\nwith the world suppose in Shanghai and with the World<br \/>\nCup.<\/p>\n<p>If you go to just a couple of quick examples.  Here<br \/>\nis one, a piece of themed malware from the Olympics.<br \/>\nThe hyperlinks in this email take the user to legitimate<br \/>\nweb signs, but those websites are compromised, so that<br \/>\nwhen somebody goes there, follows that link, all of<br \/>\na sudden there&#8217;s some mall we&#8217;ll placed on the<br \/>\nrecipients computer and they would n even know it.<\/p>\n<p>Here is another example that we have just picked up<br \/>\nfrom the FIFA World Cup.  This is a legitimate.<\/p>\n<p>People with certain types of day.<\/p>\n<p>When they open up this PDF, their PC will be<br \/>\ncompromised.<\/p>\n<p>Here is some examples of what can happen if your CP<br \/>\nis compromised.<\/p>\n<p>People typically used to any if I download<br \/>\na computer virus, it means that my computer is going to<br \/>\nbe shut down and I&#8217;ll have to go and buy a new computer.<br \/>\nThere is a lot worse things that can happen these days.<br \/>\nI won&#8217;t go into the details, but you can see that your<br \/>\ncomputer can be recruited and used as a web server, it<br \/>\ncan be used to siphon corporate information, it can be<br \/>\nused to deliver different email attacks, it can be<br \/>\nrecruited into a robot network, and it can be used to<br \/>\nsigh Foon different financial credentials from you.<\/p>\n<p>One of the things that can be downloaded is a key<br \/>\nstroke logger, so when you go to anything that resembles<br \/>\na banking website, it can basically log the key strokes<br \/>\nthat you&#8217;re typing on your computer when you&#8217;re putting<br \/>\nin your passwords.<\/p>\n<p>All of that information can be sold.<\/p>\n<p>That gives you hopefully an idea of the type of<br \/>\nthings that can happen, if you do download a piece of<br \/>\nmalicious software.<\/p>\n<p>The key thing here is that definitely, the vast<br \/>\nmajority of internet threats these days are driven by<br \/>\norganised criminals.  It&#8217;s widely reported that internet<br \/>\ncrime generates more money now than the global drug<br \/>\ntrade.  It is a hugely professional industry and so what<br \/>\nthat means is that the solutions in the marketplace need<br \/>\nto be able to keep up, both the consumer solutions and<br \/>\nthe corporate solutions need to be able to keep up with<br \/>\nthis sort of activity and the investment that goes into<br \/>\nit from the criminal side.<\/p>\n<p>One of the key things here is that all the cyber<br \/>\ncriminals, they go out and buy every single readily<br \/>\navailable, commercially available piece of security<br \/>\nsoftware that is available in the marketplace and they<br \/>\nset up their own test labs and they test all of this<br \/>\nstuff to try and find the vulnerables.<\/p>\n<p>It&#8217;s not difficult to do.  Hay just set up a test<br \/>\nlab.  They have plenty of money to spend on doing this<br \/>\nand it&#8217;s all about return on investment for them.  They<br \/>\ntest these things for vulnerables.  As soon as they find<br \/>\nsome vulnerables, they get to work and send out as many<br \/>\ntargeted attacks as they possibly can to exploit those<br \/>\nvulnerables while they still exist.<\/p>\n<p>Going back to cloud technology or software server<br \/>\nbased technology that&#8217;s delivered from 2 internet, it<br \/>\ncan&#8217;t be tested.<\/p>\n<p>To give you an example, our technology across our 14<br \/>\ndata centres globally, we have a technology statistic<br \/>\nconsisting of some of the best software level<br \/>\ntechnologies in the marketplace, so three different<br \/>\nlevels there, as well as our own technology, as well as<br \/>\npu ris ticks and perimeter based technologies.<\/p>\n<p>Basically, to use our technology, you have to<br \/>\nliteralically connect, subscribe to it from the<br \/>\ninternet.  You can&#8217;t download it and test it.<\/p>\n<p>So companies like ours that are offering cloud based<br \/>\ntechnologies have the advantage of staying one step<br \/>\nahead of these cyber criminals.<\/p>\n<p>You can see on the slide there the number of new<br \/>\nmalicious signatures that are being identified every<br \/>\nyear and it&#8217;s increasing exponentially, year after year,<br \/>\nso what that means is that as I said, huge amounts of<br \/>\nmoney invested in this, highly specialised and highly<br \/>\nskilled participants.<\/p>\n<p>What it means is that basically, the old signature<br \/>\nbased technologies really aren&#8217;t equipped to capture<br \/>\nthese technologies any more.<\/p>\n<p>With a software as a service approach, logically<br \/>\nwhat it means is that if you stop the threats before<br \/>\nthey enter the corporate network, or the consumer PC,<br \/>\nthen you&#8217;re at a lower risk than waiting until the<br \/>\nattack or the threat actually comes into your network or<br \/>\nyour PC and then dealing with it reactively.<\/p>\n<p>I won&#8217;t go through that in detail.  It&#8217;s hopefully<br \/>\npretty self-explanatory, but it is a growing and<br \/>\nemerging trend, both at a consumer level and a business<br \/>\nlevel on a global basis.<\/p>\n<p>The very last slide here shows you the global<br \/>\nemergence of software as a service technology.  In the<br \/>\nUK, over 50 per cent of businesses and 70 per cent of<br \/>\nbusinesses at the surprise level deploy a hosted<br \/>\nsecurity solution these days.<\/p>\n<p>In Hong Kong, that rate is only about 10 to<br \/>\n12 per cent, but it&#8217;s growing significantly.  We expect<br \/>\nto see more and more businesses move to a hosted or<br \/>\ncloud based technology solution to help businesses and<br \/>\nconsumers protect themselves as best they can against<br \/>\nall of those new and emerging threats.<\/p>\n<p>&gt;&gt; Stephen Lau:  Thank you, Nigel.  We just heard from<br \/>\nsecurity expert who is working for world renowned<br \/>\nsecurity company offering products and services to many,<br \/>\nmany clients on a global basis and he&#8217;s talking about<br \/>\nemerging threats and the sophistication, the<br \/>\nproliferation thereof.  It&#8217;s really frightening.<\/p>\n<p>We have asked Nigel to come here, despite the fact<br \/>\nthat I know that he has another engagement coming up<br \/>\nvery shortly, but so he has to leave, but we thank him.<\/p>\n<p>Is there any &#8212; we can entertain a couple of<br \/>\nquestions from the floor.<\/p>\n<p>If not, let me ask one, because in my personal<br \/>\ninterest.<\/p>\n<p>He has been talking about corporate and Symantec as<br \/>\na global company offering service, whereby corporation<br \/>\nwell prepared and needs to have a lot of resources,<br \/>\nsecurities in the interests of the security protection<br \/>\nfor the corporation.<\/p>\n<p>You and I , simple individuals, sitting in front of<br \/>\nour laptop, I just want to ask Nigel, give us some<br \/>\nadvice.  Given all this proliferation of these<br \/>\nsophisticated kind of attacks, what is the best way we<br \/>\nshould protect ourselves?<\/p>\n<p>&gt;&gt; Nigel Mendonca:  The first thing I would say is whether<br \/>\nyou use Symantec or any other security solution, it is<br \/>\nreally important that you do have some sort of security<br \/>\nprotection at home on your home PC.<\/p>\n<p>You definitely shouldn&#8217;t assume that &#8212; you can&#8217;t<br \/>\nassume, for example, that if you don&#8217;t visit<br \/>\nquestionable websites, that you&#8217;re not going to be<br \/>\ninflicted.  Because like I said earlier, you can go to<br \/>\nany legitimate website and you run the risk of having<br \/>\na piece of malware download.<\/p>\n<p>You definitely need some sort of protection.<\/p>\n<p>The other thing I would say is you get what you pay<br \/>\nfor.  There&#8217;s a lot of cheap solutions in the<br \/>\nmarketplace and there&#8217;s even some free solutions in the<br \/>\nmarketplace and I&#8217;ll let you make up your own minds,<br \/>\nreally, but if you think that you can get something<br \/>\nincredibly high quality for free, I think you need to<br \/>\nthink again.<\/p>\n<p>That does n mean you need to go for the most<br \/>\nexpensive solution on the market, but reputation means<br \/>\na lot in the industry and there&#8217;s a lot of organisations<br \/>\nlike Symantec that have a very good reputation in the<br \/>\nmarketplace that really I would certainly advice that<br \/>\nyou do use.<\/p>\n<p>The other thing I would say is, just be sensible and<br \/>\nuse some commonsense when it comes to if you&#8217;re using<br \/>\na PC that&#8217;s not your own, that&#8217;s at &#8212; whether it&#8217;s at<br \/>\na library or a university or an internet cafe or<br \/>\nsomething like that, I would definitely recommend that<br \/>\nyou don&#8217;t go to your own internet banking website or<br \/>\nsomething like that.  At one of those sites because you<br \/>\nnever know who has been on the machine, what they have<br \/>\ndone to it, what level of security they have on it.  So<br \/>\nyou are running a high risk there.<\/p>\n<p>Lastly, we heard a little bit before about going to<br \/>\nwebsites like or social engineering about sights like<br \/>\nFacebook.  I&#8217;m not saying that people shouldn&#8217;t use<br \/>\nFacebook because it&#8217;s a great tool and I think that it&#8217;s<br \/>\ngoing to get even better and better, but again, we heard<br \/>\nthat there are different privacy settings that you can<br \/>\ndeploy on Facebook, so you should use those.<\/p>\n<p>You should understand, for example, if you set up<br \/>\na social networking account, you should take the time to<br \/>\nunderstand who can see your information, because there<br \/>\nare ways of controlling it and there are ways of<br \/>\nlimiting the information, because the cyber criminal,<br \/>\neven though they do spend a lot of time and money to try<br \/>\nand acquire personal and valuable information, they also<br \/>\ngo for a lot of low hanging fruit.  So there is a lot of<br \/>\npeople that display all sortses of information without<br \/>\nbothering to tick the most set up the most basic privacy<br \/>\nlevels on something like Facebook and that information<br \/>\nis just there hanging and ready to be harvested and sold<br \/>\nand used for those targeted marketing purposes.<\/p>\n<p>They are probably the main things I would say, but<br \/>\nit&#8217;s tough.  There&#8217;s not any one thing that people can<br \/>\ndo.  Stay educated and for those of you who have kids<br \/>\nthat are at school and starting to use PCs as well,<br \/>\nI think definitely it&#8217;s an education process to make<br \/>\nsure that they understand some of the potential threats<br \/>\nand traps that are out there as well.<\/p>\n<p>&gt;&gt; Stephen Lau:  Thank you, Nigel.<\/p>\n<p>We do not present supernears now.  What we do, as we<br \/>\nsaid this morning, we have donated the cost of your<br \/>\nsouvenir, the money, to the Digital Solidarity Fund.<\/p>\n<p>Take your time and if you have to leave, please do<br \/>\nso.<\/p>\n<p>Now we move onto another paradigm, to another<br \/>\nlandscape to do with, from a legal perspective, we have<br \/>\nProf Jackson here, who is going to talk about cyber<br \/>\ncrime and intellectual property protection in Hong Kong.<br \/>\nI think that will give a different dimension and we look<br \/>\ntowards your even light ned words.<\/p>\n<p>&gt;&gt; Michael Jackson:  Thank you, Stephen.  Thank you to the<br \/>\ninvitation to speak today.<\/p>\n<p>I am an academic.  I don&#8217;t practice in the field, so<br \/>\nmy presentation will have a more academic orientation to<br \/>\nit.  It&#8217;s entitled cyber crime and intellectual property<br \/>\nprotection.<\/p>\n<p>Nigel has just graphically illustrated what cyber<br \/>\ncrime in actual practice or how it is largely dealt with<br \/>\nnowadays and that is by way of security issues.<\/p>\n<p>It presents itself as security risk, it&#8217;s dealt with<br \/>\nby way of security technology in that seasons.<\/p>\n<p>My contention is that the cyber crime legislative<br \/>\nagenda, as far as it continues to exist in Hong Kong,<br \/>\nhas been effectively taken over by the copyright<br \/>\ncommunity and used to push into the legislation in<br \/>\nHong Kong provisions which seek to protect copyright at<br \/>\nmy submission, the expense of one of the qualities that<br \/>\nwe discussing today, the openness of the internet<br \/>\nitself.<\/p>\n<p>I wanted to take folks in particular on the proposal<br \/>\nthat&#8217;s currently been made for the enactment of a new<br \/>\noffence dealing with the initiation of unauthorised<br \/>\ncommunication of copyright works to the public.<\/p>\n<p>I ask whether that can be justified.  It cannot be<br \/>\nreadily justified, but it seems likely that the<br \/>\ngovernment will probably push ahead with it this the<br \/>\nform that they have proposed it.<\/p>\n<p>My central thesis is that the notion of cyber crime,<br \/>\nwhich is a very evocative term, one which Nigel has<br \/>\nspoken of and illustrated and calls to mind ideas of<br \/>\norganised crime, sophisticated crime, possibly even<br \/>\nfills our imagination of images of armies that act<br \/>\nagainst us has been used largely nowadays to fulfil<br \/>\na copyright support regime by the government.  That<br \/>\nI submit is an unacceptable intrusion into aspects of<br \/>\nthe internet that we seek to preserve.<\/p>\n<p>Cyber crime existed before it was called more simply<br \/>\ncomputer crime or computer related crime and those of<br \/>\nyou that were around in the late 1980s, early 90 to deal<br \/>\nwith what was then perceived to be the principle cyber<br \/>\ncrime threat as they were known them, namely hacking was<br \/>\nnothing more than that, by way of legislation.<\/p>\n<p>That remains pretty much the bulk of the legislation<br \/>\nthat exists today in Hong Kong, save for enactment of<br \/>\nprovisions to deal with copyright protection.<\/p>\n<p>The lack of cyber crime provides a very<br \/>\nininstrumental means of encouraging honesty development.<br \/>\nThat was evident most particularly, I think, with the<br \/>\ndrafting signature and coming into effect of the<br \/>\nconvention on cyber crime, an international treaty<br \/>\nproposed by the council of Europe, in the late 1990s,<br \/>\nearly 2000.<\/p>\n<p>That now has some 46 signatories and some 30<br \/>\ncountries have ratified it.  Placing upon themselves<br \/>\na drawing down on themselves an obligation to enact<br \/>\na raft of substantive offences dealing with the most<br \/>\nobvious forms of cyber crime that exist, access,<br \/>\ninauthorised access, child pornography, certain<br \/>\ncopyright offences, computer fraud, computer forgery.<\/p>\n<p>It also obliges them to put in place law enforcement<br \/>\nto deal with 24\/7 cooperation and to do with search and<br \/>\nseizure.<\/p>\n<p>In large part, many have seen the convention on<br \/>\ncyber crime as a law enforcement convention which<br \/>\nobtains attraction by being wrapped up with a set of<br \/>\nsubstantive crimes which everyone felt could or should<br \/>\nbe enacted.<\/p>\n<p>The attempt to encourage the enactment of such<br \/>\noffences and national legislation led to the enhancement<br \/>\nof law even form across jurisdictions.<\/p>\n<p>Hong Kong was not a party to the convention,<br \/>\nnaturally enough, but it took those, dictated the<br \/>\nconvention on board and thus in its own review of its<br \/>\ncomputer based legislation in the early gavist a rather<br \/>\nhearty slap on the back and said we have done most of<br \/>\nwhat is required, we have fraud offences, the one thing<br \/>\nwe don&#8217;t have a a child important agofy offence so the<br \/>\ngovernment used the convention on cyber crime the<br \/>\nvehicle to drive forward child pornography legislation<br \/>\nin Hong Kong, which is not limited to the on-line<br \/>\ncommunity, it applies more generally to that.<\/p>\n<p>Cyber crime was used to invoke threats and to drive<br \/>\nforward certain legislative agenda, but since then<br \/>\npretty much it has gone by the buy in terms of dealing<br \/>\nwith real cyber crime threats as I foresee them and has<br \/>\nbeen turned into a vehicle for pushing forward copyright<br \/>\nprotection agendas.<\/p>\n<p>The process of criminalisation involved in cyber<br \/>\ncrime issues, be they in the proper sense, as<br \/>\nI suggested, they could be formulated or in the<br \/>\ncopyright agenda sense, involves a host of issues.<\/p>\n<p>It requires compliance with a number of rule of law<br \/>\nrequirements, suchs certainty of legislation, such as<br \/>\nfair labeling, fair warning in terms of enacting<br \/>\nlegislation and drafting it.  It requires in the context<br \/>\nof on-line world, that there be technology neutral<br \/>\ndrafting and that there be as far as possible, off line<br \/>\non line consistency legislation.  Don&#8217;t make things<br \/>\ncriminal which would be lawful in the real world, simply<br \/>\nbecause they have taken traction in the on-line world.<\/p>\n<p>More significantly, we also enacted legislation<br \/>\ncriminalising offences nowadays, have to comply with the<br \/>\nfundamental rights and freedoms that we have now been<br \/>\ngranted under the Bill of Rights and the Basic Law.  On<br \/>\non the of that, it is acknowledged as criminal sanctions<br \/>\nhave always been and should continue to be extraordinary<br \/>\nmeasures that are invoked only when recurring conduct<br \/>\ninflicts type of harm that is egregious enough to<br \/>\nwarrant the creation of a new offence and cannot be<br \/>\nadequately addressed by the civil liability.<\/p>\n<p>It goes without saying, of course, that when the<br \/>\nquestion of enacting offences dealing with child<br \/>\npornography were an issue, all of those necessary<br \/>\ncriteria were readily satisfied in abundance.  Fair<br \/>\nlabeling, fair warning, precision, all came into play,<br \/>\ncompliance with human right were satisfied, so also was<br \/>\nthe idea that it was an extraordinary mesh to deal with,<br \/>\nan extraordinary problem that was terminating itself<br \/>\naround the world and gaining a greater problem because<br \/>\nof the intrusion and explosion of the internet and<br \/>\npornography.<\/p>\n<p>Having entered public consciousness, the concept of<br \/>\ncyber crime dropped away this terms of the legislative<br \/>\nagenda.  As I have said, it became the base case of<br \/>\nmomentum in terms of the early development of cyber<br \/>\ncrime legislation being focused on security issues,<br \/>\ndevelopment of security regimes, the Hong Kong document<br \/>\nof security technology and so on and also momentum<br \/>\npassed in some forms to the privacy issues, protection<br \/>\nof privacy.<\/p>\n<p>One doesn&#8217;t really need to remind you of the number<br \/>\nof privacy concerns that have arisen in Hong Kong over<br \/>\nrecent years, data look average, Edson Chen&#8217;s case,<br \/>\nsurveillance in the placement of CCTV in public places,<br \/>\nrecent government attempts to introduce drug testing at<br \/>\nschools.  All have given cause for pause about the<br \/>\nintrusion, the erosion of privacy concerns.<\/p>\n<p>That erosion is very much fostered not only by<br \/>\nexternal events, but also by what has already been<br \/>\nspoken of by a number of the speakers so far, blogs, web<br \/>\n2 influence, social networks, Facebook in doing so, they<br \/>\nhave taken to public discouraging personal information<br \/>\nat a rate never seen before.<\/p>\n<p>One of the speakers at the third IGF conference in<br \/>\nIndia in 2008 graphically described what he saw<br \/>\nhappening in the social network sites as people vomiting<br \/>\non the internet.<\/p>\n<p>I think a very graphic and illustrative idea of what<br \/>\nis actually been happening.<\/p>\n<p>Quite apart from the personal dam nation involved in<br \/>\nthat, what it does, as Nigel and Ken has spoken of, is<br \/>\nthat it offers those who would engage in cyber bully<br \/>\nactivities, cyber stalking activities, greater<br \/>\nopportunities to do so, victims available to them.<\/p>\n<p>Yet, sadly, the Hong Kong Government has done little<br \/>\nto seriously consider criminalisation in respect of<br \/>\nthose activities, even though they are of concern.<\/p>\n<p>Instead, criminalisation, the identification and<br \/>\ncriminalisation of so-called cyber crimes has bubbled<br \/>\nalong largely coming on the radar by way of protection<br \/>\nof intellectual property rights.  Most usually in the<br \/>\nrelation to copyright, where one of the original areas<br \/>\nthat were contemplated required legislation in the<br \/>\nconvention of use of the language of cyber crime has<br \/>\nbeen copyright holders a degree of leverage when they<br \/>\nargue for often inappropriately, in my view, legislation<br \/>\nto criminal legislation to protect their interests in<br \/>\nthis day and age.<\/p>\n<p>The Hong Kong Government has been largely complicit,<br \/>\nit seems to me, in the adoption or the enactment of this<br \/>\nlegislation.  It&#8217;s not shy about offering law<br \/>\nenforcement to the cause of copyright protection.  It&#8217;s<br \/>\ndone so and readily accepts because it is interested in<br \/>\nand has a commitment towards upholding a robust<br \/>\ncopyright protection regime in Hong Kong, because of the<br \/>\nimportance of the further sustainable development of the<br \/>\ncreative industries in Hong Kong&#8217;s economy.<\/p>\n<p>In doing so, it runs the risk of tipping a balance<br \/>\nthat must be struck between right holders and consumers,<br \/>\nparticularly in the free fall that the internet has<br \/>\nbecome.  Leading to the overly quick characterisation of<br \/>\ncopyright infringement as cyber crime and thus<br \/>\nwarranting the extension of law enforcement to further<br \/>\ncopyright protection interests.<\/p>\n<p>What has happened in terms of criminalising<br \/>\ncopyright protection has happened not simply in the<br \/>\nlegislative sphere.  It&#8217;s also happened through the<br \/>\njudicial process.  We are all familiar with the case of<br \/>\nChan nigh Ming, in which the distribution offence and<br \/>\nthe copyright ordinance was extended to cover<br \/>\ndistribution via P to P network, the bit torrent case.<\/p>\n<p>There effectively the cause enabled copyright<br \/>\nholders to push forward their criminalisation agenda<br \/>\nwithout even needing to go to the legislature to do so.<\/p>\n<p>It left open a number of issues in the case to do<br \/>\nwith the liability of download errs and so on, but that<br \/>\nis something that they continue to press the government<br \/>\nto take action to remedy, although the government seems<br \/>\nto have taken the view that there is presently a means<br \/>\nto enforce those rights, based on the Chan nigh Ming and<br \/>\nsimilar cases.<\/p>\n<p>Criminalisation has Edson Chen case, that is to do<br \/>\nwith privacy protection rather than cyber crime per se.<\/p>\n<p>With the proposal by the security bureau for the<br \/>\nenactment of new statutory provisions which would<br \/>\ncriminalise malicious use of or misuse of data that has<br \/>\nbeen leaked.<\/p>\n<p>Even there I can&#8217;t help cynically perhaps in my<br \/>\nmind, notice that Edson Chen, when he returned to<br \/>\nHong Kong, to respond to the concerns about the images<br \/>\nthat had appeared early in 2008, in the face of<br \/>\napparently the ability of the Hong Kong criminal law<br \/>\nregime to do very much to help him, asserted his<br \/>\ncopyright over the images that he finally conceded he<br \/>\nhad taken.<\/p>\n<p>A sort of copyright comes back into the or na,<br \/>\nwhereupon the security bureau suddenly say we need to<br \/>\nprotect Mr Chen and others privacy in the future,<br \/>\ncynically is this just another means of essentially<br \/>\nensuring his copyright of his images is protected.<br \/>\nProbably not, but that&#8217;s just a slightly cynical view on<br \/>\nmy part.<\/p>\n<p>Of course, coming back to where I started, what the<br \/>\ngovernment is now proposed, beginning with the<br \/>\nconsultation in 2008, carrying forward after public<br \/>\nconsultation with a proposal coming forward<br \/>\nin November 2009, is a new offence regime to deal with<br \/>\nwhat it calls copyright protection in the digital<br \/>\nenvironment, with the principle offence being one to do<br \/>\nwith the initiating the unauthorised communication of<br \/>\ncopyright works to the public.<\/p>\n<p>I&#8217;m sure most of you are familiar with that, may<br \/>\nhave engaged in debates about it, may have written<br \/>\nsubmissions to it, to the government about it, all<br \/>\nI want to go through and indicate why I&#8217;m of the view<br \/>\nthat it is arguably an improper attempt by the<br \/>\ngovernment to take forward an overly large open-ended<br \/>\ncopyright agenda, which has serious implications for<br \/>\nI believe openness and communication and free flow of<br \/>\ninformation on the internet.<\/p>\n<p>Most of you will probably know that in its original<br \/>\nform, the proposal was limited to stringing, as<br \/>\na particular form of communication, that the government<br \/>\nsaw and was necessary to deal with, but it was pointed<br \/>\nout, rightly, I think, that criminalisation should be<br \/>\ntechnology neutral and that the limitation to stringing<br \/>\nwas therefore inappropriate and as a result deleted in<br \/>\nthe final proposal.<\/p>\n<p>The government says this is a more forward looking<br \/>\napproach, which allows new technologies and enabling<br \/>\ncommunications in public to be caught as and when they<br \/>\nare developed.<\/p>\n<p>This the paper said will best serve the government&#8217;s<br \/>\naim of affording timely and adequate protection to<br \/>\ncopyright works being communicated on digital platforms.<\/p>\n<p>So an open ended basis on which copyright holders in<br \/>\nthe future can, as they identify and seek to take<br \/>\nadvantage digital platforms for delivery of their<br \/>\ncopyright works to the public, through the internet and<br \/>\nother digital platform, a new means of argue for<br \/>\nprotection of their rights, without asking the<br \/>\ngovernment to seriously consider the appropriateness of<br \/>\nlegislating by way of criminalisation at that time.<\/p>\n<p>The government, of course, has said that there need<br \/>\nto be appropriate exceptions, taking account of the<br \/>\nviews of stakeholders over sees experience, although<br \/>\nwhen I read many of the submissions of stakeholders,<br \/>\nparticularly the copyright community to the governments<br \/>\nproposal, many of the review should be very limited<br \/>\nexceptions made available to the protections that are<br \/>\nbeing offered to them.<\/p>\n<p>The proposal is controversial in many ways.<\/p>\n<p>Many of them touching on the third of the topics<br \/>\ncovered by this panel today namely openness.  In<br \/>\nsecurity issue we have dealt with through Nigel.<br \/>\nPrivacy a separate issue.  I think it&#8217;s openness where<br \/>\nthe proposal real conflicts if the proposal goes forward<br \/>\nin this present form.  For it has the potential to<br \/>\nresult in a substantial interference with the relative<br \/>\nfreedom of on-line Hong Kong citizens.<\/p>\n<p>It&#8217;s hard as presently formulated to see how the the<br \/>\nmany and varied criteria I have already outlined, rule<br \/>\nof law, issues fundamental rights issues, off line on<br \/>\nline consistency issues, exemption all circumstance<br \/>\nissues.  It is hard to see how the proposal can is the<br \/>\nfew those many and varied criteria in order to justify<br \/>\ncriminalisation.<\/p>\n<p>Just why civil liability will not suffice remains to<br \/>\nme unanswered and unclear.<\/p>\n<p>The government in its original proposal acknowledge<br \/>\nthat a proposal of the width and now proposing simply<br \/>\nunauthorise communication whatever digital platform one<br \/>\nmight have in mind, was unacceptable.<\/p>\n<p>It admitted that in the interests of clarity and<br \/>\ncertainly, a blanket criminalisation of all unauthorised<br \/>\ncommunication might cast the net too wide and entail<br \/>\nfar-reaching unwarned implications.<\/p>\n<p>The government understood that what a blanket<br \/>\nauthorisation entitling criminalisation of all new forms<br \/>\nof digital delivery, communication to the public, was<br \/>\nsimply unwarranted and a step too far.<\/p>\n<p>Having been informed and recognising that the<br \/>\nrestriction it proposed stringing was objectionable,<br \/>\nbecause of the technology criteria, the natural thing<br \/>\nthe government should have done was said we don&#8217;t see<br \/>\na way to offer a blanket authorisation.  We therefore<br \/>\nwithdraw the proposal in the form that it&#8217;s been<br \/>\noffered.<\/p>\n<p>We, for the time being, can only offer you<br \/>\na protection regime, which will result in civil<br \/>\nliability without enhancing it by way of bringing the<br \/>\ngovernment&#8217;s law enforcement agencies or co-opting them<br \/>\nto assist you in your copyright regime.<\/p>\n<p>Instead of that, that their proposal is rethey<br \/>\nsimply decided to offer such a blanket authorisation.<\/p>\n<p>Instead of the properly nuanced reservation it has<br \/>\nit through everything out the window and said you have<br \/>\na full, open field in which you can enforce your<br \/>\ncopyright protection, hence forward if the proposal is<br \/>\nadopted, without even having to come back and ask the<br \/>\ngovernment policy develop and decide whether this is the<br \/>\nappropriate threshold, the appropriate balance to be<br \/>\nset.<\/p>\n<p>The government has expressly indicated that the<br \/>\nproposed criminal sanction they have in mind will only<br \/>\napply to the act of taking activity steps to make an<br \/>\nunauthorised communication to the public and is not<br \/>\nintended to sap ply to the simple act of downloading or<br \/>\nbrowsing infringing materials, via electronic<br \/>\nsubmission, but just how this formulation can be drafted<br \/>\neffectively is unclear.  Many of the submissions from<br \/>\nthe copyright community don&#8217;t accept the exclusion of<br \/>\nsimple act of downloading or browsing.<\/p>\n<p>The worry I have, therefore, is if my daughter, who<br \/>\nis only 11, who has a Facebook page, which I of course<br \/>\nadminister, because she&#8217;s got to be 13 under US law to<br \/>\nhave such a site, I facilitated her by putting in<br \/>\na misleading age.  If she up loads copyright to her<br \/>\nFacebook page, is that ever possibly going to fall<br \/>\nwithin the rubric of the proposal that is in mind?  Is<br \/>\nit an unauthorised communication of copyright works to<br \/>\nthe public?  Is it a communication?  Is it to the<br \/>\npublic?  Those terms are unexplained, open ended and<br \/>\nprone if given full weight leverage and you can<br \/>\nguarantee the copyright community will seek that full<br \/>\nleverage, prone free flow of communication and<br \/>\nmeaningful across the internet.<\/p>\n<p>Obviously, the offence that is if mind is one where<br \/>\nthe liability only arises when the communication was to<br \/>\nsuch an extent as to affect preconditioning copyright<br \/>\nowners outside of the business environment, but I have<br \/>\nconfidence this is an effective restraint or restriction<br \/>\nfor reasons I mentioned below in a moment.<\/p>\n<p>Another powerful objection quite apart from the<br \/>\nopen-endedness of the terms, that the proposal entail,<br \/>\nthe uncertainty, the lack of clarity, the blanket<br \/>\nauthorisation, is the offences potential infringement of<br \/>\nour fundamental rights of freedom of expression and<br \/>\ncommunication.<\/p>\n<p>Charles Mok here has I think already spoken of this<br \/>\nin the past, it&#8217;s been reported and expressed his<br \/>\nconcerns about the nature of the offence, suggesting<br \/>\nthat it&#8217;s too vague, citizens may find themselves<br \/>\ncommitting n of fence without knowing the boundaries for<br \/>\ntheir activity and as a result, over time, will come to<br \/>\nhave chilling effect on communication via the internet,<br \/>\nas people become unsure whether whether they can do what<br \/>\nthey currently do, whether they will be prosecuted,<br \/>\nwhether those notices that some people get currently<br \/>\nreminding them that what they are doing is unlawful,<br \/>\nwhich seems to be effective in the eyes of many, without<br \/>\na consequential criminal prosecution, a simple receipt<br \/>\nof notice is often I am being monitored, I shall now<br \/>\ntherefore, stop what I&#8217;m doing.<\/p>\n<p>Whether this will have a chill effect suppressing<br \/>\nthe expression of opinion, by persons and thus the<br \/>\ninhibition of democratic society.<\/p>\n<p>I also have a technical objection to the offences<br \/>\npropose, one which arises out of Chan Ni Ming.  He was<br \/>\nnot distributed to distribute, which means all the<br \/>\nrequirements of proof of actual prejudice, of actual<br \/>\ndistribution go out the window, as long as you have done<br \/>\nmerely preparatory steps, that&#8217;s a sufficient basis for<br \/>\nproposing liability.  That could there are other<br \/>\nobjections at a technical level to do with aiding and<br \/>\nabetting and procuring.  Who may be liable for assisting<br \/>\nor helping or encouraging the person who what initiated<br \/>\nthe patrons in a bar where streaming World Cup being<br \/>\nwatched, are the patron in the bar assisting,<br \/>\nencouraging the streaming who knows?  Nothing is clear<br \/>\nfrom the proposal at heart.<\/p>\n<p>As I have said, a key criteria is to even harrass<br \/>\nthe civil protections that are available to copyright<br \/>\nholders, in it has not made up a case for enhancing<br \/>\ncriminal sanction extending it in this case and I would<br \/>\nargue that the use of or characterisation of copyright<br \/>\ninfringement in the digital backdrop, in 2 form that<br \/>\nit&#8217;s been proposed here, as some sort of cyber crime,<br \/>\nthus meriting the legislative general da is a step too<br \/>\nfar and that&#8217;s where I&#8217;ll leave my presentation.<\/p>\n<p>&gt;&gt; Ken Ngai:  So much about copyright.<\/p>\n<p>I would like to know if anyone from the floor with<br \/>\nany questions to any of us.<\/p>\n<p>&gt;&gt; :  This is.<\/p>\n<p>&gt;&gt; Edmon Chung:  I have a question, since we were just on<br \/>\nthis topic copyright, I actually with like to ask the<br \/>\npanel, but I was wondering whether Mike gur from this<br \/>\nmorning is still here, because I read an article<br \/>\nabout &#8212; development in the copyright laws in Canada<br \/>\naddressing these type of issues and creating, while sort<br \/>\nof a stepping up in terms of a on-line copyright<br \/>\nprotection, but also carving out a bigger portion for<br \/>\nthings like match ups, so that there is a lot more<br \/>\nexceptions placed on things, so that general users, when<br \/>\nthey do mash ups, they are able to utilise certain<br \/>\nlicence copyright material, with sort of an easier<br \/>\ndefence, sort of like news which does have that<br \/>\nexception at this point.<\/p>\n<p>Just wonder what Michael &#8212; the two Michaels might<br \/>\nthink.<\/p>\n<p>&gt;&gt; Michael Jackson:  I think it&#8217;s obviously this is an issue<br \/>\nwhich has been addressed in a number of jurisdiction.<br \/>\nMy concern is in Hong Kong, it&#8217;s a rather open ended,<br \/>\nunlimited development and one which has been driven by<br \/>\nthe copyright community, without it seems much regard<br \/>\nfor many of the interests that would counter balance<br \/>\ncriminalisation and without perhaps ultimately a proper<br \/>\nconsideration of the sorts of defences that you have in<br \/>\nmind.<\/p>\n<p>Recently, last year, I attended a presentation in<br \/>\nHong Kong by Lawrence, of course written on a lot of<br \/>\nthis problem.  His key point is what are we trying to do<br \/>\nto our children with the legislation we are enacting<br \/>\nalong these lines and making them all potentially<br \/>\ncriminals for doing what is essentially creative work by<br \/>\nthem, mash ups and so on.<\/p>\n<p>Because they are technology proficient and they know<br \/>\nhow to do things and enjoy it and suddenly they find<br \/>\npotential that there could be criminal liability.<\/p>\n<p>That&#8217;s the sort of thing that worries me.<br \/>\nI mentioned my daughter, perhaps a bit cynically, but<br \/>\nthat&#8217;s the sort of worry I have about where Hong Kong is<br \/>\nheaded in terms of this.<\/p>\n<p>More considered, more balanced regime which does of<br \/>\nford proper regard for creativity, for exploitation is<br \/>\nperhaps better approach than what is currently<br \/>\nformulated in Hong Kong.<\/p>\n<p>&gt;&gt; Michael Gurstein:  I&#8217;m not a lawyer and my understanding<br \/>\nis that even the draft new law hasn&#8217;t immersed.  There&#8217;s<br \/>\nbeen some discussion on it, but not, it hasn&#8217;t come<br \/>\nforward.  It&#8217;s a very politically contentious issue and<br \/>\nit&#8217;s not a partisan political issue, but there&#8217;s<br \/>\na number of organised forces on either side.<\/p>\n<p>The result I think is still very much unclear,<br \/>\nbecause the only interesting thing that I can suggest is<br \/>\nthat it was probably the first time that something quite<br \/>\nso abstract became the basis of demonstrations in front<br \/>\nof parliament.  There is actually an organised movement<br \/>\nacross Canada with chapters in about a dozen cities<br \/>\nwhich organised demonstrations against a tightened<br \/>\ncopyright regime.<\/p>\n<p>&gt;&gt; Ken Ngai:  Any others from the floor would like to comment<br \/>\non this?<\/p>\n<p>I have a question for Mr Priscilla Liu.  At the<br \/>\nI beginning of this section, I show some of the<br \/>\nphenomenon in Hong Kong.  To me, the web environment in<br \/>\nHong Kong is very open.  To you, Ms Liu, how do we<br \/>\nbalance between openness of information and protection<br \/>\nof China that can be made?<\/p>\n<p>&gt;&gt; Priscilla Lui:  Actually, it&#8217;s very exciting discussion we<br \/>\njust had and it&#8217;s very interesting that Michael just<br \/>\nmentioned that we have to be cautious, otherwise we&#8217;ll<br \/>\nbe making children criminals.<\/p>\n<p>Michael said he&#8217;s not a practitioner.  I&#8217;m<br \/>\na practitioner in the field and I work for an agency<br \/>\ncalled the against child abuse.<\/p>\n<p>Every day, we receive hotline calls, drop ins from<br \/>\nyoung people.  I think the world is working together and<br \/>\nhoping that we&#8217;ll be building a safe city, a stay<br \/>\ncommunity for our children.<\/p>\n<p>The topic ware talking about today is even more<br \/>\nimportant or as important.  What about the virtual world<br \/>\nthat our children is facing every day.<\/p>\n<p>I think from Nigel&#8217;s and also Michael&#8217;s<br \/>\nenlightenment, we appreciate the magnitude, the<br \/>\ncomplexity of the problems, the concerns, raised through<br \/>\nthese issues and discussions.<\/p>\n<p>How do we ensure a balance between the freedom of<br \/>\nspeech that we all treasure, as compared with children&#8217;s<br \/>\nsafety and protection.<\/p>\n<p>I think it&#8217;s excellent that on this particular<br \/>\nplatform, that I&#8217;ll have this opportunity to raise and<br \/>\nto urge for child perspective in this particular area.<\/p>\n<p>It is very important, particularly with the magnitude,<br \/>\nthe complexity we can all see that we cannot leave this<br \/>\nto the hands of parents, nor to the hands of children<br \/>\nthemselves.<\/p>\n<p>Parents and young people, they do have important<br \/>\nroles to perform, because they are the ones in the very<br \/>\nforefront to decide, to make important decisions and to<br \/>\ntake charge of their life.<\/p>\n<p>But if we think that it stops at that, I think it&#8217;s<br \/>\nvery unwise.<\/p>\n<p>Because young people, in many way, they are<br \/>\ninadequate.  They are not capable of doing so.<\/p>\n<p>There is too little discussion and too little<br \/>\neffort, particularly in Hong Kong, in the aspect of the<br \/>\nrole of government, the commercial sector, internet<br \/>\nproviders and so on and so forth.<\/p>\n<p>I see that in some other countries, they are trying<br \/>\nvery hard, for example, in the states, they have been<br \/>\nusing the law to ensure children being adequately<br \/>\nprotected, adults have their own choice and decisions,<br \/>\nbut young people need, in many different ways, to be<br \/>\nprotected.<\/p>\n<p>In terms of their network and in terms of the adult<br \/>\nnetwork, data information and so on and so forth.<\/p>\n<p>I also see a resource implication in the<br \/>\ngovernment&#8217;s policy, because I found that in the states,<br \/>\nin Australia, and perhaps in many other down thinks,<br \/>\nthey do spare budgets, finance in covering this<br \/>\nparticular area, particularly devoted to the police, the<br \/>\nInterpol, the local police and so on and so forth,<br \/>\nbecause of the enormous number of cases come to the<br \/>\nforefront, because of this internet concerns,<br \/>\nparticularly relating to children.<\/p>\n<p>Unless and until we actually allocate resources,<br \/>\nmanpower, training and so on and so forth, to different<br \/>\nprotection alls, it&#8217;s a cross sector multi-disciplinary<br \/>\nconcern, otherwise I think all the discussion will be<br \/>\nreally lip service.<\/p>\n<p>Of course, more systemic and strategic kind of<br \/>\nprogramme as for parents and for children needs to be<br \/>\nput in.<\/p>\n<p>I see that Hong Kong is working towards that<br \/>\ndirection.<\/p>\n<p>&gt;&gt; Ken Ngai:  I know Charles Mok may have something to<br \/>\nrespond to other presenters.<\/p>\n<p>&gt;&gt; Ram Mohan:  Yes, before I start, I wasn&#8217;t to say.<\/p>\n<p>&gt;&gt; Charles Mok:  Before I start, I want to say I will like to<br \/>\ndo the following in Chinese, for a number of reasons,<br \/>\nbecause I think I can do it faster that way and second,<br \/>\nbecause I want to make the load of work for the<br \/>\ntranslators to be a little bit more balanced.<\/p>\n<p>Third, maybe that will bake you, some of you up<br \/>\na little bit, to spice it up a little bit, as you can<br \/>\nlisten to this in your native language.<\/p>\n<p>The rest of you, maybe you can try to put your<br \/>\nheadset on.<\/p>\n<p>I&#8217;m talking about security, openness and privacy.<\/p>\n<p>I&#8217;m talking about security and openness are very<br \/>\ntroublesome topics.  Openness are easy.<\/p>\n<p>Most of us think that it is a good idea, the<br \/>\nopenness of it.<\/p>\n<p>They seem contradictory issues.<\/p>\n<p>In the IGF organisation, under our topics, in our<br \/>\nregion, in our Hong Kong IGF, I want to tell you about<br \/>\nIGF, the story.<\/p>\n<p>I met John Fung three years ago and we went tory yes<br \/>\nin Brazil and we didn&#8217;t go to see a soccer match, but we<br \/>\nwent to attend IGF there.<\/p>\n<p>It&#8217;s a big conference and there are many streams of<br \/>\ntopic going on.<\/p>\n<p>A lot of them are dedicated to protection of<br \/>\nchildren and different organisations for all the world<br \/>\nare presented.<\/p>\n<p>A few workshops promoting the freedom of<br \/>\ninformation.<\/p>\n<p>There are censorship issues in a few countries.<\/p>\n<p>We find that a lot of them, what we talk about are<br \/>\nvery opposing, like contradictory.<\/p>\n<p>Me and John are very interested to go to this<br \/>\nopenness and John, on the other hand, he would like to<br \/>\ngo to the children protection.<\/p>\n<p>How come they are not talking, these two schools of<br \/>\nthought are not talking to each other?<\/p>\n<p>I think this talk communicate between these two<br \/>\nschool of thoughts are very important.<\/p>\n<p>I think it&#8217;s most important to protect our openness<br \/>\non the internet.  On the one hand, they do want to<br \/>\nprotect the children.  On the other hand, the school of<br \/>\nthought on protection of children, on the one hand, they<br \/>\nwant to protect the children, but on the other hand,<br \/>\nthey do not want to see cyber crime to increase.<\/p>\n<p>What I&#8217;m just talking about, we are looking at<br \/>\nsecurity, openness and privacy issues.  These three<br \/>\nissues.<\/p>\n<p>With the fast growing, very growing of internet<br \/>\npenetration, we have changing attitude towards these<br \/>\nthree issues.<\/p>\n<p>The environment has to be ongoing changing.<\/p>\n<p>Whatever standpoint you are coming from, it is<br \/>\nconsistently ing chaing.<\/p>\n<p>We talk about privacy.<\/p>\n<p>We have very increase our awareness of privacies and<br \/>\nprivacy law.<\/p>\n<p>Stephen Lau, me and him are involved in the hospital<br \/>\nauthority, the cases on the privacy issues.<\/p>\n<p>We have been working on these cases.<\/p>\n<p>Hong Kong people and maybe perhaps for the rest of<br \/>\nthe world, they find that they are very nervous about<br \/>\nprivacy being stolen, their private information being<br \/>\nstolen.  But then on the one hand, they are not very<br \/>\ncareful with their own data, with their own information.<\/p>\n<p>For example, the hospital authority, the staff who<br \/>\nleft their information behind, he would be very angry if<br \/>\nhis banking information was revealed.<\/p>\n<p>What I&#8217;m thinking, the legal enforcement is not<br \/>\nenough in Hong Kong.  Just now, Prof Jackson mentioned<br \/>\nprivacy law.  There was a consultation on it last year.<\/p>\n<p>But I agree.  We need to step up.  We need to<br \/>\nenforce and do more consultation on privacy, on the<br \/>\nprivacy area.<\/p>\n<p>It&#8217;s not like every 10 years.<\/p>\n<p>Also, on the security issues, we have our awareness<br \/>\nhas been increased and raised.<\/p>\n<p>How many SME, how many individuals?  We have done<br \/>\nenough on our security front for ourselves.<\/p>\n<p>Let me take an example.<\/p>\n<p>Mr Hi is presented.  Google, there is a card they<br \/>\nparade around the city and they collected a lot of<br \/>\ninformation.<\/p>\n<p>We have a lot of survey and also government agency<br \/>\nhas people around doing survey, whether they have<br \/>\nencryption, WEA.<\/p>\n<p>A lot of them hasn&#8217;t done it.  Or they just do it<br \/>\nwithout using the most secure technology.<\/p>\n<p>With this case, a lot of people, they were saying<br \/>\nGoogle is not doing a good job.  It&#8217;s nasty.<\/p>\n<p>From our point of view, as an SME, as an individual,<br \/>\nwe have our own responsibility to protect our own<br \/>\ninformation.<\/p>\n<p>The next point I want to say, when you look at these<br \/>\nissues, there are ways to handle it.<\/p>\n<p>Just now, the two speakers, they were talking about<br \/>\nit.  Nigel did on the technical side.<\/p>\n<p>Would there be a programme somehow, somewhere, that<br \/>\nis going to be so high security that it solve the<br \/>\nproblem, that&#8217;s no more security problem.  Or in the<br \/>\nnear future, there will be some legal enforcement, so<br \/>\nthat the cyber crime will be stopped, they will be<br \/>\ncriminal sized before it ever happened.<\/p>\n<p>I think down to one point, I don&#8217;t depend on others<br \/>\nto solve the problem.  The one thing is I think it&#8217;s<br \/>\nwhat you need to do for yourself.<\/p>\n<p>Let&#8217;s talk about Nigel&#8217;s company or Mr Fung&#8217;s<br \/>\ncompany.  They do a lot of security work.  These are<br \/>\nfirefighting.  You are chasing up the problem or say<br \/>\nlegislation or the software security, they are not<br \/>\ncatching up with the latest crime.  What I look at,<br \/>\nthere are the legal aspect, I would like to say, there<br \/>\nare some of the area that it&#8217;s not addressed.  It cannot<br \/>\naddress.<\/p>\n<p>For example, the slump just happened.  We are<br \/>\ntalking about legislation on it.<\/p>\n<p>When we come to think about it, it might not be the<br \/>\nbest idea, just to create some law against it for the<br \/>\nproblem.  It&#8217;s just simply passing the job, passing the<br \/>\nwork to the government.<\/p>\n<p>Also, this is like you passing the ball to the<br \/>\ngovernment, so giving the authority, the government, too<br \/>\nmuch authority might not be a good thing.<\/p>\n<p>There was just yesterday a participant from<br \/>\nMalaysia.  They have this worry in their country.<\/p>\n<p>This Malaysia, they see this, they abuse and misuse<br \/>\nthe legislation.<\/p>\n<p>He suggested there are three criteria.  It&#8217;s totally<br \/>\nnecessary and the law does not have too much power.<\/p>\n<p>Secondly, the law has democratic oversight.<\/p>\n<p>Thirdly, it is based on the human rights globally,<br \/>\nbased on their human rights globally, the idea is based<br \/>\non the human rights.<\/p>\n<p>I think he made very good point.  Lastly, I want to<br \/>\nsay, I want to promote this.  We are Internet<br \/>\nProfessional Association of Hong Kong.<\/p>\n<p>It is very simple, what you can do for the internet,<br \/>\nnot what the internet can do for you.<\/p>\n<p>It&#8217;s not like we are looking forward to legislation<br \/>\nor better software.<\/p>\n<p>It&#8217;s not the best way.<\/p>\n<p>Education for the next generation, we have<br \/>\na thorough understanding or what it is all about.  We<br \/>\nhave a good concept, good grasp of it.<\/p>\n<p>It is after all, the same mission.  We have the same<br \/>\nmission as IGF.<\/p>\n<p>It&#8217;s not we are jumping to conclusion how we can<br \/>\nsolve this problem.<\/p>\n<p>Thank you.<\/p>\n<p>&gt;&gt; Ken Ngai:  I would like to ask is around the table,<br \/>\nAnthony and Stephen, it is about the privacy on-line<br \/>\nservice provider, is your point of view what is privacy?<br \/>\nBecause it is something, ongoing changes, so today is<br \/>\nprivacy, tomorrow maybe not.  As I&#8217;m studying law,<br \/>\nprivacy is a very narrow explanation, but a lot of<br \/>\nthings that has had another interpretation, so how can<br \/>\nwe provide a platform for the user to upload their<br \/>\nmaterials?  How is that person going to handle his own<br \/>\nprivacy or how is for him to interpret this privacy?<\/p>\n<p>&gt;&gt; Priscilla Lui:  As a point of view as on OSP, is quite<br \/>\nembarrassing, because the service provided &#8212; should<br \/>\nI say in Chinese or English.  OK, I will speak in<br \/>\nEnglish then.<\/p>\n<p>&gt;&gt; Anthony Fung:  At the OSP level, it is quite embarrassing,<br \/>\nbecause for one thing, is that you have to provide<br \/>\na service attractive to your consumers, for example,<br \/>\nsocial networking.<\/p>\n<p>But however, from a ditch angle, how attractive or<br \/>\nhow flexible that you can provide to your consumers,<br \/>\nthat does not draw negative action, such as a few things<br \/>\nis that, you know, a lot of websites, social networking<br \/>\nwebsites researchable.  Should your names be searchable<br \/>\non social networking websites.  For example, when I was<br \/>\nstill with the police force, I quite enjoy a lot of<br \/>\nsearch spiders.  Why?  The search speeders help us to<br \/>\nfind criminals on the social networking website.  If<br \/>\nthese social networking websites the in the allow<br \/>\nsearching spiders, for example, easily, they put<br \/>\na comment line in one of their script that say no<br \/>\nsearching spider allowed, then it breaks down the social<br \/>\nnetworking bond, a social norm.  Secondly, how does<br \/>\ngovernment or law enforcement do a back-end searching of<br \/>\na criminal or try to understand the dynamic of this<br \/>\nsocial networking scenario.<\/p>\n<p>What about photos?<\/p>\n<p>It works both Western Australia.<\/p>\n<p>For us OSPs, we encourage a lot of photo sharing,<br \/>\nbecause that introduce a lot of clicks, a lot of clicks<br \/>\ninto your portals introduce income to your portal,<br \/>\nbecause the marketing rate.<\/p>\n<p>The more you share out, then it becomes attractive<br \/>\nvenue for criminals also, for various child pornography,<br \/>\nrecruitment or even for job market company to recruit<br \/>\nyou to some jobs.<\/p>\n<p>What about posting?  As you have rightly mentioned,<br \/>\nposting of personal comments.<\/p>\n<p>If I post my personal comment on my own blog, which<br \/>\nis all right, but some of the blogs allow other of your<br \/>\nfriends to post on your blog.<\/p>\n<p>How responsible is the OSP at this level, when the<br \/>\noutsider post onto a potential client&#8217;s blog.  Is that<br \/>\na OSP&#8217;s responsible, the site owners or the consumers<br \/>\nresponsible or the actual personal who post it?  There&#8217;s<br \/>\na lot of legal ramifications.<\/p>\n<p>Then you come to another issue, as Prof Jackson has<br \/>\nrightly mentioned.<\/p>\n<p>Can you regulate this or you have mentioned can you<br \/>\nregulate or Mr Mok has come up with, can you recollect<br \/>\nthis?  Actually, according to outside experience, it&#8217;s<br \/>\ndifficult to regulate.  Why?  Because not even in<br \/>\nHong Kong, even between country to country, for example,<br \/>\nlet me take an example N retention of record.  I don&#8217;t<br \/>\nknow, I think Hong Kong is still three months or six<br \/>\nmonths, I forgot.<\/p>\n<p>But in Europe, under Brussels, European convention,<br \/>\nthey don&#8217;t want the OSPs to retain records because they<br \/>\nsay records are personal tangible item, so should you<br \/>\nyou shot retain those records for more than necessary,<br \/>\nfor more than your job.  I think it is very similar to<br \/>\nprivacy ordinance, privacy commissioner in Hong Kong,<br \/>\nnot more than your job.<\/p>\n<p>However, in United States, the Patriot act or the<br \/>\nanti terrorist act, the government wants to control your<br \/>\nrecord.  You better retain it up to 12 months or up to X<br \/>\namount of time, as long as law enforcement want this<br \/>\nrecord for pay not act for the protection of national<br \/>\nsecurity.  You have to retain it.<\/p>\n<p>There is another contentious issue, different<br \/>\nregions have different liking of law, so what is the OSP<br \/>\nstanding in the middle?  This problem will expire.  Now<br \/>\nyou talking about cloud.  Cloud computing.  There is no<br \/>\njurisdiction in cloud computing, so which jurisdiction<br \/>\nlaw are you going to obey?  There is another question.<\/p>\n<p>What about the transmission of communication?  Some<br \/>\njurisdictions says communication start the data start at<br \/>\nthe person&#8217;s computer, but if it&#8217;s an email, if I send<br \/>\nit toy, where does the communication end?  Which<br \/>\njurisdiction does it have the right over to examine<br \/>\na case?<\/p>\n<p>The guideline for the OSP is still, I guess,<br \/>\naccording to the guideline of the office that you set up<br \/>\nin.  If you set up in Brussels or Europe, it is probably<br \/>\ndifferent than you set in Asia, in Japan or Hong Kong,<br \/>\nbut then I think we are all merging into a cloud<br \/>\ncomputing, where there is no definite jurisdiction of<br \/>\nwhere the data is.<\/p>\n<p>I don&#8217;t think I can outline my feedback to your<br \/>\nanswer, but I just want to highlight some of the inner<br \/>\nproblem that have in my mind for right now and for<br \/>\nanybody have absolutely right solution out there, please<br \/>\nsuggest back to us what is feasible solution.<\/p>\n<p>&gt;&gt; Ken Ngai:  If anyone have any questions, please feel free<br \/>\nto raise your hand, because Stephen is one in privacy<br \/>\nbureau in Hong Kong there is a lot of people using<\/p>\n<p>Facebook.  Facebook actually has, the usage is very<br \/>\nhigh.  No matter in collecting your use Ang or personal<br \/>\ninformation may not be able to comply to the regulation<br \/>\nor to our data principle guidelines.<\/p>\n<p>Does Hong Kong need to take a deeper look at this<br \/>\nissue?<\/p>\n<p>&gt;&gt; Stephen Lau:  What about privacy.  First and former<br \/>\nprivacy commission in Hong Kong, I can go for days<br \/>\ntalking about it.<\/p>\n<p>But I&#8217;m not going to do that.  I&#8217;m going to do<br \/>\nquickly.<\/p>\n<p>Actually, raise two issues early on.  You are asking<br \/>\nwhat is the definition of privacy?  Does it involve<br \/>\ntime?<\/p>\n<p>Particularly here we talk about privacy and personal<br \/>\ndata.<\/p>\n<p>I&#8217;m sorry to say that the definition does not<br \/>\nchange.<\/p>\n<p>Technology might change, but definition does not.<\/p>\n<p>It&#8217;s very &#8212; privacy, very simple definition, that&#8217;s<br \/>\nwhy I&#8217;m speaking in English, because it&#8217;s much better<br \/>\nexpressed in this abstract kind of issues.<\/p>\n<p>The right to be left alone.<\/p>\n<p>That&#8217;s it.  Privacy is the right to be left alone.<\/p>\n<p>With respect to personal data is concerned, that<br \/>\nmeans that I should have control in terms of the<br \/>\ncollection, drik, accuracy, retention of my own data.<\/p>\n<p>Sometimes we provide data for purposes which you<br \/>\nagree to, like you want to open a bank account, then you<br \/>\nhave provide personal data, ID card numbers, whatever,<br \/>\nsuch that the bank could operate your account and<br \/>\nmaintain your account.<\/p>\n<p>Banks do not own my data.  The word is very simple.<br \/>\nAny data you contribute with your own permission to any<br \/>\norganisation, that organisation is a custodian of your<br \/>\ndata.<\/p>\n<p>It does not own your data.<\/p>\n<p>I can go on &#8212; one point is when I was privacy<br \/>\ncommissioner, for three years into my tenure, I did<br \/>\nalready suggest to the government a fairly serious<br \/>\nreview of the law, based on the experience and feedback<br \/>\nand understanding and the fact that it took more than 10<br \/>\nyears, I just want to tell Charles, it&#8217;s something<br \/>\nbeyond my tenure.<\/p>\n<p>Facebook.  I&#8217;m sure Priscilla would be very<br \/>\ninterested in this.  You might be aware of a recent<br \/>\nsurvey.  Just announced this week or last week,<br \/>\nHong Kong University survey with regard the attitude and<br \/>\nhabit of our young people going on to internet and in<br \/>\nparticular Facebook, social media.<\/p>\n<p>Very interesting.  This young guy, 80 per cent of<br \/>\nthem realise, maybe word of mouth, actually experience<br \/>\nor otherwise, that there is danger on the internet, in<br \/>\nterms of giving to the website or getting your data<br \/>\nvisible, providing personal data to in particular social<br \/>\nmedia.<\/p>\n<p>But 70 per cent say they are quite willing to do it.<\/p>\n<p>They did not actually think through, it&#8217;s one of<br \/>\nsay, yeah, I think there&#8217;s danger, but what the hell,<br \/>\nI still give it.  Because they reckon that there is some<br \/>\nadvantages in it, because they see that there&#8217;s a need<br \/>\nrelative to provide that in return for whatever return<br \/>\nthey are looking for, whether it with friendship,<br \/>\ninformation, whatever.<\/p>\n<p>That is dangerous.<\/p>\n<p>Therefore, in terms of there is a lot of education<br \/>\nthat&#8217;s required.<\/p>\n<p>When you talk about Facebook and whether in fact<br \/>\ntheir privacy notice, whether their privacy, we call<br \/>\nthem sort of privacy, I can&#8217;t remember what you call<br \/>\nthose, choices and all this.<\/p>\n<p>It&#8217;s the same as the law?  The law allows it?<\/p>\n<p>Under the data protection principles, it&#8217;s up to<br \/>\nyou.  If you provide the data, if you consent to provide<br \/>\nit, then the law said, yes, why not?<\/p>\n<p>But the point about why Facebook has been under<br \/>\na lot of criticism with respect to the way they would<br \/>\nlike to deal with personal data, submitted and<br \/>\ndistributed within Facebook, is because if any<br \/>\norganisation has a clientele of 400 million, which are<br \/>\nsavvy, they are on the net, which is a very good target<br \/>\nfor marketing all kinds of merchandise, products and<br \/>\nservices, and they are still struggling to find<br \/>\na business model upon which they can make money or maybe<br \/>\nmaking more money, and the only asset they could have is<br \/>\nactually the information that you have submitted or you<br \/>\nhave given to and therefore, you suddenly find in their<br \/>\nprivacy statements and all that, they would like to use<br \/>\nyour data for purposes upon which you might not feel &#8212;<br \/>\nin fact, a lot of them do not feel comfortable.<\/p>\n<p>That&#8217;s why there was this huge outcry, twice now, in<br \/>\nthe last 12 months, with regard privacy consideration as<br \/>\nposed by Facebook.<\/p>\n<p>My advice has always been to particular youngsters,<br \/>\nin fact to everybody here, if you submit any data onto<br \/>\ninternet, be prepared that it&#8217;s visible to everybody.<\/p>\n<p>That&#8217;s the bottom line.<\/p>\n<p>You can do a lot of protection, but whenever you do<br \/>\nthat, think first.  Think about the value and the cost.<\/p>\n<p>If you feel that is worthwhile, do it.<\/p>\n<p>&gt;&gt; Michael Gurstein:  I just want to make an apology.  I made<br \/>\na statement this morning that I think was &#8212; that<br \/>\nI misinterpreted some data.  It&#8217;s actually, it&#8217;s not<br \/>\nrelevant to this particular discussion, but it&#8217;s rather<br \/>\nrelevant.<\/p>\n<p>I said that the internet usage in Canada had<br \/>\ndeclined.  In fact, it has increased, but what some data<br \/>\nhas just come out, I&#8217;m just checking the internet, but<br \/>\nsearching around, I think what I was referring to is<br \/>\nthat month to month usage in the US web usage has<br \/>\ndeclined for the last two months and fairly<br \/>\nsignificantly, it declined February to June, it&#8217;s<br \/>\nactually bin in decline.<\/p>\n<p>It might be interested what people think about that,<br \/>\nif there&#8217;s any linkage to Burma people said.<\/p>\n<p>&gt;&gt; :  This is Ben from IET Hong Kong.<\/p>\n<p>Mr Fung&#8217;s experience on this stage with the police.<br \/>\nMr Fung is very good in searching the of fen errs over<br \/>\nthe web and on the other hand, I see that if I commit<br \/>\nthe same crime in the real world, it&#8217;s much less severe<br \/>\nthan I do the same in the web.<\/p>\n<p>Yesterday, I saw a quarrel and there&#8217;s two persons<br \/>\nmaking a lot of sort of foul language exchange and then<br \/>\none said I do believe I am going to beat you up.  Then<br \/>\nsay the police went by and then the police saw that,<br \/>\nthey were just crazy and no action was taken.  On the<br \/>\nother hand, if I put this and leave this in a cyber<br \/>\nfootprint on the web there, for sure, under Mr Fung they<br \/>\nwill search me, because I make such a statement over the<br \/>\nweb.  Are we seeing that there are two levels of law<br \/>\nenforcement standard in maybe Prof Jackson, you can<br \/>\ncomment on this unwith.  Thank you.<\/p>\n<p>&gt;&gt; Michael Jackson:  I suppose the only obvious comment you<br \/>\ncan make is the one that when you go on-line, you create<br \/>\na permanency to what&#8217;s happened.  Who happens is<br \/>\nrecorded in some form or other and therefore, it is<br \/>\nevidentially available.  Maybe that in the real world,<br \/>\nif there was a witness who do at test to what has been<br \/>\nsaid to some person, the police would likewise deal with<br \/>\nit.<\/p>\n<p>But often there isn&#8217;t or often they are not willing<br \/>\nto speak, because of all sorts of other social<br \/>\nrelationships and so on that arise.<\/p>\n<p>There is a permanency to what is done and said in<br \/>\nthe cyber world, yes, which means that it is easier to<br \/>\npursue persons in that vehicle, in that form or as<br \/>\na result of that.<\/p>\n<p>I don&#8217;t know that that means that you are worse off<br \/>\nor that means that you are going to get produce accused,<br \/>\nor you wouldn&#8217;t be prosecuted in the real world.<\/p>\n<p>I don&#8217;t think that follows.<\/p>\n<p>But it is the case where there are discerned to be<br \/>\nreal threat, then they can have a better basis for<br \/>\nproduce kuling you.<\/p>\n<p>Taking that point and one thing that Stephen said,<br \/>\nabout Facebook and the loading up of information into<br \/>\nthe personal information into the web.<\/p>\n<p>The problem is, although you said that it&#8217;s your<br \/>\ninformation that custodians of it, but you have lost<br \/>\ncontrol over it.  That is the fundamental problem that<br \/>\narises.  In the real world, if you have information, you<br \/>\ncan disclose it or not and you can determine to some<br \/>\nextent how that is disclosed and you can deny it if<br \/>\nsomeone said you said this and you say I didn&#8217;t say<br \/>\nthat.<\/p>\n<p>I think budge of the things that has become very<br \/>\nimportant in recent discussions about the internet is<br \/>\nthis question of delete.<\/p>\n<p>The finding a mechanism so that what you do and say<br \/>\non the internet, can, at some point, deleted from it<br \/>\npermanently.  These incidents we have of people who have<br \/>\nwithin, things that they have said and done 30, 40 years<br \/>\nago have come back to haunt them in some way.  Your<br \/>\nyouth I think that&#8217;s one thing that clearly has to be<br \/>\nexplored more fully, is ways in which what you put onto<br \/>\nthe web can be deleted, either by you or by a process in<br \/>\nsome time, rather than remaining permanently cached<br \/>\nthere for someone 30 years later when you are seeking<br \/>\na position of high importance, to remind you that you<br \/>\nspent six hours a day for two years searching<br \/>\ninappropriate websiteses, whatever they may be.  That<br \/>\nrecords still remains.<\/p>\n<p>&gt;&gt; Stephen Lau:  When I talk about &#8212; you are right.  When<br \/>\nI talk about being custodian, this is what the law says<br \/>\nof your right.  You are the owner, however, yes, because<br \/>\nof internet, because of its interlinkage, because of<br \/>\ncloud computing and technology, you do lose sight or<br \/>\nlose control.<\/p>\n<p>Therefore, this right I use the word, the right to<br \/>\nbe deleted or the right to on security.<\/p>\n<p>It&#8217;s something nowadays individuals or consumer<br \/>\nwould like to have a control over.<\/p>\n<p>Whether in fact something could be deleted<br \/>\npermanently, completely, you will not be sure.<\/p>\n<p>You will not be sure.  Because it&#8217;s quite simple.<br \/>\nYou could Google something, if you use a different<br \/>\nexpression for the same thing, and you get different<br \/>\ninformation coming back at you.<\/p>\n<p>This is where complexity is, that&#8217;s why we are here<br \/>\ndiscussing technology advances, legal, laws, how they<br \/>\ncould cope or chase up with technology advances, we<br \/>\nalways falling mind and all this.<\/p>\n<p>I just want to make that comment.<\/p>\n<p>&gt;&gt; Ken Ngai:  I think we are running out of time.  Maybe<br \/>\nI let the other panellists to wrap up for one minute.<\/p>\n<p>&gt;&gt; Anthony Fung:  From the industrial point of view, is that<br \/>\nwe try to work in partnership from various level,<br \/>\nforming our own coalitions with advisers from different<br \/>\nindustries like antivirus and the NGOs, et cetera, that<br \/>\nwe try to work closely with the government regulations<br \/>\nand also one thing is that we try to educate our users<br \/>\nas much as possible along with simple guidelines,<br \/>\nhopefully the customers, consumers can be protected and<br \/>\nbe more educated if industry can offer simple<br \/>\nguidelines.<\/p>\n<p>For example, one very quick example is the child<br \/>\nexploitation and on-line protection unit in the UK.<br \/>\nThey recommend Facebook to put a red alert button on<br \/>\nFacebook if the child or the parent deem that content is<br \/>\noffensive, then there&#8217;s no other simpler way than<br \/>\nputting, than click on that one red button which sends<br \/>\nthat particular content to the police or 24\/7 basis.<\/p>\n<p>Simple work with the government and work with all<br \/>\ndifferent parties in industry.<\/p>\n<p>I was told that I spoke too fast in Chinese last<br \/>\ntime, so they couldn&#8217;t describe my speaking, so I do it<br \/>\nin English this time.<\/p>\n<p>&gt;&gt; Charles Mok:  I want to respond to this January&#8217;s question<br \/>\nabout the differences between enforcement if the real<br \/>\nworm and in the cyber world.  I think that is a lot of<br \/>\ntimes the real problem.  What you said made me think of<br \/>\nnew stories that I just read this morning from the<br \/>\ninternet and it was saying that someone who is an<br \/>\nnational guard in Mary land in the US, he was speeding,<br \/>\nhe was a motorbike irand he was speeding and he got<br \/>\npulled over by the state police and the policeman was<br \/>\nvery rude and was wilding a weapon, his gun and it just<br \/>\nso happened that the biker had a helmet on with a camera<br \/>\nand he filmed the whole thing and put it on Youtube.<\/p>\n<p>Who happened after that was a week later, he was<br \/>\narrested from home, woken from his bed, and taken away,<br \/>\nbecause he apparently violated some statute in Mary land<br \/>\nthat has to do with illegally filming or taking a record<br \/>\nof police action.<\/p>\n<p>So the case I&#8217;m reading the case has ing nighted the<br \/>\ndebate over whether police are twisting a decade old<br \/>\nstatute intended to protect people from government<br \/>\nintrusion on privacy to instead keep residents didn&#8217;ts<br \/>\nfrom recording police activity.<\/p>\n<p>I think that is a lot of times also the issue that<br \/>\nwe face, laws were made for another world and they are<br \/>\ntrying to enforce it in today&#8217;s situation and that<br \/>\ncauses a lot of problems.<\/p>\n<p>Finally, on a lot of the privacy issue that we talk<br \/>\nabout with Facebook, I just also want to report that,<br \/>\nactually, there are actually a lot of companies that,<br \/>\ntechnology companies that are very proactive in trying<br \/>\nto get together like Anthony was talking about, to try<br \/>\nto do something about protecting various privacy and<br \/>\nother issues on the internet.  One example is a global<br \/>\norganisation called global network initiative.<\/p>\n<p>You can go to Google and find out more about it.<\/p>\n<p>Actually, there are three corporate members,<br \/>\nMicrosoft, Yahoo and Google, among other NGO founding<br \/>\nmembers.<\/p>\n<p>One of the things that they have been working on and<br \/>\nI&#8217;m a participant of, is a working group on account<br \/>\ndeactivation.<\/p>\n<p>There is a growing problem of people&#8217;s account,<br \/>\nemail account, Facebook accounts and so on, being<br \/>\ndeactivated for a number of unknown reasons, maybe<br \/>\nsomeone reported about you, I think that happened to<br \/>\nmany of us in Hong Kong with Facebook accounts, once you<br \/>\nhave become outspoken about certain issues, the groups<br \/>\nthat you created or your personal account would get<br \/>\nsomeone would report you for abuse and Facebook for<br \/>\na company like that, they probably don&#8217;t care to read<br \/>\nthe Chinese content in the postings and they just simply<br \/>\nwe got 50 complaints within a day, this must be pretty<br \/>\nbad, so let&#8217;s just cancel his account or suspend.  They<br \/>\ndo that a lot of time and there&#8217;s no appeal mechanism at<br \/>\nall.<\/p>\n<p>That is also an issue.  It&#8217;s not just an<br \/>\ninconvenience, it is an issue that has to do with<br \/>\nfreedom of expression.<\/p>\n<p>That is actually, for example, one of the working<br \/>\ngroups in GNI, that we are working on to try to set up<br \/>\nsome sort of standards and appeal mechanisms and so on,<br \/>\nso the users can try to work with these social media or<br \/>\nemail providers and so on, these companies to try to<br \/>\nhave a more established and transparent way of making<br \/>\nappeals and their policy of removal of account,<br \/>\ndeactivation of account.<\/p>\n<p>The problem is Facebook, unfortunately, is really,<br \/>\nthey just don&#8217;t do anything.  They just don&#8217;t still<br \/>\nhasn&#8217;t responded to any of our demands or requests for<br \/>\ntalking to them.<\/p>\n<p>&gt;&gt; Stephen Lau:  I just want Priscilla, you have hard word<br \/>\nfor the panel and particularly related internet and<br \/>\nchild abuse or protection thereof.  Maybe you like to<br \/>\ngive us advice or some consideration.<\/p>\n<p>&gt;&gt; Priscilla Lui:  Like Charles, we have a lot to say, but<br \/>\ntime is limited and yet, I would like to use this as<br \/>\na summary.<\/p>\n<p>Because while Charles mentioned about collaboration,<br \/>\ncommunication, working together, I think it&#8217;s a very<br \/>\nimportant area.<\/p>\n<p>I hope that more and more, the industry, the field<br \/>\nand so on and so forth, would allow children to join in<br \/>\nand would allow parents, citizens to join in more and<br \/>\nmore time would be allowed to listen to them.<\/p>\n<p>So that we&#8217;ll know the difficulty, we&#8217;ll know some<br \/>\nof the recommendations and the way that they solve their<br \/>\nown problems.<\/p>\n<p>Let me use this to end my sharing.<\/p>\n<p>I remember during the cope even Hague even<br \/>\nconference on the environmental protection and Al Gore<br \/>\nwas being interviewed, because of time limit, he was<br \/>\nasked to give one answer to the solution and of course<br \/>\nthere is no one answer and he said of course it would be<br \/>\nimportant for the government to take the lead, it would<br \/>\nbe important to have a visionary leading government in<br \/>\nthe community, but more important, it&#8217;s every it is zeb,<br \/>\nit&#8217;s not only the government, but everyone, who has the<br \/>\nresponsibility and it&#8217;s a collective responsibility,<br \/>\nalso in this particular area of concern, but please<br \/>\ndon&#8217;t leave out the basic concern, which is the law and<br \/>\nrules and administration which is very important,<br \/>\nparticularly for children and young children, the under<br \/>\n18.<\/p>\n<p>Because if you leave it to their own hands, they&#8217;re<br \/>\nnot in a position to protect themselveses, to that<br \/>\nextent.<\/p>\n<p>&gt;&gt; Stephen Lau:  Thank you, Priscilla.<\/p>\n<p>On behalf of myself and Ken, and on your behalf, let<br \/>\nme thank our speakers and our panellists for such<br \/>\nenlightened discussion on security, privacy and<br \/>\nopenness.<\/p>\n<p>We can provide the coupons upon which we have<br \/>\ndonated a certain amount of money in lieu of a souvenir.<\/p>\n<p>We have another for about 40 minutes to go.<\/p>\n<p>So please stand up, stretch your legs and go to what<br \/>\nAmericans call comfort station if you wish to and while<br \/>\nwe switching name plates and resetting.<\/p>\n<p>&gt;&gt; :  Now the volunteers will distribute feedback form to<br \/>\nyou, so please kindly fill it in and return to the<br \/>\nregistration counter, if you finish it.<\/p>\n<p>Now we will have some time for the set-up, so you<br \/>\nmay use the time to fill the form.<\/p>\n<p>               (Short break)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security, Openness and Privacy ________________________________________________________________________ REAL TIME TRANSCRIPT: Security, Openness and Privacy Hong Kong IGF 14:30-17:00, Thursday 17 June 2010 Hong Kong DISCLAIMER: Due to the inherent difficulties in capturing a live speaker&#8217;s words, it is possible this realtime transcript may contain errors and mistranslations. An edited version of the realtime transcript which amends the &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/event.rigf.asia\/2010\/hong-kong-igf-june-17th-2010-session-3\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Hong Kong IGF \u2013 June 17th, 2010: Session 3&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"class_list":["post-365","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages\/365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/comments?post=365"}],"version-history":[{"count":1,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages\/365\/revisions"}],"predecessor-version":[{"id":560,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages\/365\/revisions\/560"}],"wp:attachment":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/media?parent=365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}