3rdPartyFeeds

US Firms Warn Against ‘Unprecedented’ Hong Kong Cyber Rules

(Bloomberg) -- US firms have warned that proposed cyber regulations could grant the Hong Kong government unusual access to their computer systems, highlighting the latest challenge to Western tech giants in the city.Most Read from Bloomberg‘Train Lovers’ Organize to Support Harris and Walz in Presidential BidPart of Downtown Montreal Is Flooded After Water Pipe BreaksClimate Disasters Are an Affordable Housing ProblemThe Asia Internet Coalition, which includes Amazon.com Inc., Alphabet Inc.’s Go Read More...

(Bloomberg) — US firms have warned that proposed cyber regulations could grant the Hong Kong government unusual access to their computer systems, highlighting the latest challenge to Western tech giants in the city.

Most Read from Bloomberg

The Asia Internet Coalition, which includes Amazon.com Inc., Alphabet Inc.’s Google and Meta Platforms Inc., is among the bodies that have in recent weeks criticized new rules that officials say are designed to protect critical infrastructure from cyberattacks. The city’s government said it aims to identify and designate specific organizations as critical infrastructure operators and ensure they take measures to safeguard their systems.

Critics argue the proposals give authorities overly broad powers that could threaten the integrity of service providers and rock confidence in the city’s digital economy. The local American Chamber of Commerce and Hong Kong General Chamber of Commerce have also submitted letters over the proposed legislative framework to a public consultation.

Two of the three groups flagged the rules — which some were concerned could apply to computer systems outside Hong Kong — as “unprecedented.” One of their key objections was to proposed investigative powers that would let authorities connect their equipment to critical computer systems owned by private firms, and install programs on them.

“Such unprecedented power directly intervenes in, and could have a significant impact on, a CIO’s operation and could harm the users of the services,” AmCham wrote in an Aug. 1 letter, referring to critical infrastructure operators. Such a move “is likely to have a chilling effect” on tech investment in Hong Kong, it added.

The government said in a statement late on Tuesday in response to the Bloomberg News report that its proposal “in no way involves the personal data and business information.” The statement added that “relevant legislation already exists in other jurisdictions, such as the Mainland, Macau SAR, the United States, the United Kingdom, Australia, the European Union and Singapore.”

Hong Kong will only seek out a court warrant to connect to computer systems or install programs in certain circumstances if operators won’t or can’t respond to potential cyber incidents. And the envisioned legislation won’t have “extraterritorial effect” beyond its jurisdiction, according to the statement.

A Google spokeswoman declined to comment on the concerns raised in the Asia Internet Coalition letter. Amazon and Meta didn’t respond to requests for comment.

Officials have said previously the cybersecurity bill is needed to protect the city’s economy, public safety and national security. They propose establishing a new commissioner’s office to oversee the legislation’s implementation.

Many countries have laws to safeguard strategic infrastructure and access networks — for instance, US law enforcement and counterintelligence agencies can conduct wiretaps with court authorization. But it’s rare for government agencies to try and gain access to private networks or information by directly installing software.

While Hong Kong’s internet remains largely free compared to mainland China’s Great Firewall, the city’s top US diplomat in March sounded the alarm over creeping online controls. President Xi Jinping’s crackdown on freedoms in the former British colony has fanned fears about the city’s reduced appeal as a finance hub.

Hong Kong recently showed its willingness to intervene directly with online content in its clash with Google over the hosting of pro-democracy protest songs on YouTube. The government — armed with a local court injunction — forced the American giant to block the videos, giving the city leaders a potent new tool to order the mass removal of content.

The relatively open flow of information in Hong Kong is a key draw for international businesses. Restrictions on Western tech firms and services could hamper efforts to revitalize the city’s image, which took a hit from years of Covid curbs and a Beijing-imposed security law, also criticized as being vaguely worded and too far-reaching.

Under the proposed new cyber rules, companies would need to secure their computer systems and disclose to the government serious breaches within two hours. Fines for offenses could range as high as HK$5 million ($642,000) and would be determined by a court, according to the proposal.

The legislation is likely to be submitted to the city’s Legislative Council by the end of this year and enacted, legal observers say.

While Hong Kong has a legitimate need for new cybersecurity rules, companies will be worried about protecting user data, said George Chen, co-chair of digital practice at The Asia Group, a Washington-based business and policy consulting firm.

“International platforms, especially cloud service providers, are also naturally concerned about the enforcement,” he added. The question will be “where to draw the line between protecting user data privacy and overall cybersecurity concerns.“

(Updates with the government’s response from the second paragraph)

Most Read from Bloomberg Businessweek

©2024 Bloomberg L.P.

Read More

Add Comment

Click here to post a comment