HONG KONG – The Law Reform Commission of Hong Kong has published a report recommending the introduction of a new legislation to address five types of “cyber-dependent” crimes that can be committed only by using information and communications technology devices.
The crimes to be targeted by the legislation are: illegal access to programs or data, illegal interception of computer data, illegal interference with computer data, illegal interference with computer systems, and making available a device, program, or data for committing a cyber-related crime, according to the government.
The commission proposed a maximum penalty of life imprisonment for aggravated forms of interference offenses involving danger to life, for example, interference with a railway signal system.
Welcoming the publication of “Report on Cyber-Dependent Crimes and Jurisdictional Issues” on Friday, the special administrative region government said it would conduct a thorough study of its recommendations.
The recommendations would further refine existing legislation addressing cyber-dependent crimes, thereby enhancing the effectiveness of combating such criminal activities, a government spokesman said in a statement.
Before proposing the new legislation, the commission's Cybercrime Sub-committee studied current laws in Hong Kong, as well as corresponding laws in Australia, Canada, the Chinese mainland, New Zealand, Singapore, the United States, and England and Wales.
RELATED ARTICLES
- Call for proactive defense amid rising cyber threats
- E-shopping fraud losses hit HK$356m in 2024 amid ticket scam surge
- DoJ intensifies crackdown on cybercrime, boosts cross-border collaboration
- HK officials vow to ramp up prosecution services to thwart tech crime
The commission highlighted in its report that different computer-related offenses are covered in Hong Kong’s Crimes Ordinance and the Telecommunications Ordinance currently, but that some of these are outdated.
All of the other jurisdictions studied have legislated against the five types of cyber-dependent crime identified either through bespoke cybercrime legislation or by dedicating a part of their codified law to cybercrime, it added.
Recommending that unauthorized access to programs or data without lawful authority should be a summary offense, the commission stressed that an aggravated form of the offense arises if the unauthorized access is accompanied by an intent to carry out further criminal activity.
The commission also recommended that unauthorized interception of computer data carried out for dishonest or criminal purposes should be deemed an offense, which would protect both private and non-private communications, and would apply to data generally.
Both illegal interference with computer data and computer systems, and knowingly making available a device, program, or data for use in committing a cyber-related crime, should be offenses, the report proposed.
In line with international norms, it recommended that Hong Kong law should provide for the extra-territorial application of the five cyber-dependent offenses, and that the city’s courts should have jurisdiction in cases where connections with Hong Kong exist.
As the severity of the harms caused by cybercrime is wide-reaching, the commission proposed that each of the proposed offenses should carry a maximum sentence for summary convictions of two years’ imprisonment, and one of 14 years’ imprisonment for convictions on indictment.
The report represents the commission’s first set of findings following the issuance of a consultation paper in 2022, and those responses to the paper were taken into account in formulating the recommendations contained in the latest report.
The commission said its Cybercrime Sub-committee is also conducting further research into other aspects relating to cybercrime.
