LCQ14: Technology crimes

Following is a question by the Hon Sin Chung-kai and a written reply by the Secretary for Commerce, Industry and Technology, Mr John Tsang, in the Legislative Council today (March 17):

Question:

It has been reported that crimes involving information technology (IT), particularly those relating to online games, rose substantially in the past year. In this connection, will the Government inform this Council:

(a) of the number of people arrested for crimes involving IT over the past 18 months and, among them, the number of youngsters who were aged 18 or below;

(b) whether it has formulated measures or guidelines to strengthen the security level of online games, such as requiring that game systems meet specific security standards or be subject to regular security audits; and

(c) whether it has formulated measures to strengthen the promotion of "Cyber Ethics" and awareness of information security, so as to educate children and youngsters on the correct attitude and conduct to adopt when using IT, and enhance the level of the public's security awareness in handling day-to-day computer information; if it has, of the details of such measures?

Reply:

Madam President,

(a) Technology crimes refer to crimes targeted at computers or computer systems (such as unauthorised access to servers or defacement of websites) and crimes committed via the Internet (such as online gambling). Thus, most of the crimes arising from online games could be categorised as technology crimes. Common crimes related to online games include unauthorised change of other online game players' account passwords resulting in loss of control over their accounts, theft of virtual weapons from other online game players' accounts, and refusal to pay or hand over virtual weapons after a virtual weapon transaction. In 2002 and 2003, the respective numbers of people arrested by the police for technology crimes were 68 and 108, of whom 20 and 27 were youngsters aged 18 or below.

(b) The Government attaches great importance to information security. Apart from promulgating information on information security management framework, standards and best practices for reference by businesses in different industries, the Government has written to professional organisations and trades associations inviting them to consider whether to formulate specific information security standards for their respective industries and establish audit mechanisms to certify compliance with such standards. The Government has invited the online game industry to, having regard to the information security concerns and needs of the industry, consider formulating information security standards and an audit mechanism for the industry, so as to strengthen the security level of online games.

(c) In 2000, the Education and Manpower Bureau (EMB) developed a set of IT Learning Targets outlining the essential IT knowledge, skills and attitudes that students should acquire at various stages of their schooling. One of the targets is that students should be trained to look out for improper and inaccurate information on the Internet and take measures to protect their own information while using the Internet.

Besides, the general computer courses in the junior secondary curriculum already cover such issues as copyright of computer information, data privacy and data security. Those in Secondary 4 and 5 are being taught the correct attitudes and values to be adopted in using computers and IT in the latest "Computer and IT" curriculum. Apart from topics like intellectual property rights and software licensing, students will also be led to explore the impacts of certain online activities including unauthorised access, indecent and false information, spam and computer virus. The main objective of the curricula is to provide students with the basic knowledge of legal and ethical responsibilities in computer and IT application.

To co-ordinate and devise plans for promoting computer and cyber ethics, EMB established a committee in collaboration with a number of government departments and community organisations in October 2002. The committee has set up a "Cyber Ethics for Students and Youth" website (www.cesy.qed.hkedcity.net), provided advice and guidelines on the proper use of computers and Internet to schools, parents and students, and designed and produced relevant teaching resources for teachers.

Furthermore, the Television and Entertainment Licensing Authority, in addition to enforcing the Control of Obscene and Indecent Articles Ordinance, has also launched publicity and public education activities, like the "Ten Healthy Websites Contest" and "Creating a Healthy Cyber World", to provide guidance to children and youngsters on the proper use of the Internet so as to stay away from objectionable materials on the Internet.

To promote and enhance public awareness of information security, the Information Technology Services Department (ITSD) has implemented a series of measures including setting up the INFOSEC website (www.infosec.gov.hk), which is a one-stop portal to facilitate enterprises and the general public to obtain various resources on information security. ITSD has also prepared reference materials on information security for distribution to teachers and students of primary and secondary schools. Seminars are also organised regularly in schools to enhance students' awareness of information security. Besides, ITSD has produced several series of infotainment programmes and short educational messages on information security last year for broadcast on the television and radio. Starting from March 2004, a new series of short educational messages will be broadcast on the radio as a continuous effort to further enhance public awareness of information security.

Wednesday, March 17, 2004

- END -