Charles Mok 可圈可點

Tuesday, November 17, 2009

尋找保護與開放數碼版權之間的平衡

施政報告提及政府將於來年立法，保障數碼環境中的版權，於是去週政府向立法會工商事務委員會提交該名為《在數碼環境中加強保護版權的建議》的文件。在二零零七年當局已開始...更多

請各位移師信報論壇，多回應討論！感謝！

Friday, November 13, 2009

Should IP addresses constitute personal data?

The IT sector is among the sectors most directly affected by this ordinance

The government’s consultation paper for the review of the Personal Data (Privacy) Ordinance (PDPO) is long overdue. The ordinance was passed in 1996, before the Internet became popular—let alone Web 2.0 and social media—and is thus far behind public awareness and expectation.

The public naturally wants “maximum protection,” but as the consultation document rightfully states: “balance is needed between safeguarding personal data privacy and facilitating continued development of information and communications technology,” and the ordinance “should remain flexible and relevant” in spite of technological change”—that is, it should maintain technological neutrality.

Sensitive data

Nonetheless, the IT sector is among the sectors most directly affected by this ordinance. An example: the proposal in the consultation document that biometric information be classified as “sensitive personal data”—a new introduction to the ordinance that would call for a higher degree of protection by the data users, and hence heavier punishment in case of data-leakage. The government’s rationale is that such biometric data are inalterable, thus damage caused to data-owners would be severe and permanent.

However, why single out biometric data to be made “sensitive,” while in other jurisdictions such as Australia and the UK, sensitive personal data includes criminal records, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, health information, and sexual orientation?

In fact, ever since the Privacy Commissoner's Office issued a directive earlier this year, repudiating the use of fingerprint technology in schools for attendance keeping, the effects have already been chilling for local companies providing such solutions. While the PCO guidelines maintains that biometric solutions are acceptable as long as it is not mandatory, or that such high level of secure access control is justified for its purpose, nonetheless many biometric solution providers have simply seen their business dry up since this summer.

Another main concern for the IT sector is the proposal to regulate data processors—such as application developers, Internet service or web hosting providers, which provide outsourced services to the actual data users that hold the personal data of the subjects. Previously, data processors were not regulated by the ordinance. With the advent of cloud computing, this is a void to be addressed.

All users affected

Should data processors be regulated directly by the ordinance, or indirectly—meaning the data user must “ensure that its data processors provide security protection to personal data at a level comparable to itself,” as required by the ordinance? Data subjects would have redress against data users, who would in turn have redress under contractual law with the data processor.

There are many other areas in the consultation that will affect all businesses handling any type of personal data, including its customers and employees. For instance, should there be mandatory disclosure to data subjects in case of a breach? Also, the document proposes further empowering the Privacy Commissioner by making it an offense in cases of unauthorized obtaining, disclosure and sale of personal data—or repeated contravention of a data protection principle—and allowing the Commissioner to impose monetary penalty on serious contravention of data protection principles.

However, the document also reveals some recommendations made by the Commissioner but not taken up by the government—the IT sector should consider whether IP addresses constitute personal data. While IP addresses by themselves won’t identify users, there are circumstances where combined with other data, IP addresses will be critical in identifying their users. It is unfortunate that the government has chosen not to even consult this important issue, which would produce better guidelines for the industry going forward.

The Personal Data (Privacy) Ordinance consultation document is at http://www.cmab.gov.hk/doc/issues/PDPO_Consultation_Document_en.pdf and the deadline for responses is November 30, 2009.

Published on Computerworld Hong Kong November 2009 Issue

Thursday, November 12, 2009

寫網誌要申報利益？

「…即使廣告商與博客建立關係從而推廣其產品，本亦無可厚非，但從博客作者方面而言，建立其網誌的名氣和讀者群也非朝夕，如果被發現『造馬』或不中立，只會得不償失。」

第一屆香港網誌年會（HKBloggerCon 2009）上周六由一群本地博客，自發性地在籌劃多時後，終於完滿舉行。由於博客的精彩多樣性，討論議題眾多，有來自不同界別、不同年齡層人士共同分享，由老人家至學生，有成功商業模式的博客之餘，也有社福機構和老師講述心得。

筆者參與其中一部份的討論是近期本地博客熱門話題之一：寫網誌要不要申報利益？事關最近美國聯邦貿易委員會（FTC）剛引入了新指引，要求廣告商在現行法例下申報所有專家和代言人關係，無論是名人、明星、專業人士或普通消費者，抑或是團體。FTC 在指引中列出了新的例子，包括博客在收受了金錢或其他物件或服務的好處，而在其網誌上的發表的言論，即博客要申報這些「實質關係」。而所謂「網誌」在此其實也包括在社會媒體如 Facebook、MySpace 等發表的言論，新指引將於 12 月 1 日生效。

除了美國之外，英國和歐陸其實更早已有此例，於去年 5 月已執行，而且更嚴厲：沒申報所寫內容是「收了錢」的，可以被判最高入獄兩年！即使一家公司出版內容而「假扮」個人，亦屬違法。歐美國家消費者保障法律完善（當然也有人會覺得過份），這些管制是跨媒體而並非獨特針對互聯網和博客的。

大家也許會問，香港政府會否立此法例？筆者相信不會，因為香港的消費者保障法例不強，很多更重要的問題仍未處理，甚至如失實的廣告內容也未設有專責處理公平貿易和公平競爭的執法機關，相信不會突然只針對網上內容這相對小問題立法。但我們仍須注意這方面法律的國際趨勢，例如新加坡政府最近突然表示，會考慮立法要求博客申報所收受的任何金錢或利益。

但新加坡不像歐美一向重視消費者權益或早已設有嚴厲法律，為何突然有此一舉？請注意，新加坡針對博客申報利益，卻非針對廣告商。當地媒體專家指出，建議雖被形容以「保障消費者」為目的，似乎實質為了逼使現時收受讀者捐助的反對黨派網站和其他網上媒體，申報收益來源，從而打擊他們的收入。雖然暫時很難想像香港政府這樣做，但新加坡的例子值得引以為鑑。

話說回來，即使廣告商與博客建立關係從而推廣其產品，本亦無可厚非，但從博客作者方面而言，建立其網誌的名氣和讀者群也非朝夕，如果被發現「造馬」或不中立，只會得不償失。所以還是坦白最好，自行申報但堅守中立報導立場，其實也有達到平衡各方包括本身利益的機會。

刊載於《Hitech》 2009年11月12日

Tuesday, November 10, 2009

同一防火長城下的中港博客

剛過去的周末，第五屆的中文網誌年會(CNBloggerCon)、首次舉辦的香港網誌年會(HKBloggerCon)和亞洲博客暴樂祭(BlogFest.Asia)...

請各位移師信報論壇，多回應討論！感謝！

Thursday, November 05, 2009

香港資訊科技商會成立電子學習聯盟

教育局成立的『課本及電子學習資源發展專責小組』提交研究報告，建議來年度在部分中小學推行電子學習試驗計劃。資訊及通訊科技業界認為除了解決現行的教科書問題外，惟利用香港電子學習發展的優勢，才是長遠教學政策的方案。

業界認為政府可進一步諮詢資訊科技界的意見，包括有份發展電子學習技術的機構或專業人士，就有關的政策如知識產權、私隠、資訊保安方面，以至目前的技術、各種產品和服務的可行性。再者，從用者角度，包括辦學團體、內容供應商、家長及有關政府部門收集更多、更務實意見，匯集成具體的方案，以助香港發展電子學習模式。

為此，香港資訊科技商會成立電子學習聯盟(e-Learning Consortium)，召集人為黃岳永先生，成員來自商會及教育界、辦學團體、出版商及其他資訊科技界同業，支持機構包括香港教育城有限公司。在發布會中，電子學習聯盟公布未來一連串活動，包括電子學習方案名錄及電子學習展覽，以回應政府課本及電子學習資源發展研究報告，落實長遠電子學習發展。(節錄自香港資訊科技商會新聞稿)

「.香港」在哪裡？

「…反觀仍未諮詢落實程序和宣布如何、甚至由誰提供『.香港』的香港政府和香港互聯網註冊管理有限公司，就的確慢了半拍。」

上星期飛到南韓漢城參加 ICANN（互聯網名稱與數字地址分配機構）第 36 次會議。ICANN 是全球管理域名的最高機構，每年三次大會都在五大洲差不多輪流舉行。筆者今次應邀主持一個關於濫用域名系統（DNS Abuse）的論壇，討論 ICANN 和各國的公營、政府以至私人機關，如何在技術和規管等層面對付利用域名進行非法活動，例如釣魚式攻擊網站等，分享國際經驗。另外當然也利用機會參與了部分大會會議議程。

這次大會的主要議題和會後公布的重點決定，就是 ICANN 董事會通過「快速程序」（Fast Track Process），於 11 月 16 日起國家或地區可用其國家語言落實國際化域名（IDN），各非拉丁字母的本地語言頂級域名，例如中文的「.中國」、「.台灣」等，只要符合基本要求，例如政府及社區支持和穩定性評估，便可獲 ICANN 批准，快速投入運作。

雖然這程序被稱為快速，但其實 IDN 這概念絕不新鮮，十年前筆者營運互聯網供應商時，已引入一家新加坡公司的技術，在香港嘗試推行中文域名，但主要因為當年這技術並無國際標準，結果亦未能普及起來。十年過後，經過在 ICANN 體制裡多年討論和技術測試，這 ICANN 認可、將透過互聯網的根層域名管理系統（DNS）支援的IDN，終於將在明年可投入服務全球互聯網用戶。

每次提到增加新的頂級域名，很多人仍會質疑，目前已有「.com」等現成域名，為何還有新需求？但事實證明，全球域名數目每年仍以雙位數百分比增長，而全球互聯絡網人口增加速度最快的地方，是在非洲、亞洲、阿拉伯、南美等世界，這些地區當中很多人民根本不懂英語或其他拉丁語字母，使用現時的域名的確有困難。公平使用多元語言，讓他們可以在域名內使用自己的語言，其實也是他們的權利。

但上周媒體根據外電消息報道 IDN 的「快速程序」，有向筆者訪問的記者竟然錯誤以為，ICANN 將由 11 月 16 日起接受我們用戶申請中文域名，事實當然並非如此。其實 ICANN 作為域名中央管理機構的制度是這樣的：ICANN 負責頂級域名（TLD, Top-Level Domains）的認可批准權威機構，批出營運權委給 TLD 的註冊服務機構（Registry），包括國家地區頂級域名（ccTLD，如.cn、.hk、.tw 等），和通用頂級域名（gTLD，如.com、.net、.org、.info 等）；ICANN 並認可各國註冊代理機構（Registrars），讓他們作為各註冊服務機構的代理，接受處理用戶。而註冊服務機構是不能直接服務用戶的。

所以 ICANN 在 11 月中開始接受各國政府或獲授權機構申辦國際化域名，並非 ICANN 將接受用戶直接申請。事實上，中國負責 .cn 的中國互聯網絡信息中心早已以自家標準提供「.中國」域名註冊，今後只要轉至國際化標準平台即可。反觀仍未諮詢落實程序和宣布如何、甚至由誰提供「.香港」的香港政府和香港互聯網註冊管理有限公司，就的確慢了半拍，令香港在追及國際最新發展趨勢上，又再一次落後於中國內地，我們應該查找一下自己不足之處。

刊載於《Hitech》 2009年11月5日

Wednesday, November 04, 2009

Change The World -- My Remarks to PolyU Congregation Ceremony

I had the honor of giving the congratulatory remarks at the Congregation Ceremony for the Master Degree graduates of the Department of Computing of the Faculty of Engineering of the Hong Kong Polytechnic University this afternoon. Tonight, I also gave another remarks to the "outpost" graduates among this class from cities in China like Xian and Suzhou. Let me share with you my remarks, with the original in English and the translated version in Chinese also, below:

Professor Wai, guests, members of the Faculty, parents and most of all, the graduates,

It is my distinct honor today to make this congratulatory remark to you, the graduating class from the Department of Computing, on this special day of the Congregation ceremony.

It was twenty-four years ago when I myself graduated from university, and honestly speaking, the commencement speech at that time was the last thing I remember from the occasion. Nonetheless, the Congregation ceremony and this address should affirm each of your search for knowledge, confirm the effort and the achievement by each of you, and hopefully, inspire you to continue to make yourself a better man or woman, to contribute to society, your family and your country.

Today, as you receive your degree from the Hong Kong Polytechnic University in Computing, a field of study that is among the most rapidly advancing among all areas of technologies, you are facing limitless possibilities to shape the future, to create opportunities for yourselves and others. Twenty-seven years ago, when I first logged on to the Internet in my first year of college, and sent my first email, I could not have imagined how the Internet would change the world as it has now. Just imagine what the Internet and computing would be like, five years, ten years, or twenty years from now. Just imagine! And you will be right in the middle of this continuous, great evolution.

Two years ago, former U.S. President Bill Clinton gave a graduation address to the class of 2007 of Harvard University. He said, “Ordinary people have more power to do public good than ever before because of the rise of non-governmental organizations, because of the global media culture, because of the Internet, which gives people of modest means the power, if they all agree, to change the world.”

This is the world that we are in today. “Ordinary people” are now having more power to do “public good” than ever before. Public good, not just for the good of themselves, but for the public, for everyone. And this is because of three things. The rise of non-government organizations. That means NGOs, including all sorts of groups and institutions from civil society, non-commercial and non-governmental organizations, including professional associations. The global media culture, enabled by the Internet, where people can create, share, remix and re-use content and messages to reach and touch people from all corners of the Earth. And because of these developments, people of modest means, even average people, can change the world. But there is one catch: only “if they all agree.” You have to agree to have the will and the spirit to join the movement, to change our world.

And there is no better way to help change the world than through the development in the advances and applications of information technology, computing and the Internet. In another graduation speech given at Harvard University, also in 2007 but this time by Bill Gates, who was of course the founder of Microsoft but also the Chairman of his charitable foundation. He said, “The emergence of low-cost personal computers gave rise to a powerful network that has transformed opportunities for learning and communicating. The magical thing about this network is not just that it collapses distance and makes everyone your neighbor. It also dramatically increases the number of brilliant minds we can have working together on the same problem - and that scales up the rate of innovation to a staggering degree.”

He went on to say, “At the same time, for every person in the world who has access to this technology, five people don't. That means many creative minds are left out of this discussion - smart people with practical intelligence and relevant experience who don't have the technology to hone their talents or contribute their ideas to the world. We need as many people as possible to have access to this technology, because these advances are triggering a revolution in what human beings can do for one another.” And what will this revolution be about? It will be about the biggest threats facing human beings – they are: poverty, sickness, and the environment.

So, as you graduate today, I hope I can give you a little spark to ignite your passion for using your mind to change the world with what you know. In fact, as the motto of our Internet Society Hong Kong goes, “Ask not what the Internet can do for you, but ask what you can do for the Internet.”
I thank you, the Computing Class of 2009, in advance for the contribution you will be making in the years to come in changing Hong Kong, changing our country, and changing the world. Congratulations again on your graduation.

衛教授、各位嘉賓、工程學院仝人、各位家長及畢業生︰

在今天畢業典禮的重要日子，給各位，尤其為今屆電子計算學系的畢業生致祝賀辭，是我莫大榮幸。

回想起我二十四年前大學畢業時，誠然，那時的典禮演詞我早已遺忘。但是，我相信畢業典禮的意義，當能為你們追求學問以及種種努力成果作出肯定，也勉勵你們繼續努力，做好自己，為家庭、社會和國家作出貢獻。

今天，當你們取得香港理工大學的碩士學位，電子計算實在是一個發展最一日千里的科技範疇之一，你們正面對無限可能，創造將來，為自身、他人創造機會。二十七年前，當我初次登入互聯網，發出第一個電子郵件，實在難以想像互聯網會為今天的世界帶來翻天覆地的轉變。試想像，互聯網及電子計算科技發展在五年後、十年後，甚至二十年後會變成怎樣？你們正身處於這個變革不斷的年代。

兩年前，前美國總統克林頓為哈佛大學二零零七年畢業生發表畢業演說，他說過︰「正因為非政府機構的出現、全球媒體文化和互聯網的興起，給一般人賦予力量，只要他們都普遍同意，就能改變世界。普羅大眾比從前更有力量從事對公眾有益的事。」

這正是我們現今身處的世界。「普羅大眾」比從前更有力量從事「對公眾有益的事」。對公眾有益的事，不但為了個人，也惠及公眾以及所有人。這包含了三個原因。其一為非政府機構的出現，這裏包括公民社會中所有非牟利、非政府、專業機構和團體。其二為全球媒體文化的興起，讓人可以透過互聯網，創造、交流、重組各種資訊，影響無遠弗屆。正因如此，即使普通人也能改變世界。值得留意的是，這裏假設人們都普遍同意，並願意參與其中，共同改變世界。

要改變世界，實在沒有比互聯網、電子計算及資訊科技更理想的工具。於另一個哈佛大學二零零七年畢業典禮的場合中，身為微軟創辦人及其慈善組織主席的比爾•蓋茨，曾經這樣說過︰「低成本個人電腦以至互聯網的出現，為學習和交流提供更多機會。互聯網的神奇之處，不但在於其打破地域界限，使天涯若比鄰，也在於它能集思廣益，讓人們為共同目標而努力，使革新的步伐以驚人的速度前進。」

「與此同時，能夠接觸互聯網世界的人，只有全球人口的六分之一。這意味著許多具創見的人被這個世界拒諸門外——有能力和相關經驗的人，卻沒有得到科技的幫助，把他們的才華或想法與世界分享。我們希望更多人能接觸互聯網，因其正引發一場革命，人類將因此可以互相幫助。」這場革命所為何事？它正與人類所面對最大的威脅——貧窮、疾病和環境問題有關。

因此，在今天畢業典禮的大日子，我希望能夠燃起大家的熱情，運用自己的創見和力量來改變世界，就正如香港互聯網協會的格言所述︰「不問互聯網能給你所做的，該問自己能為互聯網做些甚麼。」

二零零九年電子計算學系的畢業生，日後你們將為改變香港、國家以至世界的未來作出貢獻，在此我要感謝你們，並恭祝各位鵬程萬里。