Wednesday, June 15, 2022

[FNF] Geopolitics Reshaping the Internet in East Asia

Geopolitics Reshaping the Internet in East Asia

How digital trade agreements and cyber infrastructure resiliency will hold the key to regional competition between the U.S. and China

U.S. President Biden’s recent official visit to Asia highlighted his administration’s emphasis on the U.S.’s Indo-Pacific strategy and the importance of the security of the region. With an increasingly belligerent Chinese regime, engaged in a supply-chain tug of war with the US while supporting Russia’s invasion of Ukraine, the threats of a similar Chinese invasion of Taiwan appear closer than ever before. East Asia is the most delicate flashpoint in today’s world, militarily, for both conventional as well as cyber warfare, and also the key battleground for trade and economic competition.

The growth of Internet commerce and digital economy in East Asia has been phenomenal over the past several decades, making it one of the most important regions in the world for opportunities in digital growth. Led by China’s huge Internet population, which at 765 million stands more than three times that of the U.S., and also other countries in the region, including developed economies such as Japan, South Korea and Singapore, as well as other developing markets with huge potentials such as Indonesia and Vietnam, demands for more advanced infrastructure to serve the region with better connectivity and higher performance, speed and resiliency have been insatiable.

However, after decades of growth in investment and improvements in connectivity, geopolitical realities have taken center stage. In particular, U.S.-China tensions have had the effect of limiting China’s connectivity to the rest of the world, as the U.S. has severely limited China’s ability to attain additional external bandwidth growth, while it has been actively building a new generation of digital economy and data exchange trade alliances. However, some of these efforts may be hampered by the trend of data sovereignty and digital protectionism in many nations in the region. The U.S. and its allies must realise these concurrent forces at play in order to overcome these obstacles and achieve the best outcomes for their pursuits.

U.S. ban on new undersea cables to Hong Kong has long-term effects for China

At the core infrastructure level of the Internet’s global connectivity lies the vast network of undersea submarine cables connecting the continents, and the trans-Pacific linkages between East Asia and North America are undoubtedly among the most critical connections in the world with among the highest demand. For decades, increasing investment in making more direct linkages between two of the biggest Internet markets of the world, China and the U.S., had been most intuitive and without question.

That changed around 2020, when various branches of the U.S. government raised concerns about the Pacific Link Cable Network (PLCN), which was then touted as the first direct submarine cable connecting Los Angeles, California, and Hong Kong, with high-profile investors like Google and Facebook (now Meta). There were two major factors of concerns: first, the landing of the cable in Hong Kong which was perceived to be a jurisdiction that no longer enjoyed enough autonomy from Mainland China, and second, the presence of a Chinese-owned partner among the investors of the cable.

Since then, at least four major submarine cables to Hong Kong with American investment and connecting to American landings have been canceled or rerouted to other locations, including PLCN itself:

PLCN: after the divestment of its Chinese investor, Google and Meta received U.S. approval in December 2021 to operate PLCN between the U.S., Taiwan and the Philippines, and to “pursue diversification of interconnection points in Asia including but not limited to Indonesia, Philippines, Thailand, Singapore and Vietnam.“ The connection to Hong Kong was dropped.

Hong Kong-Americas (HKA): The HKA consortium, which included HKA consortium comprising Meta, China Telecom, China Unicom, RTI Express, Tata Communication and Telstra, abandoned the project and withdrew its application to the U.S. Federal Communications Commission (FCC) in early 2021.

Bay to Bay Express (BtoBE): The BtoBE cable system, with Meta, Amazon, China Mobile as partners, was to connect California directly to Hong Kong, and then Singapore and Malaysia. It has been reconfigured to land in the Philippines, as the CAP-1 cable system, and once again Hong Kong was dropped as a final destination.

Hong Kong-Guam (HKG): The HKG cable system, owned by RTI and Google and their subsidiaries, was to connect Guam with Hong Kong, but its FCC application was withdrew in late 2020, with its future uncertain.

The consequences of the cancellations and rerouting of these important and high-capacity cables are severe for Hong Kong, making the growth of incoming and outgoing bandwidth capacity highly questionable for the immediate to medium term future, undermining its current role as a major telecommunications and datacenter hub of Asia. Indirectly, and more importantly, bandwidth connectivity growth for China will also be limited, as Hong Kong used to play an important transit role for the mainland. 

As a result, China may double down on its strategy to invest in alternative cables to connect to China, through state support or its state-owned telecom enterprises, such as its previous state-backed financial support with “low up-front costs and fast delivery” for developing economies and smaller nations such as East Micronesia and Papua New Guinea, but the scale and impact of these efforts remain limited.

Indeed, in China’s latest central planning documents of its five-year plans, including the one on digital economy development, Beijing has placed significant emphasis on upgrading its domestic and international digital infrastructure, including setting up datacenters in its western inland region to “compute the data from the east,”as well as using the Greater Bay Area (GBA)in the south to create a “international data free trade port,” which will be “powered by a global network of undersea cables planned for the district.” The chosen hub for the GBA, however, is the city of Nansha, in Guangdong Province, not Hong Kong. Given current global geopolitical tensions, such development, even if they are to progress, will likely not involve much or any foreign investment or participation, which, for undersea cable networks, may spell doom for its effectiveness and success. As undersea cables typically take years to decade to plan and build, and have a lifecycle of several more decades, the current slowing down of China’s future capacity improvement will carry long-term effects for China.

China’s aggression in the South China Sea creates regional Internet chokepoint

The South China Sea is a heavily traversed water on the surface, and at its seabed there are “at least 15 submarine cables, each owned by up to 60 international entities,” with China claiming vast water in the region with its infamous “nine-dash-lines." Many of the cables in the region, with consortium partners covering many of the major telecom operators in the region and around the world, as well as others like Internet content providers such as Meta, are said to have been delayed or forced to rerouted to bypass certain areas.

In the not too distant past, datacenter investments in the region were centered around the three main hubs of East Asia, being Japan, Hong Kong and Singapore. Just as operators may be forced to bypass Hong Kong in favor of Taiwan or the Philippines, now if they need to mitigate the additional risks of the South China Sea, it will be natural to reroute their submarine cables as well as datacenters to around the eastern edge of the Sea, through the Philippines, Indonesia and Brunei, or Vietnam and Thailand around the western edge.

With such geopolitical factors, along with demands driven by domestic and regional digital demands from smart cities, cloud adoption, digital commerce, 5G and so on, these economies are experiencing a tremendous boom in datacenter constructions. According to its own government, the Philippines ranks second in Southeast Asia in datacenter market growth, with Manila having a CAGR of 14.2 percent, just below Vietnam’s 14.5 percent. The datacenter market of the country as a whole will reach 11.4 percent by 2026, with investments of over USD535 million.Telstra, Australia’s incumbent telecom operator, even flatly states that “Asian connectivity has traditionally focused on the hubs of Hong Kong, Singapore and Japan but now is increasingly moving to Taiwan, the Philippines, Korea and Australia."

As for Taiwan, which has already been very successful in recent years attracting OTT (over-the-top, that is, content or application service providers) players to invest in large-scale datacenter on the island, such as Google, Meta and Microsoft, will continue to see rapid growth in its datacenter market, estimated to grow at 23.6 percent over the next five years, reaching USD4.47 billion.

Data trade and digital economy agreements can align geopolitical and economic interests

In April, Canada, Japan, South Korea, the Philippines, Singapore, Taiwan (Chinese Taipei) and the U.S. jointly established the Global Cross-Border Privacy Rules (CBPR) Forum, pledging to promote interoperability and bridge regulatory differences on data and privacy protection, and to establish an international certification system to support free flow of data across borders.While some of these countries or economies may have individual bilateral agreements among themselves and with others in, for example, Europe, the clear trend is for these agreements to be more multilateral and cover more jurisdictions in order for potentially more uniform rules to be established.

On a broader level, the Indo-Pacific Economic Framework (IPEF), proposed by U.S. President Biden during his recent trip to Asia, also put digital trade at a high priority, being mentioned first in the first of four pillars in the proposal. Indeed, the White House cited in its declaration that the partners “will pursue high-standard rules of the road in the digital economy, including standards on cross-border data flows and data localisation,” pledging to “benefit from the region’s rapidly growing e-commerce sector, while addressing issues such as online privacy and discriminatory and unethical use of artificial intelligence.” The thirteen initial members are the U.S., Japan, India, South Korea, Australia, Indonesia, Thailand, Singapore, Malaysia, the Philippines, Vietnam, New Zealand and Brunei — comprising of the countries around the South China Sea. Taiwan, which is not included in the IPEF, most likely will be involved in some other ways, as the U.S. and Taiwan have just stepped up its bilateral trade talks, in parallel of the IPEF efforts.

However, the obstacles facing the IPEF partners in concluding final digital trade and data exchange agreements should not be under-estimated. Data sovereignty laws and regulations, taking the shapes and forms of cybersecurity laws, data and privacy laws, or even national security laws, have been established across many jurisdictions in the region. Some countries, like India and Vietnam, similar to China, has established data sovereignty laws requiring data and servers to be stored locally. Vietnam and India also require any foreign online service providers to set up a local branch or representative to be legally accountable and able to respond to government orders and requests.

On the other hand, some other countries in IPEF are more interested in setting up the baseline, framework and rules for data flows and exchanges with other countries. For instance, Singapore has taken the approach of proactively establishing bilateral or multilateral digital trade agreements and data exchanges rules with other countries, such as an agreement with Chile and New Zealand together, and other bilateral agreements with Australia, the U.K., and South Korea, respectively. The country takes the position, similar to the U.S., that data localisation is detrimental to economic growth, financial transparency and cybersecurity.

Protectionism in the region threatens to undermine the reaching of trade agreements

In addition to the trend of data sovereignty in individual countries in the region, there are also legislations in some of these countries that may be deemed as protectionist, and they may become a factor that undermines the final trade agreement to be reached. For instance, a number of recent legislations in Japan and South Korea were established to “level the playing fields” between domestic and foreign telecom or OTT players, with the rationale that foreign service providers such as video, content, cloud or social media platforms should be regulated in the same ways a domestic company would be. For the foreign platform company, they may see the rules as protectionist and made in favor of the domestic incumbent telecom and Internet players.

The Telecommunications Business Act of Japan in 2021 extended regulations over data breaches or communications failures to cover even companies that did not have an office presence or did not host any telecom equipment in Japan, as long as their services were deemed to be provided for the Japanese markets, such as being marketed in Japan, using the Japanese language, or using the Japanese Yen for payment.

Also, South Korea’s amendments to the Telecommunications Business Act (TBA) of 2021 forced the mobile app platform companies to open up their app payment monopolies. The primary target is of course Apple. In addition, the country’s recently proposed amendments to the TBA establishes new interconnection rules for Internet service providers and value-added telecom service providers, such as content providers, that operate in South Korea, requiring them to pay a “sender pays” interconnection fees to the incumbent domestic telecom companies.The primary target appears to be Netflix.

The way forward

Clearly, the Internet, e-commerce and digital economy in the East Asia region are of critical economic and strategic importance to the U.S. and its allies. On the other hand, in today’s digital era, the security and resiliency of the cyber infrastructure and the electronic transactions must also be safeguarded against threats from all adversaries.

Hence, the U.S. and its allies must take proactive steps to strengthen its cyber resiliency in the East Asia region. Indeed, this should be one of the most important key policy objectives for the U.S. in its Indo-Pacific initiatives. The IPEF and CBPR efforts are just the first steps and they will be of critical strategic importance in achieving these goals, and countering China’s “Digital Silk Road” efforts with its Belt and Road partners.

Specifically, the U.S. and its allies must:

1. Establish data flow and technical security standards and rules for undersea cable infrastructure, from construction to operation, and take concrete measures to support and encourage submarine cable investments with partners as part of the IPEF negotiation and final arrangements. To facilitate the consortiums of investors making long-term and large-scale investments for such infrastructure, the U.S. should take the lead to improve the speed and transparency of its licensing and permitting process for these cables investments.

2. Work together to redesign, upgrade and factor in all necessary safeguards for the region’s cable infrastructure, and work around the South China Sea and other chokepoints, to achieve higher degrees of resiliency, security and redundancy.

3. Endeavor to achieve wider multilateral agreements on standards and certifications for data flow and exchange, starting with CBPR, and expanding the coverage to more countries in the region and globally, and in the process emphasising the values of trust,  openness, fairness, security and privacy, in order to maintain global leadership in digital trade against the China-Russian model of digital authoritarianism.

*Charles Mok is a visiting scholar with the Global Digital Policy Incubator of the Cyber Policy Center at Stanford University. He represented Information Technology in Hong Kong's Legislative Council as a Member of Parliament from 2012 to 2020.

Sunday, May 22, 2022

[天下] Can Hong Kong block Telegram? | 香港政府能封鎖Telegram嗎?

Can Hong Kong block Telegram?

In a committee meeting of the legislature of Hong Kong, the territory’s Privacy Commissioner made a comment on her dissatisfaction with “certain overseas platform” in its handling of requests to remove doxxing information. With these cases numbering “sometimes over 200 a week,” the commissioner said she would consider further actions to escalate. 

And then, a local media leaked the platform in question to be Telegram, a popular messaging application. Right away, the Hong Kong public were asking, will the authorities block and ban Telegram? A whole host of pro-government legislators jumped at the opportunity to call for a blockage. And international media such as Bloomberg reported the news to the world as another example of Hong Kong’s recent draconian measures against freedom of expression. 

To block or not to block? Blocking Telegram is easier said than done. Those in the tech sector will remind others of Russia’s attempt to do exactly that, and it failed. Can Hong Kong achieve what Russia couldn’t? In 2018, the Russian government demanded Telegram, which actually was founded originally as a Russian company, to provide its encryption key to officials, so that the government could try to monitor content on the platform. Telegram refused, and then the Russian government blocked the IP addresses used by Telegram. 

There was just a problem — Telegram is not a website, but an Internet based application service. When Russia blocked those IP addresses used by Telegram on a dynamic basis, those other services or websites sharing the same common cloud platforms used were also affected. We are talking about popular global cloud platforms such as AWS, Microsoft Azure and Cloudflare. Those “accidental victims” that were blocked even allegedly included some of Russia’s government’s own websites. 

Four years have passed, are there any new ways to block? Apparently not. The whole Internet today may actually be even more reliant on such cloud services. Indeed, in June, 2020, Russia actually “unblocked” Telegram. Most ironically, the Russian government was found to be using more and more of this messaging platform over the years, including official and legitimate services to citizens, as well as using it to spread disinformation. 

Some people may ask, well, then, why can China do it? And not only Telegram, but a wide range of other websites and services. If they can, why can’t Russia and Hong Kong? The simple answer is that the Great Firewall of China — its notorious censorship mechanism — is based on a series of infrastructure and policy elements that most notably depended on having government agencies and state-owned telecom enterprises keeping absolute control over its Internet gateways to outside of the country, beginning from decades ago when the Internet infrastructure was built for China. 

That was, and is, not the way in Russia or Hong Kong, and probably any other country in the world save a few like North Korea. It’s not as simple as passing a new law, or setting up a new piece of censorship software, to “become like China.” So, the other countries most likely will have to undertake a series of targeted means — technical, administrative and legal — to “handle” the content undesirable to their autocratic rulers. 

So, all we can say is that, if Hong Kong wants to find a way to block Telegram, it probably won’t be easy, but no one can stop them from trying. 

One may recall that back in 2019, during the season of anti-extradition bill protests, there were also news leaks from the Hong Kong government about how it was “seriously considering blocking Telegram.” Presumably because of the technical difficulties, that did not happen. However, late in that year, the government applied for, and was granted, a court injunction to prohibit anyone from “wilfully disseminating, circulating, publishing or re-publishing on any Internet-based platform or medium (including but not limited to LIHKG and Telegram) any materials or information for the purpose of promoting, encouraging or inciting the use or threat of violence, intended or likely to cause bodily injury or property damage unlawfully in Hong Kong.” Telegram, along with a local bulletin-board style platform LIHKG, were indeed singled out since two and a half years ago. 

Since then, numerous Telegram group administrators have been arrested, charged and sentenced for a variety of charges of crimes. So if the authorities are still feeling that is not enough, and a technical blockage of Telegram may be difficult, then what can they do? The first possibility is to find an “excuse” to apply to the court for the two main mobile operating system platforms of Apple and Google to remove the Telegram app from their online stores. That way mobile phone users registered in Hong Kong will not be able to directly download and install the app, but users registered from other locations, as well as local users who already had the app on their phones or PCs, will still be able to use it. 

But if the Hong Kong authorities do that, international reaction must be one of immediate and inevitable indignation, and almost guaranteed to draw the attention of western governments, with little practically meaningful effect to block. Is that worth it? In today’s Hong Kong, nobody can bet against the authorities’ irrationalities. 

Some may suggest, why can’t Hong Kong legislate to ban Telegram altogether, so if anyone is found to have it on their phones or PCs, they can be fined or prosecuted. Possibly, in today’s completely submissive and obedient Hong Kong legislature formed after a “perfected” electoral reform, passage of such a law may not be a difficult task at all. 

However, blocking certain applications, websites or even companies by naming them in the law is still somewhat unprecedented, and it may not be as easy as it sounds to define the scope of the blockage. I would rather point out that for authoritarian regimes, rather than banning a given list of services, they may prefer to set out a set of vague and broad criteria of what would be illegal, for highest flexibility and maximum reach, that is, similar to the injunction of 2019. 

In the past week, conflicting news emerged such that, on the one hand, some media outlets reported that the authorities would seek guidance from China in order to adopt “the most vehement ways” to block Telegram, while other sources revealed that the authorities privately acknowledged the technical difficulties and were only raising the rhetoric to pressure Telegram to improve its compliance. 

Well, no one can predict the future action of an irrational regime, but the fact remains that personal data protection and privacy protection by law in Hong Kong has been cornered into “anti-doxxing” alone, a rather disproportionate way of handling a matter of huge importance to citizens’ protection as well as a territory’s economic development. 

Certainly doxxing is not to be condoned, but any attempt, legal or otherwise, to mitigate this issue may be done in balance of other important factors including freedoms of information and the media. Of course, in reality, such expectations are increasingly impractical and untimely for today’s Hong Kong.

What I found most “interesting” about the two sides of this discussion — the pro-Beijing faction calling for strict blockage of such foreign platforms, or the citizens concerned about losing yet another service for their day-to-day use — few seem to remember that even if Telegram is “successfully” blocked in Hong Kong, doxxing of these same targets will continue to carry on outside of Hong Kong. The “extraterritorial jurisdiction” put into Hong Kong’s privacy laws, including the doxxing related amendments passed in Hong Kong last September, are still very hard to enforce. Simply pushing doxxing out of sight in Hong Kong hardly solved the problem.

So the current controversy is also about the impracticality of extraterritorial jurisdiction of the law. The government and the legislature like to put this in all the digital-related laws, almost as a manifest of “digital sovereignty,” even though it is harder and harder to receive recognition for such jurisdiction right from regimes overseas, as Hong Kong becomes more and more isolated diplomatically and internationally. Will Hong Kong’s next step be to legislate to be able to forcibly hold foreign companies accountable for everything that happens outside of Hong Kong, resulting in a de facto eviction of more global companies from Hong Kong?

So, if we are to ask the question, what a Telegram block will mean for Hong Kong’s free flow of information and its role as a regional information center and commercial hub? I can only say that these past descriptions of Hong Kong’s role as a center and hub have been slipping farther and farther away in these two years. Hong Kong’s sharp decline indeed is a huge contrast to Taiwan’s digital economy development. 

May Hong Kong also serve as a reminder for vigilance and a caution to how delicate and easy that freedoms can be stripped from a previously vibrant society.

Published: CommonWealth Insight on May 25 2022 

https://english.cw.com.tw/article/article.action?id=3233&from=search


香港政府能封鎖Telegram嗎?

最近聽說,香港私隱專員在一個立法會委員會上說,有些海外平台對香港「起底」的指令不夠合作,有時一個星期多達200多宗個案,會考慮如何處理。接著又有消息傳出,這個平台就是Telegram。一眾立法會議員自然爭相出來要求禁用。

然而,禁用Telegram,說易行難。科技界最直接的回應是:俄羅斯都不能,香港能嗎?

俄羅斯都不能禁用Telegram,香港能嗎?

2018年,俄羅斯政府要求Telegram這個由俄羅斯人創辦的社群媒體提供加密鑰匙,讓政府能審查平台上的內容。Telegram拒絕了,於是政府企圖把它的IP地址屏蔽,然而,Telegram是個應用程式,不是單一網站,俄羅斯政府要求網路供應商禁止所有相關IP地址,副作用就是令其他同時使用同一雲端服務的網站全都一起被屏蔽,不能登入。被波及的包括AWS、微軟,據說甚至還有俄羅斯政府自己的一些網站。

4年過去,有新的方法「解決」這個問題嗎?似乎沒有。整個網路世界比以前更依賴雲端服務,要避免屏蔽一個app帶來的副作用,可能只有更難。俄羅斯在2020年6月對Telegram「解禁」,而諷刺的是,在解禁前後,俄羅斯甚至加強利用Telegram,包括在上面散播假新聞。

有人會說,那麼,為什麼中國能禁?不只Telegram,還能禁止千千萬萬的不同網站和服務?簡單回答,中國的「防火長城」是以政府機關和國營企業完全控制網路對外的出入口,數十年來都禁止大型平台在國內運作,香港、俄羅斯的情況不是如此,也不是一朝一夕就可以變成中國的「國家全面控制」狀況。所以,他們只能用其他方法,針對性地禁止一些內容或服務,而這些做法在科技上限制較大,多數只能以行政手法對「問題」逐一處理。

所以,香港若想以技術方法全面禁用Telegram,大概不能輕易做到。

香港要起底、禁用Telegram又有困難:政府會怎麼做?

不過,沒有人能說他們不會嘗試。回想2019年也曾有消息傳出,香港政府曾經認真考慮禁止Telegram和連登討論區,不過當時可能因為技術限制,最後沒有發生。反而在當年10月底,當局採取了以律政司向法庭申請禁制令的方法,禁止任何人「故意在任何基於互聯網的平台或媒介上傳布、傳播、發布或重新發布任何目的在於促進、鼓勵或煽動使用或威脅使用暴力的材料或信息」,禁制令中更指明「包括但不限於LIHKG 連登和Telegram」。

兩年多來,不少曾經在Telegram經營群組的管理員,都因為各種罪名被控告,甚至定罪入獄。那麼,如果當局覺得起底還做得不夠,完全在境內禁用Telegram又有困難,還有什麼其他可能手段?

第一個可能性,就是找出法律上的方法,甚至向法庭申請,要求蘋果和Google兩大應用平台移除Telegram,讓在香港註冊的手機用戶不能下載。當然,已經下載應用的用戶、或者是註冊於其他地區的香港用戶還是可以繼續使用,或者透過電腦版本使用。而香港政府如果真的向蘋果和Google施壓,將在國際上引起極大迴響,也幾乎一定會引起美國政府的反應。這作用其實不大,不過,即使只是「為做而做」,今天也沒人敢能說香港政府不會這樣。

另一種可能是,香港政府可以直接立法禁用Telegram,只要發現有人手機或電腦上有此應用,都可以罰款、檢控。在今天香港「完善」的行政立法合作下,很多人會覺得如今什麼法都能立吧?不過,在法例上直接點名禁止一個應用程式、網站或公司,不容易找到先例,而且如何定義禁止的範圍,未必那麼容易。我認為對於專制政權而言,如果能禁,何必只禁一個或幾個應用程式?倒不如定出一些模糊的原則,把這些立法規範化。

我可以指出這些原則上的考慮,但不能也不會估計香港政府會怎做,因為這些年來,政府有過太多非理性的決定了。也有人問,現時私隱條例中反起底條文的懲罰,是否合符比例?我也很難回答。因為香港的私隱條例和執行部門的工作焦點,已經變成了「反起底專員公署」,本身就是不合符比例的法例。我當然不認同起底的行為,但對任何罪行的處理,都需要平衡對社會各方面的利益和需要,起底一事對資訊和傳媒自由的影響,必須充分考慮,不能一面倒、一刀切。不過,近年香港的趨勢,這些想法恐怕都不合時宜了。

在近日的討論中,我感到最有趣的是,無論是想找方法禁Telegram的建制派,或是擔心不能再使用Telegram的市民,都只在思考禁或不禁這件事,大家像是忘記了,就算香港禁了Telegram,其他的平台仍然存在;起底的行為,恐怕還是會在香港以外繼續;而香港法例中的所謂「境外執法權」,執行起來仍是極為困難,名存實無。難道把這些起底問題和內容推到境外,就當是「做了」?

這次關於Telegram的爭議,多少是因為去年修改後的私隱條例的反起底條文的境外執法權,說來容易,但實施執行的能力有限,這是強行立了不可能有效執行的法例的問題。如不承認這一點,也許下一章的劇本,就是繼續強行在香港追究所有境外平台的海外責任,有可能變相把他們迫離香港市場。

所以,如果有人要問,若是禁了Telegram,將會如何影響香港的資訊流通自由和香港作為區域資訊中心和商業中心的地位?我只可反問,香港還有、還是這些東西嗎?

香港人透過香港整體的傳媒和網絡自由所能享有的言論和表達自由,在過去兩年急速下降,已經是不爭的事實,與台灣相比,更能突顯出兩地對資訊自由和網絡發展所走的相反方向。台灣除了應利用機會發展由本土走出國際的數位經濟商機,亦須把香港引為戒鑒,失去資訊和網絡自由的代價非常高,不能讓社會走上這條路。

(作者曾任香港立法會資訊科技界議員,現任美國史丹福大學全球數位政策中心訪問學者。)

Published: 獨立評論 @天下 on May 21 2022

https://opinion.cw.com.tw/blog/profile/52/article/12301

Tuesday, May 10, 2022

[FNF | 天下] Taiwan can be East Asia’s New Internet and Data Hub | 亞洲最新的網際網路及數據樞紐?台灣能!

Taiwan can be East Asia’s New Internet and Data Hub

In the second half of April, Taiwan scored two major wins in consolidating its regional and global positions in digital future and data trade within a week’s time, with relatively little fanfare or local attention. Is Taiwan on the verge of a golden opportunity to transform its economy, yet without its broader business, industrial and political communities knowing its own full potential?

On April 28, 2022, the United States and “sixty partners around the world” together launched the Declaration for the Future of the Internet. Taiwan was among these partners, which included the European Commission and governments from all over the world, and the U.S. itself. As the signatories of the declaration were in effect all governments, the diplomatic choice to use the word “partners” instead of “countries” was clearly made for including Taiwan.

As a matter of background information, the concept for an Alliance for the Future of the Internet was floated by the U.S. White House shortly before the end of 2021, and was intended to be announced at the Summit for Democracy in early December. However, the plan faced pushback from the digital rights as well as technology business communities and was criticised for being merely an extension of the Trump administration’s “Clean Network” initiative, for alliance member countries to pledge to “use only trustworthy providers” in core Internet infrastructure, which makes the alliance a “no-China” club but lacks focus for the global Internet to adhere to democratic, human rights and accessibility values. Civil societies and Internet companies also felt left out of the process and without a seat at the table.

Taiwan has a place in the future of the Internet

As a result, days before the Summit for Democracy was to commence, the announcement of the alliance was delayed, until now. The April 28 announcement of the declaration takes on somewhat of a looser form compared to an alliance of national and territorial governments. The declaration itself also adjusted its focus to a more principles-driven vision for the Internet based on human rights and fundamental freedoms including expression and pluralism, increased access and affordability, safety and privacy, fair competition, and a trusted and secure infrastructure. Also, likely as a response to the more recent “splinternet” controversy that arose out of the Russian invasion of Ukraine, the declaration emphasised a global Internet and the need to refrain from shutdowns, blocking lawful content and services, and free data flows.

But the declaration is still significant in many ways, and may represent the prelude to a series of international lobbying in preparation for the important election of the next secretary general of the International Telecommunication Union (ITU), the technical body under the United Nations (U.N.) in charge of the world’s telecom standards and regulations, where a Russian candidate and and a U.S. candidate will face off later this year. With China and Russia “fully cooperating” to try not only to dominate the ITU but also to wrestle away global Internet governance from the multistakeholder ICANN to the ITU — and hence the hands of national governments — the signatories may represent one of the most visible actions to date to counter the efforts of China and Russia.

Even though Taiwan is not a member of the U.N. nor the ITU, the inclusion of Taiwan among the democratic allies and their effort to “reclaim the promise of the Internet,” as described in the declaration, is symbolic and significant. It is also important to note that, despite the U.S.’s emphasis on the Indo-Pacific region in recent years, the declaration was endorsed by relatively few Asia Pacific partners, with only Australia, Japan, New Zealand and Taiwan, and Pacific islands such as Marshall Islands, Micronesia and Palau, with major Asian countries and technology leaders such as India, South Korea and Singapore notably missing. That makes Taiwan stand out even more.

However, the news of Taiwan’s inclusion in the U.S.-led declaration apparently only received relatively limited press coverage in Taiwan, with the attention placed on digital minister Audrey Tang representing the government in the online signing ceremony with other global partners, repeating the rather plainly worded Ministry of Foreign Affairs press release and with little commentary or analysis on any of its importance.

A seat at the table in setting global data rules

Similarly, a week before the announcement of the Declaration for the Future of the Internet, Taiwan became a member of the Global Cross-Border Privacy Rules (CBPR) Forum, on April 21, 2022, along with Canada, Japan, the Philippines, Singapore, South Korea and the U.S., this time under the name of “Chinese Taipei.” In the statement from U.S. Commerce Secretary Gina Raimondo, the Forum “intends to establish the Global Cross Border Privacy Rules and Privacy Recognition Processors (PRP) Systems, first-of-their-kind data privacy certifications that help companies demonstrate compliance with internationally recognised data privacy standards.” The “APEC CBPR” System will facilitate and establishment the framework for and promote mutual recognition and trusted international data flows.

Again, Taiwan’s Ministry of Foreign Affairs put out a press release, stating that its inclusion on the Forum will have a positive impact on “international cooperation on privacy protection and cross-border digital trade development.” Indeed, the potentials for Taiwan can go way beyond this general description.

In recent years, the U.S. and the E.U. have been embroiled in a longstanding dispute about data transfers, not the least because the E.U. has led by setting up very comprehensive privacy and data protection laws, while the U.S. has not. Recently in March 2022, however, the U.S. and E.U. finally entered into a data transfer agreement. Meanwhile, earlier in June, 2021, China’s Data Security Law also came into effect, enabling a comprehensive regulatory regime for its data and security governance, including data sovereignty and requirements for local storage, with a focus on national security. Data may be the new oil, but without the pipelines and the agreements on how to transfer and exchange these data, the full economic potentials will not be realised.

In Asia, there is no comprehensive region-wise data and privacy framework, like the E.U.’s General Data Protection Regulation (GDPR), and the regulatory regimes in countries and territories can vary greatly, if they exist. The U.S.’s CBPR initiative is obviously an attempt to counter China’s influence and to take leadership to emphasise on data transfers and related business opportunities, while the Chinese regulations tends to focus more on forcing companies to keep data within China. As such, Taiwan can play a critical role.

Taiwan can fill the void left by Hong Kong

In recent years, Taiwan has made headways in its Internet infrastructure and established a respectable regional presence. Major U.S. technology giants such as Google and Meta have chosen Taiwan to host their regional datacenters, along with Singapore, but instead of Hong Kong. When Google and Meta jointly invested to build what would have been the first direct trans-Pacific undersea cable — the Pacific Light Cable Network (PLCN) — between California and Hong Kong, and the U.S. government eventually refused to allow the PCLN to reach Hong Kong, Google and Meta had to revise their proposal to have the PCLN terminate in Taiwan instead in order to receive the license approval from the U.S. In the PLCN “national security agreement” between Google and Meta with the U.S. government, the investors agreed to “pursue diversification of interconnection points in Asia, including but not limited to Indonesia, Philippines, Thailand, Singapore and Vietnam.” That could very well mean connecting to these countries from Taiwan.

In other words, Taiwan is poised to take over at least part of the role of the region’s telecommunications and Internet hub vacated by Hong Kong, as the latter’s position has been compromised since the implementation of the National Security Law from Beijing in 2020, and the subsequent political crackdowns, followed by various U.S. sanctions. While Taiwan will not be able to displace Hong Kong interconnection role into the mainland and the Greater Bay Area, it has a good chance of taking over some of the regional and international traffic and data flows in East and Southeast Asia, especially new growth in demands, because the non-China international capacity of Hong Kong will grow much more slowly than before, if at all, in the foreseeable future.

This may be a perfect opportunity for Taiwan to set its goal to become the regional Internet, data and technology service hub for East Asia, like Singapore for Southeast Asia. For years, Taiwan has been trying to diversify its industrial base and its reliance on the semiconductor, electronics and manufacturing sectors. Even though Taiwan’s prospects for its semiconductor industry still look great, it is always smarter to spread the eggs in more baskets during good times.

Next Steps for Taiwan - What should Taiwan do ?

I humbly suggest the following for Taiwan to upgrade its grand vision, soft infrastructure and skills base:

1. Establish Taiwan’s digital economy strategy, covering all aspects of government and industry digital transformation, attracting foreign investment and supporting research and development, as well as education and manpower development, and let the world know Taiwan is more than about semiconductor and electronics.

2. Update its legal and regulatory regimes on data and privacy protection as well as  telecommunications with a view to liberalise and attract international investment and more data and services exchange with other Asia Pacific economies, and also to catch up  with data and privacy regulations in Europe and other leading countries.

3. Double down on the effort to develop the telecommunications and Internet sector, leveraging on inroads already made in datacenters and infrastructure, attract more investment and expand regional connectivity and capacity with its East Asian neighbours such as Japan and South Korea, as well as the U.S.

4. Learn from the Singapore playbook and negotiate bilateral agreements on digital trade and data transfers with other countries, similar to Singapore’s proposed pact with the U.K. Again, as it is unlikely for Hong Kong to enter into data trade agreements with leading western economies in the near future, Taiwan is well placed to take over.

There is no need to abandon what Taiwan has been doing well, but this is the best chance for it to expand and diversify into new areas of economic growth, that would not only greatly benefit Taiwan but also offer the opportunities for its allies to help, support and bolster its regional strategic and economic importance. That can truly be a win-win situation.

Published: Friedrich Naumann Foundation, May 3 2022

https://www.freiheit.org/taiwan/taiwan-can-be-east-asias-new-internet-and-data-hub

German: https://www.freiheit.org/de/taiwan/taiwan-kann-ostasiens-neuer-internet-und-daten-hub-werden

Chinese: https://www.freiheit.org/zh/taiwan/yazhouzuixindewangjiwanglujishujuzhongxintaiwanchongmanqianli

Also published on CommonWealth Magazine, May 5 2022 (English)
https://english.cw.com.tw/article/article.action?id=3219

亞洲最新的網際網路及數據樞紐?台灣能!

4月下旬,台灣在短短一星期內,連續簽署了兩項對數位未來影響深遠的重要國際協議。然而,本土的政經及工商界,是否看到台灣的潛力,和經濟轉型的黃金機會?

4月28日,美國白宮宣布與全球60個「伙伴」共同簽署「未來網際網路宣⾔」,包括台灣、歐盟各成員國等。

早於半年多前,當美國總統拜登政府還在籌備12月的線上民主峰會時,已計劃在峰會上宣布成立「未來網際網路聯盟」。然而消息一出,卻遭受各方質疑和批評。無論是數位人權組織或科技企業,都察覺到這個聯盟似乎只局限於川普總統時期的「乾淨網路計畫」(Clean Network),要求盟友保證在其網路基礎建設內只會使用可信的技術供應商。換句話說,除了籠統地承諾不使用來自中國的產品,這個聯盟並未聚焦網際網路發展的重要價值觀,包括民主、人權等;加上公民社會團體和網路企業都未能直接參與,私底下都表示不滿。

台灣於未來網際網路佔一席位

結果,聯盟在民主峰會舉行前數天被暫時擱置,現在則變身為宣言,雖然在觀感和實際上都被稍為「降格」,但宣言內容的確變得更以價值為本,明確宣示支持人權、言論等基本自由,以及多元、近用、安全、隱私、公平競爭、可信的基礎建設。另外,也許由於近期俄羅斯入侵烏克蘭,引發分裂和網路審查的爭議,宣言強調各國必須保障全球一致的網路,避免關閉網路或阻截合法內容服務,確保自由數據流通。

宣言的重要性,除了內容上的承諾,還在於簽署者對於全球網際網路治理的立場宣示。畢竟中國與俄羅斯已經在國際技術標準和網路治理上宣布「全面合作」,年底前將舉行的國際電信聯盟秘書長選舉,由美、俄兩國代表出選,兩陣正面交鋒;加上多年來中、俄兩國和其盟友對執掌網際網路治理的ICANN組織多番批評,企圖把治理權轉到以國家政府控制的國際電信聯盟。面對極權國家推銷的全方位治理審查模式,「未來網際網路宣⾔」為民主世界作出抗衡,共同踏出的重要一步。

台灣成為這個要「重奪網際網路的期許」宣言一分子,極具象徵意義及重要性。然而,即使美國過去多年以發展亞洲地區策略為目標,本宣言中的亞洲簽署者,除了台灣外只有澳洲、日本、紐西蘭,和三個太平洋小島國,一些重要的亞洲科技強國如印度、南韓和新加坡都未參與。以此角度看,台灣的重要性就更突出了。

不過,「未來網際網路宣⾔」在台灣似乎未得到太多重視,僅外交部發出新聞稿、媒體依稿報導,並由行政院政務委員唐鳳代表在線上出席宣言發布活動,未有更深入的分析。

台灣可進軍國際數據新經濟

在宣言發布前七天,台灣以創始會員身分加入由美國領導、美國商務部長Gina Raimondo宣布成立的「全球跨境隱私規則論壇」(Global Cross-Border Privacy Rules Forum,GCPR),成員包括加拿大、日本、菲律賓、新加坡、南韓、美國及台灣;而論壇的目的包括建立首個數據私隱認可機制,讓企業能藉以顯示自己已遵從國際數據私隱要求,便利各地互認機制,容許國際數據交換及轉移。

跨境數據轉移近年來成為美國與歐盟之間的長期爭議點。歐盟的隱私及數據保障法規成熟,而美國則頗為落後,甚至可說是真空。今年3月,美、歐才剛達成數據轉移的協議。另一邊廂,中國於2021年6月開始執行《數據安全法》,全面監管數據,尤其於數據上注入國家安全元素要求,令國際數據轉移更為複雜和困難。在國家單位面前,企業數據或個人資料的隱私更難以確保。

相比歐盟較成熟的數據隱私保障,亞洲各國的相關法律原則和條文都差距甚遠。因此,美國主導論壇的目的,是要在亞洲區內阻擋中國數據監管模式的影響和擴散,並爭取領導亞洲地區與數據相關的商業機會。再一次,台灣能在此佔有關鍵角色。

台灣接收香港對外樞紐的角色

近年來台灣於網際網路基礎建設有長足發展,美國龍頭科技企業谷歌和Meta都在台灣建立大型數據中心,與新加坡看齊,超越了香港。去年底美國當局正式批准由谷歌和Meta共同投資的跨太平洋海底電纜PLCN,終點從香港改為台灣,反映美國基於「國家安全」考慮,短期內可能不會批准任何有美國投資的海纜光纖接駁至香港。此消彼長下,台灣的網際網路樞紐地位得到重要支持。

事實上,美國政府與PLCN投資者達成的「國家安全協議」中,投資者同意以此基礎加強區內連繫,包括連接至印尼、菲律賓、泰國、新加坡及越南等,換言之,就是要台灣成為連接東南亞的樞紐。

自從香港於2020年實施《國家安全法》,面臨美國制裁、企業信心流失和營商環境急劇惡化,短期內實在難見轉機。即使台灣不可能取代香港對中國內地和鄰近大灣區的對內小樞紐地位,要挑戰香港的國際電訊及網際網路的對外大樞紐地位,尤其在新增容量及區域需求上,形勢甚佳。

因此,台灣正面臨發展成東亞地區國際數據及科技服務樞紐的最佳時機,有如東南亞地區的新加坡。台灣一直有意做經濟轉型,把現時以半導體、電子及工業行業帶動的科技經濟,發展得更多元化。台灣可以怎麼做?愚見認為,以下四點有助強化台灣的願景、提升基礎建設和人才技能:

構建台灣的數位經濟發展策略,推動全方位政府及工商業的數位轉型,引進外來對科技的投資,加強研發、教育及人才發展,並讓全世界都看到,台灣除了半導體、電子產業外,在網際網路產業以至數據經濟上,都在爭取成為區域樞紐。

更新數據和隱私在法律與監管架構上的保障,追上全球最先進的個資數據法律框架,並開放電訊規管,吸引國際投資,特別是亞太區域各國的合作和數據交易商機。

加強支援電訊及網際網路行業,在近年數據中心及網路基礎的發展上,擴展與其他東亞鄰近國家的連繫,特別是日本、南韓甚至美國等主要科技經濟體。

參考新加坡的策略,針對全球重要經濟強國成立數位貿易及數據轉移協議,例如新加坡與英國兩國建議中的協議。正因香港於可見的未來都無法與主要西方經濟體達成數位貿易的雙邊協議,機會將會傾向台灣這一方。

如果台灣能把握機會,利用數據新經濟創出發展新方向,不只能為己方帶動經濟新機,亦能在盟友國家協作和支援下,強化台灣於亞洲區內的策略性經濟地位,必然同時有助自身的地緣政治上的穩定。

(作者曾任香港立法會資訊科技界議員,現任美國史丹福大學全球數位政策中心訪問學者。)

Published: 獨立評論 @天下 on May 9 2022 

https://opinion.cw.com.tw/blog/profile/515/article/12256

Wednesday, April 13, 2022

[OPTF] Teardown of Hong Kong’s internet freedom

Dialogues on digital rights: Teardown of Hong Kong’s internet freedom

April 12, 2022 / Digital rights / By Charles Mok

This article is a part of a series of essays commissioned by the OPTF, written by people from all around the world. Charles Mok is an internet entrepreneur and IT advocate. He was formerly a member of the Hong Kong Legislative Council and founded the Hong Kong chapter of the Internet Society. He is currently a Visiting Scholar at the Global Digital Policy Incubator at Stanford University.


For decades, Hong Kong has maintained one of Asia’s freest Internet environments, despite being a part of China. As a special administrative region, reverted to Chinese sovereignty since July 1, 1997, Article 30 of Hong Kong’s Basic Law(1) guarantees the freedom and privacy of communication of residents. 

But such freedom has not come without challenges. Over the years, Hong Kong’s government has made some attempts to curtail such freedom. In 2012, it launched a consultation of the Control of Obscene and Indecent Articles Ordinance (COIAO) (2), the territory’s pornography regulation, in which the authority initially proposed the implementation of a mandatory “operator-level content filtering,” that was fortunately abandoned after opposition from the public and the Internet community(3). 

Then, in 2016, after years of consultation and legislative attempts by the government to update its digital copyright protection regime, an amendment bill was shelved following weeks of filibustering by opposition lawmakers, reflecting widespread public mistrusts of the government’s intention, as it tried to criminalise online derivative works of copyrighted materials, despite the promise of exemptions for parody(4). 

Defending Internet freedom, before National Security Law

To be fair, these legislative attempts were not dissimilar to actions taken by many western governments to regulate the Internet for reasons of public security, illegal content or intellectual property protection. Yet, the fact that they failed stood as a testament of Hong Kong’s former vibrancy and pluralism of its civil society and legislature, even if the political system was far from truly democratic.

Nevertheless, a question always stands on many people’s mind — will China’s Great Firewall be extended to Hong Kong? Fortunately, Hong Kong’s telecommunications environment has been completely liberalised for more than two decades, allowing investment and licenses for international operators, compared to China’s external Internet gateways, which are still strictly controlled by state-owned enterprises. Furthermore, Hong Kong being a hub of telecommunications, underseas fibre optics and datacenter facilities, as well as an international financial centre, has made it more difficult for China to impose the same mainland-style restrictions, at least until more recently. 

With few legal or operational mandates to censor the Internet, for more than twenty years Hong Kong’s Internet was indeed among the freest in Asia. But such advantages were hardly guaranteed without a democratic system of government. Over the years, as the political situation in Hong Kong turned more oppressive, local netizens were becoming more worried of looming crackdowns on the online freedom of expression they enjoyed. 

For example, in 2014, during the Umbrella Movement, when a large part of the Central business district was occupied by protestors for months, there were rumours abound that the government would shut down the area’s cellular wireless coverage. Although such a shutdown did not materialise, countless citizens downloaded an app called FireChat, which would enable them to communicate with one another over Bluetooth, even if all mobile or Wi-Fi networks were disabled in an affected area(5). As there was no shutdown after all, most people never got to use the app. 

Fast forward to the territory-wide protests in 2019, ignited by the unpopular “extradition bill” proposed by the government. Protesters relied heavily on the use of Internet tools and messaging platforms, most notably Facebook and Telegram, to share information, as well as to organise and mobilise. More controversially, some protestors posted personal information of police officers and government officials on the Internet, followed by government supporters retaliating by doing the same, only on a much bigger scale, resulting in a proliferation of doxxing by both camps. The government resorted to accusing protesters of causing harms to the police, government officials and their families, and sharing “fake news.” 

On October 31, 2019, the government applied for and was granted an injunction from the High Court, prohibiting anyone from communicating through “any Internet-based platform” any materials that “promotes, encourages or incites the use or threat of violence, intended or likely to cause” bodily injury or property damage. Besides the injunction being too broad and too vague, the use of such legal manoeuvre to obtain a court injunction effectively enabled the government and law enforcement to easily and conveniently bypass the legislature to impose online censorship unseen in Hong Kong before. 

The Internet Society Hong Kong(6), concerned(7) about establishing the precedence for arbitrary content deletion and prosecution, the chilling effect on netizens, and the detrimental impact on the territory’s Internet freedom, applied to the court for discharge or restrict the injunction(8). Unfortunately, on November 15, the High Court ruled to continue the injunction, with minor amendments to its terms to emphasise the wilfulness of the act(9). The injunction remains active, as part of the growing arsenal of censorship tools that law enforcement can use in Hong Kong. 

NSL: the next chapter, but not the last

Next came, of course, the National Security Law (NSL). With the implementation rules of the NSL (10) taking effect on July 7, 2020, the NSL, in effect from July 1 -- not passed in Hong Kong but imposed from the central government in Beijing -- allowed simply an authorised “designated police officer” to order the takedown of messages or content on any electronic platform that was deemed “likely to constitute an offence endangering national security or is likely to cause the occurrence of an offence endangering national security,” by the relevant platform, hosting or network service providers. Failing to comply, the service provider could face the seizure of their electronic device, plus fines and prison terms of up to six months. Moreover, Hong Kong’s chief executive could authorise the police to intercept communications and conduct surveillance to “prevent and detect offences endangering national security.”

The gross lack of transparency and oversight of the NSL, and the vague and arbitrary scope for what it is meant by “likely to constitute an offence” are obviously problematic, to say the least. And such concerns have since been manifested in the blocking of politically sensitive websites such as HKChronicles (a wiki-like website with details of police officers and pro-Beijing individuals), June 4th Online Museum, a number of Taiwanese websites, and most recently, Hong Kong Watch (a human rights group based in the U.K.)(11). As a matter of routine, the police would not even comment or acknowledge whether the blocking of such websites was made based on the application of the NSL. 

In addition, the government also amended the Personal Data (Privacy) Ordinance in September, 2021, to empower the regulator to investigate and prosecute acts of doxxing, but without strengthening the overall protection for data and privacy of all citizens, leading to concerns of selective enforcement and political weaponisation of privacy protection(12). Furthermore, there were also a number of cases where administrators of various Telegram channels or groups were belatedly arrested, charged and sentenced to hefty jail time for “inciting riots” during the 2019 protests(13). All these have added to the silencing of critics in Hong Kong, as a mood of self-censorship has settled in. 

The future is grim

So, what next? With the secretive national security police apparatus estimated to number  4,000 local officers, not even including any agents or officers from the mainland, clearly they must find ways to keep themselves busy. Expect more expansive application of the NSL, offline and online, local and abroad — as the law asserts jurisdiction over anyone, anyhow, anywhere, even if such persons have never been to Hong Kong. For instance, it is now legally possible for the Hong Kong authority to demand social media companies to remove content it deemed undesirable even if such companies’ servers or offices are not even located in Hong Kong(14). 

Moreover, the interpretation for what constitutes national security will also look to be wildly expanded as the regime sees fit. Already, Stand News, a leading pro-democracy online news outlet, was closed down, after its editors were arrested for “inciting hatred toward the Hong Kong government.” Recently, two storeowners were also arrested by national security police on charges of sedition because of their anti-vaccination posts on social media(15). 

But Beijing and Hong Kong authorities will not stop with just the NSL. The government and local pro-Beijing politicians who now completely dominate the rubber-stamp legislature are calling for the establishment of a “fake news law,”(16) which is likely to happen in 2022, even though the territory’s corps of pro-democracy media have all but been totally eliminated. In addition to further stifling any shred of independent journalism and press freedom remaining in Hong Kong, such law may finally completely silence the users on social media platforms, such as Facebook and Twitter, as well as messaging platforms, like WhatsApp and Telegram, while putting those platform companies in the untenable position of having to carry out government censorship. 

To conclude, in the immediate to intermediate term, short of implementing a full-scale Great Firewall of Hong Kong, China seems to be borrowing a page from the Russian playbook. After all, Russia, similar to Hong Kong, has previously allowed the presence of foreign platforms, and not all its Internet traffic were filtered or censored. But Russia recently enacted a law to ban “false information,” such as calling its Ukraine invasion a “war,” with a punishment of up to 15 years in prison. This is similar to Beijing’s strategy in Hong Kong. In the long run, sadly, Hong Kong is undoubtedly treading toward the model of outright China-styled censorship and surveillance. 


Citations

1. https://www.basiclaw.gov.hk/en/basiclaw/chapter3.html : “The freedom and privacy of communication of Hong Kong residents shall be protected by law. No department or individual may, on any grounds, infringe upon the freedom and privacy of communication of residents except that the relevant authorities may inspect communication in accordance with legal procedures to meet the needs of public security or of investigation into criminal offences.”

2. Consultation document: https://www.gov.hk/en/residents/government/publication/consultation/docs/2012/2nd_RCOIAO.pdf 

3. Internet Society Hong Kong responses to the second round consultation of the COIAO: https://www.coiao.gov.hk/submission/00769.pdf

4. Hong Kong government’s shelving of controversial copyright bill: what went wrong? https://www.scmp.com/news/hong-kong/politics/article/1917070/hong-kong-governments-shelving-controversial-copyright-bill

5. FireChat – the messaging app that’s powering the Hong Kong protests https://www.theguardian.com/world/2014/sep/29/firechat-messaging-app-powering-hong-kong-protests

6. The author was the founding chair of Internet Society Hong Kong, in 2006.

7. Internet Society Deeply Concerned about Interim Injunction Ordered by Hong Kong High Court https://www.internetsociety.org/news/statements/2019/interim-injunction-ordered-by-hong-kong-high-court/

8. Internet Society Hong Kong’s Legal Challenge Against Govt’s Injunction of Blocking Free Speech Online https://www.isoc.hk/news/jr-against-online-censorship/

9. Interim Injunction Order of the High Court (HCA 2007/2019) – Promotion, Encouragement and Incitement of the Use or Threat of Violence via Internet-based Platform or Medium https://www.police.gov.hk/ppp_en/03_police_message/iio_202.html

10. Implementation Rules for Article 43 of the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region gazetted https://www.info.gov.hk/gia/general/202007/06/P2020070600784.htm

11. Internet censorship in Hong Kong https://en.m.wikipedia.org/wiki/Internet_censorship_in_Hong_Kong

12. “The Downfall of Hong Kong’s Privacy Law” by the author https://thediplomat.com/2021/09/the-downfall-of-hong-kongs-privacy-law/

13. Hefty jail term for Hong Kong Telegram channel admin convicted of inciting riot, arson and violence during 2019 protestsAlleged Telegram channel administrator charged with inciting arson against police facilities, denied bail https://www.scmp.com/news/hong-kong/law-and-crime/article/3099336/hong-kong-protests-alleged-telegram-channel 

Student arrested for being admin of social media group supporting Hong Kong protests https://www.taiwannews.com.tw/en/news/3723417

14. Hong Kong’s national security law: 10 things you need to know https://www.amnesty.org/en/latest/news/2020/07/hong-kong-national-security-law-10-things-you-need-to-know/

15. Covid-19: Hong Kong national security police arrest 2 for sedition over anti-vaxx posts https://hongkongfp.com/2022/02/25/covid-19-hong-kong-national-security-police-arrest-2-for-sedition-over-anti-vaxx-posts/

16. Hong Kong’s call for ‘fake news’ law raises media crackdown fears https://asia.nikkei.com/Politics/Hong-Kong-s-call-for-fake-news-law-raises-media-crackdown-fears 

【假新聞法】研究上半年完成或將立法 記協質疑定義模糊難執法兼限制資訊流通 https://www.rfa.org/cantonese/news/htm/hk-fakenews-02152022065023.html

Published by Oxen Privacy Tech Foundation, April 12, 2022

https://optf.ngo/teardown-of-hong-kongs-internet-freedom/

Saturday, April 09, 2022

[Diplomat] China’s Choice for Hong Kong’s Chief Executive Reveals Its Own Insecurity

China’s Choice for Hong Kong’s Chief Executive Reveals Its Own Insecurity

John Lee’s background is heavy on security, showing Beijing values that over Hong Kong’s economic prosperity.

John Lee, chief secretary of Hong Kong and its second-highest ranking official, resigned on April 6 to prepare to stand for the chief executive election in the territory. Lee, a career police officer and former deputy police commissioner, only began his civilian government service in 2012, when he was appointed the undersecretary for security. He became the secretary for security in 2017, in the cabinet of the current Chief Executive Carrie Lam. When he was promoted to the chief secretary role last year, it was the highest government position held by a former police officer in Hong Kong. Should he become Hong Kong’s next chief executive, it will be yet another first.

In all likelihood, Lee will be the next chief executive. After all, under the new and “improved” electoral system of Hong Kong enacted in May 2021, the 1,500-member Election Committee is now completely controlled by “patriots” handpicked by Beijing. Unlike previous chief executive elections, when token competition was permitted by Beijing to give the appearance of an open election process, reports from Hong Kong have suggested that Beijing would back only a single candidate this time: Lee.

The central government’s selection of Lee clearly indicates that it puts a higher priority on security issues over Hong Kong citizens’ livelihood matters, as well as the city’s economy and its status as a global financial center. The message is clear – even though Carrie Lam demonstrated staunch loyalty by following Beijing’s orders in her tumultuous five-year term, that was still not enough. Of course, her chaotic handling of the Omicron outbreak in Hong Kong in recent months has completely ruled her out of the race.

Earlier, Paul Chan, Hong Kong’s financial secretary, was also seen as a potential candidate for chief executive. Chan is perceived to be equally loyal to Beijing, but with a more professional and somewhat more moderate image compared to Lee. Even former Chief Executive Chun-ying Leung, perennially rumored to be eyeing a return to the position as the special administration region’s leader, has more experience in domestic policies and has commented frequently on the economic integration of Hong Kong with the Greater Bay Area, in addition to his hardline rhetoric.

The tacit rejection of these contenders means that either Beijing does not care about Lee’s policy deficiency, or it indeed believes that his being a “blank piece of paper” will mean more malleability, and, hence, is preferred. Neither thought is a comfort for Hong Kong’s citizens or its business community.

With the National Security Law firmly in place after almost two years, it is hard to fathom the possibility of any domestic political unrest or protest being reignited. While Beijing would be concerned about further Western pressure and sanctions involving Hong Kong, any loyal chief executive can equally talk tough in retaliation, and there is precious little more that he or she can do. It would be up to Beijing to handle foreign policy anyway. Installing a figure like Lee at Hong Kong’s top leader would only exacerbate the already tense relations with the West.

On the other hand, in a recent meeting with the National People’s Congress delegates from Hong Kong, Han Zheng, senior vice premier of the State Council and a member of the Chinese Communist Party’s Politburo Standing Committee, as well as the leader of the Central Leading Group on Hong Kong and Macau Affairs, emphasized Hong Kong’s role as a financial center and its development as an innovation and technology center. Han also expressed his concerns about housing issues. It is hard to reconcile such practical priorities for Hong Kong with Lee’s appointment, however, as he simply does not have any policy exposure in any of these areas.

Indeed, the selection of Hong Kong’s chief executive may just be the latest in a series of policy decisions by Beijing leading to self-inflicted hardship. Beijing appears driven by paranoia over security and absolute state control, with a high dose of insecurity, leading it to ignore all the side effects of its extreme and draconian measures. Of course, this insecurity is hidden under an outward appearance of confidence, much like the often-quoted Mao Zedong thought that “man can conquer nature.”

Outside of Hong Kong policy, China has shown a similarly stubborn adherence to its zero COVID strategy, including the lockdown of Shanghai, and to the crackdown on its technology, education and property sectors, despite an ensuing economic slowdown and growing unemployment. China may have convinced itself that such policies can support its “dual circulation” goal.

However, when the goal becomes the means, China may have backed itself into a corner, forcing the rest of the world to expedite decoupling from China. That precisely defeats the purpose of one half of the dual circulation strategy: external circulation, or economic interactions with the world. Moreover, China’s standing with Russia in the invasion of Ukraine has expedited an outflow of funds in an “unprecedented scale,” further challenging the notion of the mutual dependency between China and the rest of the world.

If the world’s dependence on China decreases, so would China’s leverage on the rest of the world. China’s obsession with its regime security may have been caused by its sense of insecurity. Its regime may end up becoming less secure, and our world more unstable.

Published: The Diplomat, Apr 8 2022

https://thediplomat.com/2022/04/chinas-choice-for-hong-kongs-chief-executive-reveals-its-own-insecurity/

Wednesday, February 23, 2022

[Diplomat] China and Russia Want to Rule the Global Internet

China and Russia Want to Rule the Global Internet

Their model of surveillance and censorship threatens a free, open, and secure future internet.

As the Winter Olympics kicked off in Beijing, the Chinese and Russian presidents, Xi Jinping and Vladimir Putin, stood in unity to offer mutual support and to challenge the dominance of the U.S. and Europe. There is more at stake in their renewed close partnership than NATO expansion and the crisis in Ukraine, or the supply of natural gas to China from Russia.

The joint statement that the two countries issued in Beijing proclaimed their support for the “internationalization of Internet governance” and “equal rights of countries to regulate the world-wide web.” They pledged to “deepen bilateral cooperation in international information security,” declared support for an “international convention on countering the use of information technologies for criminal purposes,” and advocated greater participation in the International Telecommunications Union, the United Nations specialized agency for information and telecommunications technologies, in addressing these issues.

The world should be alarmed by such resolutions from two nations known for censoring the internet, banning social media and messaging platforms, putting dissidents in jail over comments posted online, and launching misinformation campaigns to meddle in elections in other countries, including the U.S.

At the Beijing Winter Olympics, athletes and journalists had to make use of officially provided wi-fi at designated hotels and venues in order to access the “unobstructed” internet, including services like Twitter, YouTube or Facebook, all banned in China. The mobile app provided by Beijing authorities to all participants – My2022 – was found by independent researchers to be a Trojan horse that could secretly harvest users’ data, which, under Chinese laws, can be passed on to the state.

In Russia, Russian authorities successfully demanded the removal of a voting app created by prominent dissident Alexei Navalny from the app stores of both Apple and Google, alleging that it contained “illegal content.” The country also furthered its censorship efforts to block the use of encryption technology through the Tor browser and several other virtual private network services in 2021, a year that Human Rights Watch called the “year of doubling down on Internet censorship.”

These acts of censorship and surveillance speak clearly about what kind of vision of internet governance China and Russia have in mind. Their interpretation of internet information security is about the security of their regimes, not of the security and privacy of users inside or outside of their countries. An internet governance framework with such toxic underlying values of censorship and surveillance should be extremely horrifying to anyone.

Particularly for China, however, such attempts to influence and indeed dominate global technology standards and governance are nothing new. Over the last few decades, China has invested heavily to participate in and influence global technology standard bodies. In November 2021, the Communist Party Central Committee and the State Council published the National Standardization Development Outline, spelling out goals and actions for “China Standards 2035.” These “China standards” are by all means meant to be made global.

The European Union has been on high alert about China’s ambition, and recently outlined a “more aggressive approach” to setting global standards, in order to ensure its leadership in development areas such as internet technologies, artificial intelligence and green technologies. To the Europeans, it was clear that China’s standard-setting exercises at the international level were meant to provide a competitive edge to China and its companies.

International technological standards-setting and internet governance frameworks are complex and diverse. It is also important to remember that traditionally standard settings are led by the private sector and research communities, not by state actors, for good reasons. Chinese and Russian representatives should have their seats at the table, but the world must be extremely cautious about such standard-setting processes being taken over by companies controlled by autocratic regimes, tasked with their governments’ political agenda. It would be even worse if such autocratic governments are to directly steer and dominate such processes.

The EU has disclosed that they would seek to cooperate with U.S. authorities to monitor emerging standards and to unify the positions from both sides of the Atlantic through regular meetings at the Trade and Technology Council. Clearly, the urgency of autocratic competition means that the two sides must coordinate at a much higher administrative level. However, the present animosity between the Western “big tech” firms and their governments may threaten to divert the Western governments’ attention from the need to cooperate on the global stage of standards and governance – between the private and public sectors, and across nations.

Moreover, just bringing Europe and the U.S. together may not be enough, as players from Asia, Africa, and the rest of the world must be involved, as well as the private sector and civil societies, in setting the standards and governance that will shape the future internet and its next-generation enabling technologies. Only than can the world build a dam against the tides of censorship and surveillance from the emerging alliance of autocratic states.

We must do so to defend and ensure a free, open, secure, and trusted future internet that supports the principles of democracy and human rights by being more open and inclusive, and differentiate that vision against the governance model promoted by China and Russia, one that is designed to censor and surveil in the pretense of security.

Published: The Diplomat

https://thediplomat.com/2022/02/china-and-russia-want-to-rule-the-global-internet/


Sunday, February 20, 2022

[ISOC] How Cambodia’s Internet gateway will harm the Internet

How Cambodia’s Internet gateway will harm the Internet

By Adrian Wan, Senior Manager, Policy and Advocacy and Charles Mok, Global Digital Policy Incubator

Cambodia should evaluate the impact of its plans to route all Internet traffic through a “national Internet gateway” on the Internet. 

While the deadline for Internet service providers and telecommunications companies to connect to the gateway had been set for 16 February 2022, the plans have reportedly been delayed to an unspecified date. 

But the delay does nothing to change the nature of this gateway—it only pushes worrying effects off into the future. In fact, in a newly published Internet Impact Brief, we find that the gateway would undermine critical elements that make the Internet an open, globally connected, secure, and trustworthy resource for everyone. 

The national gateway will manage all local and international Internet traffic—both incoming and outgoing. According to the decree, it aims to “strengthen the effectiveness and efficiency of the national revenue collection” and support the “protection of national security, and preservation of social order, culture, and national tradition.” Much of the substance of the decree, however, is undefined and unspecified.

Any cross-border networks that are currently authorized by the Cambodian government have to be rerouted and updated by the deadline. In addition, all network operators must connect to the gateway by this date, which has facilities in only four locations in the country. 

Severe Impact on Global Internet Reach

The Cambodian telecoms authority will designate providers to run the national gateway that funnels all Internet traffic in and out of the country, so that no other networks can access the global Internet directly or independently. This will severely impact a network’s global reach and limit collaboration between Cambodia and the rest of the world by putting up barriers across our Internet ecosystem. 

As networks are not allowed to interconnect where it makes most technical and commercial sense to them, the result is likely to be significant degradation of network performance and increase in costs. 

Given most of the Internet traffic in the country is driven by content from overseas companies, like Meta (Facebook), Google, and TikTok, with only a small amount generated locally, Cambodia’s talents, innovations, and technological development will likely be stunted as a result. 

Considering the wide range of responsibilities the decree gives gateway operators—including facilitating public revenue collection and protecting national security, among others—content passing through the gateway will almost certainly be intercepted and inspected. Coupled with the mandate that Internet service providers, including telecommunications companies, should verify user identities, and gateway operators should keep users’ technical records for a year, there is a high likelihood that the privacy of all Cambodians will be seriously compromised. 

While the substance and timing of the national gateway’s implementation remains unclear, its purposes and structure clearly present risks that could greatly weaken the ability of anyone in the country to preserve the confidentiality and integrity of their communications, for instance, by weakening or breaking encryption. 

The harsh penalties will likely make gateway operators take precautions to not be held liable for targeted data that passes through their networks. They would probably implement technical measures to block online resources, but these techniques typically “over-block” legitimate content, resulting in collateral damage and increased restrictions on the Internet. 

Since no other networks in the country can legally access the global Internet directly or independently, innovations in cross-border connectivity, such as Low Earth Orbit (LEO) satellites, which can connect remote, rural, or underserved areas, will be unable to operate flexibly within and across Cambodia’s borders. Other innovative technologies will be curtailed by technical restrictions of the gateway and not reach their full potential. 

Poorer Quality of Service and Restricted Access

All these measures, and more detailed in the Internet Impact Brief, will not just affect Cambodia’s Internet infrastructure. For end users, it may also mean poorer quality of service in general, as their experience online, such as delivery of broadcast video and device-to-device calling, will likely be slower and less stable. 

These changes will restrict Cambodia’s access to global technologies and knowledge and isolate it in the digital age. The gateway will hurt all businesses and all Internet users across Southeast Asia and beyond. 

We call on the Cambodian authority to undertake a full and robust Internet impact assessment to identify the potential harms to the Internet resulting from the gateway. 

It should actively encourage networks in the country to be freely connected to the global Internet, and network operators to collaborate to provide optimal quality of service to users, to unleash the country’s massive potential in our digital age. 

The choices we make today will impact the Internet’s future. Its trajectory will depend on all of us making informed decisions that prioritize social development, economic prosperity, and innovations that amplify the best of humanity.


Published by Internet Society 

https://www.freiheit.org/taiwan/making-chinas-future-internet


Internet Impact Brief – Cambodia National Internet Gateway

https://www.internetsociety.org/resources/doc/2022/internet-impact-brief-cambodia-national-internet-gateway/

-->