Are we safe from Big Brother?
Picture this scenario: you are strolling down the street one day when a police officer stops you and asks for your identity card. Feeling you have nothing to hide, you produce it and he inputs the number into a hand-held machine.
Within seconds, a full profile of you appears: name, birth date, immigration, financial, marital and professional status, driving, criminal, tax, medical and dental records, religious or political affiliation, what films and books you have recently rented - even your credit card expenditure. The officer returns your ID card to you with a perturbed look, possibly based on your choice of movies or a medical condition you would have rather kept to yourself. You walk away, arguably unharmed, yet feeling uncomfortably exposed.
This was no futuristic proposition; the technology and infrastructure exists today for such a scenario to play out. For every plastic card in your wallet - your ID card, driver's licence, hospital and dental card, library card, movie club membership, credit cards and memberships to professional, recreational, religious or political clubs - there exists a database of information, and it is all too easy to network the data to create an all-encompassing sketch of your life.
In places like the United States, personal information is a saleable commodity with high returns from eager advertisers and marketing firms, among others. All that stands between US-style compilation of personal data, the scenario painted above and present-day Hong Kong is reams of regulations and the Office of the Privacy Commissioner for Personal Data. But is it enough?
Exactly what information does a police officer access when he or she checks an ID card from someone on the street? And what does that immigration officer see on the screen when you are going through non-biometric clearance at the airport? Would you be automatically stopped if you forgot to pay your taxes on time, or if you had an outstanding court fine?
A spokesman for the Immigration Department said what immigration officers currently see at first glance of their screen as you pass through border checkpoints is relatively minimal - mainly just the data on ID cards, such as conditions of stay and date of birth.
'The computer will access the ID card number to let the counter officer know whether to take further action or not. It won't display much data but if the passenger requires further examination, the computer will give a signal,' he said. 'If the case requires further action, our colleague will refer the case to the channel supervisor, who will further examine the information as to what sort of action he should take.
'If a court has already sent out the message that the court has ruled that this person cannot depart Hong Kong for the time being, then we will receive that information. There is some liaison with the Security Bureau and all concerned departments. We may help to locate some sort of 'undesirable elements'.'
Despite a common misconception that the tax office is in cahoots with the Immigration Department to ensure nobody leaves Hong Kong without paying outstanding tax bills, the Inland Revenue Department says there are 'strict secrecy provisions in the Inland Revenue Ordinance. The taxpayer database is not accessible by other departments'. However, tax-dodgers should think twice before disappearing from town forever. While tax staff are prohibited from disclosing information of individual taxpayers to anyone other than the taxpayer or an authorised representative, the department can start civil action against a defaulter in the District Court.
Exactly what kind of data police collect on individuals is a secret the force likes to keep to itself. A spokesman said disclosing details 'would cause harm or prejudice the purpose of the data collection, as well as the efficient operation of the force as a whole'.
But, according to the Immigration Ordinance, the sole purpose of ID card checks is to determine if the card is valid, so no other data relating to a person should be given to police after they call their control centre to check on the identity of the person they have stopped.
It is understood that police and the Immigration Department do not, as a matter of course, share fingerprint data. The sharing of any other personal data between government departments requires the permission of the privacy commissioner. For example, if the Social Welfare Department wants to ensure an individual is not receiving double housing allowance benefits, it can request a 'matching procedure' from the privacy commissioner to access certain information that person has lodged with the Inland Revenue Department.
Privacy expert John Bacon-Shone, of the University of Hong Kong, said the constraints on 'data matching' in Hong Kong were 'quite strict' and 'in theory, the protections are adequate'. He said the potential problem in Hong Kong was not one of policy loopholes but security issues and the awareness of how sensitive personal data ought to be handled. He cited the leak of names, ID card numbers and addresses of 20,000 people who had filed complaints against police officers to the Independent Police Complaints Council as an example of the ramifications of lax security.
'It is more an issue of how security is implemented in practice, particularly where there is an outsourcing of IT contracts,' he said.
Despite the lack of strong enforcement powers of the privacy commissioner, Dr Bacon-Shone said it would cause a 'public outcry if it became knowledge that the government had evaded its legal responsibilities in the area of privacy and data protection'.
But while Hong Kong people have proved to be quite prickly over how much information about them can be gathered, they have become accustomed to carrying ID cards storing personal data, and to producing them at will. While there was moderate concern over the introduction of the smart ID card and the variety of personal data it should hold, Hong Kong has not seen the kind of public debate and controversy raging in the United Kingdom over the planned introduction of ID cards.
Individual Britons' personal data will be lodged in a national register from 2008, and by 2010, anyone who renews a passport or applies for a new one will be issued with an ID card, although, unlike in Hong Kong, it will not be compulsory to carry it. The ruling Labour government insists the cards will not store information about the holder's race, religion, sexuality, health, criminal record or political beliefs, but critics claim the cards will do nothing to combat terrorism and will only infringe upon civil liberties and increase the potential for government abuse and incursions into privacy.
In Belgium, Germany and Portugal, ID cards are compulsory and the London Tube bombings of 2005 led to renewed debate in Australia on the issue. The government backed down on plans in April last year in response to public opposition.
In Hong Kong, residents drew the line at agreeing to an electronic road-pricing system following widespread concern among drivers over the information that would be gathered about them.
After 20 years of debate, the issue of electronic road pricing will return to the government's agenda next year. Privacy Commissioner for Personal Data Roderick Woo Bun said the opposition to the system was a reflection of the lack of transparency leading to fears of 'Big Brother' monitoring.
He called for privacy impact assessments to be carried out and publicised so the public can judge for itself how much intrusion is acceptable for the sake of convenience.
'Public authorities ought to adopt privacy impact assessments as a standard procedure, as a tool to help the public understand the process and the privacy issues involved,' he said.
Another suggestion knocked back due to privacy concerns was a permanent closed-circuit television system in Lan Kwai Fong to monitor crowds and criminal activity. This was scrapped after retailers and entertainment outlet owners strongly opposed it. Now Lan Kwai Fong is electronically policed only during major festivals when the area is crammed and major crowd-control measures are in place.
As technological advances enable easier access to government services on the internet, more information is gathered from government departments, banks and other sources that appears on databases of all kinds and is accessible in seconds.
E-certs, digital certificates providing electronic IDs to individuals for online authentication, are accepted for about 70 types of government e-services, including filing tax returns and driving licence applications, and for about 20 types of e-commerce activities, such as banking and online betting. About 1.54 million e-certs have been issued to individuals and organisations. Of these, 1.26 million have been embedded free of charge in smart ID cards.
The smart ID card holds more information than its predecessor, including a digital template of both thumbprints stored in a microchip and protected by encryption. They can also be used as library cards, although a proposal to incorporate driving licences has been delayed and other applications, such as the ATM card, appear a long way off.
Hongkongers may be quick on the uptake with efficiency-boosting technology but remain suspicious of any perceived attempts to infringe upon their jealously guarded privacy rights.