Hong Kong needs to tighten its laws on invasion of privacy and covert surveillance because grey areas in the legislation fail to offer people proper protection against snooping, say lawmakers.
The warning follows claims by US cyberspying whistle-blower Edward Snowden in an exclusive interview with the Post last week that the US has hacked computers in Hong Kong and the mainland for years.
Under the city's surveillance regulations, law enforcement agencies need a court warrant to carry out covert operations. In 2011, a total of 1,221 authorisations were issued - 1,196 for interception and rest for surveillance.
But the law does not cover snooping by private citizens or foreign intelligence.
Democratic Party lawmaker James To Kun-sun said there are laws covering computer hacking, including accessing a computer with criminal or dishonest intent, but grey areas remained.
"For example, when your computer data is stored remotely, say in India, it is impossible to prosecute because your stolen property is not in Hong Kong," he said. "Prosecution is impossible unless you make a specific hacking law that expressly outlaws hacking activities that attempt to obtain data owned by Hong Kong people located outside the city."
To and other lawmakers called for a review of the Interception of Communications and Surveillance Ordinance. Enacted in 2006, it only regulates the four law enforcement agencies: the Customs and Excise Department, police, Immigration Department and Independent Commission Against Corruption.
It leaves surveillance activities by private detectives and law enforcement agencies outside Hong Kong unrestricted.
The ordinance only requires the four agencies to seek approval from a panel of judges before intercepting communications. A breach is not a crime and is dealt with through internal disciplinary procedures.
Civic Party lawmaker Ronny Tong Ka-wah, a barrister, said it was time for the government to consider whether to bring surveillance by entities outside law enforcement under the ordinance and to extend the city's legal powers to tackle hacking activities originating abroad.
In 2005, Legco studied overseas examples when drafting the surveillance law but the scope of the enacted legislation was limited due to opposition from the pro-establishment camp.
On surveillance from overseas, Hong Kong cannot prosecute official agencies because they enjoy diplomatic immunity. And it is hard to charge foreigners because laws against hacking and the surveillance ordinance only apply in the city.
Last year the European Union tried to guard against spying by the US by inserting a clause into its privacy legislation, but Washington lobbied the EU to drop the clause, according to a Financial Times report last Thursday.
That measure could have blocked US requests for European citizens' computer and telephone data that are made as part of the Prism programme just revealed by Snowden.
Former security chief Regina Ip Lau Suk-yee questioned whether the EU measure could help Hong Kong. "There's the issue of detection, and then the question of enforcement," Ip said, saying it may be more practical for Beijing to consider it.
Additional reporting by Joyce Ng and Stuart Lau