Source:
https://scmp.com/news/hong-kong/politics/article/2084468/nonsense-reason-hong-kong-electoral-data-breach-blasted
Hong Kong/ Politics

‘Nonsense’ reason for Hong Kong electoral data breach blasted

Critics ask why details of 3.8 million registered voters were needed at chief executive election

The voter data was taken around the time the chief executive poll was under way. Photo: Sam Tsang

The office in charge of elections in Hong Kong was ridiculed on Monday for its “nonsensical” account of why it transported the personal data of nearly 3.8 million registered voters to a back-up venue for the chief executive ballot, only to have it stolen a week ago.

The Registration and Electoral Office said the information was needed to check the identities of Election Committee members entering the venue at the AsiaWorld-Expo. Facing criticism that such reasoning made no sense because all that was required was a list of the 1,194 committee members tasked to pick the city’s leader instead of the entire electorate at large, the office admitted its procedures had been “inappropriate” in hindsight.

Grilled by lawmakers on the Legislative Council’s Finance Committee, chief electoral officer Wong See-man revealed that the follow-up apology to voters had cost taxpayers HK$5 million.

Two laptops containing the voters’ data were stolen around the time of the chief executive election on March 26, prompting concerns about one of the worst breaches of privacy in the city.

Apologising again, Wong said the personal data was stored in a voter information inquiry system that could verify voters’ identity by inputting their ID numbers.

The system is used for other local elections, such as helping police identify voters such as inmates who cast ballots.

Wong explained that during the last leadership election in 2012, people who were not on the Election Committee had entered the venue, prompting officials to decide to require verification.

How come there was no one to guard the computers? Lam Cheuk-ting, lawmaker

Only 1,194 members were listed as voters for last month’s election, and Wong could not explain the logic of bringing details for 3.78 million voters to the back-up venue this time.

He admitted the two laptop computers had been locked in a room that was not guarded. He said the staff involved left after testing the system, and only realised the laptops had been stolen upon their return the next day. The laptops held names, addresses and ID numbers of all geographical constituency electors.

Democratic Party lawmaker Lam Cheuk-ting was incredulous: “Those 3.8 million voters have no right to vote [in the chief executive election]. Is the explanation nonsense? How come there was no one to guard the computers? ”

At another Legco meeting on Monday, government chief information officer Allen Yeung Tak-bun said his office had already recommended strong security measures.

He said correctly implemented encryption technology would take “hundreds of years for even a supercomputer to unlock”. But he refused to clarify if the information in the stolen laptops had been similarly encrypted.

Ombudsman Connie Lau Yin-hing said her office was looking into the data breach.

Additional reporting by Elizabeth Cheung