The Hong Kong Government Probably Can't Hack Your iPhone
But, it can request your texts and emails without disclosing if a court warrant was acquired.
The FBI proved this week that although the Apple iOS is built without a backdoor—a way to retrieve information from an encrypted mobile phone—it's possible to get in, anyway. While the FBI couldn't get in through a backdoor, they found other means to unlock an iPhone 5c. We're not sure how, yet, and neither is Apple. How will this change our right to privacy and information security—and is this really just an American issue?
We set out to find if it’s possible for Hong Kong’s government to also find a way into our phones.
Cheng Lee-ming, an electronic engineering professor at the City University of Hong Kong, doubts that the government has the technology to create a backdoor. “It normally requires the expertise of an insider from the system developer to make this work. Take the Apple’s iOS system as an example—a backdoor has never been built in the first place to prevent a breach of security.”
Legislative Council member Charles Peter Mok, an information technology lawmaker, makes plain why Apple's no-backdoor design is the best option for a phone's operating system. “Creating a backdoor is like boring a hole into a house. It will eventually come back to haunt you,” he says.
Mok says that when the police seize a phone for criminal investigation, they usually seek the help of technical consultants to crack it through operating system loopholes. “Not that they can hustle Apple into helping them,” he quips. How far, then, can the government go to monitor our daily communication?
“Things are different with data communications. The threshold is much lower and the regulations are less stringent.” —Charles Peter Mok
Thanks to the Interception of Communications and Surveillance Ordinance, we don’t have to worry about the government arbitrarily eavesdropping on our gossip. The Ordinance says telecommunications companies and internet service providers do not have the right to intercept their customers’ communications—unless instructed by law enforcement. But, there is a gray area.
There are two types of information that law enforcement agencies can demand—voice, such as the recording of a phone call, and data communication, such as SMS. While there is a rigorous mechanism in place for acquiring voice communication, data communication is easier to get.
“When we want to gain access to a phone’s voice communication, we have authorized officers specializing in bugging the phones. Yes, it’s just like what you see in the films—we have to file reports and fight our way through the panel judges before getting permission to snoop on a phone call,” says legislator Mok. “But things are different with data communication. The threshold is much lower and the regulations are less stringent.”
Mok says that the government does not disclose how many data acquisitions are backed by court warrants.
The question of China and its exertion of influence over the city remains, too. On the mainland, the government censors what can and cannot be shared through social tools—so is it possible for PRC to cast that net across the border?
Professor Cheng says it’s practically impossible for the Chinese mainland to monitor all online activity in Hong Kong. “It requires an enormous amount of human resources and technological support to keep an eye on everyone at the same time. China will need to build up a database in order to do that. However, a temporary surveillance on an individual is possible,” he says.
Mok agrees that it is an entirely different story on the mainland. Mainstream social media tools like WeChat and Weibo are obliged by law to censor content on the government's behalf. “This is the condition on which they can operate in China, which explains why Google and Facebook find it difficult to hit the Chinese market,” he says.
Mok adds that, sometimes, there’s no way of telling if a phone has been hacked. “Emails with malicious attachments may be random malware attacks,” he says. Executive Councilor Regina Ip Lau Suk-yee lost $500,000 to cyber theft last year, when she opened an email attachment that appeared to be from MTR Corporation chairman Raymond Chien Kuo-fung.