原文
摘錄自1月10日香港《文匯報》:香港法律改革委員會昨日發表《依賴電腦網絡的罪行及司法管轄權事宜》報告書,建議引入一項全新針對電腦網絡罪行的特定法例,涵蓋五類依賴電腦網絡的罪行,最高可判處終身監禁。報告書的建議不僅是對現行散落於《刑事罪行條例》等條文的系統性革新,更是香港主動應對數碼時代犯罪挑戰、保障社會治安的重要法律進程,是維護網絡空間清朗、保障市民及企業機構利益、維護國家安全的重要舉措。
特區政府應盡快展開研究跟進落實,並應就人工智能罪行進行前瞻性研究和推動立法,為香港的長治久安與數碼發展築牢法治屏障。
電腦網絡犯罪在香港時有發生,如在2023年8月,有勒索軟件組織對數碼港的電腦系統進行黑客入侵及勒索,大量個人資料外洩,其後在暗網被公開,當中包括銀行賬戶資料、身份證號碼及職員證資料。
然而,本港一直沒有專屬法例處理,檢控只可使用《刑事罪行條例》的「刑事毀壞」「不誠實使用電腦」等。在資訊科技日新月異的今天,傳統法律框架在應對黑客入侵、數據竊取、勒索軟件攻擊等新型犯罪時往往力不從心。
法改會的立法建議展現了香港法律體系與時俱進,有助形成更安全可靠的電腦網絡環境。報告書明確劃分的五類罪行,構建了一個層次分明、覆蓋全面的追究罪責法律體系。
例如,提出將「純粹未獲授權取覽」行為入罪,並設立「意圖進行其他犯罪」的加重罪行,讓執法機關在黑客攻擊的早期階段即可介入,防止後續更嚴重的罪行發生,體現了「預防為先」的治理思維。
立法建議具備強烈的現實針對性與保護效能。在數碼時代,公眾個人隱私、企業商業秘密乃至機構關鍵基礎設施的良好順暢運行,均繫於網絡空間的安全性。報告書建議將非法截取數據罪的保護範圍擴展至「所有通訊」及「元數據」,並引入域外司法管轄權條款,確保只要犯罪行為或結果涉及香港,或受害人身處香港,香港法庭即有權審理。
這意味着,無論是本地機構遭遇跨境數據竊取,還是市民在社交媒體的通訊遭境外不法分子截取,都能得到香港法律的強力保護。這極大增強了法律對潛在犯罪者的威懾力,也為受害者提供了更堅實的支援途徑。
尤為重要的是,立法建議也與維護國家安全的大局要求高度契合。報告書明確指出,干擾關鍵資訊基礎設施(如機場控制塔、鐵路信號系統)的行為,最高可處終身監禁,而且此類罪行可能同時觸犯香港國安法及《維護國家安全條例》中關於破壞活動的條款。
這將在網絡安全領域織密國家安全的防護網,使任何意圖透過網絡攻擊癱瘓社會運作、危害公共安全的行為,都將面臨法律的嚴厲懲處。
報告書在建議從嚴治罪的同時,亦為合法使用與犯罪行為定下明確界線,避免「一刀切」對科技創新與正常業務運作造成誤傷。立法建議為「白帽黑客」等網絡安全從業員設定了在合規前提下進行安全測試的免責辯護,亦為教育科研、互聯網服務提供者設定了合理的責任豁免空間。這種既嚴格打擊惡意犯罪,又保護合法專業活動的立法思路,有利於營造一個既安全又充滿活力的數碼生態環境,促進香港國際創新科技中心的建設。
譯文
Enacting Bespoke Cybercrime Legislation to Enhance Hong Kong's Digital and Technological Security
The Law Reform Commission of Hong Kong yesterday published a report on Cyber-Dependent Crime and Jurisdictional Issues, recommending the introduction of a new piece of bespoke legislation on cybercrime to cover five types of cyber-dependent crimes, with the maximum penalty being life imprisonment. The recommendations in the report are not merely a systematic overhaul of existing provisions currently scattered across ordinances like the Crimes Ordinance; they represent a significant legal step forward for Hong Kong to proactively address the challenges of crime in the digital age and safeguard public order. This initiative is crucial for maintaining a clean cyberspace, protecting the interests of citizens and corporate entities, and preserving national security. The Government should expedite research and follow up on the implementation of these proposals, while also conducting forward-looking research and promoting legislation concerning artificial intelligence crimes, thereby fortifying the rule of law as a bulwark for Hong Kong's long-term stability and digital development.
Cybercrime incidents occur from time to time in Hong Kong. For example, in August 2023, a ransomware group hacked and extorted the computer systems of Cyberport, resulting in a massive data breach where large quantities of personal data—including bank account details, ID numbers, and staff ID information—were subsequently published on the dark web. However, Hong Kong has long lacked dedicated legislation to deal with such incidents; prosecutions can only rely on offences such as "criminal damage" and "access to a computer with dishonest intent" under the Crimes Ordinance. In a world where information technology evolves rapidly, the traditional legal framework is often inadequate for tackling new forms of crime such as hacking, data theft, and ransomware attacks.
The Commission's legislative recommendations demonstrate that Hong Kong's legal system is keeping pace with the times, helping to create a safer and more reliable cyber environment. The five clearly defined categories of offences in the report form a structured and comprehensive legal framework for determining criminal liability. For instance, the report recommends that "unauthorised access to programme or data without lawful authority should be a summary offence" and that "an aggravated form of the offence arises if the unauthorised access is accompanied by an intent to carry out further criminal activity." This allows law‑enforcement agencies to intervene at early stages of hacking activities to prevent more serious offences from occurring, reflecting a "prevention-first" governance mindset.
The legislative recommendations possess a strong practical relevance and protective efficacy. In the digital age, the protection of personal privacy, corporate commercial secrets, and even the smooth operation of critical institutional infrastructure all depend on the security of cyberspace. The report recommends extending the scope of protection for the offence of unlawful interception of data to cover "all communications" and "metadata," and introduces provisions for extraterritorial jurisdiction. This ensures that Hong Kong courts have the power to hear cases as long as the criminal act or consequence involves Hong Kong, or the victim is located within Hong Kong. This means that whether a local institution encounters cross-border data theft, or a resident's social media communications are intercepted by offenders abroad, they can rely on the robust protection of Hong Kong law. This greatly enhances the deterrent effect on potential criminals and provides more solid support channels for victims.
Crucially, the proposed legislation also aligns with the overarching requirements for safeguarding national security. The report explicitly states that acts of interfering with critical information infrastructure—such as airport control towers or railway signalling systems—could carry a maximum penalty of life imprisonment. Furthermore, such acts may simultaneously contravene provisions on sabotage in both the Hong Kong National Security Law and the Safeguarding National Security Ordinance. This would strengthen the national security protection network within the realm of cybersecurity, ensuring that any attempt to paralyse social operations or endanger public safety through cyberattacks faces severe legal consequences.
While recommending stringent measures against offences, the report also draws clear boundaries between lawful activities and criminal conduct, preventing "one‑size‑fits‑all" outcomes that could inadvertently hinder technological innovation or normal business operations. The report recommends providing a defence of exemption for cybersecurity professionals such as "white‑hat hackers", allowing them to conduct security testing under compliant conditions. Reasonable liability exemptions are also proposed for educational and research institutions, as well as internet service providers. This legislative approach—strictly combating malicious crime while protecting legitimate professional activities—helps foster a digital ecosystem that is both secure and vibrant, supporting Hong Kong's development as an international innovation and technology centre.
●Tiffany
0
已點過讚
0 / 255