IT Professionalism (ITE4103)

Chapter 3A – Legal Issues Related

to IT Profession
與IT專業相關的法律問題

IT Crimes (資訊科技犯罪)
Related ordinances in HK (香港相關條例)
IT crimes preventions (預防 IT 犯罪)

Legal Issues Related to IT

IT Crime 1
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Overview of Chapter 3A
• Definition of computer crimes
• Typical computer crimes committed by ITP
• Typical computer crimes committed by young people in HK
• Computer crimes related ordinances [相關條例] in HK
– Telecommunications Ordinances 電訊條例
– Crime Ordinance 刑事罪行條例
– Theft Ordinance 竊盜條例
– Other related Ordinances 其他相關條例
• Computer crimes preventions [預防措施]
– Technical and non-technical measures 措施
– Personal and corporate levels

Legal Issues Related to IT

IT Crime 2
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Computer Crimes
• Computer crimes – two categories
– Computers as tools for the crimes including unauthorized or illegal activities committed
by someone via computer system
– Computers as targets of attack 攻擊目標 of the crimes including damage (or theft) of
computers hardware and information stored inside a computer

• Examples of computer crimes

– Computers as tools:
• use of computer to violate of Intellectual Property Rights 知識產權 on Internet
• use of Remote Access Trojan (RAT) 遠端存取木馬 to control/access other computers;
• use of phishing web-site 釣魚網站 to trick users
• use color printer to print bogus bank note/music concert ticket (to obtain property by
deception 以騙取財物)
– Computers as targets:
• stealing of computer hardware, computer peripherals 電腦週邊設備
• attacking server(s) using Distributed Denial-of-Service (DDoS) 分散式阻斷服務
• abusing data 濫用數據 in computer including stealing of notebook computer or theft of thumb
drive
• IT Crimes, or Cybercrime [網路犯罪] is a wider term of the conventional
computer crimes
Legal Issues Related to IT
IT Crime 3
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Typical computer crimes

committed by ITPs
• Because the nature of works, the knowledge and skills, ITPs
may be more capable to commit the following computer crimes:
– Unauthorized access of computer systems
– Cyber stalking 網路追蹤 – use of espionage software (間諜軟件) to
“monitor” Internet and/or Wi-Fi network activities; with aim to steal the
user details (i.e. name and password)
– Use of brute force technique 暴力破解技術 to crack username and
password
– Use of Trojan (Remote Access Trojan) software to control/access other
computers
– Use of cryptanalysis techniques 密碼分析技術 to break encrypted files (or
message)
– Use of phishing web-site to trick innocent users by stealing their
username and password
Legal Issues Related to IT
IT Crime 4
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Typical computer crimes

committed by young people in HK
• Hacking 侵入 into a school’s server for fun
• Spreading viruses that cause damage
• Sending pornographic materials 色情資料 to a friend
• Posting malicious messages 發布惡意訊息 about
someone on Facebook
• Selling fake (bogus) 偽造 music concert tickets in
website/social media
• Selling counterfeited 假冒 or pirated 盜版 products in
online shops
• Making on-line horse betting via unlawful gambling
establishments 非法賭博場所
Legal Issues Related to IT
IT Crime 5
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Computer Crimes
related Ordinances 相關條例 in HK
• In Hong Kong, there is no single Computer Crimes Ordinance
• People are usually prosecuted 被起訴 with the following existing 9 ordinances:
– Telecommunications Ordinance (Cap. 106) 電訊條例
– Crimes Ordinance (Cap. 200) 刑事罪行條例
• Section 11: Criminal damage 刑事損害
• Section 24: Criminal intimidation 刑事恐嚇
• Section 73: Using a false instrument 使用虛假文書
• Section 75: Procession of a false instrument 管有虛假文書
• Section 161 : Access to computer with criminal or dishonest intent 出於犯罪或不誠實意圖使用電腦
– Theft Ordinance (Cap. 210) 竊盜條例
• Section 17 : Obtaining property by deception 透過欺騙手段獲取財產
– Control of obscene and indecent article Ordinance (Cap. 390) 淫穢及不雅物品管制
條例
– Copyright Ordinance (Cap 528) 版權條例
– Personal data (privacy) Ordinance (Cap 486) 個人資料（私隱）條例
– ICAC Ordinance (Cap 201) – S.9(3) 廉政公署條例
– Trade Descriptions Ordinance (Cap 362) 商品說明條例
– Gambling Ordinance (Cap 148) 賭博條例
Legal Issues Related to IT
IT Crime 6
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Telecommunications Ordinance
電訊條例 (Cap. 106)
(1) Telecommunication Ordinance
"27A. Unauthorized access to computer by telecommunication
(1) Any person who, by telecommunication, knowingly causes a computer to perform
any function to obtain unauthorized access to any program or data held in a computer
commits an offence and is liable on conviction to a fine of $20,000. (2) For the
purposes of subsection (1) -
(a) the intent of the person need not be directed at -
(i) any particular program or data;
(ii) a program or data of particular kind; or
(iii) a program or data held in a particular computer;
(b) access of any kind by a person to any program or data held in a computer is
unauthorized if he is not entitled to control access of the kind in question to the
program or data held in the computer and ;
– (i) he has not been authorized to obtain access of the kind in question to the program or data
held in the computer by any person who is so entitled;
– (ii) he does not believe that he has been so authorized; and
– (iii) he does not believe that he would have been so authorized if he had applied for the
appropriate authority. "

Legal Issues Related to IT

IT Crime 7
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Crimes Ordinance
刑事罪行條例 (Cap. 200)
• Criminal damage (刑事毀壞) – (S11 of Cap 200)
– For example: spreading virus that cause damage, website defacement
– Max penalty: 14 year imprisonment 監禁
• Criminal intimidation (刑事恐嚇) – (S24 of Cap 200)
– For example: sending threating email threaten to hurt victim(s); posting threating
message at social media to burn down his/her house;
– Max penalty: 14 year imprisonment
• Using a false instrument (使用虛假文書) – (S73 of Cap 200)
– For example: using false document with intention to induce someone to accept it is
genuine
– Max penalty: 14 year imprisonment
• Procession of a false instrument (管有虛假文書) – (S75 of Cap 200)
– For example: procession of false document (e.g. computer printout bank note), with
intention to induce someone to accept it is genuine
– Max penalty: 3 year imprisonment
• Access to computer with criminal or dishonest intent (出於犯罪或不誠實
意圖使用電腦) – (S161 of Cap 200)
– For example: participate in DDoS attack; other miscellaneous related computer crime
– Max penalty : 5 years imprisonment

Legal Issues Related to IT

IT Crime 8
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Theft Ordinance
竊盜條例 (Cap 210)
• Section 9 – Theft (imprisonment for 10 years)
– liable on conviction to imprisonment for 10 years. e.g. shoplifting – permanently depriving
other’s procession
– How about copy a file from the owner without permission? S.9 is not applicable for pirating
software, as there is no evidence of depriving other’s procession
• Section 17 – Obtain property by deception (透過欺騙手段獲取財產)
(imprisonment for 10 years)
– Any person who by any deception dishonestly obtains property belonging to another, with the
intention of permanently depriving the other of it, shall be guilty of an offence and shall be
liable on conviction upon indictment to imprisonment for 10 years.
– "obtain" (取得) includes obtaining for another or enabling another to obtain or to retain.
– "deception" (欺騙手段) means any deception (whether deliberate or reckless) by words or
conduct (whether by any act or omission) as to fact or as to law
• Examples:
– Posting products on an auction site which does not exist
– Use color printer to print bogus tickets of a music concert, and sell them in Internet (with
intention to deceive a victim’s property) – there is some difference from (S73 or S75 of Cap200)
Legal Issues Related to IT
IT Crime 9
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Other Related Ordinances

• Control of Obscene and Indecent Article Ordinance (淫穢及不雅物品管制條
例) (S.21 Cap 390) - COIAO
– (a) publish/distribute obscene/indecent article (via Internet)
– (b) possess for the purpose of publication; or
– (c) import for the purpose of publication.
– Max sentence: fine of $1M and 3 years imprisonment
• Copyright Ordinance (版權條例) (Cap 528)
– Example: Upload pirate software/media (via Internet)
– Example: Sell pirate goods in social media (with disclaimer indicating of pirate goods)
– Max sentence: fine of $50,000 and 4 years imprisonment
• Personal Data (privacy) Ordinance (個人資料 (私隱) 條例) (Cap 486)
– Misuse of personal data during sales/marketing activities that causes damage to
others, or making gain
– Max sentence: fine of $1M and 5 years imprisonment

Legal Issues Related to IT

IT Crime 10
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Other related ordinances (2)

• ICAC Ordinance (廉政公署條例) (Cap 201) – S.9(3) – 7 years
imprisonment
– Corrupt transaction with agents – with intent to deceive his principal, uses any
receipt, account or other document, which is false or erroneous
– e.g. use of bogus medical certificate to deceive employer’s payment related to
sick leave.
• Trade Descriptions Ordinance (商品說明條例) (Cap 362)
– Making false trade descriptions to goods against selling pirated and counterfeited
goods
• With both criminal sanctions and civil enforcement mechanism
– Max penalty: fine up to 0.5M, and imprisonment range from 3 months to 5 years

• Gambling Ordinance (賭博條例) (Cap 148)

– Betting with unauthorized gambling operators based inside or outside HK via the
Internet or other technologies
– Section 9: Any person who promotes, organizes, conducts or manages, or
otherwise had control of, an unlawful lottery commits an offence
– Max penalty: fine of $30,000 and 7 years imprisonment
– e.g. Use lottery with gift to attach hit-rate of the website/social media without
applying for license

Legal Issues Related to IT

IT Crime 11
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Summary of computer related crimes

Typical examples Description of the Involved Ordinance in HK Max penalty
computer crime (imprisonment)
Hacking into a school server Unauthorized access Telecomm Ordinance (S27A of fine $20,000 but
for fun of computer Cap106): no imprisonment
Spreading viruses that causes Criminal damage Crime Ordinance (S11 of 14 years
damage Cap200) imprisonment
Sending pornographic Publish/Distribute Control of obscene & indecent 3 years
materials to a friend via obscene article article Ordinance (Cap390) imprisonment
Internet
Posting threatening messages Criminal intimidation Crime Ordinance (S24 of 14 years
to someone using email to hurt Cap200) imprisonment
someone
Posting products on an auction Obtaining property by Theft Ordinance (S17 of 10 years
site which does not exist (withdeception or Cap210) or imprisonment or
deception or dishonest intent) Access to computer Crime Ordinance – (S.161 of 5 years
with dishonest intent Cap200) imprisonment
Selling Counterfeited products Sell pirate goods Copyright Ordinance (Cap 528) 4 years
in eBay (with or without or or imprisonment
disclaimer of product not Making false trade Trade Descriptions Ordinance or
genuine) description of service (S.162 of Cap 362) 5 years
or goods imprisonment
Taking part in Betting with Gambling Ordinance (Cap 148) 7 years
betting/gambling via unlawful unauthorized imprisonment
on-line casino operators
Legal Issues Related to IT
IT Crime 12
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Difficulties in fighting computer crimes

打擊電腦犯罪的困難
• Major difficulties in enacting new laws/ordinances (頒布新的法律/條例)
– There are new varieties of computer crimes 電腦犯罪新品種 made possible from the
advancing technology.
– The technology is changing very fast and law making is a very slow process, as a result, law-
making or amendments to fight computer crime are always behind computer crime.
– Laws made to fight computer crime quite often may cause inconvenience to some people.
So there will inevitably be opposition in making these laws.
• Major enforcement bodies 執法單位 in HK to fight computer crimes: Police,
Custom and Excise Dept 海關及稅務部, ICAC
– They focus to combat serious computer crimes such as identity theft, e-commerce fraud,
phishing scams, online child pornography, hacking incidents, and prevention and detection
of cyber attacks against major information systems. 身分盜用、電子商務詐騙、網路釣魚
詐騙、網路兒童色情、駭客事件、重大資訊系統網路攻擊防範與偵測等
• Other enforcement bodies in HK: Office of PCPD 個人資料私隱專員公署,
OFCA 通訊事務管理局辦公室
– For doxing and abuse of personal data, it requires victims to report to Office of PCPD (see
Chap 3b)
– For spam mail 垃圾郵件, it requires victims report to OFCA (see chap 3b)
Legal Issues Related to IT
IT Crime 13
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Difficulties in fighting computer crimes (2)

打擊電腦犯罪的困難
• In additional, law enforcement bodies in Hong Kong have difficulties to
prosecute people 香港執法單位檢控/起訴有困難 who had committed
the following activities with FOUR reasons:

– No enacted ordinances 沒有頒布法令 for cyber bullying, cyber

harassment, doxxing activities: (網路霸凌、網路騷擾、人肉搜尋等活動)
• Cyberbullying - harassment, torment, humiliation, or threatening 騷擾、折
磨、羞辱或威脅 of one minor by another minor or group of minors via the
Internet.
• Cyber harassment - young people are harassed and bullied by peers in
discussion groups and forum
• Doxxing (i.e. release and circulate personal details by extensive use of
human flesh search engine)

– It is in the grey areas

• the peers who commit cyber bully may not have malicious /dishonest
intense. 實施網路霸凌的群組可能沒有惡意/不誠實意圖 Enforcement
bodies have difficulties in handling these activities
Legal Issues Related to IT
IT Crime 14
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Difficulties in fighting computer crimes (3)

打擊電腦犯罪的困難
– It is an organized crime 有組織犯罪
• Difficult to track. Examples include
– Triad organization 黑社會組織 uses online method to recruit 招募
young people as members, and lure 引誘 them to commit crimes
such as illegal trafficking. 非法拐賣
– Hacker activities related to Cyber-Terrorism 網路恐怖主義, and
International Criminal Syndicate 國際犯罪集團
– Child pornography 兒童色情物品 on the Internet

– The crime may be outside the legal jurisdiction of HK

不在香港的法律管轄範圍內
• Examples include
– Young people are blackmailed 勒索 for money (e.g. Naked-chat)
– Victim’s computer system is locked up, and not able to retrieve
files unless ransom 贖金 is paid with bitcoin to oversea account.
(e.g. Ransomware 勒索軟件)
Legal Issues Related to IT
IT Crime 15
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Computer Crime prevention (1)

• Technical measures 技術性措施
– 4 different levels; from user, application, system, to
network

1. Better authentication 更好的身份驗證: use of strong

password, multiple factors authentication, etc
2. Strong application protection 強大的應用程式保護: use of
encryption, watermarking, anti-virus, etc
3. Stronger system protections 更強的系統保護: use of
crypto-system, update of system’s security patch, etc
4. Stronger network defense 更強的網路防禦: install firewall,
intrusion detection, use of secured networks such as
Virtual Private Network (VPN)
Legal Issues Related to IT
IT Crime 16
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Computer Crime prevention (2)

• Non-technical measures 非技術性措施
can be carried out at two levels: Personal level, Corporate level

– At personal level – Adopt general good practice and use of

computers at personal level
• Installation of personal firewall
• Installation of anti-virus software and update of virus signature files regularly
• Installation of OS patch to eliminate OS vulnerabilities
• Staying alert to suspicious mails / websites / hyperlinks

– At corporate level – Adopt good human resource policies to

restrict employee/people
• Strengthen the weakest link – human factors
– Issue policies and guidelines to control the behaviors of all staff
– Provide education and awareness training to related staff

Legal Issues Related to IT

IT Crime 17
Profession © VTC 2024-25
IT Professionalism (ITE4103)

Summary
• Definition of computer crimes
– Computers are 1. tools and 2. target of attacks
• Typical computer crimes for ITPs (skill required)
– Unauthorized access, fraud 欺詐, sabotage 破壞, and hacking including virus and worm
• Typical computer crimes committed by young people (no skill required)
– Telecom Ordinance (Cap. 106)
– Crimes Ordinance (Cap. 200)
– Theft Ordinance (Cap. 210)
– Control of obscene and indecent article Ordinance (Cap. 390)
– Copyright Ordinance (Cap. 528)
– Personal data (privacy) Ordinance (Cap. 486)
– ICAC Ordinance (Cap. 201)
– Trade Descriptions Ordinance (Cap. 362)
– Gambling Ordinance (Cap. 148)
• Computer crimes preventions
– Technical measures: better authentication, encryption, crypto-system, firewall &VPN
– Non technical measures: Personal level - good practices; Corporate level- policy and
training
Legal Issues Related to IT
IT Crime 18
Profession © VTC 2024-25