獨立媒體(香港)聲明: 要求廉署及警方交待接觸黑客公司 修訂《截取通訊及監察條例》保公眾私隱

獨立媒體(香港)聲明: 要求廉署及警方交待接觸黑客公司 修訂《截取通訊及監察條例》保公眾私隱

獨立媒體(香港)聲明:
要求廉署及警方交待接觸黑客公司
修訂《截取通訊及監察條例》保公眾私隱

維基解密日前揭發,香港廉政公署曾聯絡 Hacking Team公司(註),要求該公司示範一套名為『伽利略』(Galileo Remote Control System)的遠程控制類惡意軟件,該軟件可截取電腦及手機等多個平台的通訊數據。廉署在7月15日凌晨證實署方曾聯絡該黑客公司,同時據《明報》報導,該黑客公司的電郵中,有至少3個本港警方的電郵地址及5個廉署執行處人員的電郵地址。

本會關注網絡自由, 一直跟進《截取通訊及監察條例》(下稱《條例》)的發展。《條例》設立的原意,是規管公職人員所進行的截取通訊及指明類別的秘密監察行動,確保四個指定的執法機關( 即海關、香港警務處、入境事務處和廉政公署)在偵測罪行和保障公共安全之餘,同時保障市民私隱及權利不受侵犯。

公眾或不知情下電腦被監控、入侵

廉署在被維基解密揭發後,才承認曾聯絡該黑客公司。由此可見,《條例》對執法機關的監管與制衡能力明顯不足。如廉署確實購入該黑客軟件,軟件除可偵察外,亦可主動入侵他人電腦,公眾私隱與資訊自由或因而受損。

『伽利略』這類黑客軟件,容許政府入侵目標對象的智能電話和電腦,從iPhone和Android平台暗中竊取數據,監控網路使用者的通訊,窺探加密的檔案和電郵,並可在目標電腦上遠端開啟咪高峰和鏡頭。系統可儲存及泄漏的資料廣泛,如訪問過的網站、文件操作、鍵盤輸入記錄、文檔和圖片信息、VoIP電話監控(例如skype)、程式執行情況、聲音監聽、視像鏡頭監視、螢幕截圖、即時通信(Skype、Windows Live Messenger、Wechat等)、剪貼板的內容、賬戶密碼、發出和接受電郵、電話錄音、GPS位置、聯絡人資料等。

同時,由於該黑客軟件附有後門,可供 The Hacking Team 有審查黑客軟件的使用和所截取和監控的資料,廉署調查對像的資料可能會經這個黑客軟件,落入外人手上,意即同時把本港受監視者的資料全數輸送外地。

本會要求:

一、當局須向立法會保安事務委員會,詳細交代執法部門採用監控軟件是否合法,以及交代廉署、警方及所有執法關交代所使用網絡監管軟件的詳情,包括供應商、軟件名稱及版本、購買軟件後被監控人數及其中調查至提控人數。

二、立法會保安事務委員會須召開特別會議,要求當局交代事件。

三、修改審議中的《2015年截取通訊及監察(修訂)條例草案》。現時的《條例》監管範圍已過時,執法機關不再需要透過《條例》截取現時流行的即時通訊(如whatsapp、telegram),他們可直接向法庭申請手令,向網絡供應商索取有關資料。當局須修訂《條例》的「通訊」範圍,監管網絡供應商不濫供個人資料予執法機關,保障公眾私隱。

四、廉署及所有執法機關停止使用外國黑客軟件。

獨立媒體(香港)
二零一五年七月十六日

副本送:廉政公署、保安局、立法會保安事務委員會

註:Hacking Team 是一家來自意大利、專業從事監視技術的黑客團隊及公司,並以協助政府監視公民聞名。他們成立於2003年,專門出售各種間諜程式和惡意程式予全球政府、執法機關與情報組織監控人民,宣稱客戶遍佈全球30個國家,包括了人權記錄不良的埃及、新加坡、越南等。

Statement of the Hong Kong Inmedia:

The ICAC and Police Force shall disclose details on contacts with hacker companies Amend the Ordinance to secure privacy

The WikiLeaks has previously disclosed that, Independent Commission Against Corruption (the ICAC) has contacted the Hacking Team (note).  It asked the company to demonstrate a remotely controlling malicious programme called “Galileo Remote Control System”, which can intercept computers and mobile phones and similar telecommunication platforms. The ICAC, in the early morning of 15 July, has admitted that the Commission has contacted the company. According to the Ming Pao, in that email corresponds with the company, there are in fact at least 3 addresses of the local police and 5 addresses of the ICAC Operations Department.

The Hong Kong In-media gravely concerns Internet freedom, and monitors the development of the Interception of Communications and Surveillance Ordinance (Cap 589). The legislative intent of the Ordinance, is to monitor any interception of communication or any covert surveillance for the purposes of a specific investigation or operation, by or on behalf of public officers; as well as to ensure the four operative departments, namely the Customs and Excise Department, Police Force, Immigration Department and the ICAC, would respect citizens’ rights and privacy, while acting for crime prevention and/or the protection of public security.

Interception and surveillance without public notice

The ICAC has only admitted contacting the hacking company after the WikiLeaks leaked it. From this, we can see that the Ordinance does not sufficiently restrict and regulate the power prescribed to those operative departments for public interest. Had the ICAC subsequently bought the surveillance services, privacy and rights of the public would be severely undermined with unrestricted surveillances, if not offensive and malicious interception of computing devices.

“Galileo Remote Control System” is a investigative tool to spy all kinds of mobile devices and computers, stealing information from iPhone or Android platforms, reading data of internet users and accessing encrypted emails or files, as well as proving remote access to microphones and cameras. The system can save and leak information on web surfing history, documents transmission, keyboard input records, text and files and pictures, VoIP call monitoring, programme execution process, audio interception, camera interception, screen shots, instant messaging (Skype, Windows Live Messenger, Wechat, etc), materials of the clipboard, account passwords, in and out of mailboxes, phone recording, GPS location and contacts information, etc. At the same time, the spyware creates a backdoor, allowing the Hacking Team themselves to scrutinize the intercepted information and thereby releasing all personal data or information of such targets to even more outsiders that one cannot possibly trace.

The Hong Kong In-media calls that,

  1. The authorities must report to the Legislative Council Panel on security in details, the legal basis of the law enforcement agencies’ use of such interception or surveillance technology, in particular the details of any software that the ICAC, Police Force and other agencies currently in use, including but not limited to information of suppliers, spyware name and versions, the number of targets and the investigation to prosecution ratio.
  2. The Panel on Security must then call a special meeting to discuss the matter concerned.
  3. The government must amend the Interception of Communications and Surveillance (Amendment) Bill 2015. The coverage of the current Bill is unquestionably obsolete, the law enforcement agencies need not go through scrutiny of the Ordinance to intercept popular telecommunication platforms like Whatsapp and Telegram. Instead they can obtain a warrant from Court, obtaining information from Internet suppliers. The authorities must amend the types of platforms of telecommunications covered by the Ordinance, stopping any abuses of such means, so as to secure privacy of all citizens.
  4. The ICAC and other law enforcement agencies must stop using hacker software of other countries.

Hong Kong In-media

16 July 2015

CC: The ICAC, Security Bureau and Legislative Council the Panel on Security

Note: The Hacking Team is an infamous Italty-based hacking company that sells offensive intrusion and surveillance capabilities to governments in order to monitor the citizens. Founded in 2003, they aims to serve governments, law enforcement bodies and intelligence agencies across the globe with spyware and malware, claiming that their clients are from 30 countries, including the human rights ill recorded countries Egypt, Singapore and Vietnam.

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s

%d 位部落客按了讚: