Restrictions on Hong Kong civil servants’ access to WhatsApp, WeChat on work computers to take effect this month
Hong Kong Free Press
New restrictions barring the use of cloud storage and instant messaging services including WhatsApp Web, WeChat, and Google Drive on Hong Kong civil servants’ work computers will take effect by the end of October.
Hong Kong technology minister Sun Dong told RTHK in Mandarin on Tuesday that the measures were being introduced in response to serious data security incidents over the past year. The government had taken reference from regulations employed by US and mainland Chinese authorities, he said.
In addition to WhatsApp, which is owned by US tech giant Meta, Sun also listed Tencent-owned Chinese social media, messaging, and payment app WeChat as a potential vulnerability on government desktop computers.
“There’s no other choice, that’s just how bad the situation is at the moment. There’s a serious security concern,” he said, adding that he believed government departments would find ways to adapt to the new rules.
Data breaches
The requirement was laid out in the Government Information and Technology Security Policy and Guidelines in April, before three separate government departments saw data security incidents in the span of less than a week the following month.
The tech guidelines gave Hong Kong civil servants six months to comply with a restriction on using personal emails, public cloud storage, and web-based instant messaging services on office computers.
The government’s Digital Policy Office said in the policy document that the restricted services introduce “significant security risks.”
Addressing whether the new rules would inconvenience departments that relied on those messaging platforms to reach out to external parties, Sun said mobile phones would not be subject to the restrictions.
According to the guidelines: “Access shall be granted only when justified by genuine needs and legitimate purposes with the approval from the Heads of [Bureaus or Departments]… and promptly revoked when no longer required.”
In May, the Fire Services Department reported a potential data breach, the third incident involving a government department in less than a week, following the Electrical and Mechanical Services Department and the Companies Registry.
The city’s Consumer Council and tech park Cyberport also fell victim to hackers last year.
A government source last Wednesday told HKFP that a mock cyberattack drill would be held in November, to show government departments and public entities “how fierce a cyberattack could be.”
A proposed cybersecurity law is also expected to be tabled to the city’s legislature by the end of the year.
The bill is expected to cover computer system systems of critical infrastructure sectors including energy, information technology, banking and financial services, land transport, air transport, maritime, communications and broadcasting, and healthcare services.
Support HKFP | Policies & Ethics | Error/typo? | Contact Us | Newsletter | Transparency & Annual Report | Apps
Help safeguard press freedom & keep HKFP free for all readers by supporting our team
HKFP has an impartial stance, transparent funding, and balanced coverage guided by an Ethics Code and Corrections Policy.
Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit.