The Debate

Hong Kong’s Digital Battle Against State Surveillance

Recent Features

The Debate | Opinion

Hong Kong’s Digital Battle Against State Surveillance

Violations of digital rights in Hong Kong and against Hong Kongers in exile around the world are all too common.

Hong Kong’s Digital Battle Against State Surveillance
Credit: Depositphotos

It is no secret that human rights have been gradually dismantled in Hong Kong since Beijing imposed the National Security Law on Hong Kong in 2020, following widespread pro-democracy protests in 2019. There has been continuous international media coverage on the declining human rights situation in the former financial hub, including the passage of the Safeguarding National Security Ordinance (SNSO) in March this year.

However, what may be more hidden are violations of digital rights in Hong Kong and against Hong Kongers in exile around the world, as they occur in the shadow of cyberspace. Examples range from digital harassment from fake profiles, email accounts, and bots to hackings of laptops and mobile phones.

In a world that is centered around social media networks and rapidly developing artificial intelligence (AI), there is an increasing need to define and protect digital rights, especially for exiled Hong Kongers and other dissidents.

This week, Hong Kong Watch released a report titled “Invisible Decline: Violations of Digital Rights in Hong Kong and their Impact,” which examines specific digital rights violations and makes recommendations to governments and technology companies to safeguard individuals and organizations from digital transnational repression. The report is timely, as Hong Kong’s passage of the SNSO poses a further threat to the digital space..

The report first highlights previous Hong Kong Watch research that reveals a consistent pattern of pro-democracy activists who conduct activism in offline spaces facing transnational repression online, even when they flee from repression in Hong Kong to countries that respect freedom of expression. This includes one Hong Konger in Canada who was receiving anonymous and threatening Telegram messages, which eventually included violent videos and personal details about the individual’s life.

The report then considers three case studies: HKLEAKS, the imprisonment of Mika Yuen Ching-ting, and the global ban on “Glory to Hong Kong.”

HKLEAKS was a wave of social media channels created during the 2019 Hong Kong protests that doxed the personal information of Hong Kong activists, which involved publishing an individual’s data online with malicious intent. While HKLEAKS claimed to be run by local volunteer communities in Hong Kong, its channels were sophisticated and likely the product of professional actors working in tandem with the Hong Kong and People’s Republic of China (PRC) governments. The actions of HKLEAKS intimidated activists and clearly violated their digital rights, but has yet to be investigated by the Hong Kong or PRC authorities.

In March 2023, Mika Yuen Ching-ting was arrested upon returning to Hong Kong after studying abroad in Japan. Her alleged crime was publishing social media posts on Facebook and Instagram that the Hong Kong authorities claimed “incited Hong Kong independence,” despite having a very low public profile (473 friends on Facebook, 657 followers on Instagram). Yuen’s posts included images of banners saying “Liberate Hong Kong; revolution of our times” and “Hong Kong is not China.” Yuen was sentenced to two months in jail under Hong Kong’s sedition laws. 

This case directly targeted Yuen, but it also generated a ripple effect of fear through the Hong Kong diaspora around the world. Hong Kongers now have a heightened fear of posting on social media, especially if they wish to return to Hong Kong.

The third and most well-known case involves the Hong Kong Department of Justice filing and successfully issuing an interim injunction to ban the pro-democracy anthem “Glory to Hong Kong” in Hong Kong and overseas in May 2024. Even in the U.K. and European Union, the song remains unavailable on Spotify and Apple Music platforms. During the report’s launch event in London, Hong Kong Watch co-founder Benedict Rogers emphasized the implications of the Hong Kong government not only violating digital rights in Hong Kong, but around the world by pressurizing technology companies to comply with their domestic rulings in this case.

Along with these cases, during the report’s launch event in Brussels, activist Ray Wong, the first Hong Konger to secure political asylum in Germany, shared how his personal email has been hacked multiple times. Wong also detailed how Hong Kong activist and political prisoner Joshua Wong’s private Telegram messages to activists during the 2019 pro-democracy protests were used as evidence in court. Despite the Hong Kong Police Force seizing Joshua Wong’s phone, he never provided any passwords, insinuating that some level of state-sponsored hacking was involved.

Unfortunately, there is no slowdown in sight regarding digital rights violations by the PRC or Hong Kong authorities. Just one day after the report was launched in Brussels, the media reported that PRC state-sponsored hackers are using legitimate VPNs to target a growing list of victim networks in the EU. This follows similar cyberattacks targeting the EU, including those by APT31, a Chinese state-affiliated organization, against more than 400 unique accounts connected to the Inter-Parliamentary Alliance on China (IPAC) in January 2021.

Additionally, the Hong Kong government proposed the Protection of Critical Infrastructure (Critical Computer System) Bill in July 2024. The bill is intended to protect Hong Kong’s critical infrastructure against cyberattacks, but has already been criticized for giving the “authorities overly broad powers that could threaten the integrity of service providers and rock confidence in the city’s digital economy.” U.S. companies have also pointed out that certain parts of the legislation could allow the Hong Kong government “unusual” access to their computer systems.

In response to past, current, and future instances of digital transnational repression, the U.K. Parliament should include a digital component in the Cyber Security and Resilience Bill, so that it includes online threats and harassment. Additionally, the U.K. Foreign Affairs Committee and the European Parliament’s Committee on Foreign Affairs should hold inquiries on transnational repression against Hong Kongers and other dissident groups.

In our quickly evolving digital world, it is crucial for governments and lawmakers worldwide to consider how they can protect Hong Kongers and other dissidents from digital threats and transnational repression.