At the end of March, two computers were reported as stolen, which contained the personal data of 3.7 million voters in Hong Kong.
The Registration and Electoral Office (REO) confirmed on the evening of March 27 that they lost two computers containing the personal data of all 3.7 million registered voters in the city. The devices were stored in a locked room at the AsiaWorld Expo, which was used as a backup polling station for the chief executive election. The REO reported that the stolen computers also stored the full names of the 1,194 Election Committee members, who are the ones who were only eligible to vote in the election.
The stolen personal data included the names, addresses and identity card numbers of all registered voters in Hong Kong. According to the REO, the personal information was encrypted and there was no evidence that it had been leaked. The Hong Kong government said that they used a high-tech encryption technology, which is “extremely difficult” to break through. The case was reported to the police, the Constitutional and Mainland Affairs Bureau, and the Office of the Privacy Commissioner for Personal Data. The Constitutional and Mainland Affairs Bureau had instructed the REO to fully cooperate with police investigations, the Registration and Electoral Office said in a statement.
“Given that the amount of personal data involved may be significantly large, the Commissioner will review the incident according to the procedure,” a spokesperson for the privacy watchdog said.
However, lawmakers have bashed Hong Kong’s electoral watchdog for being careless with sensitive information on the citizens of Hong Kong. Democratic Party lawmaker Lam Cheuk-ting and Civic Party lawmaker Dennis Kwok, who accused the government of attempting to play down the incident, described it as “spooky and ridiculous”.
“There seem to be serious issues with the basic informational safety procedures of the REO,” IT sector lawmaker Charles Mok said in a statement.
The Registration and Electoral Office stated that the computers went missing from a locked room with no surveillance cameras at the AsiaWorld Expo convention center on Lantau Island. However, Lam Cheuk-ting said that authorities should have revealed more information about the incident to the public, such as the number of people given access to the room.
“Why would you bring information on over 3 million voters to an election which involved only 1,200 people?” Lam told the media. The vote, which was scheduled on March 26, resulted in the election of former Chief Secretary Carrie Lam as the city’s next Chief Executive. The voting was only open to a 1,194-person strong election committee.
Lam criticized the government for saying that there was no evidence of the voters’ personal information being leaked.
“The whole computer is gone, all the data of some 3 million voters is gone. We don’t have to wait for the thieves to upload all the information to the internet to know it has been leaked,” he said furiously.
Kwok, the other lawmaker criticizing the work of the authorities in the whole procedure, questioned why such important data would be stored in a room without any guards. He previously sent a letter to Legislative Council President Andrew Leung calling for a special inquiry meeting over the incident, but his request was rejected on reasons, such as it not being a matter of “public interest”. Several local media outlets were furious of this statement of Leung. According to them, the personal information of 3.7 million citizens, all the ones who are officially registered for voting, were stolen and could be leaked any time by the thieves. They state that this is a serious case, and is in the interest of the public since their data was stolen from the computers.
Lam said he had not been given a chance to talk to the chief electoral officer, adding that the government’s reluctance to cooperate had made it difficult to monitor the situation. He and Kwok vowed to keep pushing the authorities to come clean on the matter.