Hong Kong police can now demand phone passwords under new security rules

Original Article ↗ Hacker News Discussion ↗

Scope of New Hong Kong Powers

  • New rules let police compel disclosure of phone passwords, with penalties for refusal or providing “fake” credentials.
  • Commenters see this as part of a broader PRC pattern where laws include broad “at authorities’ discretion” clauses, aimed mainly at already-targeted individuals.

Comparisons with Other Countries

  • Many argue Hong Kong is “catching up” with the UK, Australia, Ireland, France, the Netherlands, and others that already criminalize refusal to decrypt devices.
  • UK: Under RIPA, refusal can mean up to 5 years in prison (2 years in many cases). Debate over whether this is materially different from “indefinite” imprisonment, especially when life impact is considered.
  • US: Multiple comments note that the 5th Amendment protects against compelled password disclosure in theory, but:
    • At borders, CBP routinely demands device unlocks and can seize devices and deny entry to non‑citizens.
    • Citizens can be detained and devices held for days; some report severe abuse and lack of realistic legal recourse.
  • Some insist Western democracies remain fundamentally freer than China; others argue increasing convergence toward authoritarian practices.

Legal Safeguards and Their Limits

  • Discussion of UK judicial oversight (judge-issued notices, proportionality tests) versus fears that low standards (“reasonable grounds”) and broad purposes (“preventing or detecting crime”) make abuse easy.
  • Debate over double jeopardy in the UK and whether repeated non-compliance could effectively yield indefinite punishment; considered theoretically possible but apparently untested.

Risk Profiles: Tourists vs Dissidents

  • Several state that ordinary tourists in China/HK are rarely bothered; trouble focuses on “troublemakers” or dissidents.
  • Counterpoint: having rights only “if you keep your head down” is itself a sign of lack of real protection.

Technical and Behavioral Countermeasures

  • Strong interest in:
    • Multiple profiles, hidden or “clone” systems, plausible deniability, and duress PINs that wipe devices.
    • Use of burner phones, minimal apps, short message retention, and treating smartphones as untrusted work tools.
  • Others argue clever tech cannot solve coercion (“rubber-hose cryptanalysis”); once force or jail enters, profiles and tricks may just escalate suspicion.

Broader Civil Liberties Concerns

  • Worries about criminalizing forgotten passwords, expanding “hate speech” and online offenses, and general erosion of privacy and due process in many countries, not just China/HK.