Following is a question by the Hon Charles Mok and a reply by the Secretary for Innovation and Technology, Mr Alfred Sit, in the Legislative Council today (November 18):
Question:
To help combat the Coronavirus Disease 2019 epidemic, the Government launched, on the 16th of this month, a mobile application (app) named "LeaveHomeSafe" for voluntary download and use by members of the public. Members of the public may use the app to record the venues which they have visited by scanning the QR codes posted at the venues. When it is subsequently found that the venues concerned have been visited at the relevant time by persons confirmed to be infected, those members of the public will receive notifications through the app. Although the Government has indicated that the app only stores the visit records of members of the public in encrypted form in their mobile phones and the records will not be divulged, some members of the public are still concerned about the protection of privacy afforded by the app. In this connection, will the Government inform this Council:
(1) of the types of information collected and the data encryption standard adopted by the app; the measures in place to ensure that users' personal data will not be stolen during the scanning of the QR codes;
(2) of the measures in place to ensure that the management of the venues concerned will not refuse the entry of those members of the public who do not use the app, so as to avoid members of the public being forced to use the app in effect; and
(3) whether it has engaged an independent third party to assess the information security risk of the app and if its privacy protection is adequate; if so, of the details, and whether the assessment outcome will be made public?
Reply:
President,
On November 11, 2020, the Government announced the launching of the "LeaveHomeSafe" exposure notification mobile app. Using technology to combat the epidemic, the app aims to encourage the public to make a habit to record their whereabouts, thereby minimising the risk of further transmission of the virus and protect Hong Kong together. The "LeaveHomeSafe" mobile app is available to the public for free download from November 16.
Characterised by voluntary participation and recording visits at users' discretion, the "LeaveHomeSafe" mobile app serves as a digital tool to facilitate the public to record more accurately the date and time of checking into and leaving different venues. The app is simple and easy to use. After downloading the mobile app, users can check into participating venues by scanning the venue's QR code to log their arrival time and clicking the "Leave" button in the app during departure. Relevant record will then be kept in the app inside the user's mobile phone.
So far, there are currently over 10 000 public and private venues that have participated in the scheme to post "LeaveHomeSafe" venue QR code. Passengers can also directly use the "LeaveHomeSafe" mobile app in over 18 000 taxis to record journeys.
Our replies to the three parts of the question are as follows:
(1) After downloading, the "LeaveHomeSafe" mobile app can be used immediately without the need for registration of any information. On entering a venue, members of the public can use the app to record the visit themselves by scanning the venue's QR code. The data will be encrypted and stored in the user's own mobile phone, and will not be stored in any government or other systems. Such data will be automatically erased after 31 days. The app will not use the GPS function or other data in the mobile phone. The "LeaveHomeSafe" mobile app adopts the AES-256 encryption standard to protect the travel records saved in users' mobile phones.
(2) Over the past few weeks, we have been actively engaging different business sectors to appeal for more venue and business operators to join the scheme and display "LeaveHomeSafe" QR codes at their venues. Under the new normal, we need concerted efforts from various sectors to fight the virus so that people will feel comfortable going out and the economy can regain its momentum. We believe that relevant business operators will encourage and help their customers use the "LeaveHomeSafe" mobile app, but whether to use it or not is the choice of venue operators and members of the public.
(3) The "LeaveHomeSafe" mobile app has undergone the security risk assessment and audit as well as a privacy impact assessment conducted by independent third parties to ensure its compliance with the Personal Data (Privacy) Ordinance.
Follow this news feed: East Asia