A controversial new security law passed in Hong Kong threatens the numerous tech companies that have opened data centers and offered services in the less-than-autonomous region of China.

Facebook, Google, Zoom, LinkedIn, and Twitter have temporarily blocked authorities' access to user data in response to the sweeping law, but may face fines, bans, and even jail time if they continue.

The end of Hong Kong?

Hong Kong protests
– Oscar Chan

The law was passed on June 30, after being conceived in secrecy with little input from Hong Kong lawmakers.

It grants significant powers to Chinese authorities to help them combat vague national security threats, including criminalizing seeking to “split” Hong Kong from China, or “colluding” with or “external forces” to spy on China. Such crimes could lead to life imprisonment - possibly in labor camps. National security suspects can be detained for six months before they are charged, and trials can happen behind closed doors.

Crucially, Beijing will have interpretation over the law, rather than Hong Kong officials.

In particular, the law states (translated) that "when the Hong Kong Special Administrative Region Police Service maintains the national security department to handle crimes against the national security, it may take various measures...[including] Search premises, vehicles, ships, aircraft and other relevant places and electronic equipment where criminal evidence may be stored... Request the information publisher or the relevant service provider to remove the information or provide assistance... With the approval of the Chief Executive, conduct interception of communications and covert surveillance of persons who have reasonable grounds to suspect involvement in crimes against national security."

The Hong Kong government clarified to the Financial Times that the law will require social media companies to take down content deemed illegal by Beijing, restrict access to platforms for dissidents, and force them to comply with 'reasonable' decryption requests, with a warrant.

In a statement, Google said that it had "paused production on any new data requests from Hong Kong authorities," and would “continue to review the details of the new law.” The company famously left China in 2010 due to censorship, data access requests, and state-sponsored hacking - but in 2018 secretly began planning a return, before that was delayed indefinitely due to increasing scrutiny.

Facebook said that it was "pausing the review of government requests for user data from Hong Kong pending further assessment of the National Security Law, including formal human rights due diligence and consultations with international human rights experts,” with its action covering its main social media site, as well as Instagram and WhatsApp.

Twitter, too, said that it was "reviewing the law to assess its implications, particularly as some of the terms of the law are vague and without clear definition.”

Zoom and LinkedIn said they would pause government data requests, although LinkedIn operates in mainland China and follows local laws there.

Depending on how long the companies continue to ignore government data requests, they could face significant fines or even jail time for executives. Their services could also be blocked in the city, like many of them are in mainland China.

But, unlike in mainland China, many of the tech companies operate out of data centers in Hong Kong - some having built their own in the region. In late 2018, Google opened a cloud region in Hong Kong, and was joined by Amazon Web Services a year later.

Major US data center companies like Equinix and Digital Realty also operate data centers in Hong Kong, leasing space to local businesses and US firms.

Prepare for raids on data centers?

The fear is that, as the law allows police to search "relevant places and electronic equipment where criminal evidence may be stored," data centers could be at risk of being raided. This in itself is not wholly unusual - for example, in 2016 FBI officials raided an Equinix data center during the Hillary Clinton email investigation. But the reasons for the raids may be even flimsier, and the punishment more severe.

“Hong Kong is the largest core node of Asia’s optical fiber network and hosts the biggest Internet exchange in the region, and it is now home to 100+ data centers operated by local and international companies, and it transits 80 percent+ of traffic for mainland China," the Hong Kong Internet Service Providers Association said last year when other censorship laws were being pushed.

"All these successes rely on the openness of Hong Kong’s network."

Group chairman Lento Yip told The New York Times that he saw an uptick in businesses relocating servers out of the city in June, but could not speak to their motivations.

There could be some leeway for companies to evade the rules, however, as tech companies can refuse to take down data if the technology required is "not reasonably available."

But for some of the tech firms making billions off of their ability to deeply surveil their users, such changes - which would require more encryption and less ability to watch their users' actions - might come at a cost.