Contents
Once upon a time
Working in an IT security firm for a while, a young man, Nick knocked on our office door together with his mother in last December 2014. He appeared to be annoyed and upset quite a lot. The first thing he burst out to us after seating down, I have been being snooped by my ex-girlfriend and her roommates for several months. He then showed us some video clips and pictures about his daily life in his iPhone. He swore that he did not take any of these videos or pictures himself. He complained that he was snooped and was going to be blackmailed soon.
Is it technically possible to take videos or pictures from someones smartphone remotely? Is it legal for a government to do it? How about an employer or an individual to carry out surveillance? As an ordinary people, what can you do to protect your privacy? It is time to reflect on these issues.
We are living in an era of closely connected cyberspace Information Systems, Critical Infrastructure and Internet of Things. We are facing the challenges of increasing threats of cybersecurity and accelerating erosion of personal privacy. Do we need to uphold cybersecurity at the expense of privacy? Or can we have both? These issues force upon us and we have to face them now.
What is online surveillance?
Oxford Dictionary defines surveillance as close observation, especially of a suspected spy or criminal. If we extend this to online surveillance that refers to close observation of someones cyber activities of email, fax, Internet and voice communications on computers, networks, digital equipment, smartphones, etc.
US Surveillance Methods 360 degrees
These cover a range of methods and techniques including the follows:
- US Domestic Intercept Stations
- Bulk Collection of U.S. Citizens' Phone Records
- The PRISM Program: #1 Source of Raw Intelligence
- Google Cloud Exploitation
- Cellphone Tracking
- Spying Toolbox: The ANT Catalog
- Undersea Cable Tapping Strategy
- XKeyscore: the Real-Time Internet Monitoring Capability
- Tracking the Surveillance Data: Boundless Informant
- Surveillance Data from Other Sources
Chinas Great Firewall
Chinas government has unveiled a smarter and stricter Internet filter, riling web users and widening the divide between Chinas Internet and the World Wide Web. A recent upgrade to Chinas web filters, commonly referred to as the Great Firewall, has made it more difficult to use services called virtual private networks to circumvent the countrys blocks to U.S. services like Google and Facebook.
Chinese officials confirmed a crackdown on VPNs in January 2015, saying that new measures were needed as the Internet evolved. In early 2015 major VPN providers such as Astrill have reported disruptions to their services.
Is online surveillance legal?
We look at some countries like the US, UK, Australia and China. There are privacy laws for public as well as surveillance laws mainly for law enforcement units.
Government-level Surveillance
US
Fourth Amendment - U.S. Constitution
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Refer to http://constitution.findlaw.com/amendment4.html
CALEA Communications Assistance for Law Enforcement Act
CALEA's purpose is to enhance the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to wiretap any telephone traffic; it has since been extended to cover broadband Internet and VoIP (voice) traffic. Some government agencies argue that it covers monitoring communications rather than just tapping specific lines and that not all CALEA-based access requires a warrant; this is of course highly controversial.
UK
Human Rights Act 1998: There is a qualified right to privacy. Any intrusion should be proportionate.
Data Protection Act 1998: Disclosure and retention of personal data must be fair. Exemptions need to apply.
Regulation of Investigatory Powers Act 2000: An authorisation framework for various surveillance activities is upheld by specified public authorities.
Data Retention and Investigatory Powers Bill 2015: The UK Government explains that the Data Retention and Investigatory Powers Bill (Drip) is required to preserve current capabilities, and does not contain new powers. In fact, the Bill contains provisions that dramatically inflate the British surveillance capability, extending the reach of the security services globally.
The Bill proposes amending the UK interception law, the Regulation of Investigatory Powers Act (RIPA), to grant the government the authority to issue interception warrants to telecommunication companies and internet services across the world. Not only will the Bill enable the government to compel such companies to assist them in intercepting emails and phone calls, it will also give the government power to require foreign companies to build backdoors into their communications infrastructure.
Australia
There are Commonwealth, State and Territory laws that relate to:
1) taking and using your images without your permission
2) recording your conversations or movements.
Which law applies will depend on the circumstances, in particular:
a) where the surveillance occurred or the photos were taken
b) what was being monitored or photographed
c) who was responsible for the surveillance or images.
The Privacy Act 1988 (Privacy Act) does not cover individuals acting in a personal capacity, such as a neighbour taking photos of you.
China
Chinese Supreme Peoples Court Issues Interpretations Regarding the Publication of Personal Information on the Internet in October 2014
In October 2014, the Peoples Republic of China Supreme Peoples Court issued interpretations regarding the infringement of privacy and personal information on the Internet. The interpretations are entitled Provisions of the Supreme Peoples Court on Several Issues concerning the Application of the Rules regarding Cases of the Infringement of Personal Rights over Information Networks (the Provisions) and became effective on October 10, 2014.
Next page