By Yosr Jouini
Note from IGMENA: The following post is among the essays written by participants at the end of the Internet Governance Capacity Building Program (IGCBP).
Big Brother is watching you..
Since George Orwell’s famous novel, 1984
, this famous phrase has entered the lexicon as a synonym for surveillance and censorship. Sixty-five years later, privacy matters have become increasingly prevalent.
Big Brother: the Ministry of Truth and the Fiction Department.
Through the years, we can easily match these words with our daily phenomena. Yet, understanding the concept of privacy doesn’t require a visionary mindset to predict the future as George Orwell did. However, it remains necessary to go explore the fundamental concepts.
Let's start at the very beginning. What does privacy mean?
Every teenager once asked his parents to give him more privacy or screamed the famous sentence, “Leave me alone!” In fact, that’s what the right to privacy is about. In simple terms, it’s the right to be left alone. It’s also likely to be introduced as “the right of any citizen to control his or her own personal information and to decide about it (to keep or disclose information). “ (1)
The Universal Declaration of Human Rights (UDHR) defines it in other words through Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.” (2)
It’s also undeniable that the Internet and ICTs have dramatically changed the understanding of privacy.
Moreover, great numbers of international and regional conventions define similarly this right. For example, the European Convention on Human Rights (ECHR) 1950 (Article 8), International Covenant on Civil and Political Rights (ICCPR) 1966 (Article 17), and the Convention on the Rights of the Child 1990 (Article 16).
Even at the national level, most constitutions include explicitly the right to privacy and protecting the confidentiality of correspondence, communications, and personal information.
Nevertheless, the right to privacy is not an absolute right. Usually, legislative and regulatory instruments include restrictions and some exceptions.
A question could be asked: If law protects the right to privacy, how is it threatened by government access to and use of personal information?
First of all, surveillance may happen under the law. As previously mentioned, laws such as codes of criminal procedures, laws on protecting society from terrorism, the telecommunications laws may restrict the right to privacy for several reasons, such as: national security, public safety, or countering crime and terrorism. The legal procedures vary from one country to another. In some countries, permission must be obtained from a court judge, and the duration of the surveillance is limited. In others countries, monitoring centers have broader authority to select people to survey. For example, in 2008, the Bahrainian government expressed an interest in setting up a commission to monitor the press and online discussion forums. Three years later in February 2011, following the start of demonstrations calling for democratic reform in Manama, Internet traffic dropped by 20% out there as a result of the filtering and blocking of websites during that period. Reporters Without Borders declared that filtering used in response to the demonstrations occurring in the country was accompanied by strengthened and expanded surveillance measures directed against opposition activists and their relatives and friends.
The access to and use of personal information could be done in numerous ways. It includes all communications data and by all methods. In a simple sentence, it’s about recording everything that takes place in public or private premises including telephone communications, messages, sounds, content mail of all kinds, publications, parcels, telegrams, visual images, and signals.
As previously mentioned, access related information includes telephone communications (fixed and mobile voice calls or SMS, EMS and MMS) through the detection of:
Local and international identifications, IMEI and IMSI numbers.
Date, start time, and end time of the call.
Call parties’ (or sending/receiving) locations in details.
The most updated example for telephone surveillance is the fact that the National Security Agency (NSA) would amass metadata on billions of Americans’ phone calls and 200 million of text messages every day. After the Sept. 11, 2001 attacks, the NSA collection program began without court or congressional approval but was placed under court supervision in 2006. (3)
In early 2012, the Bahrain Centre for Human Rights (BCHR) reported that a student from the University of Bahrain was called in for questioning and was asked if she wrote the phrase “Down with Hamad” (a popular phrase against the king) on her BlackBerry Messenger. She was suspended for a semester due to “phrases that insult His Majesty the King” on her mobile phone. (4)
The access to personal information consists of recording data calls such as 3G and GPRS through saving:
IP address or any other relevant address.
Caller IMSI number.
Date, start time, and end time of the call.
The system of mass surveillance also target Internet users. It necessitates recording:
For general users
For e-mail senders and receivers
Username, date, and time of login and logout.
Proxies record data.
E-mail access data.
Data of the e-mail sent / data of the e-mail received.
Authentication: username, e-mail addresses used in all the fields (From/To/CC) and date and time.
Moreover, the Chinese ministry of public security requires Internet service providers (ISPs) to install "black boxes.” Once attached to a server at the ISP, this tool tracks both contents and activity of individual email accounts. Actually, it combines Internet filtering and surveillance and provides a large database of information that may be used in the future which can be used for a number of purposes. (5)
According to Edward Snowden, the UK’s security agency has specialised in “electronic eavesdropping” internationally, gaining access to much of the world's Internet and telephone traffic by tapping into “fibre-optic” cables running in and out of the country. (6)
The techniques used to access to individuals personal information are sophisticated. For example, a Belgian renowned expert in cryptography and data security was the victim of hacking after clicking a LinkedIn invitation which allowed tracking of the professor's digital movements, including his work for international conferences on security. (7)
In addition to surveillance, governments look for access to corporate data. For example, Google regularly receives requests from governments and courts around the world to hand over user data. Until the July-December 2010 reporting period, more than 20,000 requests from foreign authorities seeking access to users’ email accounts or Internet searches were received by Google. (8)
It’s true that corporate data in general and big data in particular represent a huge opportunity for development. However, its potential danger is undeniable. It seriously threatens the right of individuals to secure their personal information.
For example, big data development initiatives by the French telecommunication company Orange, in Côte d’Ivoire, have shown that even a basic mobile phone traffic data set can enable conclusions about social divisions and segregation on the basis of language, religion, ethnicity, or political persuasion. (9)
Another point worth mentioning is that data and personal information could also be used by third parties in cyberbullying or revenge cases. The legal response to these cases varies from one country to another. Furthermore, third parties’ invasion of privacy is the intrusion into the personal life of another and may cause serious damages in the individual’s personal life and reputation.
“I was just so damaged by it. I just wanted to stay in my room. It just all hit me like a ton of bricks.”
That’s what Kayla Laws, a victim of revenge porn website, revealed. (10)
“Revenge porn” is an example of how privacy could be threatened by third-party access to and use of personal information. It’s a concept of websites with sexually explicit content where ex-partners or hackers can upload and share publicly individual’s private photos accompanied by personal information such as the individual's full name, address, and phone number and links to social media profiles. Several countries have criminalised revenge porn.
Examples of privacy violations are numerous. Governments, corporate access, or third parties have the choice to play either a positive role in empowering the right to privacy or to be kept as a threat by access to and use of personal information. Rising awareness among people is an important step as well.
My personal opinion is that the most important step is changing mentalities and convincing others that the right to privacy is a fundamental right and they need to stick to it no matter what. Security versus privacy is a wrong illusion that needs to be fought. Politicians, diplomats, activists, lawmakers, judges and every single citizen have to join this journey; the right to privacy is worth a long fight.
Yosr Jouini is a Tunisian civil society member, an occasional blogger, a software engineering student, and an IGMENA fellow. Her work focuses mainly on enhancing and advocating ICT’s positive impact on society.
Note and references
(1) “An Introduction to Internet Governance” Book-4th
(2) Universal Declaration of Human Rights (UDHR): http://www.un.org/en/documents/udhr/index.shtml
(3) BBC- Report: NSA 'collected 200m texts per day: http://www.bbc.co.uk/news/world-us-canada-25770313
(4) Privacy International report: “Surveillance briefing: Bahrain”: https://www.privacyinternational.org/reports/surveillance-briefing-bahrain
(5) Privacy International China report. CHAPTER II. Surveillance Policy: https://www.privacyinternational.org/reports/china
(6) Aljazeera - UK surveillance exposes lack of privacy: http://www.aljazeera.com/indepth/features/2013/06/201362795550680953.html
(7) English summary of an article published in a Belgian newspaper “De Standaard” http://www.standaard.be/cnt/dmf20140201_011
(8) Google transparency report: www.google.com/transparencyreport/userdatarequests
(9)Privacy International: Big data: A tool for development or threat to privacy? https://www.privacyinternational.org/blog/big-data-a-tool-for-development-or-threat-to-privacy
(10) Dailymail: Victim reveals torment on revenge porn website as founder faces jail http://www.dailymail.co.uk/news/article-2546225/Victim-revenge-porn-website-founder-speaks-faces-federal-charges.html