Friday 20 September 2013

Fear Big Brother... or firms' abuse of Big Data?

Facebook, Yahoo and Google have shared users' personal data with the Singapore Government. Should netizens be freaked out by Big Brother?
By Derrick Ho, The Straits Times, 19 Sep 2013

WHETHER Internet users are aware of it or not, a good chunk of their most personal and private information is probably sitting somewhere on the Internet.

Like most netizens, I use Web services like Yahoo's Flickr to share vacation photos, and social media platforms like Facebook and Twitter to share thoughts on the latest government policies.

On Google's Gmail, I e-mail travel plans and itineraries, some of which contain passport and banking details.

Like most responsible netizens, I dial up my privacy settings on these platforms to a pretty high level, limiting my online pourings and photos to only those whom I intend them for.

Or so I thought.

Over the past few months, each of these technology giants - Microsoft, Google, Twitter, Facebook and, most recently, Yahoo - have all released reports, revealing that they have disclosed details of their users to governments which have demanded them.

Facebook said it had acceded to almost three-quarters of the 107 requests for details on 117 individuals it received from the Singapore Government in the first half of the year. Yahoo disclosed user details in 75 instances to the Singapore authorities within the same period.

The companies claim that most of the data released concerned basic user information such as names and how long a user had been using their services.

Yahoo revealed that it did disclose extracts of e-mail messages, contents of messenger chats and even entries in address books and calendars.

All the tech giants have insisted that they released details only if the requests were valid ones: those pertaining to national security or the investigation of a crime. But what exactly constitutes a matter of national security or a criminal act, and hence the decision of whether they accede to the requests, seems to remain at their discretion.

When asked about the nature of the Singapore Government's requests, a Ministry of Home Affairs spokesman would say only that law enforcement agencies may request data from persons or organisations for investigations into criminal cases, "as part of the evidence-gathering process provided for under the law".

The reports came on the heels of revelations earlier this year of the US government's top-secret surveillance programmes, which allegedly allow it to access data from major Internet companies.

Late last month, an Australian newspaper suggested that SingTel has been aiding a highly secretive intelligence unit of the Ministry of Defence and its Australian counterparts in harvesting communications carried on a major undersea telecommunications cable between Tuas and Perth. According to The Sydney Morning Herald, this is part of a partnership between intelligence agencies in Singapore and Australia, which extends to the United States, Britain, New Zealand and Canada as well.

When asked about the matter, SingTel declined to comment. The Defence Ministry would not respond to any of The Straits Times' queries either.

Wide access

WHAT does it all add up to for data privacy in Singapore?

In short: There is none.

Technology allows Internet companies and telcos to store and retrieve data. Laws allow the State to demand access to them.

In Singapore, broadly phrased laws such as the Criminal Procedure Act give the Government wide access to data and communications such as SMSes, e-mail, call logs and websites you have accessed. It does not need a court order as laws allow it to directly obtain such information from firms.

Similarly, under the Telecommunications Act, the Government can order telcos to provide any document or information related to an investigation.

The Singapore state seems to be an outlier in the wide powers it holds. While some governments have managed to attain sweeping powers to gather user data since the Sept 11 terrorist attacks in the US in 2001, many are still in the midst of pushing for wider access.

In Britain and Australia, law enforcement agencies still need a warrant to access a computer within their borders.

However, lawmakers in both countries are now proposing to force phone and Internet companies to hold - and surrender without a warrant in Britain's case - records of digital communications to track potential criminal activity.

In Singapore, the Government doesn't need a warrant.

That may sound like scary Big Brother to some, but the truth is that the same can be said of companies and even individuals.

Already, Google and Facebook track users' interests and online activity to earn money from targeted advertisements. Businesses can even buy data on where you live, how much people spend on shopping and even their cellphone numbers. All of this is mined and harvested from a variety of sources - lucky draw forms, survey forms and those name cards you drop into a bowl at product launches.

Then, there are hackers and cyber criminals who are increasingly eyeing your mobile devices, a treasure trove of intimate data.

Earlier this year, I saw first- hand through an IT security expert's demonstration how easy it is for a hacker to gain control of a phone with a single SMS. Once in, the hacker can instruct the phone to record audio or snap photos, all without the user ever knowing.

In recent months, hackers have managed to infiltrate the systems of various organisations including Sony, Apple and Yahoo, compromising user names and passwords of customers.

The lesser of three evils

THE bottom line: If someone has the will to get hold of your data, there will be a way to do so.

Hence, it is worth asking yourself this: Who would you trust the most with your data - the government, a company or an individual?

Herein lies the politics of trust. Who has the biggest tendency to abuse your data and betray trust?

In the absence of checks and balances, there is a valid concern that a government may use its powers to collect data for its own political agenda. For now, though, there is no evidence that the Singapore Government is collecting data for anything other than bona fide purposes. Conversely, citizens don't know this for sure. Until proven otherwise, citizens can only rely on trust and the State's goodwill.

This same benefit cannot be afforded to profit-driven companies or deviant individuals. Time and time again, they have proven that they will do anything to cash in on your data - tech giants included.

A Pew Research Centre study released last month found that while the American public is concerned about Internet privacy, they are far less worried about government snooping than they are about their online activity being monitored by hackers and advertisers. In Singapore, the Data Protection Act may already be in place to restrict companies' use of data, but there is no saying what firms might do to bend it.

The irony in all of this is that despite privacy concerns, people all over the world continue to share personal data online. Netizens make it easy for anyone to collect data about them by blithely sharing their details on social media sites.

Perhaps this invasion of privacy is the price to be paid for enjoying the convenience of staying connected via the Internet. And if you object to anyone knowing what you buy? Go to a brick-and- mortar store and pay in cash.

The rest of us who want e-mail, Facebook and the convenience of transacting online continue to hand over our personal data to a myriad of individuals and companies daily.

Sure, the State can get its hands on that data. But you should probably worry more about nefarious companies crunching your data to sell you something you don't want, or criminals out to steal your identity or money, rather than a nefarious state out to get you because of your critical comments online.

In other words, don't be too alarmed about Big Brother. It's what companies and criminals do with Big Data that's more unnerving.

No comments:

Post a Comment