Concern about mass surveillance is growing across the world as huge amount of personal information captured by social media companies and data collections by law enforcement agencies worldwide monitor citizen’s data. At the same time, governments are racing to protect data in the face of widespread attacks on user data such as the recent case of 3.5m in US, India and Pakistan which held hostage personal data of over 3.7 hundred thousand citizens, governments and companies.
An internet user in the US is 10 times more likely to be subject of an official government data request than a citizen of India and 14 times more likely than a citizen of Pakistan.
Today’s inter-connected world
In today’s world, the Internet has become one of the most important parts of our lives and we share huge amounts of personal information to participate in the growing online community. About half of people across the world are now connected. Social media influence brings more and more people together.
Pakistan with around 35 million citizen using internet, this means that in every 10 people in Pakistan only 2 are connected with internet. It is significant that out of every 10 internet connected citizen of Pakistan 8 currently using Facebook. Further these connected users are now feeling the threat of cybercrimes. In contrast India has 462 million citizen are connected with internet, this means that in every 10 people in India only 4 are connected with internet of which around 15 million use Facebook. In term of connectivity with internet India performing better then Pakistan whereas United State with only 9 out of 10 people are connected with internet or which 20 million are using Facebook currently.
Growing threats to online privacy
Data Privacy is a basic right and laws protect our information from unauthorized access. These laws are similar to the trespassing laws which prevent people from entering our homes without permission.
Internet users face multiple threats to personal privacy. Hackers are hacking into private company databases and exploiting user data of millions of citizens. Data leaks have exposed both legal and illegal activity of private citizens, public figures, companies and governments. Government are tapping into online data to track citizens through counter-terrorism laws. Organized criminals are using legal and illegal methods to monitor people. Here is an overview of the major security breaches over the last 5 years:
In 2017 a very huge database (River City Media) leak revealed 1.37b emails and used for illegal spam operations. In 2016 Friend Finder Network leaks expose 412m email address. In 2015 a very secure technology compromise by Anonymous hackers’ group leaked records of 70m phone calls. In 2014 around 500m user accounts credentials was stolen from Yahoo. In 2013 also a huge hacked around 1b user account were hacked.
Unauthorized access to our Data
As more concern raise across the world for data privacy, more law enforcement agencies are requesting data from different social media companies and most of social media companies are themselves selling personal information like usernames, email addresses, personal websites, hometown, interests and professional history to the advertising and marketing companies. These companies are also reselling users’ information to other companies. Facebook has been fined for sharing such information illegally.
In 2012 the European Commission published a draft regulation for data protections, and just after four years the final content was published in journal of the European Union and major parts of that data protection laws in the world shall apply from 25 May 2018. Furhan Husain, Digital Rights Researcher and Trainer says that although online user required data privacy in respect to data regulation laws, else there is no option to protect personal information from unauthorized access.
In Pakistan for in every 100,000 internet users only 7 internet user’s data has been affected by law enforcement agency request from 2011 to 2015. In contrast in India around for every 100,000 internet users only 10 internet user data have been affected by data request whereas in US citizen or in every 100,000 internet users only 110 person data have affected by government data request in the same period.
As the worldwide user data requests from different social media applications are growing, the last few years have seen different social media portals publically releasing government data request reports. Unsurprisingly, most data requests in the last few years were submitted by United State law enforcement agencies, affecting 318,537 user accounts. In the recent international magazine Mike Janke, co-founder and chairman of Silent Circle ( Geneva), says that “Our digital life has so many footprints, we now see government asking companies like Netflix, Hulu, HBO and cable providers for information.”
The graph shows that from 2013 to 2016, the top five countries to make data requests to Facebook were US at 114,971, India at 33,875, UK at 21,400, Germany at 1,7421and France at16,545. And those requests affected 291,006 user accounts by these top five countries. While overall data requests by all countries are approaching 300,000, which impacted nearly 400,000 user accounts from 2013 to 2016. During the same period Pakistan was listed as 18th with 1,759 data requests to Facebook, affecting 2,532 user accounts.
Ayzaz Syed, Senior Journalist comments, “As the internet and social media is a public space, which is the only place, being journalists, where we can speak openly, however, being followed by different sources make us uncomfortable in that space.”
Further investigation on Twitter transparency data reports disclosed that US government law enforcement agencies requested the most data from Twitter during years 2012 to 2016. The total data request during this period made by all countries was around 20,000, specifying data from around 40,000 user accounts. While Pakistan has made only five data request to Twitter in which the total specified user account was 7. Further around 16,000 data request have been placed by top five countries under which 32,000 user accounts were specified during 2012 to 2016 as shown in the graph.
The US not only requests data from Facebook and Twitter but also to the other social media portals too like Google, LinkedIn, Yahoo, Tumblr and Apple.
The role of government surveillance
Surveillance, which is used by law enforcement agencies for prevention of crimes both online and offline is often a violation of user privacy, according to Frank La Rue. Surveillance agencies, during collection of user data from different social media portals can only identify suspects. Furhan Husain, Digital Rights Researcher and Trainer says however does not help with crime prevention or offer solutions but the mere act data collection on a massive scale violates privacy of the citizen. Different civil liberties groups and activist opposed are now waging a movement against law enforcement agencies to stop such incidental data collections in this way.
Various social media applications transparency reports further revealed that they have received user data requests by different governments and their law enforcement agencies. These requests made it the biggest privacy issue of this time with name surveillance for preventions of such crimes Ayzaz says.
Most of data request to social media companies are related to the online crimes mention in Twitter and Facebook according to transparency reports. Some of the well-known justifications for requesting data from social media companies like search warrant requests, subpoenas, court orders, trap & trace and a pre-emptive requests for people who are under suspicion by law enforcement. Some of countries using different technologies for accessing their citizen data without their acknowledgement like US, India, Russia, China, Iran, Australia, France, Germany, Sweden, and Switzerland.
The Worrying Drift
The threat posed by government data collection is not well understood. Despite different country officials keeping a close eye on different online platforms, motives may vary. Government law enforcement agencies request different social media platforms for relevant data. This data can be about online crimes, terrorism or, to determine online track report for proof or, other reasons mention in twitter and facebook transparency reports. Most of these data requests demand the last login location, coordinates and, personal information according to transparency reports(Twitter, Facebook). These social media platforms also have their own struggles to tackle including abuse and hate speech on their platforms.
China and Iran are currently the two world’s largest censorship bodies both are using Firewalls to block content from the internet which they perceive to be offensive. Husain says but this seems to be a breach of human right of freedom of speech not the solution of threat preventions but it violation of basic human rights.
This leaves the global citizen with no choice but to restrict activities and personal information and configure privacy settings on Internet connected devices. The recent revelations by ‘Shadow Brokers’ about NSA hacking tools revealed that the batch documents were stolen from US intelligence agencies to access the hacking tools. This is clear that all the devices and tools we are using under big threat by those agencies, which violate privacy laws.
Mansoor Zeb Khan, Technology Researcher, based in Islamabad says, “This is not new thing to us as these (user accounts) were already bugged and kept under a close eye and; an advice for the folks of social media to please make your activities limited and professional.”
Facebook moves towards protections of user data
A Facebook initiative to prevent such third party applications, including different law enforcement agencies from accessing their user data for surveillance purpose, is to publically publish transparent reports about data requests and attempts to access its data. Further Facebook, now requires these application developers, including law enforcement agencies, which may want to use Facebook developers APIs, to share the purpose of their access to the user data after which approval can be granted accordingly.
The Internet should be safe, secure and accountable
Half of the world’s population in now connected to the internet and is facing growing risks. NGOs are trying to both connect the world’s remain population with internet and make that space open and safe for all. International human rights laws for privacy and protection are increasingly becoming relevant to the online space and UN agencies have been discussing worldwide protections including punitive measures for removing and banning content from the internet. The issue can be overcome with standardization policies for internet Husain says.
In Pakistan, both surveillance and restrictions by government agencies may violate freedom of expression and data privacy. Although different social media companies have been published transparent reports which are further in need to show us details about the requester and purpose of their requests Ayzaz says.