Pitfalls of privacy online

The Ceylon Today newspaper quotes me in what is becoming a familiar story – identity theft and the unauthorised use of photos posted to various online social media fora for nefarious activities. Women and Media Collective‘s Sepali Kottegoda underscores the problem, yet the challenge remains on how to build and teach this (new) media literacy to parents, young adults and children.

###

Editor of Groundviews, Sanjana Haththotuwa (sic) commented on the issue, bringing into focus the shortcomings of online privacy. “You can at best get Facebook to shut the page down, but in seconds, another can take its place. And if Facebook then bans the user account that created the pages, another can be created. Using the new account, another new page can be created. If Facebook shuts down all such pages on Facebook itself, a group similar to it can be created, in seconds, on another social media platform. The real problem here is the lack of awareness about privacy online, and in online social media forums in particular.”

“Instances such as these are very much a part of what is known as internet violence against women,” Head of Women and Media Collective, Sepali Kottegoda said. “The focus on school children in Sri Lanka is extremely worrying. We have to look into the aspects of internet security and if the country decides to ban such sites, we need to have a set of clear guidelines that can be used in the human rights framework for women. These incidents go beyond presentation and unauthorized use of content. It is a serious violation against women and girls, and it can be considered a form of sexual abuse if intended in such a way. The lack of knowledge on online privacy needs to be addressed. It’s the kind of technical training both kids and adults need.”

The rise of Big Brother in the UK: The problems for the rest of us

Reading an article on mobile phone surveillance in England, I remembered a scene from the film the Bourne Ultimatum where the character Jason Bourne, played by Matt Damon, buys a phone off the counter in London and uses it to communicate securely with a reporter. The reporter eventually gets killed and that sadly seems to be the fate of civil liberties and privacy in the UK as well.

As Times Online notes,

Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance. Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society.

Just as with extra-ordinary rendition and Guantanamo in relation to the US, actions such as this have significant repercussions on the freedom of expression in repressive regimes, such as that we find in Sri Lanka. These regimes, ever on the look out for ways to justify their repression and outright violence against democratic dissent and inconvenient truths that embarrass them, often use the argument that Western regimes who criticise them are no better than them.

There is some truth to this assertion. The proposed Data Communications Bill in the UK will make it difficult, if not impossible, for the UK to seriously promote civil liberties and the freedom of expression. If itself becomes what is encourages other democracies to avoid becoming, HMG stands to severely undermine efforts by DFID and other developmental (and conditional aid) efforts, supported by the British public, to strengthen democracy elsewhere in the world. While it is fairly clear now that the British Government does get violent with those who disagree with its policies, it is unclear just how the Government will use information siphoned from the private communications of its citizens against them.

Say for example I was on the CC list of an Al Qaeda spam email that is a sophisticated argument for matrydom. In the interests of my research on countering Islamic radicalisation through ICTs, I forward this to some other colleagues. A lively discussion ensues over email, SMS and voice calls. Under the proposed surveillence regime in the UK, if any one of the recipients was a British citizen living in the UK, does this mark me out as a threat in the data mining algorithms that HMG / MI5 will use to identify embryonic terrorist activity? Will this communication be used against me if I apply for a VISA to the UK? Will I have to pass more stringent customs and border control checks? Will this information be communicated to other intelligence services, or used in conjunction with existing programmes such as Echelon to create profiles that can be matched, discriminated against, sold, exchanged, stored even after death and negatively impact upon my children, friends, colleagues and partners?

There are also serious concerns about the ability of the British Government to actually securely store the information it gathers.

The proposed Data Communications Bill, just as with an issue such as Net Neutrality in the US, are not challenges that are limited to the national boundaries of the UK and US respectively. Their outcomes shape the reality of communications and all that is dependent on it in other countries as well. If the raison d’etre of ICT4Peace is to engender ways through which communications helps peacebuilding, I am yet to be convinced that what the UK is planning on doing will in any way help it combat the root causes of terrorism.

Snooping into mobile communications in India

Research in Motion (RIM), the folks behind the Blackberry, are reportedly close to finalising a deal with India’s Home Ministry to allow it to monitor communications and access customer data.  As Ars Technica notes,

The issue first became public in early March, when the ministry threatened to ban BlackBerry service entirely, unless it was given unconditional access to any and all of the information passing across RIM’s network at any given time, for any given person… The ministry claimed it needs access to customer data in order to protect the country from terrorists operating in Kashmir, who may be using BlackBerrys to communicate with each other.

In 2006 India noted that it was using mobile phones to track insurgents and terrorists in Kashmir. 

“Earlier, we thought it would help terrorists in their communications and help their subversive activities,” army spokesman Lieutenant-Colonel V.K. Batra said. “But it is proving counterproductive to them.”

Two years on the the government now seems to think that the interception of Blackberry communications will help in its struggle against terrorism. There are conflicting reports on the status of negotiations with RIM, with some newspapers suggesting that RIM has agreed to conditionally turn over all customer records and others suggesting that RIM is unwilling to budge on the issue of customer privacy

As the Ars Technica article notes however,

It may be a month or two before Research In Motion announces the details of its agreement with the Union Home Ministry, but the information coming out of India is at least plausible. RIM has yet to state, point-blank, that it will not allow the Indian government to access its network traffic in some form or another, and until that happens, all bets are off. 

The rise of Big Brother in the UK

It’s disturbing to read about the intention of the British Government to create a database to record every phone call, e-mail and time spent on the internet by the public as part of “the fight against crime and terrorism”. It’s this kind of mindless sleepwalking into a surveillance society that reminds me of Orwells 1984. Conrad’s The Secret Agent and V for Vendetta. There’s a necessary debate on how much of our civil liberties we need to sacrifice in the name of public security, but this is surely a nonsensical overkill? As reports indicate, it’s also fundamentally a problem of data analysis and storage.

“About 57 billion text messages were sent in Britain last year, while an estimated 3 billion e-mails are sent every day.”

How on earth the government is going to extract from this information the semantic connections necessary to identify that which threatens the British public is not entirely clear. Or it’s ability to keep these records securely. Or the period of time it will keep these records. Or who exactly will have access to them. Or as the opposition noted succinctly,

David Davis, the Shadow Home Secretary, said: “Given [ministers’] appalling record at maintaining the integrity of databases holding people’s sensitive data, this could well be more of a threat to our security, than a support.”

It’s also unclear as to how invasive this technology will be. Clearly, if it only records emails SENT or RECEIVED, there’s huge gaping security loophole in the form of DRAFT emails. Simply share an account / password combination over coffee and voila, you have a totally secure form of email communications without ever sending an email (simply update each other’s drafts). It’s also unclear whether this database will tap into instant messaging and if so, just how? What about Skype VOIP that’s encrypted? And how about Blackberry’s? Or the walled gardens of social networks and the IM systems they employ?

For a country clearly obsessed with surveillance, this latest and incredibly absurd step in the guise of “public security” is itself a terrorist’s dream. How many masterminds does the British Government actually think it will take to break into or disable the database in a day and age where DDOS attacks can actually be bought over the web?

To borrow a phrase from Conrad, the future of the proletariat seems very bleak indeed!

Secure your Facebook privacy

As the BBC’s technology programme Click recently uncovered, Facebook is outrageously open to applications harvesting information that you have classified private. What is more disturbing is that an application installed on a friend’s account can remotely harvest your private data without you even having to install the same application. As the BBC report notes “It certainly seems that Facebook’s standard security settings are not sufficient to protect your personal information, and those of your friends.”

Click the story here and read Click’s advice on how to minimise the risk of exposing your private information here.

From Click’s website, here are the instructions to safeguard against (or at least, minimise the chances of) your private information going public:

OPTION 1: STOP YOUR DETAILS BEING VISIBLE

You can completely stop any of your details from being visible to applications.

Bear in mind that if you use applications, they are all granted access to certain parts of your profile, whether they need them or not. The only way to be sure no one can see your details, and to stop any of your details being seen by friends’ applications is to tell Facebook you do not want to have anything to do with any applications, ever.

Here is how you do it:

  • Log in and click on the “privacy” option at the top of the front page, then on the “Applications” option, then on the “Other Applications” tab.
  • Here you can select what Applications added by your Friends can see about you.
  • Click the option near the bottom marked “Do not share any information about me through the Facebook API”.
  • If you cannot click it, it is because you have applications on your profile already. You will need to remove all of them.

Now, your profile will not talk to any applications at all.

WARNING: Confusingly, if you now try and add an application, Facebook will let you. It gives you the standard warning that your details will be shared, but no extra warnings that you are overriding your privacy settings. It will also flip off the button you ticked about the Facebook API, making you visible to friends’ applications again.

OPTION 2: REDUCE THE DETAILS VISIBLE TO APPLICATIONS

Again, bear in mind that if you use Applications, they are all granted access to certain parts of your profile, whether they need them or not.

It is your responsibility to make sure an application is not malicious – although we have no idea how you can tell.

  • Log in and click on the “privacy” option, then on the “Applications” option, then on the “Other Applications” tab.
  • Select “Share my name, networks, and list of friends, as well as the following information.”
  • Here you can select what Applications added by your Friends can see about you.
  • Deselect any information you do not want them to see.

 

Spoofing politicians on Facebook no more?

Mahinda on Facebook

A while ago Indi had this hilarious post on Mahinda and Mervyn on Facebook. Clearly satirical, the profiles and whoever who set them up were interrogating the behaviour of two prominent political figures in Sri Lanka. And it was very nicely done.

I can’t find the profiles anymore and perhaps just as well. If the Sri Lankan regime was to take a page off the Indian Government, then whoever who set up that profile may be in for a rude shock. As TechCrunch reports, 22-year-old IT professional Rahul Krishnakumar Vaid based in Haryana was arrested by the Indian Police because he had said he hated Sonia Gandhi in Orkut, Google’s social networking site. 

This isn’t the first time Google has capitulated to local laws. Last year, the International Federation of Journalists hit hard against Google for its censorship deal with the Thai government. 

The wider question is whether anything we say on social networking sites, ostensibly amongst friends and only for friends, is safe from prying eyes and government censorship / control. Earlier this year Facebook exposed private photos to unauthorised users and as The Register reports, in “June 2007, it was disclosed that Facebook was divulging users’ political views, religious background and other sensitive details to the world at large even when that information was supposed to be given only to a user’s designated friends. MySpace has made similar gaffes.”

Is it time we revisited all our profiles and see what’s really on them? 

UPDATED – 11:41PM

I had forgotten about the Mahinda Rajapakse blog. Again, good stuff but I wonder how long before someone, somewhere takes offense and decides to block WordPress in Sri Lanka.