Cyber Security
The Government vs. Your Facebook Account

How Much Can the Government See?

Your smartphone beeps you awake at 6am every weekday morning. On your way to work, you are scrolling down your Facebook newsfeed, liking or commenting on posts that resonate with your current mood. At work, you pull up your Gmail account and Google possible destinations for your next paid vacation. You Instagram your lunch and Snapchat how funny your friend looks at the party. Your cousins abroad WhatsApp you their latest shenanigans. 

At any instant of our day, if not our entire lives, Google and Facebook know more about us, our preferences, our geotagged activities and our relationship statuses than anyone else. Edward Snowden calls this the Surveillance Age, where private corporations and public authorities are trying to understand us through our digital footprint at all hours of the day. All they require is a simple tap that activates our phone's Wifi or data plan. The access we provide to private corporations by willingly giving up our legal rights to our private information is often a concern when made available to governments – we then feel our privacy has been violated. Does this mean we trust private corporations more than our elected public representatives?

The government of Bangladesh recently stirred (more) public attention when Telecom State Minister, Tarana Halim announced it will request Facebook to share information about Bangladeshi users in hopes to “curb growing militancy” in the country (The Daily Star, March 17, 2017). In another news-article, AIG Moniruzzaman of Police Headquarters suggested Facebook requests Bangladeshis to open accounts using National Identification Numbers (NIDs) in order to effectively cross-validate their identities and reduce cybercrime (The Daily Star, March 13, 2017). In both cases, unsurprisingly, Facebook turned down the state's requests. 

However, the government's efforts into monitoring communication date back to its Constitution. While Article 1 and Article 43 both protect the citizen's right to privacy, especially against unlawful search and seizure of communication devices or correspondence, the caveat arises with the clause “unless reasonable restrictions imposed by law permit it in interest of national security” in Article 43. The amended Bangladesh Telecommunications Act, 2010 allows agencies to “monitor the private communications of people and intercept communication with the permission of [M]inistry of Home Affairs, under a special provision for the security of state and public order”. 

In reality, nevertheless, digital surveillance is more expensive and complex than warranted by policy briefs. Between 2013 and 2016, media reported over BDT 300cr government expenses on acquiring surveillance technologies that allow phone calls and social media activities to be intercepted by government intelligence agencies, such as National Telecommunications Monitoring Center in Dhaka. Central to the purchasing orders were third party vendors like Israeli-American firm Verint Systems and Chinese firm Inovatio that are known for their wiretapping technologies; the former was implicated with another Israeli firm in the United States' National Security Agency's wiretapping scandal in 2008. This highlights an important contradiction with the state's recent announcements: had our government been as successful in exhaustively accessing all our digital information, the State Minister's repeated requests to Facebook representatives would be nothing short of redundant. Can we then safely assume that not all our online activities can be tracked?

Irrespective of acquisition, deploying these technologies require in-house expertise that many intelligence agencies lack, as cited in the FBI-Apple encryption dispute in March 2016. The dispute also led to private corporations strengthening their encryption and privacy fronts, making it more challenging for government agencies to access user data. Later, in the same year, the ACLU in US reported the widespread use of Geofeedia and Digital Stakeout – tools that can track and geolocate social media activities beyond the scope of keywords – allowing government agencies to identify specific individuals. As a result, infuriated technology giants namely Google and Facebook beefed up unwarranted access to their data. In recent times, the Trump administration and Department of Homeland Security have reportedly discussed manually searching social media accounts in U.S. borders to “detect terrorist threats” (The New York Times, February 14, 2017). This provides further evidence that existing surveillance technologies are well behind the rampant product growth and security enhancements within technology companies. In the constant tension between government agencies and private corporations to know as much as possible about people and customers, the real concern surrounding an individual's civil liberty takes a backseat. While policies are still catching up to emerging technologies, how can a layman protect his/her rights to a private life?

Much of the response lies in our own decisions to share our information. The government at current can only resort to third party vendors or social media monitoring software (SMMS) to intercept our digital correspondence. In recent years, the Bangladesh government has taken legal actions against individuals posting “offensive” remarks on Facebook. However, in reality, identifying their information did not require any advanced technology. A simple search of keywords and exploitation of our gullible tendencies to share anything on social media without permission or fact-checking are sufficient to implement the Penal Code, 1860 and ICT Act, 2006. It is not about what instruments of the technology were used to find digital data, but rather about the questionable policies that allow such doing to be used against an individual. How are the laws being used to silence intelligent discourse?

The threat, meanwhile, is more prevalent in our own willingness to hand over private information (and our rights to what can be done with it) to opaque algorithms owned by profit-minded, private individuals. 

It is less sexy to hold them accountable, largely because we simply do not know exactly how our information is stored, processed and implemented. Perhaps it is how a government collects and aggressively responds to the same information that we find intrusive. That is alarming and beckons the urgency for discussions to shift in the direction of policies that will contain the Fourth Industrial Revolution, rather than the microwave ovens that are still struggling (and miserably failing) to listen to us.

Sabhanaz Rashid Diya is a social entrepreneur who is currently finishing her Master of Public Policy at University of California Berkeley. Her research focuses on the intersection of technology  policy and international development.

Comments

The Government vs. Your Facebook Account

How Much Can the Government See?

Your smartphone beeps you awake at 6am every weekday morning. On your way to work, you are scrolling down your Facebook newsfeed, liking or commenting on posts that resonate with your current mood. At work, you pull up your Gmail account and Google possible destinations for your next paid vacation. You Instagram your lunch and Snapchat how funny your friend looks at the party. Your cousins abroad WhatsApp you their latest shenanigans. 

At any instant of our day, if not our entire lives, Google and Facebook know more about us, our preferences, our geotagged activities and our relationship statuses than anyone else. Edward Snowden calls this the Surveillance Age, where private corporations and public authorities are trying to understand us through our digital footprint at all hours of the day. All they require is a simple tap that activates our phone's Wifi or data plan. The access we provide to private corporations by willingly giving up our legal rights to our private information is often a concern when made available to governments – we then feel our privacy has been violated. Does this mean we trust private corporations more than our elected public representatives?

The government of Bangladesh recently stirred (more) public attention when Telecom State Minister, Tarana Halim announced it will request Facebook to share information about Bangladeshi users in hopes to “curb growing militancy” in the country (The Daily Star, March 17, 2017). In another news-article, AIG Moniruzzaman of Police Headquarters suggested Facebook requests Bangladeshis to open accounts using National Identification Numbers (NIDs) in order to effectively cross-validate their identities and reduce cybercrime (The Daily Star, March 13, 2017). In both cases, unsurprisingly, Facebook turned down the state's requests. 

However, the government's efforts into monitoring communication date back to its Constitution. While Article 1 and Article 43 both protect the citizen's right to privacy, especially against unlawful search and seizure of communication devices or correspondence, the caveat arises with the clause “unless reasonable restrictions imposed by law permit it in interest of national security” in Article 43. The amended Bangladesh Telecommunications Act, 2010 allows agencies to “monitor the private communications of people and intercept communication with the permission of [M]inistry of Home Affairs, under a special provision for the security of state and public order”. 

In reality, nevertheless, digital surveillance is more expensive and complex than warranted by policy briefs. Between 2013 and 2016, media reported over BDT 300cr government expenses on acquiring surveillance technologies that allow phone calls and social media activities to be intercepted by government intelligence agencies, such as National Telecommunications Monitoring Center in Dhaka. Central to the purchasing orders were third party vendors like Israeli-American firm Verint Systems and Chinese firm Inovatio that are known for their wiretapping technologies; the former was implicated with another Israeli firm in the United States' National Security Agency's wiretapping scandal in 2008. This highlights an important contradiction with the state's recent announcements: had our government been as successful in exhaustively accessing all our digital information, the State Minister's repeated requests to Facebook representatives would be nothing short of redundant. Can we then safely assume that not all our online activities can be tracked?

Irrespective of acquisition, deploying these technologies require in-house expertise that many intelligence agencies lack, as cited in the FBI-Apple encryption dispute in March 2016. The dispute also led to private corporations strengthening their encryption and privacy fronts, making it more challenging for government agencies to access user data. Later, in the same year, the ACLU in US reported the widespread use of Geofeedia and Digital Stakeout – tools that can track and geolocate social media activities beyond the scope of keywords – allowing government agencies to identify specific individuals. As a result, infuriated technology giants namely Google and Facebook beefed up unwarranted access to their data. In recent times, the Trump administration and Department of Homeland Security have reportedly discussed manually searching social media accounts in U.S. borders to “detect terrorist threats” (The New York Times, February 14, 2017). This provides further evidence that existing surveillance technologies are well behind the rampant product growth and security enhancements within technology companies. In the constant tension between government agencies and private corporations to know as much as possible about people and customers, the real concern surrounding an individual's civil liberty takes a backseat. While policies are still catching up to emerging technologies, how can a layman protect his/her rights to a private life?

Much of the response lies in our own decisions to share our information. The government at current can only resort to third party vendors or social media monitoring software (SMMS) to intercept our digital correspondence. In recent years, the Bangladesh government has taken legal actions against individuals posting “offensive” remarks on Facebook. However, in reality, identifying their information did not require any advanced technology. A simple search of keywords and exploitation of our gullible tendencies to share anything on social media without permission or fact-checking are sufficient to implement the Penal Code, 1860 and ICT Act, 2006. It is not about what instruments of the technology were used to find digital data, but rather about the questionable policies that allow such doing to be used against an individual. How are the laws being used to silence intelligent discourse?

The threat, meanwhile, is more prevalent in our own willingness to hand over private information (and our rights to what can be done with it) to opaque algorithms owned by profit-minded, private individuals. 

It is less sexy to hold them accountable, largely because we simply do not know exactly how our information is stored, processed and implemented. Perhaps it is how a government collects and aggressively responds to the same information that we find intrusive. That is alarming and beckons the urgency for discussions to shift in the direction of policies that will contain the Fourth Industrial Revolution, rather than the microwave ovens that are still struggling (and miserably failing) to listen to us.

Sabhanaz Rashid Diya is a social entrepreneur who is currently finishing her Master of Public Policy at University of California Berkeley. Her research focuses on the intersection of technology  policy and international development.

Comments