THE ONLINE WORLD AND PRIVACY: HOW SAFE ARE YOU?

Introduction

It is unimaginable on the face of it for the identity of an individual in a village in Ghana and using the Internet to be known by another in Glasgow. There is no doubt that “Cyberspace creates new potentials for good and evil, for creative expression and criminal exploitation” but the issue is, the extent of “privacy” and “anonymity” in the online world and whether the benefits are worth it.

This article is an attempt to consider the statements by Scot McNealy, Chairman of SUN Microsystems that  “you have zero privacy already. Get over it”  and Peter Steiner, a cartoonist that “on the Internet nobody knows you are a dog” which in my opinion sums up the two extreme schools of thought, those that see danger everywhere (perceived as paranoid luddites) and those that see no danger whatsoever (perceived as naïve technophiles)   


Right To Privacy

Right to privacy has been a fundamental human right issue even before the advent of the advancement in ICT such as:

Article 17, International Covenant on Civil and Political Rights 1966
“Everyone has the right to life, liberty and security of person” and
“No one shall be subjected to arbitrary or unlawful inference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation” and “Everyone has the right to the protection of the law against such interference or attacks.

 Article 18 (2) of the Constitution of Ghana states that:
No person shall be subjected to interference with the privacy of his home,     property, correspondence or communication except in accordance with law and as may be necessary in a free and democratic society for public safety or the economic well-being of the country, for the protection of health or morals, for the prevention of disorder or crime or for the protection of the rights or freedoms of others

The above legal considerations can be summarised by what Judge Cooley called “the right to be left alone” which no doubt has implications for communication in the online world.

What is the Online World?

In the broad sense the online world to me may encompass a situation where an individual can be remotely seen, heard or communicated with. This therefore brings into focus the use of CCTVs,  information,  telecommunication and Internet technologies.

For the purposes of this article I will however take a narrow view by limiting the online world to the Internet technology which has developed to the extent that it has become a tool in enhancing both the CCTV and telecommunication technologies into a surveillance society.

Privacy And The Online World

It must be acknowledged that there is motivation from both the private (consumer behaviour profiling)  and public sectors  (public security) in tampering with the privacy of individuals in the online world. In as much as the Internet is noted to create new potentials, opportunities, consumer choice and power it simultaneously creates new threats and risks to consumer privacy with respect to personal data and communication.

I see two major issues that interplay. The first is with the individual’s ability to control and “significantly influence the collection and handling of data” on them which has to do with their information privacy and secondly, the tendency of others to rightly or wrongly monitor the “actions or communication” of individuals by way of data surveillance.

The individual must be prepared to risk certain privacy rights to be able to take advantage of the full potential of what the online world brings. To what extent is ICT advancement able to adequately deal with the fundamental human rights of privacy.


Reality Of  Data Surveillance

Surveillance has been in existence before the advancement of technology and quoting from Roger Clarke:
”People have always left tracks behind them. Apart from the physical footsteps we leave in the dust and the mud, some of the people who see us, and who we talk to, remember the events

The above statement for me holds true for individual’s using the Internet. It is possible for an Internet service provider (ISP) to amongst others know the sites visited by an individual and activities performed, literally keeping log of the tracks left by users.

The advancement of ICT and especially the Internet has revolutionized if I should say the “manual surveillance” as described by Roger Clark to a “digital” one where there is no need to physical trail anyone but once access can be gotten to an individual’s personal data and profiled, whatever needs to be known can be known. 

There may be legitimate and legal reasons for wanting to as a matter of routine, purposively control and manage individual’s personal data whilst on the Internet but such surveillance can also illegitimately be undertaken without the knowledge of users and as stated in a report on the surveillance society which stated that “… not until some identity theft scandal breaks do consumers become aware of the extent of personal profiling carried out by major corporations.”

Telecommunication Technology

Providers of telecommunication services have the capacity to know a lot about those using their network. A device known as the IMIS-Catcher that is capable of locating the country code, network code, geographical cell area, telephone number and the unique handset code (IMEI) can be used to locate users of mobile handsets . This was used by the Italian police to track a suspect in his UK home. The mere fact that it is technically possible to have such data on the individual and more so invisibly is scary and should be of concern to any individual.

Internet Technology

Technologies such as browser chattering and cookies make it possible for certain background (invisible processing) to take place by way of profiling without the knowledge of the individual. It is also possible to remotely know the content of an individual’s computer connected to the Internet. Some of the tools used are :

  • Logging of Internet Protocol(IP) Address
The Internet Service Provider(ISP) is capable of keeping a log of activities performed through the allocated IP address with respect to date, time and duration.  

  • Cookies
Cookies are text files that contain certain data about the user that makes the website or content provider identify and provide specialized service by making the experience much more easier and seamless. Distant learning universities and other online subscription content providers that use the Internet use cookies to pre-authenticate users who log in to their servers. Unfortunately, other unscrupulous people can also place cookies on the hard disk of users without their knowledge to collect whatever data they need.

  • Browsers Chattering Data And Clickstream Data
Internet browsers are capable of transmitting alongside the IP address of the user and the request being made details such as the application programs resident in the computer of the user and even to the extent that it has been reported that Microsoft’s Internet Explorer can reveal that “the user is a “French-speaking Belgian”. It was reported by BBC on their website on 16/12/08 that bugs were detected in Microsoft’s Internet Explorer that Internet experts say could allow criminals to take control of people’e computers. The record of the Internet user’s activities can also easily be documented.

The European Commission article 29 working party report on privacy on the Internet (WP37) indicated that:
“Users are not aware that their browser will automatically transmit a unique ID, IP address, and complete URL of the webpage which may include the keywords typed on the search engine with details of content being read”.  

An article by Daniel Garrie and Rebecca Wong states that:

“… technologies have become so sophisticated that it is possible to extract personal information from clickstream data and thus, identify specific individuals from this process”.  

  • Invisible Hyperlinks
These can be used to link websites visited to other companies who intend to provide e-banners and e-advertising materials. For example when visiting a car sales website the individual could be shown a car financing banner from a financial institution and the question is how the finance company knew a car website was being visited.

The combination of tools such as invisible hyperlinks, cookies and browser chattering makes it possible for the Internet user to be easily profiled and the ”digital persona” documented invisibly. The pieces can be put together like a “jigsaw puzzle to reveal the identity of the real person”.  This fear of the possibility of matching actual known information of a user (name, age, occupation etc) with the user’s “digital persona” created concerns about the merger between the Internet advertiser DoubleClick and the market research firm Abacus Direct in November 1999.

  • Monitoring Softwares And Sniffing
These are capable of profiling Internet users activities and are used  most invariably without the users knowledge.  Examples of such monitoring softeware are the Narus, Radiate and zBubbles softwares, popularly known as E.T. applications: 

             “once they are lodged in the user’s computer and learned what they want to
               know, they tend to do what Steven Spielbergs extra-terrestial did: phone
               home”

Network traffic can also be monitored using what is called “Sniffing software” which can also be used for large-scale interception and surveillance.

There are other monitoring software that are positively used by for example parents to check on their kids surfing the net by compiling reports on sites visited and content of chat room conversations, hoping to protect them from possible paedophiles. In as much as I agree that it is a good tool, it does not take away the capability of the technology to undertake such invisible processing.

  • Spyware
These are malicious software that invisibly are capable of intercepting or taking control of a users computer activities. The individual thus loses control of his/her information processing

  • Chip Identifier
The technology exist for the Processor Serial Numbers (PSN) of microprocessors installed on computers connected to the Internet to be used as unique identifiers of individuals, invisibly tracking their activities thus risking their right to privacy. This was a major concern with the introduction of the Pentium III chip processors.

  • Keylogger Trojans
These record what users type on their keyboard and can be  used to steal data relating to various online payment systems. This happened in June 2004 when one was installed as an add-on to Internet Explorer and was able to send usernames and passwords to a computer in Russia.


Can Technology Provide Anonymity and Privacy?
In its annual report for 2000 the Dutch Data Protection Authority came to the conclusion that “the protection of personal data by Internet Service Providers is failing badly”. This I think brings to the fore the need for privacy enhancing measures or initiatives that is capable of allowing the individual to take advantage of the enormous potential of the Internet without feeling vulnerable. This raises the need for anonymity. Unfortunately, whilst it might resolve the issue of privacy on the Internet it would also make it difficult to trace hackers or perpetuators of online fraud.  How is this possible?



·        E-mails Technology

Filtering Technology
This has the ability to block unwanted mails from specified e-mail addresses or filter unwanted, unsolicited messages (spasm) that come through.

Remailing Technology
It is possible to offer remailer services whereby the users original e-mail address identity is substituted with that of another before transmission. This can be done through multiple remailer services thereby completely hiding the original identity.

Encryption Technology
This allows the content of mails to be coded and decoded by only those who have the access to do so

Pseudonym
The use of names or e-mail addresses not directly linked to the legal name of the user. I do not see any illegality in using a fictitious name to remain anonymous when for example joining new groups or chat rooms.

·        Anonymous Proxies

These hide the user’s information so one can safely surf the Internet and once multiple proxies are used it even makes it much more safer and quite impossible for a transaction or activity to be linked or traced to a particular individual.

  • Wireless (Unsecured Hotspots)
Using wireless networks though may be unsecured at times may provide the anonymity needed to surf the net.

·        Privacy Enhancing Tools (PETs)
The European Commission (EC) has favoured the development of PETs with respect to the processing of personal data as a way of improving the protection of privacy. These tools involve anonymisation of data, encryption of data, blocking of cookies as well as comparing users’ privacy preferences against that of the privacy policies of websites visited by way of the “Platform for Privacy Preferences-P3P” specification. It is believed that Internet privacy issues can be resolved by the adoption of the P3P specifications and this has been collaborated by support from organisations such as Microsoft, NEC, Proctor & Gamble.  It is obvious that “the downside of disclosure for consumer is, obviously the loss of anonymity/privacy” however according to Professor Donna Hoffman (a professor at Vanderbilt University. Tennessee USA). P3P addresses the balance between digital businesses wanting to know who their customers are with the need for individual’s to control how their information is released.
P3P agreeably is a necessary condition for privacy on the web but not sufficient and need to be considered in conjunction with a regulatory framework of legislation which may be a subject of another article.    
Conclusion

Using the Internet no doubt leaves “electronic footprints”. Considering the possibility and capability of surveillance on the online world, identifying or not identifying users on the Internet to me is a balance between the individual’s fundamental human right to privacy and the obligation of mostly a nation state to protect her citizens by wanting some traceability on those who are security risks or using the Internet for fraud save illegitimate surveillance.

I think McNealy made a statement of fact with respect to the technological capabilities but seem to have ignored the initiatives and precautions that individual’s can take to protect themselves both technologically and legally. It is however a good awareness statement. Steiner counted on the technology enabled ways of remaining anonymous as raised above but forgetting that  the “average individual” might not be concerned about anonymity or even be aware of the “anonymity tools” available let alone be aware of the risks to privacy by way of the possibility of data surveillance on the Internet. This then to a large extent leaves most people vulnerable and unprotected with the possibility of “zero privacy”. This is where a legal protection is needed to cover the ordinary Internet user.

In my opinion therefore both statements cannot be wholly true in that the individual can protect her privacy and cannot be said to have “zero privacy” but should also be aware of the technical capabilities of being found out that he/she is a “dog”. To me the statements are two extreme positions of the reality but I am inclined to qualify the statement by Scot McNealy as “the average ordinary individual has zero privacy” and that of Peter Steiner as “on the Internet, nobody will know you are a dog if you do not want them to”. 

Finally, I would advise all of us to assume zero privacy and then using some of the privacy tools or measures available to protect ourselves whilst of course falling on the law when a violation has been made.  The following are interesting statements of awareness:

“ Damn any fool who suggests to you that "the Internet "used" to be "a very anonymous place""... never was, isn't, and never will be. That's the purest of urban myth “
Thomas Claburn

“….who says nobody knows you are a dog….That's no longer true. In fact, today we can tell you're a scotch terrier, live north of London, enjoy chewing up your owner's shoes (including brand preference), crave for that special dog food……..”
Alexander Holy

When the type of data typically collected from website browsers, is combined with ‘real world’ information held in various databases, then not only can its value increase dramatically, but the risks to personal privacy increase correlatively”
Lilian Edwards

“On the Internet, Nobody knows you’re a dog, until someone exposes you as a dog and then everyone knows you’re a dog”
Jess Sloss

 the Internet has a way of collecting everybody's paw prints over time and preserving them for eternity”.
Jack Shafer

Comments

Post a Comment

Popular posts from this blog

LEGAL ISSUES IN E-COMMERCE WEBSITE DEVELOPING IN GHANA: OWNER BEWARE

Introduction Website presence in the new global village will become a “sine qua non” in conducting business if Ghanaians want to take advantage of the digital platform.   The first point of call in wanting to do this is to approach a website designer with some ideas on how you want the site to look like and the features you expect to see. Design functionality and aesthetics most invariably are the issues the developer becomes pre-occupied with but there are legal issues to contend with especially more so when the website is accessible to anybody, anywhere and at anytime. The Electronic Transactions Act 2008(Act 772) however gives directions as to how website developers can resolve these legal issues. I intend to raise the legal issues in website designing and attempt to give some indications as to what functionalities and best practice may be needed to satisfy the law   Legal Issues in Trading Through A Website There are a lot of legal considerations when designing a website and th
Read more

IMPLEMENTING THE FREEDOM OF INFORMATION ACT: ARE WE EXPECTING TOO MUCH TOO SOON?

INTRODUCTION Information flow between government and its citizens was deemed by Rt Hon Jack Straw (a UK MP) to not only empower the people but to promote a “vigorous and robust democracy”.   The Right to Information Act, 2019   except under certain exemptions is intended to give the public the “right to know” the type of information held by public bodies. It is an attempt for “greater transparency, accountability and engagement” in government business and should “transform the culture of Government from one of secrecy to one of openness ” . In the UK for example, it led to the resignation by Michael Burgess as coroner for the late lady Diana’s inquest; it led to the disclosure of detailed breakdown of MPs travel expenses after an initial plan by ministers to exempt such disclosure; it led to World Development Movement (WDM) getting information relating to the biggest carbon dioxide polluters in the UK which before the Act would not have been readily available. There is the argu
Read more

ELECTRONIC SIGNATURES AND DIGITAL SIGNATURES: HAS GHANA GOTTEN IT MIXED UP UNDER THE ELECTRONIC TRANSACTIONS ACT 2008 (ACT772)?

INTRODUCTION In my opinion there is a distinction between an “electronic signature” and a “digital signature” and I stand to be corrected but Act 772 seems to be referring to “electronic signatures” whilst talking about “digital signatures” or vice versa and this gets me confused. My understanding of “electronic signature” is that it is data in electronic form which can be attached to, or logically associated with other electronic data and which serve as a method of authentication. This therefore means that the following may fall under electronic signatures: A hand signed signature in ink, scanned and electronically delivered Electronically typed (Computer) signature and electronically delivered An electronic typed name and electronically delivered An electronic symbol that is electronically delivered The above attached to an electronic document may not be a safe way of authenticating a document but acceptable as long as the signatory accepts having signed the document. After a
Read more