The new BIG BROTHER who is watching you is the giant electronic eye on the world. This not only includes online criminals and internet fraud, but also an expanding network of as yet non-criminalised activities, including pervasive forms of surveillance, such as cameras in retail stores and microchips in garments that can track your every move.
“‘They can’t get inside you’, she had said. But they could get inside you.” These words from George Orwell’s novel ‘Nineteen Eight-four’ about thought and behaviour control rang alarm bells in my head as the private investigator spoke.
I’d found him on the Internet by Googling ‘private investigator South Africa’. There were long listings of people in this line of work and I selected this particular investigator simply because the address given for his office was round the corner from my apartment in Sandton.
“Yes, this is the private investigator,” the voice on the other end of the line responded.
“I need to know whether you can access someone’s email, Internet browsing history, cellphone, credit card and other personal records,” I said.
“That is possible,” he said, but something about his voice made me nervous, more nervous than I already am in this era of identify theft, online fraud and invasion of privacy.
In this particular circumstance the voice at the end of the line made me suspicious because he sounded Nigerian. Forgive me all you innocent, honest, hard-working Nigerians out there, but alarm bells rang because Nigerians are high on the list of those who are just too damn good at getting inside people’s lives.
How perfect to set yourself up as a private investigator with direct access to your client’s life, ID number and credit card details. It certainly beats sending out emails and sms’s requesting banking information on the strength of ‘you have won the UK lottery’ or ‘you have been left US$1-million by a distant relative’ or ‘invest now and make ten times your investment’.
“Thank you,” I said and hastily put down the phone.
Despite it being against the law, private investigators, hackers and all those with ‘inside’ contacts can access private information in one way or another. And it doesn’t stop there. Retailers, loyalty schemes and social media sites have turned into virtual private investigators where they gather as much information on you as possible to create a private dossier in order to tailor their marketing to you, or so they say. Needless to say, this information is of great interest to criminal syndicates and repressive governments. The electronic revolution has made it all so much easier.
“Individuals need to be very careful about how much information they share and with whom. This includes being careful about registering for new online services and being careful about whom you invite to view your profile and information from sites such as Facebook, Linked In and Plaxo. It’s clear that criminal syndicates are starting to see this as a rich source of data for committing future crimes,” says Hemmanth Singh, CEO of Beyond Payments, Standard Bank’s innovations incubator and business development unit. Before this he was Standard Bank’s Chief Technology Officer responsible for Standard Bank’s electronic banking security.
“Consumers around the world are being exposed to a form of ‘data extraction’, Singh continues. “Information about their demographics is frequently required for registration for new services, including subscriptions to services such as Facebook or Paypal. What this means is that information about your behavior, interests, and every aspect of your life is increasingly easily accessible from browser-based data capture to third party information sharing.”
While banks are regulated and are not allowed to share information with a third party, Singh explains, this does not apply to retailers, loyalty schemes and ‘clubs’ seeking to capture as much information as possible about users and their preferences.
“This is largely being done in order to optimise marketing efforts and to better serve the user, such as at Amazon. When I reach the homepage on my kindle it greets me by name and also recommends books to me. How does it do that? By capturing information about me and then analysing it in order to determine what I’m most interested in.”
Google has been in the spotlight in this regard, with its new system that allows it to pervasively monitor information about the Internet behaviour of Google account holders. With this system they can accumulate personal information on their account holders based on what they search for on the web, what videos they view on YouTube, what topics they discuss on Google’s social networking site Google+, as well as keywords in emails they send via the Gmail system.
This information is harvested in a personal dossier to build a more intimate picture of personal habits. It is then used by Google to boost their advertising income by allowing companies to target account holders with marketing tailored to their interests. Only those who use a Google account to access services are affected, and they may opt out only by canceling their account. Those who use Google simply as a search engine are not affected.
This has triggered concerns worldwide about invasion of privacy. A European Union committee of data watchdogs believes the system could be illegal and is currently investigating this.
“The law is notoriously slow in coming to grips with issues that the electronic revolution has thrust upon us, which means there are all manner of potential breaches of privacy which, as we stand, are not properly addressed in the law,” says Steve Kirk-Cohen SC who practises at the Cape Bar and specialises, inter alia, in freedom of expression and personality rights.
“In South Africa we need specific legislation to cater for privacy in an electronic era. To introduce new legislation of this nature would require action by parliament, probably with some kind of indaba where people in the know would debate the law of privacy. They would need to address not only protection within the boundaries of South Africa but also – by way of treaty – protection across international boundaries because the nature of the internet creates the need for protection around the globe,” Kirk-Cohen explains.
In the absence of this legislation, consumers are increasingly exposed to a form of identity theft, which marketers might argue is to serve the consumer, but this same information in the wrong hands, including credit card information, can lead to the misuse of personal information or to cyber criminals adopting your ID and using your credit card. The reality is that people and organisations out there, including governments, are watching you for good and bad reasons.
Which brings us to surveillance cameras, something we welcome from a security point of view in South Africa, as do others in many parts of the world. But are they for our safety or to monitor and control our behaviour?
The United Kingdom currently leads the world in surveillance. Millions of people in central London are watched 24/7 by surveillance cameras from a giant subterranean CCTV control room. Using the latest remote technology, the cameras rotate 360 degrees, 365 days a year, monitoring everyone’s behaviour without them realising it.
It’s such an effective surveillance system that thousands of officials from 30 countries have flown to London specifically to see it. This includes the FBI, police forces from some of the most dangerous cities on earth, including Johannesburg and São Paulo in Brazil, as well as law enforcement officials from countries with a notorious disregard for the privacy and freedom of their citizens, such as China.
“It is time to ask questions about civil liberty,” says Gauteng-based clinical psychologist Pierre Brouard. “On a societal level, ordinary people need to start thinking seriously about this because governments can all too easily attribute the escalating forms of surveillance to the interests of security of crime prevention. They can monitor where you go, what you’re doing and who you’re having sex with. It reminds me of the Apartheid days, Nazi Germany or the Cold War period where people were spied on all the time.”
This created a society where people were completely insecure and unsure of who was watching them. And it’s not a thing of the past by any means, he explains. “A friend of mine who visited Cuba not too long ago described these neighbourhood committees where people monitor each other. On the one hand it contributed to the safety of, for example, women walking alone in the streets, but it was also creepy and unhealthy because people constantly felt watched.”
If this sounds ominous, try secret microchips or Radio Frequency ID (RFID) tags in clothing and other products, which American privacy activist Katherine Albrecht uncovered.
If you happen to purchase a piece of clothing or some other product with an RFID tag embedded in its seams, packaging or elsewhere, the tag will transmit data about your whereabouts without your knowledge. RFID tags can be inserted anywhere, including in credit cards.
In 2003 Benetton was all set to put RFID tags into women’s clothing until privacy and civil liberty organisations worldwide launched the Boycott Benetton campaign.
Procter and Gamble did the same, and embedded an RDIF tagging system in women’s lipsticks in the United States, but this was only discovered after the fact.
All companies using RDIF tagging claim there is nothing wrong this with – that it is simply to get a better idea about individual consumer preference for marketing purposes.
Consumers don’t feel the same way: “I would be horrified, it’s such an invasion, it’s Big Brother in your brooks!” says Sandy Thomas, director of a company in Cape Town. “What an idea! And where would it end? The microchip comes home with you and goes everywhere you go, especially if it is embedded in your credit card. I’m already uncomfortable with these loyalty companies constantly monitoring my behaviour and lifestyle. And why do I get all these calls from companies I have never contacted, offering me products? There is obviously a huge market for the sale of databases, which is of great concern because what if they get into the wrong hands or if repressive governments start using them to control everyone?”
This reality is imminent, says Albrecht who directs readers to her website www.spychips.com. Here it says that giant corporations including IBM, Procter & Gamble, Wal-Mart and its technology partner NCR, plan to equip every product with a tracking device and use a network of RFID readers to monitor and observe people everywhere they go. “It is the frightening world detailed in our book ‘Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID’, and it has finally come to pass,” says Albrecht.
She also found that increasing numbers of in-store cameras in the United States, which everyone presumes are there to prevent theft, are being used for marketing purposes: “In some cases they’re actually trained on individual people. They follow them on their trip through the store and then link up that video footage with their identity when they scan out on their frequent shopper card or credit card at the checkout: I think that is quite problematic,” comments a euphemistic Albrecht.
As consumers where do we draw the line? Can we draw a line?
It’s tricky. Camera surveillance and RFID tags are tricky because we don’t always know they are there. Online purchasing is also tricky because if you register and then browse with the same service provider, they can capture information on you and your behavior. “If that makes you uncomfortable then don’t register,” advises Singh. “Also clear out your browsing history and don’t agree to being tracked unless you feel comfortable about this. “A company like Apple, for example, requests permission to activate location-based services,” explains Singh. “This tracks you via your phone. You can say ‘No’. If you say ‘Yes’, then it resets the time for you if you travel, tells you the weather where you are and even geo codes your pictures. But you are being tracked. If that bothers you then don’t activate it.”
It goes further, he explains: “What you publish online may end up in the public domain with potentially negative repercussions. In a sense, anything that you publish publicly is seen as public domain and may be shared legally. You are choosing not to keep it private!”
What you write in your emails or which sites you visit might feel private to you, but it is all captured in the giant World Wide Web, and cannot be shredded.
“The worst case for me is that the data is somehow compromised or used for illegal purposes. Then the individual could be seriously compromised – such as being blackmailed or even publicly discredited,” says Singh.
The Big Brother element here has serious implications in terms of freedom to cyber roam. Will the fact that you visited a couple of porn sites be held against you one day when you are applying for a job in public office, in the same way as smoking a joint, participating in anti-government rallies or having an affair has been used against people in office throughout history?
Could this be taken a step further, where your riotous Facebook photos lose you an important job because the company does not want to hire someone who doesn’t take life seriously or who prefers the company of their own sex? Is this cause for paranoia and personal gatekeeping? Perhaps it is because as Brouard puts it: “There is an increasing erosion of privacy, with our habits and behaviour being monitored all the time.”
He fears the giant online database of ‘Who I am’ will cause a decline in healthy experimentation and adventurism because the darkest recesses of our minds can be policed and exposed. “It feels as if we are the middle of an experiment where we are the guinea pigs of all this surveillance.”
Take workplace surveillance as an example, he explains: “You can get fired for saying things about your boss on Facebook.”
Research on workplace surveillance discusses how companies can monitor what you are searching online, what your doing on your computer and how often you take a bathroom or smoke break. “Research reveals that people are more stressed, depressed and less productive when closely monitored at work,” explains Brouard. “If we over monitor people it diminishes them. It goes against our human need to exercise a certain amount of autonomy and self-regulation to function properly. We also need a certain amount of privacy to feel respected and that we have dignity.”
GPS-tracking is similarly problematic where you can track your children, spouse or partner’s every movement. Brouard says: “It’s ostensibly in the interests of safety and security but when you are constantly ‘watched’ you either become completely worn down and lapse into passivity and compliance, or you might become secretly rebellious. In this electronic era you might act out this rebellion in a virtual sense because you have ‘privacy’ here. You simply click onto another page when anyone enters your room.”
But, as discussed, there is no real privacy here either.
Attempts by governments around the world to curb or ban anonymous online personas or organisations are already a reality in the name of suppressing “terrorism”. But whom does this really protect? “Terrorists or terrorist organisations use powerful anonymity software to do what they will online,” says Brouard. “This means that the greater public who is most in need of freedom of anonymity and anonymous free speech is deprived of it, while criminals can continue larger than ever.”
So where are we heading?
“An interesting comment I read about the Big Brother era in which we are living is that if we think we can stem the tide of surveillance we are wrong. The horse has already bolted from the stable and there are so many ways in which we are monitored, which has a powerful effect both on the individual and on society,” comments Brouard.
The 1998 film ‘Enemy of the State’ explores the surveillance society and how the only way to escape it is to become a social outcast who avoids all technology and lives on the periphery of society.
From fingerprinting to facial recognition technology, it will become increasingly difficult to retain your privacy.
Law enforcement analysts in the United States will soon be able to upload a photo of an unknown person choose and within 15 minutes they will receive potential matches. Michigan, Washington, Florida and North Carolina will participate in a pilot test of this new search tool before it is offered to criminal justice professionals across the country in 2014.
A report by the American Civil Liberties Union (ACLU) states: “It’s six minutes before midnight as a surveillance society draws near in the United States and we confront the possibility of a dark future where our every move, our every transaction, our every communication is recorded, compiled, and stored away, ready for access whenever ‘they’ want it.”
What existing laws are there to protect our privacy as individuals?
Steve Kirk-Cohen SC who practises at the Cape Bar and specialises inter alia in freedom of expression and Personality Rights explains:
The South African constitution contains two competing rights when it comes to Privacy:
Section 14: Privacy:
Everyone has the right to privacy, which includes the right not to have-
(a) their person or home searched; (b) their property searched; (c) their possessions seized; or (d) the privacy of their communications infringed.
The competing right is 32: Access to information
(1) Everyone has the right of access to- (a) any information held by the state; and (b) any information that is held by another person and that is required for the exercise or protection of any rights.
The constitutional provisions regarding privacy (with its emphasis on acts which constitute a breach of privacy, rather than a definition of what constitutes privacy) is of little assistance in a discussion of the ambit of privacy in the electronic era.
There are massive difficulties in formulating an appropriate definition of privacy in the electronic era. For example, I don’t think anyone would protest surveillance cameras to stop shoplifting, but if that information is used in order to target you commercially, does that amount to a breach of privacy? Nothing regulates this in South African law at the moment.
Neither have our courts wrestled with the boundaries between public and private transactions because not everything that happens in private is private. Is the purchase of a book at a bookstore a public transaction because it takes place in the public eye, as opposed to the purchase of a book on the internet, which is essentially private? And what if you buy a book on the manufacture of bombs or on child pornography on the internet? Should this transaction remain private, or should the privacy be forfeited for the good of society?
There are some new legislative interventions that are designed to protect privacy in the electronic era, such as the Electronic Communications and Transactions Act, which came into law in 2002. It criminalises interception of data but it is a piecemeal approach to privacy because it only deals with communications and not, for example, with commercial transactions.
Then there is the Promotion of Access to Information Act (PAIA), which gives expression to Section 32 of our Constitution about access to information, and which contains provisions for the protection of third party information. For example, if you want information from a cellphone company on what cellphone calls I made, including where I was when I made them and who I called, there is a notification procedure which requires that, before the cellphone company can hand over the information, they have to inform me and give me 30 days notice to object.
This makes it far less easy for people to get hold of cellphone and other electronic records legally, although the use of private detectives who have inside contacts is not unknown. Because of the issue of inside contacts, be it in the cellphone companies, Telkom, the banks or any other company, unlawful access to electronic information needs to be criminalised and enforced on a broad basis, both in the hands of the person who gives the information and in the hands of the person who receives it. But it is very difficult to stop the flow of private information.
For more information on privacy and human rights go to this international survey of privacy laws and practice. http://gilc.org/privacy/survey/