fbpx

At what cost of citizen’s privacy, comes their freedom and security

By M Ravi

Had a fruitful panel discussion in Bangkok this afternoon organized by the International Commission of Jurists ( ICJ). The panel discussion is part of a 2 day Annual ASEAN Lawyers Meeting on Countering Terrorism and Protecting Human Rights.

I was slated to speak on Counter Terrorism, National Security and the right to privacy in Singapore.

I started with a quote by the law minister where he alluded to an ideological struggle between freedom and terror; stating, " we must believe that we can never be kept down by terror. Liberty, the human spirit will ultimately succeed. But we have to be prepared to fight for it."

Really?

We pause here: " experience teaches us to be most on guard to protect Liberty when the government's purposes are beneficent" - Justice Louis D.Brandeis

The impunity in which the ISA was applied to political detainees does give rise to concern when the same law is applied to terrorists where there is detention without trial and judicial review is excluded by the courts. I presented to ICJ a copy of the recent book by Dr Poh Soo Kai who was detained under the ISA for more than a decade. It was heartening note from the speech by Malaysian lawyer Andrew Khoo, that Malaysia has been abolished the ISA!

The crux of my presentation is on privacy law and national security. When I started my preparation for my talk, I realised that there is a dearth of literature on this subject in the context of Singapore. However, I found some useful notes from Privacy International.

Comparatively speaking, the interpretation to the right to privacy in Singapore has been narrow for quite some time. Singapore does not have a constitutionally recognized right to privacy, nor is it explicitly specified in any human rights type of legislation. Again, I was pleasantly surprised to hear from a lawyer from the Philippines that Philippines has a right to privacy since 1899!

There are two areas of concern on the right to privacy in Singapore :

a. Communications Surveillance and
b. Data retention

Communications Surveillance

The surveillance structure spreads wide from CCTV, drones, Internet monitoring, access to communication data, mandatory SIM card registration, identification required for registration to certain websites , to the use of big analytics for governance initiatives including traffic monitoring .

These practices raise significant concerns in light of the fact that the legal framework regulating interception of communication falls short of applicable international human rights standards. Judicial authorization is completely sidelined.

The law through various pieces of legislation including the Criminal Procedure Code(amended in 2012) and the Computer Misuse and Cybersecurity Act (amended in 1997), does not impose a need for prior judicial authorization to conduct surveillance operation. Authorization can only be given by the Public prosecutor, Minister and police officer.

The lack of a requirement for a judicial warrant for communication interception is rather disconcerting. Such authorizations must be delivered by judges, and not politicians.

Ministerial authorization must be removed and be replaced with an independent judicial authorization process in order to make the process more transparent and accountable.

In fact, I learnt from the Thai panelist that in Thailand the state agency has to apply to court for a judicial warrant for surveillance. Isn't it ironical that Thailand is under military rule and yet has a better due process than Singapore it comes to issues of privacy.

The following are some of the incidents of unwarranted access to communication data.

?1999 : Singtel was revealed to have scanned it's customer's computers surreptitiously following orders it has received from the Ministry of Home Affairs;

? 2008 : ISPs were forced to disclose the personal details of its subscribers it held in a lawsuit involving copyright infringement, i.e.in the case of Odex;

In 2013, when the amendments to the Computer Misuse Act were being discussed, several MP's raised the need to increase accountability and appropriate checks and balances in view of the more enormous powers and wide discretion the Bill confers on the Government to affect measures and obtain data from private companies.Unfortunately, none of these suggestions were adopted in the amended Act.

Limits on anonymity is a cause for concern as well

?On 1 November 2005, a pre - paid SIM card regulatory regime came into force. This emerged from a joint initiative by the Infocomm Development Authority (IDA), the Ministry of Home Affairs together with mobile service providers. In order to buy a SIM card, a new user must provide a piece of identification.

?SIM registration undermines the ability of users to communicate anonymously and disproportionately disadvantages the most marginalized groups. Mandatory SIM card registration facilitates the establishment of extensive databases of user information, eradicating the potential for anonymity of communications, enabling location -tracking, and simplifying communications surveillance

As recently noted by the UN Special Rapporteur on Freedom of Expression, in a report presented at the 29th Session of the Human Rights Council, “encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age.” He added that because of their importance to these rights “restrictions on encryption and anonymity must be strictly limited according to principles of legality, necessity, proportionality and legitimacy in objective.”

Expansive surveillance capabilities

• In 2013, Citizen Lab of the University of Toronto found evidence that a product “PacketShaper”, produced by BlueCoat23 Systems, a US-based company, is in use in Singapore. Blue Coat allows the surveillance and monitoring of users’ interactions on various applications such as Facebook, Twitter, Google Mail, and Skype.

• Also in 2013, Citizen Lab found command and control servers for FinSpy backdoors, part of Gamma International’s FinFisher “remote monitoring solution,” in a total of 25 countries, including Singapore. FinSpy is malware – software programmes that give an operator the ability to observe and control an individual's computer or mobile device – produced by British- German company Gamma International. The news was covered by local Media, but the Government denied using spy software.

• Whilst such tools can be used for legitimate aims, such as controlling bandwidth costs, they also have the functionality to permit filtering, censorship, and surveillance. Given the lack of legal framework in place to ensure the protection of the rights to privacy, the possible presence and use of such technologies is troubling.

Collaboration in mass communication surveillance programmes

• In August 2013, documents published by NSA whistleblower Edward Snowden have revealed Singapore as a key “third party” providing direct and secret access to Malaysia's communication data with the Fives Eyes. Whilst it remains unclear what the role and responsibilities are of 'third parties” to the NSA, it has been reported that the government of Singapore, through the state-owned operator, SingTel facilitated access to fibre optic cables passing through its territory.

• This access was provided through the tapping of some internet cables running through Singapore. Internet monitoring is the act of capturing data as it travels across the internet towards its intended destination. It can take place across any point of the infrastructure, depending on what information is trying to be collected.

• Privacy International is concerned that such mass surveillance programmes are contrary to Article 12 of the UDHR and Article 17 of the ICCPR. The alleged role of Singapore as a third party to the Five Eyes extends far beyond principles of legality, legitimacy, proportionality, and necessity that must be considered when interfering with and limiting the right to privacy. Such activities also fail to meet well-established human rights principles of transparency, accountability, due process, and the requirement for independent oversight.

Concluding Remarks

Singapore is a nation that has been fortunate enough to have avoided terror attacks for decades. In recent times, the Government has been taking pro-active steps in order to ensure that the security of the nation stays ahead of those that may wish to do it harm. Some of these measures include rolling out expanded CCTV coverage across the country, which already has extensive police CCTV networks. This may very well be a useful to combating terrorism. The question is, what are the means by which we reach the end goal? At what cost comes our freedom and security?

Related to this question are others:
• Is public security more important than human rights?
• If we allow exceptions to the application of the right to privacy, are we not eroding the foundation of this important human right?
• How do we balance the application of the right to privacy while also ensuring adequate security measures are in place to combat terrorism?

I don’t have the answer to all of these questions. But I believe that part of the solution is to pay adequate heed to international laws, such as the human rights protected under the ICCPR.

I ended my talk with a quote from Thomas Paine, one of the founding father of United States :

"He that would make his own liberty secure, must guard even his enemy from oppression; for if he violates this duty, he establishes a precedent that will reach to himself"