6 July 2013
Somebody's watching meThe Straits Times
Does US-style Prism surveillance of citizens' online outpourings happen here? Insight's Tessa Wong looks at the issue.
SHOULD Singaporeans e-mailing friends, or clicking "like" on anything from a cat photo to Pink Dot's page, think twice about what they are doing?
Just how private your communications and online interactions are is giving cause for pause, when even in the United States - champion of democracy and human rights - no text message is sacred now.
Whistle-blower Edward Snowden, a former employee of a private contractor working for the National Security Agency, last month revealed a government surveillance system codenamed Prism that snooped on citizens' e-mail, video chats and more, in the name of homeland security.
It came hot on the heels of news that the agency was also obtaining phone logs from Verizon, one of America's largest telecommunications providers, thanks to a secret court order.
Both programmes were defended by President Barack Obama as having deterred at least 50 terror threats to the US.
Would such unfettered snooping by the Singapore Government be warranted in the interests of national security here, too?
Indeed, is there a Big Brother, Prism-like data surveillance system here? And what about the right to privacy, something Singaporeans may not have given much thought to until recently?
Should someone be watching the watchers, to curb any potential abuse of this mining of online outpourings?
ASKED whether it conducts any form of cyber surveillance, and how frequently it gathers individuals' private information, a Ministry of Home Affairs spokesman would say only that "as part of the evidence-gathering process provided for under the law, law enforcement agencies in Singapore may request from persons or organisations information that will help in their investigations into criminal cases".
Still, unlike the US, Singapore is quite clear that it emphasises keeping the nation safe over individual rights to privacy.
Legal and communications experts whom Insight spoke to said the Singapore Government is clearly positioned on one end of the spectrum. "There is little question that the Singapore position is to tilt the balance in favour of security," said Professor Ang Peng Hwa, director of the Singapore Internet Research Centre.
In Singapore, there are broadly phrased laws that give the Government wide access to data and communications such as SMSes, e-mail, call logs and websites you have accessed. It does not need a court order as laws allow it to directly obtain such information from firms.
You may not even know that your information has been given away, as telecommunications providers are bound to secrecy by their licence agreements signed with the Government.
January's amendment to the Computer Misuse and Cybersecurity Act has also opened the possibility of the Government being able to compel organisations to do pre-emptive surveillance.
In the US, domestic surveillance requires a warrant obtained under the Foreign Intelligence Surveillance Act (Fisa), which came into effect in 1978. A secret court set up under the Act grants these warrants. Following the 9/11 attacks, the Bush administration began a secret warrantless surveillance programme of calls and e-mail going in and out of the US. In 2007, the Fisa court ordered that the programme had to obtain its approval to continue.
In Singapore, the state has not needed court orders to authorise obtaining data for decades. For instance, the broadly worded provision in the Criminal Procedure Code that allows the police to obtain anything deemed related to an investigation has been on the books since the code was enacted in 1955.
Striking the right note
CERTAINLY, in a post-9/11 world where terrorism is a top concern, the case for governments to have increasingly wider access to private data has grown stronger.
Australian lawmakers have recently proposed to force phone and Internet companies to hold up to two years' worth of phone calls and e-mail data to track potential criminal activity. Meanwhile, the Indian government plans to roll out a surveillance programme by next month called the Central Monitoring System that will monitor texts, social media engagement and phone calls.
In Singapore, potential threats by terrorists have been identified partly from tracking websites they visited and their e-mail. Singapore has also been the target of cyber attacks, with at least seven waves of malicious e-mail attacks directed at delegates at the Asia-Pacific Economic Cooperation forum meeting in 2009.
But some citizens may worry that such invasive powers can be used for purposes other than national security. There have already been recorded instances of individuals abusing their access to citizens' private information.
In 2009, a police officer was convicted of accessing his office database to get the addresses and criminal records of several individuals, including former girlfriends. The year before, a senior officer with the Immigration and Checkpoints Authority was jailed for assisting his foreign mistress to enter Singapore with a fake identity, and one of the charges was related to accessing the authority's computer system for personal use.
Lawyer Gilbert Leong, who has spoken on data protection before, pointed out that in large-scale cyber surveillance, the privacy of a great number of individuals who have done nothing wrong is sacrificed for an uncertain payoff. He said: "It is not certain if such surveillance would yield anything at all. But what is certain is that many innocent people would have had their data traffic monitored."
Ironically, people now make it easy to collect data about them as they blithely share information on social media sites. Companies such as Facebook, Google and Yahoo already track users' e-mail, searches and other online activity, for the purpose of earning money from targeted advertisements.
"Many citizens willingly give up vast amounts of information to telecommunications companies, and yet are reluctant to share the same data with their government. In reality, of course, such companies must comply with lawful government requests to hand over that data," said National University of Singapore's law faculty dean Simon Chesterman.
Yet, some find nothing wrong in the Government monitoring their online data, precisely because they are innocent. "I've never done anything wrong, so what do I have to fear? It would be even worse if we don't monitor and end up not catching criminals in time," said cabby Koh K.M.
Observers feel this attitude is shared by most Singaporeans, given that concerns about surveillance here have been muted, even after the Prism revelations. Prof Ang noted that so far there has been no evidence of "widespread and systematic abuse of privacy by our Government. So that is reassuring to people. And yes, people feel they have nothing to hide and be private about".
Singapore did not have any laws protecting the privacy of data until last year, when Parliament passed the Personal Data Protection Act. Still, it is aimed more at restricting companies' use of private data, as public agencies are exempted from most part of the Act.
Nominated MP Eugene Tan, who called for greater safeguarding of privacy in January's amendment debate, said: "There is, at one level, trust that legitimate surveillance is conducted. And, perhaps, at another level, ignorance over the surveillance we have in Singapore."
Americans themselves are divided on the issue. In a poll early last month by the Washington Post and Pew Research Centre, 62 per cent felt it was more important for the government to investigate possible terrorist threats even if it intrudes on personal privacy. Only 34 per cent felt it should not intrude even if it limits the ability to investigate threats. The rest had no opinion.
Checks and balances
IF MOST people believe the Government should have the right to do widespread monitoring, perhaps the issue should be whether societies need greater safeguards against abuse of power.
Prism involved gathering metadata involving patterns found from data collected, according to President Obama, rather than delving into the minutiae of individual information. It is this area where the issue of privacy can become especially murky, and where more checks would be needed.
Singapore's laws giving the Government wide access to personal communications come with some safeguard to prevent such abuse - access can be exercised only in certain circumstances, such as when it is needed in an investigation, or for national security purposes. And in the January amendment debate, Second Minister for Home Affairs S. Iswaran also gave the assurance that the Government would exercise such powers "judiciously".
But that has not stopped growing concerns that there need to be stronger checks and balances, and greater transparency of how the Government exercises its powers. During January's debate, several MPs called for the Government to clarify further the thresholds that must be met and the factors it will consider before exercising its powers.
Prof Chesterman suggested there could be regular reports on the nature and purpose of surveillance, why and how it is analysed, and for what purposes it is used.
Said teacher Hazlina A. Rahman: "The Government should be upfront with its own citizens, so that at least we know if it is doing this to us."
Another suggestion is for external checks on the Government, such as an independent panel staffed with trusted members of society and the judiciary. Mr Hri Kumar Nair, chairman of the Government Parliamentary Committee (GPC) for Home Affairs and Law, suggested this in the January debate. "An independent panel sends the message that someone will be reviewing what you do, so you must be diligent," he said.
Other safeguards suggested by Mr Tan and Prof Chesterman include: higher penalties to deter abuse of power; ensuring that surveillance is done only by public bodies and not outsourced to private contractors; and ensuring individuals harmed by surveillance can claim compensation.
But more transparency and safeguards may even defeat the point of having such surveillance.
"It's hard to be transparent about how the Government exercises such a power. The whole point is that you have to be covert," said Home Affairs and Law GPC deputy chair Edwin Tong.
He pointed out that it would be difficult to determine how much information to disclose. If it is too much, it would risk tipping off wrongdoers. Too little, and such information may not be meaningful to the public.
Safeguards such as an independent panel may also "slow down the efficacy of regulation", said Mr Tong.
In time, he added, there may be a high degree of acceptance of cyber surveillance as a norm, just as the public has accepted invasive practices like pre-flight frisking.
But Mr Nair noted that in such cases, people know their privacy is being infringed: "In cyber surveillance, you don't even know the Government is doing it." Though it may be hard to decide how much to disclose, and safeguards may slow processes, this does not mean there should be no checks on Government, he said.
Balances could be struck - for example, an independent panel would not need to approve every decision to extract private data, but review periodically past decisions, in an in-camera setting to preserve security.
Mr Nair pointed out that police powers are not unfettered, as the courts still have oversight over any abuse of power and authority.
"Why should cyber surveillance and security be any different? The public must have confidence that things are being done properly, and that no matter who is in Government, there are checks in place to protect their interests," he said.