Governments are taking to the Web, particularly social networking sites such as Facebook, to conduct surveillance on the pretext of monitoring potential criminals and fighting crime but insiders have cautioned against state agencies overstepping into citizens' privacy while doing so and urged them to find balance in such activities.
Bavaria and three other German states had admitted in October that they had used a malware called "Federal Trojan", commonly deployed by the German police force, to spy on people, according to a BBC report.
A separate article by ZDNet Asia's sister site, CNET, quoted European hacker club Chaos Computer Club, which discovered the malware, saying: "The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the Internet."
The BBC reported that the German justice minister Sabine Leutheusser-Schnarrenberger has since called for a national- and state-level probe into the use of the malware.
Over in the United States, confidential guidelines on how to access people's Facebook, Microsoft, Blizzard and AOL accounts for law enforcement agencies were leaked online last week. A ZDNet Asia report stated that these guidelines include what types of user data are stored, how long are these retained for, and what procedures need to be used in order to gain access to the information.
Responding to these developments, Elle Todd, media, communications and technology group partner at law firm Olswang Asia, noted that Internet traffic and usage have been a rich source of information in the fight against crime for many years.
She explained that Internet profiles and stored online information provide a tool for authorities to build up a database of information on suspects' contacts, hobbies, interest, connections and other personal data. Other information include sites visited, transactions made, communications sent and received, and Internet Protocol (IP) addresses, and these can help pinpoint someone's activities to a given location over time, she stated.
"As criminals become technically savvy in disguising their 'digital fingerprint' as with their biological ones, law enforcement bodies must also raise their game in finding new techniques and sources of information and tracking capabilities," Todd said.
The lawyer pointed out that Facebook tracking, for one, is increasingly becoming popular because it is "a phenomenally successful worldwide networking site" and a treasure trove of information on who users connect with, how they are related with other contacts and what they talk about online with each other.
Guillame Lovet, senior manager of FortiGuard Labs' threat response team at Fortinet, chimed in saying that simply monitoring Facebook or other publicly accessible Web sites, it's possible to get a good grasp of someone's online activity and identity.
Privacy infringement versus social stability
He added in his e-mail that the main danger for the rise of online surveillance is a drift toward global surveillance as described by author George Orwell in his novel, 1984.
In such a scenario, all Internet users will become "wire-tapped" and their e-mails and instant messaging content left vulnerable for officials to pick through. Furthermore, the data accumulated by Web cameras and microphones in PCs as well as their smartphones will be potentially affected too, he said.
Todd had a different perspective though, saying most citizens would accept that surveillance is an important part of law enforcement. However, people might become disgruntled with tracking activities if these are not limited to "justifiable circumstances" or are disproportionate in its application to the extent that daily personal activities are monitored just in case, and without knowing how the data is being used or by whom, she stressed.
Reiterating Todd's point, Singapore-based Shawn Lee told ZDNet Asia that he once received an e-mail from the country's Ministry of Defence requesting him to take down his blog post describing one of the military exercises he was involved in. He had no complaints over the incident, though, saying that online surveillance is a "necessity in order to keep the country safe".
"I haven't done anything wrong [and] I have nothing to hide, so it is fine that the government is tracking me," he said.
Housewife Lim Suet Hua, however, believed everyone is entitled to their privacy and the thought of being watched "scared" her.
"You might even be accused of having criminal intentions," she said. "If people joke about being terrorists, the government might [construe] our jokes as [fact]."
This is why Lovet said there is no clear-cut answer to how far governments and state agencies should go with online surveillance. Rather, it has much to do with the "personal morals" and "beliefs held by the society's inhabitants".
"The basic question is how much privacy you're willing to give up in the name of a society's stability and safety--assuming you believe that giving up that privacy will indeed bring stability and safety, rather than merely serving some lobbies' interest," the executive said.
From a European perspective, any surveillance activity carried out by state bodies is governed by established legislation, Todd stated. For instance, relevant laws may include specific procedures that must be followed to obtain a warrant to intercept communications, conduct surveillance and limiting who is authorized to conduct such activities and for how long, she elaborated.
Laws also provide the limits to ensure such activities are not just carried out as "fishing expeditions" but only where they are grounds to suspect unlawful activities and steps taken to act proportionally, Todd added.
In the U.K, legislation is accompanied by the Investigatory Power Tribunal, which exists to investigate complaints about public bodies concerning abusive use of powers in contravention of surveillance legislation, the lawyer pointed out.
Singapore's Ministry of Information, Communication and the Arts (MICA) and IT regulator, the Infocomm Development Authority (IDA), could not be reached for comments on online surveillance and what are its parameters.