Thursday, 6 June 2013

Internet Communications Surveillance

It appears that governments all over the world are bent on spying on their citizens’ private internet or phone communications from the Middle East to Australia and to Nigeria. On Thursday June 6, 2013 the UK based newspaper; the Guardian released on their website a court order obtained by the National Security Agency (NSA) of U.S. directing Verizon - one of the largest phone companies in the US - to disclose to the NSA the metadata of all calls it processes, both domestic and international, in which at least one party is in the US. Such metadata includes telephone numbers, calling card numbers, the serial numbers of phones used and the time and duration of calls. It does not include the content of a call or the callers' addresses or financial information.

To some it might seem that collecting just metadata and not the contents of the call (what people say to each other when they are on the phone) is not harmful to privacy or freedom of expression and the press. However, such collection could be harmful as University of San Francisco law professor Susan Freiwald explained in a 1997 paper thus:

“For example, some information can be used to incriminate those who communicate with people involved in criminal enterprises. Further, some information can incriminate even without connecting the subject to other suspects. Several courts have held that an unusual volume of calls made immediately before, during, and after sporting events furnishes strong evidence that the caller is engaged in a gambling operation. Besides incriminating those who violate the law, communication attribute information yields evidence of those with whom one associates and the sources of one's information”

For more on what can be learned from people’s phone records and how these records can harm privacy and freedom of expression and the press read this article.

It seems that the Federal Government of Nigeria had similar intentions when as reported by Premium Times on April 25, 2013, it secretly and in open violation of lawful contracting procedures (See section 48(1) of the Fiscal Responsibility Act, 2007 which provides that the Federal Government shall ensure that its fiscal and financial affairs are conducted in a transparent manner and accordingly ensure full and timely disclosure and wide publication of all transactions and decisions involving public revenues and expenditures and their implications for its finances and Section 47 (3) (iii) of the Public Procurement Act 2007 which stipulates that single source contracts are to be awarded in emergency situations such as “natural disasters or a financial crisis”) awarded an Israeli firm, Elbit Systems, a $40million contract to help it spy on citizens’ computers and Internet communications under the guise of intelligence gathering and national security.

Fortunately, for the 47 million internet users in Nigeria (according to data from the Global Internet user, one of the Internet audit groups), the House of Representatives on Thursday, 30th May 2013 ordered the immediate suspension of the $40 million internet surveillance contract awarded to Elbit Systems, an Israeli Information Technology company by the Federal Government. The resolution of the House was that no further action should be taken on the contract until the outcome of the investigation of three committees of the House of Representatives. The committees, namely the committees on Human Rights, Information and Computer Technology as well as the Committee on National Security have three weeks to complete their investigations and make their findings known.

In as much the government may need to monitor internet and phone communications in the interest of national security or the fight against terrorism it must do so in a manner consistent with the 1999 Constitution of the Federal Republic of Nigeria which guarantees the right to privacy of Nigerians (section 37) and freedom of expression and the press (section 39) and the African Charter on Human and Peoples Rights which Nigeria has ratified. However, I do not think the Government necessarily needs to eavesdrop on or monitor our internet communications in order for it to stamp out the dreaded Boko Haram or other security challenges confronting Nigeria today. One should be able to have a private conversation online, just as one can have a private conversation in person. The situation in Nigeria is compounded by the non-existence of specific data privacy and lawful interception laws.

Frank La Rue (Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression) in his report to the 23rd session of the Human Rights Council stated how restrictions on anonymous online communications or surveillance of internet communications of citizens affect the freedom of expression enshrined in section 39 of the Constitution thus:
"Anonymity of communications allows individuals to express themselves freely without fear of retribution or condemnation. Restrictions of anonymity in communication, for example, have an evident chilling effect on victims of all forms of violence and abuse, who may be reluctant to report for fear of double victimization. States should refrain from compelling the identification of users as a precondition for access to communications, including online services, cybercaf├ęs or mobile telephony...restrictions on anonymity facilitate State communications surveillance by simplifying the identification of individuals accessing or disseminating prohibited content, making such individuals more vulnerable to other forms of State surveillance. In this sense, restrictions on anonymity have a chilling effect, dissuading the free expression of information and ideas. They can also result in individuals’ de facto exclusion from vital social spheres, undermining their rights to expression and information, and exacerbating social inequalities."

In closing I wish to align myself with the suggestions/recommendations of Paradigm Initiative Nigeria (PIN’s) Policy Brief No. 1 entitled; Nigeria: Making A Case For Enduring Internet Freedom:

"The advised course of action for the government would be to work toward the passing of Data Privacy and Lawful Interception laws that:

1. Prescribe the fundamental privacy rights of citizens and define the legal frame work around surveillance.
2. Accord data privacy more priority than it currently has now. This is all the more urgent considering the numerous government and private institutions that hold sensitive citizen data. These include the National Identity Management Commission, Independent National Electoral Commission, Nigerian Communications Commission, Federal Inland Revenue Service, Nigerian Immigration Service, Federal Road Safety Corps, and banks.
3. Clearly outline provisions for interception in pursuit of a safer country without sacrificing the freedom of citizens or their constitutional right to communicate freely, including on the Internet.
4. Provide sufficient safeguards against abuse and opportunities for redress where infringement occurs."

I do sincerely hope that our legislators will take into cognizance the report of the special rapporteur Frank La Rue and especially the portion of the report quoted below when enacting the data privacy and lawful interception laws as recommend in this write up:

"The right to privacy is often understood as an essential requirement for the realization of the right to freedom of expression. Undue interference with individuals’ privacy can both directly and indirectly limit the free development and exchange of ideas. … An infringement upon one right can be both the cause and consequence of an infringement upon the other."

Monday, 3 June 2013

Why You Should Format or Permanently Delete Data on Your Laptop Computer before Selling It

Always ensure that you format or completely wipe off the data on your laptop computer, phone or USB flash drive before selling it. This might save you from a lot of trouble, embarrassment or legal action depending on which part of the world you are in. The story of a 25 year old American; Brian K. Rogers might make you want to have a rethink when you are selling your laptop computer, USB flash drive or phone. Brian sold his laptop to a pawn shop. The company while trying to restore the laptop to factory settings so that it could be resold discovered files (videos and images) of child pornography in the recycle bin of the laptop. In case you are not aware, it is an offence to knowingly possess child pornography in the US. The company contacted the police and upon investigation Brian’s desktop computer at home was searched and more child pornography files were discovered on the desktop. He was charged to court, tried, convicted and sentenced to 5 years imprisonment and also ordered to pay more than $3,000(about N480,000) in restitution to a victim in a video he downloaded. He was also sentenced to eight years of probation. Brian’s story can be found here  and here.

Now, only if Brian was careful enough to format his laptop before selling it to the pawn shop, his criminal activities won’t have been exposed. Brian been an American and in America where there is a high rate of computer literate persons you would expect that Brian would not take things like formatting his laptop before selling it for granted or he would know that it is crucially important for him to format his laptop before selling it. The implicating pornographic file was actually found in Brian’s recycle bin. It was that discovery that led to further discovery of implicating files on his home computer (desktop).

It is instructive to note that when you delete files from your computer they go to the recycle bin and even when you empty your recycle bin the contents of the file are not physically obliterated on your computer’s hard drive, but rather the file is simply flagged as deleted. More precisely, the space it occupies is marked as available for writing or saving new files. This means that the older the file, the less chance there is of successful recovery because it is more likely to have been overwritten by another newer file and this applies to your memory card or USB flash drive. However, with appropriate softwares (e.g. Recuva, Easus Data Recovery Wizard) the files could still be recovered if they have not been overwritten by new files.

In other words files that are deleted on your laptop or when you empty your recycle bin or format your laptop are not really deleted or permanently erased, it is only the links to where the files are located on your laptop or memory card or flash drive that are removed and despite allowing you to use the space for other files again, the actual information is still lurking on your disk space therefore even when you format your laptop files could still be recovered by an adept computer user using recovery softwares.

However to delete files and render them unrecoverable you try using such softwares like File Shredder which erases files permanently so it cannot be recovered and is part of Glary Utilites which can be found here or CCleaner which provides a method to permanently remove any deleted data from your hard drive, memory card or USB flash drive. For more information on how to permanently delete or erase data on your computer read this article.