In this blog, Andrew Hills draws on his law enforcement background to delve into the data privacy issues inherent in all forms of intelligence analysis and the regulatory and practical privacy requirements for deploying open-source intelligence (OSINT).
In the wake of allegations of US intelligence agencies spying on citizens in 2013, then US President Obama reminded the press, “I think it’s important that you can’t have 100% security and then also have 100% privacy and zero inconvenience”. In a phenomenon akin to the security dilemma , the battle between law enforcer and criminal to gain technological superiority creates a paradigm whereby each is constantly trying to become the most technologically advanced (McQuade 2006, p. 32). This has created an environment in which not only law enforcement, but now private companies, possess complex and powerful investigation and intelligence gathering tools in order to keep up with a technologically advanced adversary. The result can raise concerns about the erosion of privacy to the average citizen.
Historically, some of the most basic surveillance technologies have impeded on the privacy of the public; the introduction of closed-circuit television in public places is one enduring example. Yet, for a small reduction in privacy, it has provided law enforcement the ability to detect and investigate crimes that previously would have been unsolvable (White 2013, p. 17). and arguably provide a key aspect of crime prevention given would-be offenders know that their movements are being watched. OSINT collection can be applied in the same manner as CCTV; that is, monitoring online publicly available information to collect intelligence and/or evidence of nefarious activity. Whilst there is a legitimate argument for privacy implications, the targeted risk analytics of OSINT allows for the rebuttal of any suggestion the broader public is at risk of ongoing monitoring. Certainly, in comparison to the CCTV camera that indiscriminately monitors the street corner, an OSINT collection tool with targeted risk detection and analytics is far less invasive.
BALANCING INTELLIGENCE ACCESS & OSINT PRIVACY
Criminals use the internet for fraud, identity theft and illicit trade whilst terrorist networks utilize its expanded reach for recruiting, radicalization, encrypted messaging and more. For law enforcement, the employment of sophisticated monitoring and interception capabilities is essential to successfully disrupt criminals and to mitigate the impact they have (Potoglou et al. 2017, p.812). Even the most basic OSINT collection and analysis can be a powerful information collection tool. Advanced OSINT collection tools offer an additional parallel capability to some of the traditional entrenched collection systems, such as telecommunications interception at a fraction of the cost. However, despite OSINT largely referring to the collection of publicly available data, the new “INT” on the block still shares some of the same privacy implications of the existing INTS, which must be carefully managed.
Whilst the public must be willing to accept a trade-off between security and their privacy, a high level of oversight and control must be maintained in order to ensure that the average citizen’s privacy is not compromised without lawful reason. In most countries, this comes in the form of legislative authority regulated by judicial oversight. Legislation such as Australia’s Surveillance Device Act 2004, the United States’ Omnibus Crime Control and Safe Streets Act, and Foreign Intelligence Surveillance Act, or the UK’s Investigatory Powers Act provide this authority, with judicial oversight provided by the criminal court process. This legislation generally dictates that the more invasive a capability is on the public’s privacy, the more oversight and control must be applied. This creates an environment where only the most serious matters are addressed with invasive surveillance methodology, leaving a worrying amount to fall through the cracks.
OSINT – FAR REACHING, LESS INTRUSIVE
This is where OSINT collection comes into its own; when employed passively most operations do not require the same rigorous authority and oversight, as passive collection of open-source data is akin to a CCTV camera on a street corner or overhearing a conversation in a restaurant. The activities collected from OSINT are exactly that; they are open source, occurring in the public domain, and therefore not afforded the same privacy protections. Like the impact CCTV had on criminal investigations, OSINT is having a similar effect by giving law enforcement, intelligence agencies, and private industry alternative access to information ordinarily obtainable only by expensive, resource intensive methods.
Think of your OSINT collection tool as your surveillance team for the public online space. The access available to the target directly impacts the intelligence that will be garnered – you want your tool to be just as close to the source as the physical team. Fivecast ONYX deploys proprietary and unique data collection technology, enabling intelligence analysts to securely undertake persistent collection of real-time data related to their specific requirements. With a customizable risk detection framework, only data that is of direct relevance to the mission can be collected and analyzed which protects data privacy and avoids analysts needing to trawl through masses of unrelated data.
Barker, C, Petreie, C, Dawson, J, Godec, S, Porteous, H& Purser, P, 2017, Oversight of the intelligence agencies: a comparison of the ‘Five Eyes’ nations, research paper series, 2017–18, 15 December 2017.
McQuade, S, 2006, ‘Technology-enabled crime, policing and security’, The Journal of Technology Studies, vol. 32, no. 1, pp.32-42, (online JSTOR).
Potoglou, D, Dunkerley, F, Patil, S, Robinson, N, 2017, ‘Public preferences for internet surveillance, data retention and privacy enhancing services: Evidence from a pan-European study’, Computers in human behaviour, vol. 75, pp.811-825, (online Elsevier).
White, J, 2013, ‘The anti-surveillance state: New products that are challenging law enforcement’, Journal of the Australian Institute of Professional Intelligence Officers, vol. 21, no. 2, (online Informit).
Inayatullah & Milojevic 2015, p. 62 Selecting futures: The role of conviction, narratives, ambivalence, and constructive doubt.