The state of privacy in the 21st century is a worldwide concern, given the Internet's global reach. Although several key themes emerge when examining the impact of technology on privacy and security—including cyber crime (and crime fighting), the application of old privacy laws to new technologies, and whether companies can share customer data without consent—different countries find themselves grappling with distinct problems.
China: "Human Search" Invades Privacy
Over the past year or more, a concept known as "human search" (also referred to as an "Internet mob") has grown in popularity in China. Unlike the more constructive pursuit known as "crowdsourcing," where people worldwide connect to lend their creativity to some academic, artistic or business endeavor, human search involves people connecting via the Internet to track down information for one another, often to search for someone perceived as having done something wrong. A prime example of this came last week, when Chinese Internet users began a nationwide search for the father of Olympic air pistol gold medalist Guo Wenjun, who abandoned her 10 years ago and left her to the care of her coach. According to an August 12 Reuters story, although the search has not yet pinpointed the missing parent, tens of thousands of Web surfers and numerous chat rooms have reportedly joined the effort.
Other examples of human search are not as inspirational. Before jumping 24 stories to her death in December 2007, a distraught Chinese woman blogged about her husband's infidelity, including his name, workplace and other personal information, according to a San Francisco–based English language blog about Chinese issues called Fool's Mountain. This information, coupled with disparaging information posted about the husband by the wife's sister helped spread the word about the circumstances of the suicide. The husband has filed a lawsuit against three Internet sites and one of his wife's friends. As of mid-August, the wife's blog posting had received more than 9,700 comments.
The use of the Internet to invade privacy and commit crimes is also an important issue in China, as the country grapples with the same "phishing" scams that plague e-mail users worldwide. In April Chinese authorities arrested four men for breaking into online bank accounts using a computer virus called "graypigeon" and sentenced them to between two and a half and eight years in prison (they were also fined more than $20,000). The criminals planted the virus on various Chinese Web sites. When people visited those sites, they become infected with a covert "Trojan horse" virus that installed itself on their computers and stole user identification and passwords when these people did online banking, according to the CyberCrime & Doing Time blog.
China has also been at the center of claims that it has over time launched a series of network-based attacks against the U.K., France, Germany and the U.S. Although China's own stated military goals include improving the country's ability to wage information warfare, it is unclear whether the government or independent hackers working in China are behind these attacks.
(Additional reporting by the staff of Global Science)
Japan: Phishing and RFIDs
A pressing issue concerning privacy in Japan is the distribution of so-called "phishing" e-mails that pretend to be from a legitimate source (such as a bank) but direct recipients to Web sites designed to steal their personal information. The Japanese are also concerned with the loss (either through theft or carelessness) of personal information that they have entrusted to companies. The Japanese government began enforcing its Act on the Protection of Personal Information in 2005. The law's stated purpose is to protect the rights and interests of individuals while also considering the growing value of personal information to government and industry.
The act established the measures that the government and industry must take to ensure the protection of this personal data, such as obtaining consent before using personal information, ensuring it is accurate and up to date, and taking "necessary and proper measures" to protect it from being lost or stolen. The Japanese are generally not permitted to distribute personal information about citizens or clients, although there are exceptions: when this information is required by law, if it is necessary to protect someone from harm (and consent cannot be obtained immediately) or if the data are needed to improve public hygiene or protect children.
The Japanese are also rapidly developing new uses for biometric and radio-frequency identification (RFID) technology. NTT DoCoMo, for example, is beginning to offer a home security system in Japan in partnership with housing developer Sekisui House that uses RFID tags built into the cell phones NTT sells, RFID Weblog reported in March. RFID terminals have been affixed at the entrance of about a dozen test houses that allow only people carrying phones with a preregistered RFID chip to gain entry.
Japan is using biometrics from NEC Corporation and Daon to beef up its border security control. The companies in November installed a biometrically controlled border control system at Tokyo's Narita International Airport. The goals of the automated border control system include the prevention of terrorism, illegal immigration and other crimes. Fingerprints and facial images are obtained from persons entering the country who are 16 years of age and older (except for those legally exempted).
(Additional reporting by the staff of Nikkei Science.com)
The Middle East: Worries about privacy—a concern of the elite
In many Middle Eastern countries, most people can't afford a computer, let alone access to the Internet, so the security and privacy of information is generally not a concern. Some, however, who have access to this technology—primarily citizens of oil-rich countries—are perturbed about the security of their personal information when using the Internet. Social networks such as Facebook and MySpace are growing in popularity with young people in the region, although they are banned in some countries, such as Syria. Privacy, however, is tenuous; it is generally a risky proposition to challenge unauthorized governmental intrusion into one's computer.
Although the Egyptian interior ministry in July 2002 formed a specialized unit to combat Internet-related crimes, offenders are primarily punished according to the country's laws governing communications and the protection of intellectual property. That is the situation in most Middle Eastern countries.
There is very limited use of biometric security in Middle Eastern countries, although some airports, including Israel's Ben-Gurion Airport, have for years used iris-scanning biometrics to verify the identities of employees and passengers.
(Additional reporting by the staff of the Kuwait Foundation for the Advancement of Sciences)
Russia: Cyber Attacks and Phone Tapping
Amidst allegations that Russia has used its technological prowess to launch online attacks against its foes, in particular Georgia and Estonia, the dominant republic of the former Soviet Union has spent the past decade or more developing common principles and general rules that govern the use of information technology by Russia's government, businesses and citizens.
In 2000 then-president Vladimir Putin approved a doctrine that acknowledged that his country's national security was very dependent on its information security. The Russian government claims through this doctrine to recognize that better development and management of its information infrastructure will help the country's overall progress. Some of the "Putin Doctrine's" stated goals are to ensure the rights and freedoms of Russians to freely (but legally) seek, receive, transmit, produce and disseminate information while ensuring the rights of personal and family privacy, confidentiality of correspondence and telephone conversations as well as postal, telegraphic and other communications.
In 2006 the country adopted a law creating common standardized requirements for the collection and processing (storage, update, use, disclosure and the provision of) personal data.
Despite these progressive steps, Russia's Federal Security Service (FSB), the successor to the KGB, has over the past decade conducted phone tapping using its system of operative investigative activities (SORM). The subsequent version, SORM 2, requires Internet service providers (ISPs) to install surveillance devices and high-speed links to local FSB departments which, after a warrant is issued, give the FSB direct access to the communications of Internet users, according to Privacy International, a U.K.-based nonprofit that monitors privacy-related issues.
(Additional reporting by the staff of Mir Nauki)
The U.K.: Advertisers, Consumers Clash
One of the biggest privacy issues affecting the European Union in recent months involves Internet service providers' efforts to give customer information to advertisers. The European Union is giving the U.K. until the end of August to clarify whether Phorm, Inc., a Web traffic monitoring system based in New York City, violates European privacy laws.
Three U.K. Internet service providers have already signed up to use software from Phorm, which tracks users' Web habits in order to better target ads at them. London's British Telecommunications, PLC, (BT) has already tried out the technology a couple of times on its customers without their consent or even informing them that they were under surveillance.
Phorm's Webwise software matches the categories a person browses on the Web with specific advertisers. The company says its software installs a cookie in a person's Web browser that assigns a unique, randomly-generated number to that customer in order to preserve anonymity. On its Web site, Phorm claims that it is focused on "creating a new 'gold standard' for user privacy, a more relevant Internet experience, and more value for advertisers, publishers, Internet service providers and others in the online ecosystem."
However, the Information Commissioner's Office—which enforces the U.K.'s Data Protection Act, Freedom of Information Act, and its Privacy and Electronic Communications Regulations and Environmental Information Regulations—ruled in May that no action would be taken against the telecom company due to the "difficult nature of explaining to consumers what [BT] was doing," the BBC reported on August 6. The commission did add that companies must get customer consent before using Phorm in the future.