Nearly all countries have established some form of wiretapping capability over telephone, fax and telex communications. In most cases, these intercepts are initiated and authorized by law enforcement agencies. Wiretapping abuses have been detected in most countries, sometimes occurring on a vast scale involving thousands of illegal taps. The abuses invariably affect anyone "of interest" to a government. Targets include political opponents, student leaders and human rights workers.
Law enforcement agencies have traditionally worked closely with telecommunications companies to formulate arrangements that would make phone systems "wiretap friendly." Such arrangements range from allowing police physical access to telephone exchanges, to installing equipment to automate the interception.
Over the past decade the Internet has become an important tool for communication and research. The technology is growing at an exponential rate, with millions of new users going on line each year. The Internet is also used increasingly as a tool for commercial transactions. The capacity, capability, speeds and reliability of the Internet is constantly improving, resulting in the constant development of new uses for the medium. But this fluid structure has not protected the Internet from interception and control by authorities. Because the medium is new, it often lacks the protections found in conventional telephone systems. Law enforcement and national security agencies throughout the world have moved swiftly to establish default capabilities to intercept and analyze email and Internet traffic. The move has caused alarm, with rights groups demanding that email interception should not be treated differently than telephone interception. In Singapore, all ISPs are operated by government-controlled or related organizations and reportedly provide information on a regular basis to government agencies. In Russia, a proposal that all ISPs place a black box and high speed link connected to the Federal Security Service is currently being debated.
"Anonymous remailers," which strip identifying information from emails, can stop traffic analysis. They are the Internet equivalent of PO Box addresses. They have also generated opposition from police and intelligence services. In Finland, a popular anonymous remailer had to be shut down due to legal challenges that forced the operator to reveal the name of one of the users.
The recording of information about specific Internet activities has become one of the biggest emerging threats to Internet privacy. Every time a user accesses a web page, the server holding the page logs the user's Internet address along with the time and date. Some sites place "cookies" on a user’s machine to help track people's activities at a much more detailed level. Others ask for the user’s name, address and other personal details before allowing access. Internet purchases are similarly recorded. On-line stores value such data very highly, not least for the potential to sell the data on to marketers and other organizations.
Some technical solutions have been devised to counter such activities. "Anonymising" software allows users to browse the Web without revealing their Internet address. "Cookie cutter" programs stop sites from putting cookies on a user’s machine, and are now built into most browsers. Anonymous digital cash lets consumers make payments without revealing their identity.
Data Protection Principles
One of the main ways in which your rights are protected is by imposing a duty on those who handle your personal data to do so in accordance with the following Principles.
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.