Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Security Challenges to Privacy

The protection of privacy can be seen as a security opportunity.  When the personal information of a nation’s citizens is protected, the security of that nation is enhanced.  And the inverse applies equally:  when the personal information of a citizenry is poorly protected, that nation and its economy are at risk.  Identity fraud and other types of fraud have grown dramatically in recent years, as has the abuse of personal information by criminals.  In this sense, data protection and privacy laws are not necessarily an impediment to combating crime and terrorism.

Of course there are legitimate situations where governments and other institutions may choose to gain access to personal information, and to search peoples' homes, files, and computers.  The increased fear of terrorism raises national security concerns.  The global flow of child pornography makes the task of national police increasingly difficult.  Cybercrimes may now be perpetrated against systems around the world without the individual criminal leaving his or her office.  It is for this reason that the Bangladeshi police established a special unit to deal with cybercrimes, and Thailand, Pakistan, and the Philippines have been active in developing laws and ordinances.  In fact, in a modern society, most forms of illegal activity involve technology in one form or another.  Even street theft can be solved with the aid of visual surveillance techniques, and suspects identified by reviewing mobile phone usage in the area at the time of the incident.  Data protection and privacy laws do not necessarily impede these investigations, but rather provide a framework of regulation for how these investigations are to be conducted fairly and lawfully, and in a proportionate manner.

This does not mean that governments haven't tried to introduce policies and systems that go beyond accepted privacy protections.  Governments argue that they must be granted new powers and new techniques to conduct surveillance to deal with these new and pressing threats.  And with the stakes so high and the threat of criminal activity so great, some argue that the authorities must be able to act with speed and stealth.  The most pressing surveillance initiatives include:

Extensive communications surveillance.  Governments are increasingly intercepting communications, requiring that communications service providers enable and conduct surveillance for governments. There is mounting evidence that there is an increase of unsupervised and unwarranted surveillance around the world.  According to reports, the Bangladeshi authorities are monitoring cybercafes,1 and internet and mobile phone activity,2 but it remains unclear how the actions of the police are regulated.   India is considering implementing a biometric system at Cybercafes that will take live photographs and require user names and address.3  There is talk of implementing mobile phone registration systems across the region, though with some resistance emerging from civil society, as well as from industry.4 India gave rise to significant controversy when it demanded that Research in Motion, the company behind the famous 'Blackberry' telecommunications devices, limit the use of encryption on their devices or their devices would be banned from sale.5 6

Enhanced transactional surveillance.  Every transaction we make, whether it is in the form of a purchase, a phone call, or even a physical movement, leaves a transaction record on some log, in some system run by some company.  Governments are well aware of the value of this information and have for years attempted to access it while reducing safeguards.  In many countries where police may have previously needed a warrant, they may now demand this information directly.  For instance, in 2008 after bombings in India, there were reports that the Indian police were accessing over a million mobile records.7  Some countries are going even further and stretching constitutional protections to the point of rupture by introducing 'data retention' laws.  While data protection laws would normally require that companies delete transaction logs when no longer needed, there are now laws being passed that require that these same companies retain data for an extended period of time in case it becomes of interest to the authorities in the future. Thailand's policy went live in August 2008,8 and similar policy was raised by the Bangladesh Telecommunications Regulatory Commission in 2006.9

Increased identification and tracking of individuals.  Anonymity used to be common place but increasingly, governments are seeking to authoritatively and continuously identify individuals.  Biometrics, being our physical traits such as our fingerprints, iris scans, and digital scans of our bodies are increasingly collected by governments so that they may identify individuals on ID cards and passports.  Governments are also collecting biometrics of visitors and storing them indefinitely, and combining them with biographic and behavioural information in order to prevent terrorist attacks and asylum abuses.  With technologies like radio-frequency identification chips (RFID) and 'smart' visual surveillance techniques individuals may be tracked and traced as they move around buildings, cities, and even countries.  India has recently announced its plans for a comprehensive identity scheme for the entire country,10 while more advanced systems are being contemplated in other countries as well.  For instance, Indonesia is considering placing RFID chips into AIDS patients.11

Centralised data flows.  While computers are no longer just the purview of governments, and advanced data processing occurs increasingly in the private sector, governments are ensuring that they are the recipient of as much information as possible in order to identify threats.  Financial companies must report to governments any 'suspicious activities' they may detect amongst their clients.  Travel companies are similarly  being compelled to report to governments the travel details of citizens and foreigners to ensure against the movement of terrorists and serious criminals across national borders. The personal information of millions of individuals is being centralized within government databases where it is processed, or 'data mined', to identify trends, suspicious individuals, and potential threats.

These new security initiatives are often  being established in agreements with other governments, and through international treaties such as the Council of Europe Cybercrime Convention, the International Civil Aviation Organisation's standards on biometric travel documentation, the U.S. Government's requirements for the disclosure of travel information on all flights to the U.S., and European Union rules,requiring internet service providers to retain email logs for up to two years.  As a result, however, there is little national debate and this has resulted in fewer and weaker legal protections against abuse.


  • 1. Cybercrime, a growing threat', Md. Kamruzzaman Ferose, in The New Nation, July 18, 2008.
  • 2. Anger at Bangladeshi snooping plans', Alistair Lawson, BBC News Online, September 23, 2003.
  • 3. Cybercafes to be Monitored in India, Peter Smith, IT Vibe, July 16, 2008.
  • 4. Hush! Big brother may be listening in Bangladesh', Sharier Khan, OneWorld, April 23, 2004.
  • 5. At last, govt cracks BlackBerry code', Times of India, September 22, 2008.9
  • 6. 'BlackBerry security issue makes e-com insecure', Surajeet Das Gupta and Leslie D'Monte, Business Standard, March 12, 2008.
  • 7. After emails, cops chase mobiles, Parth Shastri, The Times of India, August 4, 2008.
  • 8. 'Internet data law goes into force Aug 23', Bangkok Post, August 13, 2008.
  • 9. Cellphone firms now asked to record text messages', Abu Saeed Khan, The Daily Star, March 20, 2006.
  • 10. India to issue all 1.2 billion citizens with biometric ID cards, the London Times, July 15, 2009.
  • 11. 'Microchips for AIDS patients in eastern Indonesia', Niniek Karmini, Associated Press, November 24, 2008.