Editorial | Regulating invasive technologies
It makes sense that senior law-enforcement and security officials, and not only the minister, be authorised to requisition from telecommunications companies information about people suspected of using their networks to commit crimes or undermining national security.
For, as Horace Chang, the national security minister, explained to Parliament last week – when he added to the senior officials in the police force the army and the Major Organised Crime and Anti-Corruption Agency (MOCA) to the group who can requisition such data – real-time information is often essential during investigations in which people’s lives are at stake.
“In the current situation, only the minister is entitled to seek immediate, real-time information,” Dr Chang said. “The normal course of acquisition indicates that you seek a warrant then proceed to get the information.”
But even as we endorse the minister’s action, we, like the shadow security minister, Fitz Jackson, urge caution and strong oversight in using the measure, lest they become a back-door route to the invasion of people’s privacy on the pretext of preventing crime and protecting national security.
Generally, intercepting someone’s communications requires law-enforcement officials obtaining a wiretap order from a judge, having made a case that there are reasonable grounds to believe that the target of the intercept has committed, or is about to commit, a crime, and that this encroachment on their right to private communication is important to an investigation.
However, the minister, with regard to certain offences, such as murder, treason, kidnapping and gunrunning, also had the authority to ask the telecoms to disclose data traffic, as well as business-related information, about the person under investigation. This power is now extended to the head of the police and the army, their key intelligence officials, and to the head of MOCA. This, on the face of it, is good for crime-fighting.
DEEPER CONVERSATION
These developments, we believe, beg a deeper conversation about oversight and regulation, especially in the context of the rapid evolution of highly intrusive artificial intelligence technologies, which pose threats to fundamental rights and freedoms as they are now understood. Not least of these is the right to privacy.
Last week, for instance, we noted the reports of the deployment by businesses in the north coast city of Montego Bay of facial recognition cameras, whose efficacy depends on their access to large databases of people’s images and their biographical information . There is no clarity on if, or where, these databases exist and whether they are subject to the rules of Jamaica’s new data-protection law.
But this is not an issue only of private businesses. Police in the city also suggested that they, too, were capturing citizens’ images with high-quality cameras, and were seemingly flippant about how the resultant data was managed. Law-abiding people have nothing to worry about the video recordings because only footage of “evidentiary value” was kept.
But whether citizens had a right of access to this yet-to-be-discarded, non-evidentiary information, and the basis on which decisions about the data is made, wasn’t disclosed. Neither has Minister Chang nor Police Commissioner Major General Antony Anderson responded to our invitation to address the issues highlighted last week.
PEGASUS SPYWARE
The matter, we believe, now has added currency, given last week’s ruling by an Israeli court, rejecting the bid by Amnesty International to have the export licence of the spyware company, NSO Group, rescinded. Prime Minister Andrew Holness has conceded that his Government is developing cybersecurity partnerships with Israel, but hasn’t offered details.
NSO Group, however, is on the watchlist of human rights and civil liberties organisations globally. It is accused of making its spyware, Pegasus, sold under Israel’s military regime, to repressive governments, which have used it against domestic opponents and human rights activists. Pegasus takes control of people’s phones via, among other ways, day-to-day applications, such as WhatsApp. It is capable of extracting even encrypted data.
There is no evidence that our Government– and wouldn’t expect them to contemplate it – intends to deploy malware against law-abiding Jamaicans. We, however, believe that the best deterrence is strong institutional arrangements rather than reliance on the innate decency of individuals. In the circumstances, Minister Chang should address the questions that we previously posed as a precursor to a larger conversation on how Jamaica will provide regulatory oversight of the new, intrusive technologies that are upon us.
