Could we be slipping into a total surveillance state with no way out?

Solicitor Ernest Aduwa examines the rise in the use of facial recognition and the implications of such technology being deployed in public.

Ernest’s article was published in SC Magazine, 13 August 2019, and can be found here.

Many lawyers still use WhatsApp as a preferred method of communicating sensitive information. The app has been compromised before & should never be used to communicate any sensitive information.

Parallel construction is when law enforcement originally obtains evidence through secret (arguably unlawful) surveillance techniques but then seeks to adduce it in evidence, asserting it was obtained by, for example, an anonymous tip off. By doing so, an agency can hide its surveillance techniques from public scrutiny and potential criminals.

Lawyers have become an easy target of state sponsored cyber-attacks, and the reason for this is obvious – lawyers are the guardians of privileged information. Why wouldn’t the state security agencies want to know what is being discussed between a lawyer and his/her client, who is on an international most wanted list? Why wouldn’t the police want extra information that secures, in their minds, the conviction of those whom they believe are guilty of criminal activities.

Arguably, we should all expect nothing less of the state to keep all individuals under surveillance (overtly and covertly). Notwithstanding this, there is a degree of nonchalance amongst the masses (lawyers included) about how seriously they take cyber-security.

People often say “WhatsApp call me is safe” or “don’t text, just WhatsApp.” The idea is that by using an internet based app to communicate, you are somewhat off the grid of the prying Five Eyes. Obviously, if one’s physical phone ends up in the wrong hands then WhatsApp’s encryption is useless, especially if PINS and passwords are obtained. But consider there was no need for a phone to leave the hands of its owner in order to obtain all information stored on it, unlawfully.

In May 2019, WhatsApp revealed it was the victim of a cyber-attack resulting in users phones effectively becoming spyware, allowing everything on the phone, including photos, emails and texts to be easily accessed by the attackers, despite the app claiming to be end to end encrypted. It is not the first time WhatsApp has had to fix a critical vulnerability and it probably will not be the last.

WhatsApp urged its 1.5 billion users to update their phones immediately. Allegedly, an Israeli cyber-intelligence company, NSO Group, developed the spyware.

Arguably, those who thought WhatsApp was a safe and secure method of communicating may have not taken their privacy completely seriously. What is concerning is that many lawyers do (still) use WhatsApp as a preferred method of communicating sensitive information. The app should never be used to communicate any sensitive information whatsoever. In the same way, Google search and other search engines that hoard user data should never be used by lawyers to search for anything that relates to their clients.

It will almost be impossible for anyone to prove that data obtained via those applications is being used as part of a mass surveillance project, but if you have your client’s best interest in mind you would not take the risk of using any such applications.

Whether we accept it or not, we should all expect the state to maintain a thorough surveillance policy. It should also be expected that every citizen, especially those who are lawyers and professionals, as a bare minimum should be using their own military grade PGP encrypted devices to communicate in day to day life. It is important to remember that nothing is fully secure and no one thing alone can ensure ultimate privacy – in certain circumstances, the somewhat old fashioned method of meeting face to face and writing necessary information down on a piece of paper that is burnt thereafter is the safest way to communicate – albeit not always very practical.

In essence, complaining about state sponsored surveillance is a huge distraction and a waste of time. More efforts ought to be put into being able to communicate freely and securely in an environment where states and huge organisations will do whatever it takes to obtain information.