W7y8w3

Lastly, the fact that Safaricom, which is Kenya’slargest telecommunications service provider, isbuilding the system raises doubt about the integrityof the system, the company’s independence,and the apparent conflict of interest. The companyhas over 20 million subscribers 30 whose personalinformation it keeps pursuant to laws requiring SIMcard registration. There are fears that its role in thedevelopment of the system may compromise its independence,including that of its network. There arealso worries that Safaricom will enable law enforcementto easily access its database of users to matchwith the facial recognition data. The company in recenttimes came under sharp criticism for disclosingpersonal information to third parties as part of itsbulk SMS services, despite clear provisions to thecontrary in its terms and conditions. 31ConclusionsIt is important to note that despite the presence ofconstitutional guarantees on the right to privacy, theabsence of a proper policy and legislative regimefor privacy protection means that the use of facialrecognition technology in surveillance will result inserious implications for privacy and personal safetyand lead to the violation of fundamental rights andfreedoms. Therefore, it is time for laws that limit theuse of facial recognition data collection.A report 32 by the US National Academy of Scienceshas concluded that biometric recognitiontechnologies are inherently probabilistic and fallible.In addition, according to the SurveillanceStudies Centre at Queen’s University in Ontario,Canada, urban surveillance systems have not beenproven to have any effect on deterring criminals. 33Whereas fears over insecurity have led todifferent sectors of society welcoming the introductionof the project, it must be stated that30 About Safaricom, Safaricom, www.safaricom.co.ke/about-us/about-safaricom31 Terms and Conditions, Safaricom. www.safaricom.co.ke/about-us/about-safaricom/terms-conditions32 National Research Council. (2010). Biometric Recognition:Challenges and Opportunities. Washington, DC: TheNational Academies Press. https://download.nap.edu/login.php?record_id=12720&page=%2Fdownload.php%3Frecord_id%3D12720; see also: National Academy of Sciences. (2010,September 24). Automated biometric recognition technologies‘inherently fallible,’ better science base needed. The NationalAcademies. www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=1272033 Kelly, H. (2013, April 26). After Boston: The pros and cons ofsurveillance cameras. CNN.com. edition.cnn.com/2013/04/26/tech/innovation/security-cameras-boston-bombingstechnology alone is insufficient to deal with crime.It can only be used to complement other initiativesby law enforcement to fight crime. Facial recognitiontechnologies are not always foolproof oraccurate. And as such, they ought to be designedand implemented with not only this in mind, butalso with consideration to the social, legal and culturalfactors that can affect the effectiveness andacceptance of the systems.Action stepsMoving forward, the following are recommended:• The Data Protection Bill 2013 should be amendedto take cognisance of facial recognitiontechnologies, and its adoption fast-tracked.• There is a need for clear regulations and safeguardson the collection, access, retrieval,processing, storage, use and disclosure ofpersonal data, including biometric information.This includes legislation that governsintermediaries.• The proposed surveillance project should notstart before the adoption of proper privacy safeguards,including the Data Protection Bill.• A comprehensive privacy impact assessmentshould be conducted before developing andpurchasing new technologies that will collectpersonal information including biometric data.• The CCTV cameras should be located only inpublic spaces.• Mechanisms should be put in place to regulateall state security, intelligence, policing, andother law enforcement agencies, to ensure theyobserve the rule of law and are transparent anddemocratically accountable.korea, republic ofCommunications surveillance in South KoreaJinbonetChang, Yeo-Kyunghttp://act.jinbo.net/drupal/englishIntroductionThe Korean Railway Worker’s Union (KRWU) wenton strike on 9 December 2013 opposing the privatisationof the railroad. The Korean government’sresponse was hard-line, and the police imposedwidespread surveillance on the striking workersand their families.Firstly, the police acquired all the mobile communicationrecords of union members and theirfamilies, including schoolchildren, and trackedthe real-time location of their mobile phones – themobile service providers had offered to providethis information at 10-minute intervals for severalmonths. The police also asked popular websites,such as game sites and internet shopping malls,to provide the real-time access IP addresses ofthe workers and their families. The mobile serviceproviders also handed over the identities of about300 to 400 people who talked on the phone withthe strikers to the police, who used this informationto interview the subscribers about details oftheir relationship with the strikers. Railway workersand human rights NGOs, including Jinbonet, filed apetition to the Constitutional Court against the realtimelocation tracking on May 2014.Policy and political backgroundThe NGOs argued that the lack of adequate legalrequirements for police to access communicationmetadata in an investigation is unconstitutional.The authorities conduct surveillance on workersexercising their right to strike as if they were criminals– they have been maintaining a DNA databaseof criminals, which includes striking workers, since2010. 1 Communications surveillance in particular,which has insufficient legal control given the rapiddevelopment of the internet and mobile technologies,has significantly extended the power of thepolice and the intelligence agency beyond the law.Communications surveillance in South Koreais regulated by the Protection of Communications1 act.jinbo.net/drupal/node/7631Secrets Act (PCSA). The previous military dictatorshipin South Korea had conducted communicationssurveillance for a long time without any legal regulation.The PCSA, passed in 1993 in the aftermathof a wiretapping controversy among presidentialcandidates, allows the intelligence agency andinvestigation agencies to intercept the content ofcommunications in real time with prior court approval.The content of communications such asstored email or SMS messages is provided to agencieswith a prior warrant for search and seizureunder the Criminal Procedure Act. However realtimewiretapping on foreign groups and nationalscan be conducted merely with the approval of thepresident. The intelligence agency and the investigationagencies can wiretap in real time by makinguse of intermediaries, including telecommunicationservice providers, or by using their own technologies.They can also wiretap without any permissionfor 36 hours if it is considered an emergency.Since 2002 the PCSA has begun to regulatecommunication metadata: the record of the dateand the time of communications, the IP address,the internet logs, the location of the base stationor the communication device, etc. Although courtpermission has been required to collect communicationmetadata since 2005, when it is “necessaryto conduct any investigation,” the permission isgiven without any specific restrictions. Accordingto the Telecommunications Business Act, personalinformation to identify the subscriber or user suchas name, residential registration number (which isthe national ID number in South Korea), address,etc. is separately provided to the agencies withoutany permission from external supervisory agenciessuch as the courts.Ex-post notification 2 has been implemented regardingundercover communications surveillance:users have been notified of wiretapping since 2001,of the handing over of communication metadata toagencies since 2005, and of the search and seizureof stored communications content since 2009. 3 Thepersonal information of the subscriber or the useris not included in this notification. The government2 Police notify persons of the fact that they became a target ofwiretapping within 30 days after the decision is made.3 However, in the last two cases the violator was not punished.158 / Global Information Society Watch korea, republic of / 159