mSIS Privacy & Safe Research

Privacy is much more than protecting your own user data. Privacy is key to safe OSINT research.

mSIS is an extension for the two browsers that do the most to protect user privacy, Mozilla Firefox and the Tor browser.

Qwarie has chosen to work with the Mozilla foundation because there is no commercial owner, that might seek to benefit by collecting information about the user's browsing behaviour.

Read the Browser section of the FAQs for information about the way other browsers harvest user activity data.

Customer Privacy

Qwarie cannot see any of your research activity or the evidence you gather.
All processing activity is performed on your local or cloud desktop.

Qwarie does not collect any personal information about mSIS users, except;
The only personal information required by Qwarie is the name and e-mail address of the customer administrator(s).
The Customer Administrator might set-up mSIS researcher user accounts, and there is no obligation to provide any personal information concerning the mSIS research users. 
Each individual mSIS research user might be recorded in the Qwarie CRM by the admin user, applying a unique alpha and/or numeric identifier, for each mSIS research user.
No e-mail address is required for users without admin permissions.

The user ID is applied to all research performed by the mSIS research user, so that in the event of litigation or prosecution, the customer might be required to declare the identity of the mSIS user, in a court of law.

Privacy Legislation and Compromise of the Research Process

This relates specifically to a Public Authority where employees are obliged to comply with the LED and where a RIPA warrant has been obtained. However, private-sector researchers are obliged to comply with the GDPR and might find their research process compromised.
Notably, the only entity that can perform safe research with no potential liability, is the private person.
Read on, to learn more about compliant research.

Research Privacy

An OSINT researcher uses the internet to locate personal data about subjects of their investigation. In that process, particularly while researching Social Media sites, collateral data about other people, that are no part of the investigation, might be gathered.

Under the GDPR, the researcher has no legal basis to collect and save collateral personal data.
mSIS, protects the researcher by not allowing for immediate archiving of web pages. The researcher is obliged to perform diligent research, typically, taking screen-shots and saving data that relates to the subject and a legitimate other party.

mSIS does not deny the researcher the ability the capability to archive web pages. Archives might be taken of pages with limited data, that might be company websites. mSIS does not facilitate the easy and rapid arbitrary archiving of extensive social media pages.

Stay safe, protect your investigation and rely on mSIS to not expose you to the risk of non-complaint research.

The Risks of Non-Compliant OSINT Research

Non-compliant research is nectar for a defence counsel. Where it might be demonstrated that the evidence contains collateral data, with no legal basis for the collection, the judge might be asked to throw out the case, on the grounds that it contravenes the GDPR, or more specifically in the UK, the Data Protection Act 2018.

Where a public prosecution might seek to rely on the Law Enforcement Directive, a RIPA warrant might be required to process the research. However, it is unlikely that the authority shall extend to the arbitrary collection of data, about people that are not the subject of the investigation.

Qwarie recommends that in all OSINT, and particularly social media research, the investigator should stay safe, not contravene personal data legislation, and gather the information that relates only the subject(s) of the investigation, by way of relevant screen-shots.

Archive at your peril. Since the GDPR came into force, the Qwarie researchers have not archived a single page. We are confident that the case bundles we remit to our clients are GDPR compliant and our client will never be compromised.

Currently, defence counsels do not appear to be aware of the opportunities that non-compliant research affords their clients. When a defence counsel does become aware of this opportunity, this vulnerability might provide a greater benefit than the failed disclosure fiasco.

Stay Safe! Do not archive unless you are sure that no collateral personal data will be gathered by the archive.

Why Is the Privacy of an OSINT Researcher Important?

Aside from page archiving, and risk of a case compromise, an OSINT researcher might reveal their own identity through a browser that is not private, as a consequence of other internet activity that is not related to an investigation. Gathering information about any user is the core business model of some browser providers.

How to Avoid a Research Privacy Compromise

During your OSINT research, use Firefox or Tor browsers. 
For all other internet activity, use a Chromium based browser. 
Qwarie recommends the Brave Browser for all internet activity that does include OSINT research.
Use Chromium at your risk, and avoid Chrome at all in any on-line activity.
With Chrome, Google collects info on every site you visit. 
With Chromium, Google can collect some of the info on your internet activity.
See FAQ 1.2

How to Make the Firefox Even More Private

Check out the section with header: Grand List Of Things To Do After Installing Mozilla Firefox, at
https://securitygladiators.com/firefox-privacy-tips/