Safety & Privacy

Researcher Safety & Privacy: a two-way street

The safety of the researcher is achieved with good privacy processes and responsible use of technology. mSIS delivers both.

The privacy of investigation subjects & associates is achieved through compliance with the legislation and responsible use of technology. mSIS delivers both.

Application Privacy and the Supplier - Customer Relationship

When mSIS is deployed, Qwarie cannot see any of your research activity or the evidence you gather.
All processing activity is performed on your local or cloud desktop.

Qwarie does not collect any personal information about mSIS users, except;
The only personal information required by Qwarie is the name and e-mail address of the customer administrator(s).
The Customer Administrator might set-up mSIS researcher user accounts, and there is no obligation to provide any personal information concerning the mSIS research users. 
Each individual mSIS research user might be recorded in the Qwarie CRM by the admin user, applying a unique alpha and/or numeric identifier, for each mSIS research user.
No e-mail address is required for users without admin permissions.

The user ID is applied to all research performed by the mSIS research user, so that in the event of litigation or prosecution, the customer might be required to declare the identity of the mSIS user, in a court of law.

Protection of Researcher Identity and How to Stay Safe

Aside from page archiving, and risk of a case compromise, an OSINT researcher might reveal their own identity through a browser that is not private, as a consequence of other internet activity that is not related to an investigation. Gathering information about any user is the core business model of some browser providers.

 

Investigation Safety

Compliance with the legislation and guidelines provides safe investigation and successful prosecutions. mSIS delivers.

The Research Process and Legal Obligations

UK Privacy Legislation and Investigation Compromise

In the UK, Public Authorities and all of their employees with a law enforcement role, are obliged to comply with the LED and IPA 2016, where any warrant has been obtained. There are special guidelines for MI5, SIS (commonly known as MI6) and GCHQ. Research that is performed outside of the legislation might compromise a whole investigation.

Just one example of a legal obligation is the process of logging. The ICO sets out the obligations.

The easy solution that facilitates compliance, is to deploy mSIS LE, where all of the obligations are satisfied with the routine use of the application and with no requirement for extra work.

In the UK, private-sector researchers are obliged to comply with the DPA 2018. Where the research process does not comply with the DPA 2018, the investigation might be compromised, and their might be legal liability to the subject of any investigation.

Notably, the only entity that can perform safe research with no potential liability, is the private person.
Read on, to learn more about compliant research.

 

Privacy Obligations Relating to the Subject of Investigation

An OSINT researcher uses the internet to locate personal data about the subjects of their investigations. In that process, particularly while researching Social Media platforms, collateral data about other people, that are no part of the investigation, might be gathered.

Under the DPA 2018, the researcher has no legal basis to collect and save collateral personal data.
mSIS, protects the researcher by not allowing for immediate archiving of web pages. The researcher is obliged to perform diligent research, typically, taking screen-shots and saving data that relates to the subject and a legitimate other party.

mSIS does not deny the researcher the ability the capability to archive web pages. Archives might be taken of pages with limited data, that might be company websites. mSIS does not facilitate the easy and rapid arbitrary archiving of extensive social media pages.

Stay safe, protect your investigation and rely on mSIS to not expose you to the risk of non-complaint research.

 

The Risks of Non-Compliant OSINT Research

Non-compliant research is nectar for a defence counsel. Where it might be demonstrated that the evidence contains collateral data, with no legal basis for the collection, the judge might be asked to throw out the case, on the grounds that it contravenes the GDPR, or more specifically in the UK, the Data Protection Act 2018.

Where a public prosecution might seek to rely on the Law Enforcement Directive, a RIPA warrant might be required to process the research. However, it is unlikely that the authority shall extend to the arbitrary collection of data, about people that are not the subject of the investigation.

Qwarie recommends that in all OSINT, and particularly social media research, the investigator should stay safe, not contravene personal data legislation, and gather the information that relates only the subject(s) of the investigation, by way of relevant screen-shots.

Archive at your peril. Since the GDPR came into force, the Qwarie researchers have not archived a single page. We are confident that the case bundles we remit to our clients are GDPR compliant and our client will never be compromised.

Currently, defence counsels do not appear to be aware of the opportunities that non-compliant research affords their clients. When a defence counsel does become aware of this opportunity, this vulnerability might provide a greater benefit than the failed disclosure fiasco.

Stay Safe! Do not archive unless you are sure that no collateral personal data will be gathered by the archive.

 

How to Perform Legally Compliant Research

Where any research activity is performed with the Chrome or Edge browsers, there is a presumptive failure to comply with the legislation, as data relating to the subject of the investigation is passed to either Google or Microsoft, with no consent from the individual subject.
To perform legally compliant research, do not use the Chrome or Edge browsers.
The Firefox Mozilla and Tor browsers allow for legally compliant OSINT research.

 

How to Avoid a Research Privacy Compromise

During your OSINT research, use Firefox or Tor browsers.
For all other internet activity, use a Chromium based browser.
Qwarie recommends the Brave Browser for all internet activity that does include OSINT research.
Use Chromium at your risk, and avoid Chrome at all in any on-line activity.
With Chrome, Google collects info on every site you visit. 
With Chromium, Google can collect some of the info on your internet activity.
See FAQ 1.2

 

Mozilla Firefox & The Tor Browser

mSIS is an extension for the two browsers that do the most to protect user privacy, Mozilla Firefox and the Tor browser.

Qwarie has chosen to work with the Mozilla foundation because there is no commercial owner, that might seek to benefit by collecting information about the user's browsing behaviour.

Read the Browser section of the FAQs for information about the way other browsers harvest user activity data.

 

How to Make the Firefox Browser Even More Private

Check out the section with header: Grand List Of Things To Do After Installing Mozilla Firefox, at
https://securitygladiators.com/firefox-privacy-tips/

Public Confidence

No Bulk Data Collection

No Data Mining

No Surveillance Capacity

Ethical Investigations with mSIS

Safe Browsing

The Researcher's legal obligation

Deny third party data harvesting capacity

Prevent third party user profiling

Mozilla Firefox or The Tor Browser