Digital Privacy: Issues and Challenges in Bhutan

Figure 1: Social Media Stats (Source: Social Media Hat, 2015)

Figure 1: Social Media Stats (Source: Social Media Hat, 2015)

Web based technology is increasingly growing. Internet and Social Media is a great place to share news, connect with friends and do online shopping. The speed of the Internet has led us to be flexible and changing in life style and how we communicate with each other. Facebook is the world’s most popular social networking website. It makes easy for us to connect, share and maintain contacts with family, friends and colleagues. According to the Social Media Hat (2015), Figure 1, there are 1.39 billion monthly active users on Facebook, 1 billion on YouTube, 540 million on Google plus, 300 million on instagram, 284 Million on twitter and 187 million monthly active users on linkedIn.

Privacy issues and Privacy laws

We live in a paradoxical world of privacy. Government agencies, online shopping companies and marketing websites are collecting personal information or personally identifying information about us. Studies have repeatedly shown that users are increasingly concerned about their privacy when they go online (Jensen & Potts, 2004).

Despites rapid growth in web-based technologies and their securities, western and developed countries are more concerned about privacy. Privacy issues and policies are well-debated topics in these countries. Many countries have privacy acts to provide safeguards against invasion of personal privacy either by government agencies, media body or individuals, for example the Privacy Act of 1974 in the United States, Data Protection Act 1998 of UK, the Privacy Act 1988 of Australia. In countries, such as Australia, the penalty for breach of privacy could range from 1 to 5 years in jail.



Privacy laws and related issues in Bhutan

Social Media is increasingly becoming popular among Bhutanese. Users not only use Social Media platforms to connect and communicate with each other but also to share information and breaking news. Our own bBay Facebook group, a Bhutanese version of eBay, has over 40 thousand members. The group page receives over hundred unique posts and over thousand comments within last 24 hours at any given time (excluding posts rejected by the admins). The only concern with the online forum is the privacy and the line drawn between public and private boundaries.

Does Bhutan have a privacy law?

There is a lack of literature as well as policies and guidelines related to privacy in Bhutan. Social Media Strategy and Guideline policy of Bhutan (2011), Bhutan Information and Communications Technology Policy and Strategies (2004) and Bhutan e-Government Master Plan (2014) reflected on Privacy. However, these documents have limited policies, guidelines and standards on privacy issues. This lack of standardization causes more cyber crimes and even makes it more difficult for decision makers.

Bhutan do have defamation law and offences against privacy defined under Sections 317-325 and 468-471 of the Penal Code of Bhutan respectively (2004). However, these laws do not seem to include offences for breach of privacy acts, such as publishing personal information online.

The need for such a law to deal with emerging issues such as cyber security, data protection and privacy issues were reflected in online forums and in several government documents including Bhutan e-Government Master Plan (2014).

Online User Behaviors

In Bhutan, it is not a surprise to find some individuals, media body or organisations posting pictures or personal details of others without a consent from the individual concerned. Some Facebook users often post online private details, such as citizen ID number, and date of birth. Part of the reason for this is a lack of laws and policies in the country. The other reason is the mindset of the individuals, media body or organizations – we tend to take for granted.

As a social media behaviorist and a cyber citizen, I am concerned about privacy and privacy of others.

Did organizations, such as Phelkhil School, or Ap Bokto among hundreds others, seek a consent from the parents to publish their children’s pictures on the website or Facebook page?

Information Systems (websites) and Database in Bhutan

There is no doubt that information and communication technologies (ICT) have high potential value across all sectors, in both public and private enterprises and at multiple levels, in developing countries, such as Bhutan. Information systems and emerging technologies are used in education, industries, and government offices, and more importantly to provide one-stop portal information to its citizens and customers.

Figure 2: The official website of Royal Bhutan Police was hacked in April 2011 (Source: ThimphuTech)

Figure 2: The official website of Royal Bhutan Police was hacked in April 2011 (Source: ThimphuTech)

However, without a strong firewall and Internet security policy, information systems (websites) and database are exposed to external predators such as hackers and spammers. In Bhutan it is not uncommon to find some government official websites being hacked for months if not for weeks (see Figure 2).

Besides a strong firewall with demilitarized zone, it is also significantly important to have a strong user authentication attached with the information systems or database. It has been found that in Bhutan most of the database servers and websites have week user authentication systems. Due to week authentication security measures many online databases and websites in Bhutan are exposed to hackers and astute users. Among many flaws, following are some scenarios:

Bhutan national newspaper Kuensel, Bhutan broadcasting service (BBS) and Bhutan council for school examinations and assessments (BCSEA) publish class X and XII topers with their index numbers. The online website had only one level security check – index number- in order to retrieve data. Someone can easily check a randomly selected candidate’s class X and XII results and details.

Someone post pictures of a bunch of lost and found citizen cards, including personal details, on Facebook. An recruiting agent publishes citizen card number of the selected candidates on their website. It will not take more than 5 minutes for someone to find personal details, including the place of birth, of these people. Astute users may use these personal details for identity theft or other potential compromises.



Conclusion and Recommendations

Google remembers everything. What we publish is widely accessible and could potentially be seen by anyone; now and in the future. It is almost impossible to fully retract content published in social media or websites. The personal information revealed on social media sites also attracts sexual predators. Because of its publicity and ability to go viral, we must be careful of what we publish on Internet and social media.

Organisations, such as Bhutan Information Communication and Media Authority (BICMA), have a crucial role to play not only to frame policies and guidelines for social media strategies but also to promote awareness to the general public. The lack of standards and regulations related to online privacy restrictions make us potentially vulnerable to cyber attacks.

General public and individuals, media body and organisations need to be made aware of privacy issues related to online publications.

They must know where to draw lines between public and private boundaries. Bhutanese, in general, are more generous and care for others. Online users often post and publish lost and found items, such as citizen ID card or driver license.

Figure 3: Personal details published on Facebook (Source: Facebook)

Figure 3: Personal details published on Facebook (Source: Facebook)

However, it is quite not right to post personal details, such as citizen ID number or date of birth, associated with the person. This could be avoided by hiding personal details from the snapshot (see Figure 3). Many smartphones these days have the inbuilt features to edit pictures.

Besides strong firewall, websites and online databases must utilize two or more multi-factor authentication mechanisms to authenticate online parties. This could be achieved by using two types of information from two different sources (e.g. citizen ID number or date of birth and passport number) as user authentication checks. This would not only prevent the system from hackers and scammers but also from impersonation theft of private data.

Advocates and scholars must establish a network of connections to promote and raise awareness to general public and cyber citizens, as well as to provide decision-making tool for the country. In addition, such awareness campaign would offer new information to general population, politicians, parliamentarians and policy makers.

References

Department of Information and Media. (2011). Social Media Policy of the Royal Government of Bhutan. Thimphu: Department of Information and Media.

Bhutan e-Government Master Plan (2014). Ministry of Information and Communications.

Jensen, C., & Potts, C. (2004). Privacy policies as decision-making tools: an evaluation of online privacy notices. Paper presented at the Proceedings of the SIGCHI conference on Human Factors in Computing Systems.

Bhutan Information and Communications Technology Policy and Strategies (BIPS) (2004).Ministry of Information and Communications.

Royal Court of Justice. (2004). Penal Code of Bhutan Thimphu: Royal Court of Justice Retrieved from http://www.judiciary.gov.bt/html/act/PENAL CODE.pdf.

The Soical Media Hat. (2015). Social Media Active Users.   Retrieved 20 March 2015, from http://www.thesocialmediahat.com/active-users

 Original edited Article published by Kuensel – National Newspaper of Bhutan on 28 March 2015. 


Share it:
This entry was posted in Bhutan, Social Media and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *