Open-Source Intelligence and the Implications for Data Privacy
Open source intelligence also referred to as OSINT can be simply defined as publicly available information. It entails information publicly accessible from sources such as the internet, public libraries and various forms of public records.
OSINT basically includes all information that anyone can find even if it means they have to a little bit more than just google it. This covers subscription-only content such as news and academic journals. Public accessibility is central to OSINT.
With advances in technology and the levels of mass disclosure of information via social media, the quality of OSINT accessible has improved greatly. OSINT can now be gathered from sources like websites, blogs, online chatrooms and social media uploads such as tweets and Facebook posts. This is the point at which OSINT coincides with data privacy.
Automated OSINT is one of the bigger privacy issues arising here. Automated OSINT involves the use of specially designed software which automates the process of web crawling and gathering of data from various sources. This can bring about privacy issues and concerns particularly if data leakages occur into public spaces.
Another major concern is the use of OSINT to gain access to secured organisational information via social engineering techniques. Social engineering can involve the use of OSINT gathered about an individual or corporation to deceptively portray genuineness about an existing situation (or impersonation) in order to access more vital information for fraudulent purposes.
A further concern with respect to OSINT and data privacy is the use of OSINT for law enforcement surveillance. This involves law enforcement officials monitoring social media posts and similar sources for information in order to forestall or prevent crimes, or to enable them to intercept crime in action. These measures are mostly applied to monitor international terrorism activity or extremist behaviour online. Nonetheless, it can cross the line into data privacy where human rights are encroached on as a result.
To conclude, organisation should consider the imprint of OSINT relating to them, their staff and their clients too in terms of social engineering and government surveillance concerns particularly considering the increase in automated OSINT software use. Further, any organisation currently using or intending to use OSINT would need to consider the possible implications of this on data privacy in light of the concerns discussed above.