Smart Sheriff – UN Human Rights Committee Submission – 17/10/2015

by | Mar 26, 2016 | Innovation and Regulation, Press Release, Privacy | 0 comments

Click here to download the fully annotated version with footnotes.

Mandatory Implementation of Filtering Application on Minors’ Mobile Phones

This submission specifically concerns a recent mandate by the Korean government which forces minors’ mobile phones to be monitored by private parties, which is clearly in violation of ICCPR art. 17 right to privacy and family life. Issue 20(d) of the CCPR/C/KOR/Q/4 deals with the operation of a program that enables teachers to control students’ mobile phones, and the concerned mandate requires de facto a similar program to be installed on minors’ mobile phones so that their legal guardians can monitor and control the phones. This issue could not have been raised earlier because the mandate came into force in April this year.

I. Background

In April 16, 2015, amendments to the Telecommunications Business Act (TBA) and its Enforcement Decree came into effect which made it mandatory for South Korean telecommunications business operators to provide the means to block harmful contents on minors’ mobile phones. The mandate was initially proposed by the Korea Communications Commission (KCC), when the government of the Republic of Korea has been sought to mandate a filtering application for mobile devices used by minors for some time. The grand plan “Measures to Protect Juveniles from Obscenity” to tackle increasing minors’ access to obscenity online was announced by the President Office and relevant ministries in March 2012.
Article 32-7 of the TBA states that telecoms must provide means to block harmful or obscene contents when selling mobile phones to juveniles, and prescribes any necessary matters to be specified in the Enforcement Decree.
Telecommunications Business Act Article 32-7 (Blocking of Media Products Harmful to Juveniles)

(1) Any telecommunication business operator using allocated frequencies under the Radio Waves Act must provide the means to block the media products harmful to juveniles under Article 2 Subparagraph 3 of the Juvenile Protection Act and the obscene information under Article 44-7(1)1 of the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. when entering into a contract on telecommunications service with a juvenile under the Juvenile Protection Act.

(2) The Korea Communications Commission may inspect the practice of providing blocking means under (1).

(3) Necessary matters such as methods and procedures in providing the blocking means under (1) shall be prescribed by Presidential Decree.

Article 37-8 of the Enforcement Decree, in accordance with Art. 37-2(3) of the TBA, sets out the procedure in more detail. The telecoms must inform juveniles and their legal representatives (normally the parents) about the blocking means, and check the installation of chosen means. However, the Decree does not stop here but further obligates telecoms to notify the legal representatives if the means was deleted or disabled.
Enforcement Decree of the Telecommunications Business Act Article 37-8 (Methods and Procedures for Providing Means to Block Media Products Harmful to Juveniles, etc.)

(1) According to Article 32-7(1) of the Act, a telecommunication business operator entering into a contract on telecommunications service with a juvenile under the Juvenile Protection Act must provide means to block the juvenile’s access to the media products harmful to juveniles under the Juvenile Protection Act and the illegal obscene information under Article 44-7(1)1 of the ICNA (“Information harmful to juveniles”) through the telecommunication service on the juvenile’s mobile communications device such as a software blocking information harmful to juveniles.

(2) Procedures prescribed below must be followed when providing the blocking means under (1):
1. At the point of signing the contract:
a. Notification to the juvenile and his/her legal representative regarding types, features, etc. of the blocking means; and
b. Check on the installation of the blocking means.
2. After closing the contract: Monthly notification to the legal representative if the blocking means was deleted or had not been operated for more than 15 days.

According to the Citizen Lab at Munk School of Global Affairs, University of Toronto, “[w]hile the possibility of limiting or monitoring minors’ mobile phone communications is encouraged in some jurisdictions, and many commercial products are available, South Korea has gone the furthest among all countries by mandating the installation of digital content blocking applications for minors.”
What is problematic, the regulation added the requirement of notifying parents in event that the blocking applications are not in proper operation, and what is even more, the government chose to recommend and promote to the industry as a legal requisite an application Smart Sheriff which has several remote control and monitoring features.
Since the laws came into effect in April 2015, according to the KCC, approximately 250,000 juveniles subscribed to new smartphone plans in the first two months, and 200 parents wanted to opt out of the legal requirement. However, the opt-out option is not provided under the law, and while the Enforcement Decree requires monthly notification if the application is not installed, it is yet unclear how the KCC is going to deal with noncompliance. And although the regulatory requirement applied only to new devices being purchased, schools sent letters home with children encouraging their parents to install a monitoring application.
With cooperation on implementation from numerous entities in the public and private sector, the new requirements to filter harmful contents on mobile phones became a pervasive parental monitoring and control mandate. Most filtering applications promoted as the blocking means required under the mandate provide extensive parental monitoring and control features, including Smart Sheriff, the one developed under the KCC’s support.

II. Violation of the ICCPR Article 17 Right to Privacy and Family Life

Article 17 of the ICCPR states, “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.” The mandate discussed above is clearly in violation of art. 17, interfering with children’s privacy and the parents’ family life.
According to the Enforcement Decree, at the point of signing the contract, the telecoms must notify both the juvenile and the legal representative about choices of applications they have and install the app of their choosing. Here is the first serious infringement on parental rights or interference with family as the law does not allow the parents to opt-out, thereby depriving the parents from a chance to make an informed decision on whether to accept such filtering or monitoring apps for their children. The law just assumes or forces consent of the parents, although there must be conscious parents who do not approve of such applications for privacy reasons or technical concerns.
Then the law further compels the telecoms to monitor the phones to ensure that the app is always active. This is a grave invasion on the children’s privacy, because it allows private parties to collect excessive information about the juveniles that are not required to meet the purpose of the law – to filter harmful contents online. Moreover, the parents will be notified or spammed nonetheless even if they gave consent to their children for deleting the app. This certainly constitute interference with family life.
Additionally, Smart Sheriff and other similar software enable various monitoring and controlling on the use of the smartphone. In the process, the software accumulates information such as the length of Internet usage, the websites visited, and contents of social media that’s been received and sent. This is aggravated by the mobile phone real name law – In the Republic of Korea, all phone numbers are personally identifiable as telecommunication subscription is only allowed on a real name basis. All the information collected will eventually allow a complete profiling of an identified juvenile’s online activities, and the juvenile’s privacy online will vanish. Moreover, such profiling of our children can be easily exploited by a malicious party.
Furthermore, Smart Sheriff and these software carry very serious privacy and security risks whereby cyber-attackers with reasonable levels of time and resources can delete or change the information on the youths’ phones, monitor the youths’ online activities, and possibly impersonate others in contacting the youths. These security risks, though not caused directly by the government actions, originated from the government mandate of requiring certain software to be installed and be in operation continuously in someone’s personal communication devices, which in turn necessitated constant monitoring software. It is uncertain whether the benefit of barring youths from viewing adult material justifies the cost of implanting such a comprehensive monitoring and control app in the youths’ personal communication devices, which engender a horrifying list of risks that requires special constant attention from the technical communities and all other stakeholders involved.

III. Suggested Recommendations

1. The Government of the Republic of Korea should immediately stop enforcing the mandate and provide a reasonable guideline to minimize the privacy and security risks on Korean juveniles.
2. The Government of the Republic of Korea should take steps to repeal or amend Article 32-7 of the TBA and Article 37-8 of its Enforcement Decree.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *