FinSpy rumors are likely to be just that, but breaches of privacy online remain a concern for many.


It was an alarming headline taken from an article by Yahoo!SG: “S’pore among 25 govts using spy software: researchers.” The article, revolving around a report published by Citizen Lab, a think-tank at the University of Toronto, about a form of intrusion and surveillance software called FinSpy, made by UK-based Gamma Group International, suggested that the Singaporean government has been using software that allows them to “grab images off computer screens, record Skype chats, turn on cameras and microphones and log keystrokes.” A frightening thought…if it were true.

A closer look at the original Citizen Lab report reveals that the researchers merely found a “command and control” server for FinSpy in Singapore, operated by the company GPLHost. That company provides multi-domain hosting and has a presence in cities like Seattle, Paris, Singapore, Kuala Lumpur and Sydney, with most of their servers managed remotely.

The presence of a server in Singapore running FinSpy does not mean that it is being operated by a Singaporean, much less the Singaporean government. The Ministry of Home Affairs has denied that the government uses FinSpy (and the Yahoo!SG article has since been updated to reflect this).

Citizen Lab’s report may have triggered a false alarm, but many Singaporeans wonder about the degree of internet freedom they actually enjoy.

Chong Kai Xiong is a computer programmer who has volunteered with civil society groups, helping them with tech support and giving tips on IT security. “I would be somewhat surprised to see the government using FinSpy and similar software,” he said. “The main reason for my reservation is that FinSpy is intrusive and involves deception. Its installation is not automatic; the user must be deceived to click on the program stored in an email attachment. If found out, I think they would be in a lot of political and legal trouble.”

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

However, Chong warned that there is still a possibility of the government relying on some form of online surveillance. “The common uses of the Internet are not well secured by design, which is unfortunate. A lot of unencrypted data gets sent over the wire. If the government is able to wiretap our connections, which is very likely, they can gain a lot of information. But the thing is that there is no proof of this yet.”

Of course, internet surveillance is not the sole option open to governments. Old school methods exist too, and Singaporean activists have not failed to notice the government’s efforts to keep tabs on them.

Martyn See, a filmmaker whose political subjects have led to some of his work being banned in the country, added, “I believe that the government is monitoring dissidents and suspected religious extremists online. The US State Department’s annual human rights report on Singapore states so, and the Singapore government has never refuted that.”


See also points towards other methods of surveillance, such as embedding moles or spies in civil society and opposition groups. “During my interrogations by the police over my film on Chee Soon Juan [the controversial Secretary-General of the alternative Singapore Democratic Party], I was shown minutes and photos of SDP internal meetings and workshops where I've had to identify certain people in the photos,” he says. “One must understand that the Internal Security Department is carved out of the Cold War period and its surveillance methods are thorough and invasive. There were obviously moles in the SDP then.”

These more traditional surveillance techniques may be used from time to time, but they are time-consuming and expensive. And they are increasingly redundant in a world where we are all happy to post information freely on social networks for the world to see. As Chong warned, “Surveillance can mean watching public communications, not only private ones.”

According to SocialBakers, 58.66 percent of Singapore’s population uses Facebook. Add to that Twitter users, Tumblr users and bloggers. With over 2.76 million people sharing information about themselves online, many publicly, monitoring conversations and activity is a piece of cake. Infiltration is also easy enough. How much do we really know about some of our Facebook “friends”?

Diplomat Brief Weekly Newsletter N Get first-read access to major articles yet to be released, as well as links to thought-provoking commentaries and in-depth articles from our Asia-Pacific correspondents. Subscribe Newsletter

An often overlooked fact amid the hype surrounding Internet surveillance is that the government isn’t the only one monitoring us online. Corporations do it too – perhaps even more often than government departments do – and may sometimes share this information.

As Bruce Schneier pointed out on CNN, “Governments are happy to use the data corporations collect – occasionally demanding that they collect more and save it longer – to spy on us. And corporations are happy to buy data from governments. Together the powerful spy on the powerless, and they're not going to give up their positions of power, despite what the people want.”

An example of this can be seen from Google’s transparency reports. These reports, published twice a year, document the number of times a government makes requests for user data, as well as how often Google complies with these requests.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

From July to December 2012, Singapore’s government made 96 user data requests involving 153 accounts. In 75 percent of the cases, Google produced data for the government. While this may sound sinister, the context of these requests is unclear.

The concerns are not limited to Singapore. In a Wired article published in March 2012, titled “CIA Chief: We’ll Spy on You Through Your Dishwasher,” the possibilities for surveillance through invasive technology reach far beyond what most imagine today.


At a summit for the CIA’s venture capital firm In-Q-Tel former CIA Director and General David Petraeus said that as more household devices are connected to the Internet (via the Internet of Things), it will become easier for governments to keep tabs on a “person of interest” via the geolocated data that is logged when such users take any action that transmits information back to the Internet, whether it be through their linked car navigation system or adjusting the ambiance in their “smart home” with an iPhone app.

“‘Transformational’ is an overused word, but I do believe it properly applies to these technologies, particularly to their effect on clandestine tradecraft,” Wired quoted Petraeus as saying. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters.”

With all of this in the works, monitoring commonly used online applications such as email and instant messaging seems primitive by comparison.

Ultimately, Internet surveillance is nothing new. Although it may have serious implications for some – activists and community organizers, for instance – the average citizen may be blissfully unaware.

“In general, I think people should think about their privacy,” Chong advises. “Not only with respect to the government, but also corporations.”

He continues: “The most important point is that, you have to be clear about what you're trying to guard against. There are a multitude of actors that have different agendas, and a bunch of technologies that do different things.”

Given this reality, Chong thinks that users should always be aware that their activity could be monitored and take whatever precautions they feel is necessary.

These are decisions that we each must make for ourselves. Tools like Tor or Virtual Private Networks (VPNs) may be possibilities for those who want more anonymity on the internet, or to bypass potential local government wiretaps. But for some it may be as simple as properly configuring their Facebook privacy settings and protecting their Twitter account.

Others, meanwhile, have taken the approach adopted by anti-death penalty activist Rachel Zeng, one of three activists investigated for selling the book Once a Jolly Hangman: Singapore Justice in the Dock. Zeng simply refuses to be paralyzed by the thought of surveillance.

“To be honest, I don’t care anymore because I have always been very open with my work,” she said. “It gets tiring when we keep looking behind our shoulders all the time and it got to a point where I just don't want to be bothered by it anymore.”

Kirsten Han is a writer, videographer and photographer. Originally from Singapore, she has worked on documentary projects around Asia and written for publications including Waging Nonviolence, Asian Correspondent and The Huffington Post.