We all love watching Big Brother. Even though the participants know that they’re being followed by cameras 24 hours a day, they often act like they’ve forgotten this fact, and these candid scenes are the most fun—and funny—for the viewer. But how would you like it if someone were spying on you—tracking what you do, what you say, where you go, what you buy? Not so funny, is it? Believe it or not, this could be happening right now….

Expert Tips - Your Life, Out There

Eyes in Cyberspace

You might think you’re safe and sound behind your computer screen. You’re the one in control, right? Not necessarily. First of all, there’s no such thing as complete anonymity. Using cute fake names and fake email addresses isn’t enough; every computer has an address—the “IP” (Internet Protocol) address—that others can trace.

We all should know that the text of emails is not safe from prying eyes—especially if you use free web-based services like Yahoo or Gmail. But email can also be used as a surveillance tool. At sites like readnotify.com or didtheyreadit.com, registered members who send you an email can find out things like the date and time you opened the email, how long you had it open, how many times you opened it and—even scarier—your IP address and even your physical location. Remember the time you sent your girlfriend an email “from Australia,” where you were supposedly attending a seminar when really you were having a dirty weekend in Pattaya with your gig? It’s a good thing she doesn’t know about readnotify.com—or does she?

In the Office

Think about what’s on your work computer right now. Is there anything that you wouldn’t want someone else to see or read? Is there anything that would violate the rules of your company? Are you constantly surfing websites or chatting with strangers when you’re supposed to be working? Don’t assume your boss doesn’t know what’s going on—or can’t find out. Most businesses are set up with a central server, which is maintained by a domain controller or IT administrator. He or she has the key to all your secrets: administrator log in.

“One password gives us access to any and every computer in my company,” says Ruampol Kanjanapanang, a domain controller at a major bank in Thailand. Most companies give each employee personal space in the server that is password-protected, he explains, and this space is generally safe from the reach of your IT staff. That’s how it’s supposed to work in theory, anyway. In practice, there’s always a way to get in without a password or to find out what that password is.

One former ad agency copywriter learned the hard way when he was called into the office of his boss and shown evidence of the freelance work he was doing for another agency—files the IT manager had taken from his hard drive. “I always knew that they could look at what was on my computer, but I never thought they actually would,” he says. That was his last day at that company.

With software like VNC, Remote Access, PCAnywhere or Packet Sniffer, your employer can snoop on your every computer move—even on your "personal" (web-based) e-mail. Even more scary is hardware that attaches to your keyboard and logs every keystroke—even “blind” passwords. As for the websites you visit, according to Ruampol, “Most companies, whether big or small, that allow you to use the Internet keep a record of at least 24 hours of which websites you’ve visited. But how seriously they look at the record is up to the company.” (True, geeks know ways of surfing the Net anonymously, such as by using a proxy server, which acts like a buffer between you and the sites you visit, to hide your IP address. But chances are this will attract the attention of your IT administrator.)

For the most part your employer is within their rights to monitor what you’re doing in the company’s office, on the company’s computer and on the company’s time. They’re not required to tell you, either, according to lawyer Ekapol Apinun. “But the boss or anyone else who is responsible doesn’t have the right to reveal the contents to other staff or the public.”

The problem of unprofessional IT punks breaking the rules for their own amusement is more widespread than you might think. “The IT guys where I used to work were constantly looking at messages sent between staff,” says Surat, who worked for a company that had over 1,000 employees. “You would go into the IT department and there would be a group of them huddled around a terminal making jokes about the emails. They probably knew more about all the secret romances and office politics than anyone else in the company.”

You’re a Star

You’re no Paris Hilton, but unless you’ve been living in a cave (where you read BK), you have been on TV—closed circuit TV (CCTV), that is. We expect it in airports but we’re also constantly being watched by eyes in the sky in shopping malls, hotels, condominiums, offices, factories, theaters, parking lots, nightclubs and possibly even streets in the South (if the government is really serious about this).

Take five-star hotels, where they understandably take security very seriously. You may only notice a few cameras and think that they’re only mounted in certain areas. In fact they are everywhere; the only “blind spots” are toilets and dressing rooms. Among hotel employees there’s a new story every week about a pair of lovebirds caught on video doing the wild thing in a secluded part of the pool area or on a stairwell. Just think: If a camera is advanced enough to allow a security guard in a control booth to scan a parking lot and zoom in to read the letters and numbers on a license plate, imagine the detail he could see on one of those amorous couples.
Most established security companies won’t install CCTV in inappropriate places like toilets, hotel rooms or fitting rooms, and most reputable businesses won’t ask for them. But you never know what will happen with smaller companies. Some provincial department stores have been known to install cameras that can see into changing rooms—but at least some are considerate enough to post a warning, so you’ll know you’re being watched. Don’t expect the same kind of disclaimer in a short-time hotel. “Dui,” whose family owned a curtain motel, says they had cameras in the guest rooms “for security reasons.” But he admitted that he sometimes invited his friends to watch the action on the monitors “for laughs.” Nightclubs, similarly, are notorious for mounting hidden cameras in bathrooms, justifying the practice in the name of security.

Even if you’re not doing anything you wouldn’t want your mother to see, the idea of being watched is frightening. Especially when you think about how easy it is to obtain those closed-circuit cameras. At Pantip Plaza and any number of electronic shops, anyone can walk in and buy one, no license or registration needed. And to top it off, the cameras, like all technological devices, are getting smaller and smaller all the time: On some models the lens is the size of a pin.

Ajin, a former employee of a major security company, tells us that he has seen a camera installed behind the smiling eye of the Mona Lisa (not the real one, obviously) on the wall of an office, and he’s confident no one will ever notice it. Other favorite hidden camera spots are inside smoke detectors and behind mirrors. And with more and more cameras going wireless, installation isn’t as complicated as it once was. But spotting one is next to impossible without training, says Ajin.
Thailand currently has no laws regulating the use of CCTV and, lawyer Ekapol says, it doesn’t seem likely that any will be created soon. For the time being, camera owners’ common sense must determine where they should and should not be installed, who should have the right to monitor them and whether the stars of the show should be notified. In most cases the people monitoring the CCTV belong to a security company and most are male—something to think about next time you’re in the women’s locker room.

Protecting yourself isn’t easy. Surachai, a detective, describes a small device called Bug Detector which sends out signals that interrupt any camera systems within a certain radius. It's available cheap in many countries in Southeast Asia, but not in Thailand. The problem is, in addition to interfering with camera systems, the Bug Detector also scrambles the mobile phone signals of everyone around you. You can find other CCTV-foiling devices (and more) at brickhousesecurity.com, including the “Spy Finder” hidden camera locator. Of course, before purchasing anything, check with the Post and Telegraph Department (www.ptd.go.th/ptdmain_eng.htm) to make sure it’s nice and legal.

Mobile Tracker

Bangkokers can’t live without their mobile phones. And while mobile service providers swear that no one can access your personal information, track your movements or listen in on your calls, you can be sure that, wherever there is valuable information, there are people trying to get it, and chances are sooner or later they’ll succeed. Surachai says he has known fellow detectives to go to mobile phone operators and ask what name a number is listed to, or the other way around. The result, he says, depends on the staff: Some are serious about customer confidentiality, some aren’t.

“A mobile phone provider basically knows everything,” Neung, a telecommunications contractor for companies like DTAC and AIS, says—who you call, how long you talk and where you are when you make or receive a call.

Your SIM card can be tracked by satellite and, if “they” want, they can even listen to your conversations. According to Neung the only thing protecting your privacy is the sheer volume of information coming in to your service provider every day. They couldn’t monitor everybody even if they wanted to. Still, every once in a while we hear about some compromising photos snapped on a camera phone that make it into cyberspace without the photographer’s (or the model’s) knowledge, and as the video quality and capacity on mobile phones gets better and better . . . well, you can imagine the possibilities.

The law says you need to get a subpoena issued by a court to tap someone’s phone. An official request letter signed by somebody important will sometimes do the trick as well, but while this route takes much less time, operators are not legally obliged to
disclose any information.

The threat of spies infiltrating your mobile phone and turning it against you is serious, but if all they’re going to discover is where you’re meeting your friends for lunch, you may be more concerned with an application of covert monitoring that affects your everyday life: spam. How many messages do you receive every day reminding you of sales, promotions, and all sorts of other crap you don’t want? Technically these messages are legal only if they are “for the customer’s benefit” and not the operator’s, but operators stretch the limits of this rule and sometimes even send advertisements for other companies. If you can prove that an operator is benefiting (i.e. being paid) from these advertisements, you can sue. In theory, anyway.

The most flagrant misuse of operators’ privileged information is “sensitive location” services, through which invitations to an event are distributed via SMS to mobile users in the event area. When you step within a certain radius of the event, an SMS is automatically sent to you—something like “Welcome to Thailand’s Biggest Dog Fair,” followed by directions. Imagine the possibilities if this service is ever made available to individuals—you can be sure there’ll be some guy paying the operator to send an SMS to everyone walking past his home telling them to keep it down, he’s trying to sleep.

Perhaps the most frightening thing about these intrusions is how routine they have become. The idea of people at work intercepting our private correspondence would have been outrageous 50 years ago, but today we expect it. There are a million things we do all the time—like requesting a delivery alert on an email or SMS—that gradually erode the right to privacy of the people around us. Privacy really is scarce in the era of modern technology; it’s true when people say there are no secrets in the world.

Expert Advice: Playing it Safe

Even if you have nothing to hide, it’s not a bad idea to get in the habit of keeping your personal info personal. Three experts share some easy things you can do to prevent your information from falling into the wrong hands.

Take care of your trash

Surachai Vivadhanajat Detective
“Trash bins and on-screen recycle bins are the most dangerous source of information. Don’t dump things carelessly. Personal information taken from these places can legally be used against you, as in court. Unlike hacking into your computer or stealing physical property from your home, in legal terms anything found in your bin, physical or digital, is considered out of your possession. On digital devices, always check after you delete a file whether it’s been automatically backed up in a master file.”

Just say no

“Nueng” Contractor for mobile service providers
“If you’re getting spam messages from the same sources over and over, don’t hesitate to contact them and cancel the service. You can usually ‘opt out’ of these messages, even if you never opted in; otherwise you’ll be getting those irritating messages forever.”

Watch that mirror

“Ajin” Former CCTV company employee
“The tried-and-true way of checking if a mirror is one-sided or two-sided is to press your fingertips against it. If the reflection is touching or very near your finger, it’s safe. But if there’s a large gap between your finger and its reflection, someone might be watching from the other side.”

Your Life…Out There

Ever wondered about the salespeople who call you again and again (or all that junk mail) promoting credit cards, long distance calling plans and “privilege” club memberships? How do they get your name and number in the first place? It’s easy enough. With enough money you can buy anything, and information is no exception—even though in many cases the company that is giving it out is breaking the law.

At the cheap end of this market are district offices, which have lists of names and numbers but none of the personal information that helps companies identify potential customers. At the more expensive end are other companies with detailed records of their customers’ spending habits, such as banks that issue credit cards and other telemarketers, that sell the information. The going rates are B1 to B1.5 per name. According to lawyer Ekapol Apinun, this practice is illegal if the selling company does not have your consent. “No one can prove that it goes on, but we believe it does.”

The law says that a company can share information with related companies; so a bank could share the information with its credit card subsidiary. The other exception is if the product or service will “benefit” the consumer—this vague criteria is of course open to interpretation. However, in all cases, including the previous two exceptions, the company with the information is prohibited from selling it without your consent. At present many businesses interpret this to mean that they can sell your information unless you tell them not to. So the consumer is obliged to fill out a form that says you don’t want your information given out to other companies. It’s your problem, in other words. Sick of those phone calls? Fill out the form.

These days, knowledge equals power equals money—knowledge about you, the consumer. When you sign up for a membership at a department store or supermarket, what you get are discounts and special privileges. What these companies get is valuable information about you: where you shop, when you shop, what you buy, what promotions you are attracted to and so on. Armed with this information, it will be easier for them to sell you even more stuff (they hope). So if you find this arrangement a bit creepy, don’t sign up.

Top