hankyoreh

A flag bearing the emblem of the South Korean Constitutional Court

Packet interception is a method that intercepts all data traveling over online circuits, providing images of what a user sees on his or her internet or social media. But is it allowed under the South Korean Constitution?

The Constitutional Court held open arguments on Dec. 14 on whether use of packet interception (internet circuit restrictions) by the National Intelligence Service (NIS) violates the Constitution. The review was requested by a minister surnamed Moon, who claimed that “basic Constitutional rights are being violated through the collection of information unrelated to any crimes through packet interception with technological limitations.”

The NIS countered that the acquisition of third-party information “happens inevitably with other means of investigation such as landline telephone interception,” adding that use of the method is “minimized through strict controls.”

In his argument, the petitioner said packet interception “involves investigative agencies using internet circuits to observe all digital information transmitted and received, enabling state investigative bodies to engage in unlimited, ongoing monitoring that includes the collection of third-party information and information unrelated to criminal investigations.”

“This violates basic rights and neutralizes freedoms of personal privacy and communications secrecy,” the petitioner said.

The argument also claimed that “permitting packet interception that cannot be restricted to the scope of a criminal investigation is tantamount to issuing a general warrant that does not limit scope in a compulsory investigation.”

“The lack of controls and inadequate after-the-fact notification procedures put it in violation of the Constitution’s warrant principle and due process,” the petitioner stated.

Ajou University law professor Oh Dong-seok, who served as a witness for the petitioner, said packet interception “must be viewed as impervious to after-the-fact measures to mitigate its unconstitutionality, as the gathering of universal and comprehensive information may give rise to broad-ranging human rights violations.”

“Packet interception inherently violates the Constitution,” Oh said.

The petitioner went on to say current practices in South Korea “appear to consist not of ‘mirroring’ that allows for examination in real time, but the actual interception of packets with a copying program, which are then transferred to an NIS server and reassembled for analysis.”

“Because this collects not only communications content but also areas that are not communications, it cannot be viewed as subject to communication restriction measures according to the Protection of Communications Secrets Act, nor can it be seen as subject to search and seizure,” he continued.

In his argument, the petitioner called for “procedural controls, and more fundamentally legislative measures.”

“The Constitutional Court must make it clear that packet interception is not allowed by current law until various preliminary measures have been taken,” he said.

In contrast, the NIS argued that it would be inappropriate to even hear the petitioner’s Constitutional appeal.

“In view of the current information and communications environment, it is absolutely necessary to observe internet circuits to prevent serious crimes or carry out criminal investigations, particularly in cases involving the use of foreign email accounts where servers cannot be searched and seized,” it said.

On the claims of unconstitutionality, the NIS countered, “Because communications control measures are restricted to specific internet circuits and the data acquired are only those relevant to criminal investigations, it is neither unlimited nor all-encompassing, and because it goes through a process of collection, reassembly, and analysis, it is not real-time observation either.”

“Abuse prevention regulations in the Protection of Communications Secret Act and terms banning the leaking of individuals’ confidential information without the strict review and permissions of a court ensure that no invasion of third party privacy actually takes place,” it argued.

“Tapping by its nature is both secret and comprehensive, and comprehensiveness of interception is not a characteristic of online circuit monitoring alone,” it added.

In a Q&A exchange with the judge, the NIS said it had “read information obtained through packet interception, but never submitted it as evidence in an actual trial.”

“Security is maintained for the packet interception findings used for investigation leads, while information unrelated to criminal activity is to be expunged automatically after 90 days,” it explained.

“As far as we are aware, current technology does not offer any methods for filtering out third party information without reading it directly,” the NIS continued.

“Encrypted packets are discarded before transmission to the NIS service, as no methods exist to analyze them,” it added.

Justices focus on whether observation of third parties is unavoidable

During the arguments, the Constitutional Court justices focused questions on whether observation on third parties is an unavoidable part of packet interception.

“Even when a fixed IP address has been assigned for monitoring, isn’t there also monitoring of third parties using the internet router?” asked Hon. Lee Seon-ae, the lead justice in the case.

Fellow justice Hon. Kim Yi-su offered, “If an internet address can only be specified after the final analysis from packet interception, it seems as though third party information would inevitably be revealed.”

Justice Hon. Ahn Chang-ho suggested procedural measures should be put in place to “require court permission when deferring notification of a person that he or she is being monitored.”

Justice Hon. Kang Il-won asked whether it was “possible to resolve the matter through legislative means if technical limitations prevent methods to minimize the violation of basic rights through packet interception.” In response, the petitioner’s side called for “supplementary procedural measures requiring packet interception equipment to be managed by a court or other third party institution besides the NIS.”

In Dec. 2010, the NIS began using packet interception to monitor a former teacher surnamed Kim, citing Article 5 of the Protection of Communications Secrets Act, which states that communication-restricting measures may be allowed for mail and electronic communications sent or received by a suspect in an investigation for National Security Act violations.

Kim submitted a Constitutional petition in Mar. 2011 after being involved of the NIS monitoring, but died of liver cancer while the Constitutional Court postponed its review for over five years. The court subsequently declared the trial concluded.

A similar Constitutional petition was filed by Moon in Mar. 2016 after his activities were also subjected to packet interception when he used the same internet circuit as Kim at the offices of the Christian Peace Institute.

By Yeo Hyeon-ho, senior staff writer

Please direct questions or comments to [english@hani.co.kr]