Updated Mar 02, 2020.

1. Purpose

Echosec Systems has access to a wide range of data from data sources around the world, including social media and the dark web. Online information can be used for many purposes, and most of them are entirely fair and acceptable. Some uses, however, cannot be permitted on our platform for legal and ethical reasons. Echosec Systems establishes an acceptable use case with each customer. The acceptable use case describes what the customer will do with data they discover and the restrictions applied to their account.

Some forms of data use are not permitted by specific data providers. For instance, Twitter does not permit criminal investigations on Echosec Systems products, so law enforcement agencies do not have access to Twitter data. This restriction also applies to a company providing law enforcement services, even if the company itself is an independent, private entity. To apply use restrictions properly, Echosec Systems needs a full picture of what our customers intend to do with the data they retrieve, including who their own end customers might be.

Echosec Systems also forbids illegal uses of data. For example, personal data found on the dark web due to a data breach is highly sensitive. Allowing all customers to search for this data without restriction violates privacy legislation such as the GDPR. Establishing a lawful reason to use data is important when handling data on the internet that may have been made available illegally. For example, law enforcement are permitted to search for illegal activity, including data breaches, on the dark web. A corporate security team also has a lawful reason to search for their own company's stolen data on the dark web—but they aren't justified in searching for their competitors' leaked data. 

2. Customer Engagement

All Echosec Systems customers need an approved use case. We work with you to identify and review your use case early in the sales process. Your approved product use case is included in your contract before you get platform access. If your use case later changes, our compliance team will re-review and update it as needed.

Echosec Systems enforces use case compliance through both manual and automatic processes. This includes active monitoring and regular audits by our compliance team. You may be periodically contacted by your account management representative to clarify your platform use.

Contact our compliance team at policy@echosec.net for more information about our use case approval and review processes. If you're interested in becoming an Echosec Systems customer, we encourage you to contact our sales team.

Echosec Systems reserves the right to restrict data access as a result of our policy review. This includes disabling searches, revoking feed access, and in extreme cases, terminating your platform access and/or reporting your activities to local law enforcement. For more information, please see our terms of service.

3. Echosec Systems Prohibited Use Cases

Echosec Systems does not permit illegal or unethical use of our products. This section defines "illegal" and "unethical" to avoid any ambiguity about what we don't allow. Criminal activity is prohibited for obvious reasons. We don't allow customers to violate the privacy rights of online users—including using personal data to build personality profiles like Cambridge Analytica. Bullying, harassment, and stalking are not permitted. Access to leaked personal data is prohibited without a lawful right to access, such as access by the data owners or access by appropriate law enforcement agencies.

Without exception, Echosec Systems products may not be used by any customer for any of the following use cases:

  1. Surveillance, investigation, analysis, research, or creation of data products or systems that isolates a group of individuals or any single individual if those products or systems are used unlawfully, to discriminate, or against the data subjects’ reasonable privacy expectations. The GDPR defines a data subject as “any person whose personal data is being collected, held or processed.”
  2. Intentionally accessing personal or confidential data that is available without the data subject's consent. This excludes cases where this access is performed solely to protect the data subject's vital interests.
  3. Creating profiles, data products, or systems for purposes of targeting individuals based on a special category of personal data (as defined in the EU GDPR, article 9). This includes:
    1. Political opinions, political affiliation, trade union membership, gender, gender identity, sexual orientation, religion, philosophical beliefs, ethnicity, race, age, national origin, status of health, or disability
  4. Creating databases of personally-identifying information.
  5. Directly targeting, contacting, or creating audiences for the purpose of:
    1. Bullying, intimidating, or harassing any person
    2. Disseminating content that constitutes hate speech, threats, or invitations to violence
    3. Promoting or facilitating prostitution or contributing to sex trafficking
    4. Performing actions that are illegal under Canadian law
  6. Any use case Echosec Systems believes violates the Universal Declaration of Human Rights, including without limitation articles 12, 18, or 19.
4. Feed-Specific Restrictions

So far, we've discussed use cases that Echosec Systems does not permit. Many of our data providers are satisfied with these restrictions. However, some of our data providers have additional limitations that we must follow in order to access their data. Our compliance team negotiates with data providers on our customers' behalf to determine which feeds each customer can access.

Twitter does not permit use by any public sector entity (government or law enforcement) for surveillance purposes, and doesn't permit public sector entity use at all if their primary mission is surveillance or intelligence gathering. Twitter also does not permit sensitive event monitoring, such as protests and rallies, under any conditions or by any customers. Twitter restrictions can also be found in their Developer Agreement under section VII, "Other Important Terms."

YouTube requires all Echosec Systems customers to follow their Terms of Service. Additionally, YouTube does not permit Echosec Systems to use YouTube data when creating analytics reports. Analytics reports in Echosec display a disclaimer to this effect at the top of the page. No further action is required by customers to comply with this restriction.

5. Reference

The Universal Declaration of Human Rights, specified articles:

Article 12.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Article 18.
Everyone has the right to freedom of thought, conscience and religion; this right includes freedom to change his religion or belief, and freedom, either alone or in community with others and in public or private, to manifest his religion or belief in teaching, practice, worship and observance.

Article 19.
Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

Law Enforcement Workflows for Twitter, Facebook, and Google.