1. Introduction to Live Streaming Services
The present document is developed in collaboration by the Infocomm Media Development Authority and the Personal Data Protection Commission. It is intended for Singapore-based users, focusing specifically on the concerns related to the provision of live stream service. The content attempts to address how one should manage the privacy settings of the hosted sites and what one should look out for when using the services. The potential privacy, data security, and other related issues for live streaming engagements are discussed, and a presentation of privacy settings is included. However, it is important to note that service providers revise their services from time to time, and to the similar of Internet-related content, privacy settings may be a good possibility of changing without due notification, the topic will become outdated after some point in time.
Live streaming Singapore has gained considerable popularity and global presence. Whether people wish to keep in contact with their friends, or watch live sports, or share the highlights of their lives, they can use live streaming to instantly attract eyeballs. Some major online platforms host live streaming services, which have managed to develop their unique features and business models. As the popularity of live streaming grows, demands for video streaming services also surge. Live streaming users enjoy these services across any networks and situations, even on mobile and wireless platforms. These users engage freely but do care about their privacy and are highly concerned about the privacy levels of these services.
1.1. Definition and Types of Live Streaming Services
The widespread popularity of live streaming evokes a wide range of emotions and responses. Many enter the business with hopes of becoming the next online sensation. For the relbels or even a man in the street, live streaming is now considered to rank in popularity alongside entertainment alternatives like movies, music, television, and online news. What about live streaming do live streamers think so little about maintaining their privacy, and neglect their personal safety to such an extent simply because data protection laws do not exist? Ignorance? A misplaced sense of confidence that embarks them into believing that they can break away free and easy from traditional life’s mores, values and beliefs? Without a care in the world for the privacy and security integrity and preservation of their identity? The easy act of stability that symptomatic unwarranted fear of conventional employment, obligations and cumbersome bureaucratic rules convey?
2. Importance of Privacy and Security in Live Streams
This webinar is a knowledge transfer initiative organised by the Singapore Computer Society (SCS), specifically targeting SCS members and the public interested in learning about the practical security measures they can adopt to improve privacy and security of their live webcasts or live streams. The purpose of this webinar is to provide access to practical information and tools for the public to better secure their webcasts, to improve the confidence in and quality of live webcast, and ultimately we hope, to drive down the perceived risks associated with using technology as a forum in situations where live gatherings are not possible. In the field today, when we mention Web Content Management System (WCMS), such as WordPress, Joomla, and Drupal, and the public plug-ins, such as VideoWhisper, are a few of the most used applications to help users webcast live events. However, not all user organisations auto-update their WCMS and their plug-ins and it is hence imperative to encourage users to personally configure their own WCMS. This is where every user can make a big difference in their use of public online resources.
2.1. Risks and Vulnerabilities in Live Streaming
Real-time communication exposes users to various risks such as password cracking, exploitation of publicly reachable ports, man-in-the-middle attacks, virus and malware infections, and the sharing of unsolicited links by infected users. Attackers are motivated to penetrate IoT ecosystems to take over the devices and execute large-scale DDoS attacks or push the malware further into the home network. Since gaming is one of the more common applications for live streaming, game servers also become high-value targets for adversarial actions. In addition, careless access permission settings by the users exacerbate these problems and increase their severity. This is especially true in a public gaming environment, as user challenges and disputes may lead to vented antagonistic energy of varying forms. Due to the unregulated nature of live streaming and the hiccups in data security, attackers can launch multiple MITM attacks to perform identity theft or rogue activities without being easily identified.
Most live streaming services do not support secure connections. Video streams between the streamers and platforms of live streaming services are unsecured and are not stored securely. Live streams do not support the use of Secure Sockets Layer (SSL), which encrypts the data connection between the two servers. Using SSL would make the connections slightly slower, but data would be more secure. This has raised many cybersecurity and data security concerns. One key security control concern is the lack of encryption of data during transmission. As a result, data may be vulnerable to theft and unauthorized access by attackers.
3. Legal and Regulatory Framework in Singapore
3.2. The Cyberspace and Digital Privacy. The PDPA does not apply to an individual acting in a personal or domestic capacity. As such, any individual who live streams on a personal social networking account platform would not be subject to the PDPA. The PDPA applies only to personal data processed in relation to commercial activities. However, when an individual uses a work communication tool to live stream, this is likely to be in connection with the individual’s employment and, therefore, the PDPA would apply. How can employers ensure that the live streams by the individuals are in compliance with the PDPA? In the first instance, employers should provide appropriate notice to the individuals on the collection, use, and disclosure of personal data in the recordings.
Personal Data Protection Act: The use of live streaming in Singapore enterprises to ensure business continuity during the COVID-19 pandemic. The processing of personal data in Singapore is governed by the Personal Data Protection Act. The PDPA establishes a baseline standard of protection for personal data and also contains rules relating to the collection, use, disclosure, or storage of personal data, including data in recordings under the NRIC rules. Personal data refers to data about an individual who can be identified from that data. Video recordings, surveillance camera recordings, and photographs of individuals are often used in commercial buildings for security reasons. However, if the recordings can identify specific individuals, the recordings will contain personal data and will, therefore, be subject to the PDPA.
3.1. Personal Data Protection Act (PDPA)
For businesses, including streaming channel users in Singapore, the PDPA applies to: a) a private sector (meaning any individual acting for business purposes, whether for profit or charitable, regardless of its business form, including sole proprietorship, partnership, company, corporation, or any unincorporated body); b) a non-profit organization; and c) the government collecting, using, and disclosing personal data. Therefore, before a user engages in streaming his or her daily routine or any arts and cultural activities through a streaming channel, the user should be made aware of and follow the PDPA’s basic legal obligations. Such legal obligations include specific consent collection, the users’ reasonable purpose of data collection, the limited use of the personal data collected, and the users’ responsibility for good data protection practices. Upon being critically aware of the PDPA, Singaporean streaming users will be able to safely express and share their views, opinions, thoughts, and arts and cultural performance on the streaming channel and in privacy laws-compliant environments.
The Personal Data Protection Act (PDPA) was enacted by the Singapore Parliament to implement a data protection law that governs the collection, use, and disclosure of personal data. Establishing the Do-Not-Call (DNC) Registry, the PDPA extends to cover both individuals (including local and foreign individuals) and corporate entities within and outside of Singapore. The PDPA also comprises the PDPC (Personal Data Protection Commission) and its appointed various duties, power, functions, and rights to enforce the PDPA. Protecting personal privacy and confidence, upholding the high standard of data protection, is in line with Singapore being a trusted, world-class, and well-recognized jurisdiction for data hosting and management. Such legitimacy and reputation also provide assurance to Singaporeans and foreigners (especially enterprises) and enable them to conduct secured and compliant cross-border interactions.
4. Best Practices for Ensuring Privacy and Security in Live Streams
Depending on your privacy level choices, be aware of and remember the features associated with a web-excluded location given to a device that uses location services or includes a high-profile in-app integrated map with an online livestream or similar sharing feature. It is fairly easy to “grab” this information pixel by pixel. Quickly paste the coordinates or URL to an apps engine that decodes GPS to coordinate conversions, and Google and search engines can discern and render location-based content either on a website or within a mobile app.
4.3. Should I “Check-in” or use location services?
Artfully position the video or movie camera or smartphone to reveal time-sensitive blinds or drapes but not the feature behind it. Take caution to make sure that the background people do not directly face the HDFSI camera. This way, they will be barely visible if the picture was enlarged. Take another similar approach if you have a hard-wiring network camera.
4.2. Technique / Best background for not revealing the location
This includes troubling weak security provisions. The danger here is the potential for a web-led DOS-style attack such as “swatting.” Keeping the above in mind, here are a few tips to keep in mind the next time you decide to make a video for your friends, family, or coworkers to watch in whatever form it may take, on whatever platform, be they Androids or peripherals such as the newest Snapchat wearable tech glasses.
While Singapore has a high level of cybersecurity in its networked infrastructure, it is common for citizens who livestream and broadcast private videos online not to be aware of the potential for leaks. Consequently, sensitive information can be unwittingly disclosed to the data transmission applications (apps) which then relay such information to the rest of the world. Unfortunately, with a couple of taps, a livestream audience member can get the stream’s Google Maps-defined coordinates. As a result, staying aware of the more obvious privacy glitches is particularly important to a user worldwide, not only in Singapore.
4.1. Best practices for protecting privacy and security during live streams
4.1. Secure Connection and Encryption
Privacy and prevention of unauthorized access to your live content can only be achieved when network connections are properly secured. HTTPS is the secure version of the Hyper Text Transfer Protocol (HTTP). It’s the protocol used to exchange textual information between a web server and a web client. The HTTP protocol is not secure and encrypts data, leaving it open for potential eavesdroppers. Data transmitted using HTTP can be viewed, intercepted, and manipulated by anyone with access through hacking or by using other advanced methods. Web browsers will warn users not to disclose private information when accessing unsecured pages.
Live content can be streamed from and to a variety of devices using different internet connection types. Some of them may not be secure enough to ensure a high level of privacy. When streaming live, always use encrypted connections to ensure privacy and confidentiality. For larger events, consider using encrypted streaming to further protect your content. A variety of cloud-based software also offers live streaming capabilities. Many cloud-based companies have good experience managing large-scale events. Their software handles things such as content management, threat detection, access control, and network security. A small monthly subscription may be a small price to pay to ensure a high level of safety as long as you comply with the encryption recommendations to secure your network stream.
5. Conclusion and Future Trends
In this paper, we present the first comprehensive report that offers users in Singapore an understanding of live streaming public security and personal privacy threats, the existing legislation, and their responsibilities when watching live streams. We also illustrate some of the technologies and private settings that many live streaming platforms use to ensure the security and privacy of local users. We hope this report can raise Singaporeans’ awareness to secure live streaming use and help live streaming platforms and future businesses to deploy further measures and better legal and technical requirements to protect their clients. To further address these global personal and legal issues in the real world, we will extend our work to discover, quantify, and prevent live streaming security and privacy threats.
The rise of live streaming has introduced a new communication channel for many online activities, from tourism, tele-medicine, tele-education to live entertainment, offering Singapore both opportunities and threats. On the one hand, a recent study shows that 43% of Singaporeans spend an average of 4.3 hours on live streaming daily and social networks identified Singapore as the country with the third highest prevalence of live streaming. This popularity suggests that there is a demand for live streaming services, particularly in the context of a “Smart Nation” and a hub in the areas of investment, business, technology, and regulation. On the other hand, as a type of User Generated Content (UGC), live streams can put the physical and intellectual properties and privacy of both the broadcaster and the audience at risk. The real-time, public, and interpersonal characteristics of live streaming further exacerbate these threats.
