Researcher Safety & Privacy: a two-way street
The safety of the researcher is achieved with good privacy processes and responsible use of technology. the axe10app delivers both.
The privacy of investigation subjects & associates is achieved through compliance with the legislation and responsible use of technology. axe10 delivers both.
Application Privacy and the Supplier - Customer Relationship
When axe10 is deployed, Axeten cannot see any of your research activity or the evidence you gather.
All processing activity is performed on your local or cloud desktop.
Axeten does not collect any personal information about axe10 users, except;
The only personal information required by Axeten is the name and e-mail address of the customer administrator(s).
The Customer Administrator might set-up axe10 researcher user accounts, and there is no obligation to provide any personal information concerning the axe10 research users.
Each individual axe10 research user might be recorded in the Axeten CRM by the admin user, applying a unique alpha and/or numeric identifier, for each axe10 research user.
No e-mail address is required for users without admin permissions.
The user ID is applied to all research performed by the axe10 research user, so that in the event of litigation or prosecution, the customer might be required to declare the identity of the axe10 user, in a court of law.
Protection of Researcher Identity and How to Stay Safe
Aside from page archiving, and risk of a case compromise, an OSINT researcher might reveal their own identity through a browser that is not private, as a consequence of other internet activity that is not related to an investigation. Gathering information about any user is the core business model of some browser providers.
Compliance with the legislation and guidelines provides safe investigation and successful prosecutions. axe10 delivers.
The Research Process and Legal Obligations
UK Privacy Legislation and Investigation Compromise
In the UK, Public Authorities and all of their employees with a law enforcement role, are obliged to comply with the LED and IPA 2016, where any warrant has been obtained. There are special guidelines for MI5, SIS (commonly known as MI6) and GCHQ. Research that is performed outside of the legislation might compromise a whole investigation.
Just one example of a legal obligation is the process of logging. The ICO sets out the obligations.
The easy solution that facilitates compliance, is to deploy axe10 LE, where all of the obligations are satisfied with the routine use of the application and with no requirement for extra work.
In the UK, private-sector researchers are obliged to comply with the DPA 2018. Where the research process does not comply with the DPA 2018, the investigation might be compromised, and their might be legal liability to the subject of any investigation.
Notably, the only entity that can perform safe research with no potential liability, is the private person.
Read on, to learn more about compliant research.
Privacy Obligations Relating to the Subject of Investigation
An OSINT researcher uses the internet to locate personal data about the subjects of their investigations. In that process, particularly while researching Social Media platforms, collateral data about other people, that are no part of the investigation, might be gathered.
Under the DPA 2018, the researcher has no legal basis to collect and save collateral personal data.
axe10 protects the researcher by not allowing for immediate archiving of web pages. The researcher is obliged to perform diligent research, typically, taking screen-shots and saving data that relates to the subject and a legitimate other party.
axe10 does not deny the researcher the ability the capability to archive web pages. Archives might be taken of pages with limited data, that might be company websites. axe10 does not facilitate the easy and rapid arbitrary archiving of extensive social media pages.
Stay safe, protect your investigation and rely on axe10 to not expose you to the risk of non-complaint research.
The Risks of Non-Compliant OSINT Research
Non-compliant research is nectar for a defence counsel. Where it might be demonstrated that the evidence contains collateral data, with no legal basis for the collection, the judge might be asked to throw out the case, on the grounds that it contravenes the GDPR, or more specifically in the UK, the Data Protection Act 2018.
Where a public prosecution might seek to rely on the Law Enforcement Directive, a IPA 2016 warrant might be required to process the research. However, it is unlikely that the authority shall extend to the arbitrary collection of data, about people that are not the subject of the investigation.
Axeten recommends that during all OSINT, and particularly with social media research, the investigator should stay safe, not contravene personal data legislation, and gathermaterial that relates only the subject(s) and associates of the investigation, by way of relevant screen-shots.
Archive at your peril. Since the GDPR came into force, the Axeten researchers have not archived a single page. We are confident that the case bundles we remit to our clients are GDPR compliant and our client will never be compromised.
Currently, defence counsels do not appear to be aware of the opportunities that non-compliant research affords their clients. When a defence counsel does become aware of this opportunity, this vulnerability might provide a greater benefit than the failed disclosure fiasco.
Stay Safe! Do not archive unless you are sure that no collateral personal data will be gathered by the archive.
How to Perform Legally Compliant Research
Where any research activity is performed with the Chrome or Edge browsers, there is a presumptive failure to comply with the legislation, as data relating to the subject of the investigation is passed to either Google or Microsoft, with no consent from the individual subject.
To perform legally compliant research, do not use the Chrome or Edge browsers.
The Firefox Mozilla and Tor browsers allow for legally compliant OSINT research.
How to Avoid a Research Privacy Compromise
During your OSINT research, use Firefox or Tor browsers.
For all other internet activity, use a Chromium based browser.
Axeten recommends the Brave Browser for all internet activity that does include OSINT research.
Use Chromium at your risk, and avoid Chrome at all in any on-line activity.
With Chrome, Google collects info on every site you visit.
With Chromium, Google can collect some of the info on your internet activity.
See FAQ 1.2
Mozilla Firefox & The Tor Browser
axe10 is an extension for the two browsers that do the most to protect user privacy, Mozilla Firefox and the Tor browser.
Axeten has chosen to work with the Mozilla foundation because there is no commercial owner, that might seek to benefit by collecting information about the user's browsing behaviour.
Read the Browser section of the FAQs for information about the way other browsers harvest user activity data.
How to Make the Firefox Browser Even More Private
Check out the section with header: Grand List Of Things To Do After Installing Mozilla Firefox, at
No Bulk Data Collection
No Data Mining
No Surveillance Capacity
Ethical Investigations with axe10
The Researcher's legal obligation
Deny third party data harvesting capacity
Prevent third party user profiling
Mozilla Firefox or The Tor Browser