October 28, 2022 • 10 Minute Read

OSINT: Legality and Ethics, And the Case of China

So you want to enter the world of OSINT (Open-source Intelligence)? Here's a primer on the matter from legal and ethical perspectives. And whether it's legal to engage in this kind of intelligence-gathering... that's a question that will doubtless vary from country to country and even city to city. In any case, it's always best to be aware of your local law enforcement agencies' views on open-source intelligence - after all, they may be the ones investigating your targets!

Open-source intelligence uses publicly available data and information. Although the so-called "surface web" is a critical component, it is not limited to what can be found using Google.

According to the CIA, Open Source Intelligence (OSINT) is "derived from publicly available material." However, most intelligence professionals broaden that definition to include information intended for public consumption.

Although it can include sources only available to subscribers, such as newspaper content behind a paywall or subscription journals, OSINT is information anyone can use, regardless of ownership or control.

OSINT includes information that can be used for legal purposes, such as surveillance or intel gathering. In addition, various methods can obtain open-source intelligence, including social media posts, news articles, videos, and audio recordings. Still, it all boils down to the same thing: material that has been made freely accessible to anybody without any expectation of privacy or confidentiality.

There are several ethical considerations when using OSINT for legal purposes: privacy and data protection. For example, if you're using OSINT to spy on someone, it's essential to ensure they don't have a reasonable expectation of privacy. Additionally, data protection laws may restrict the use of OSINT for intelligence gathering.

So, what's the legality of this?

Open-source intelligence (OSINT) is not illegal in most countries. However, some countries have strict laws regarding information gathering and espionage.

In the United States, the Foreign Intelligence Surveillance Act (FISA) permits the government to collect intelligence from foreign citizens and governments without a warrant if the information is obtained from a US person or entity that has provided it voluntarily. This law also allows for the "incidental" collection of information about US persons and entities outside FISA. Still, it does not allow them to be used in any criminal case against them.

Some countries have laws prohibiting espionage or gathering information on behalf of other nations without their consent. These laws are typically put into place by governments who feel that they are being threatened by foreign countries who may want to steal their natural resources or use them as a military base against their own fellow citizens' freedoms. So here we are going to discuss three possible scenarios.

Scenarios- Criminal Activities, Foreign Targets, and Average Joe.

Scenario A - Criminal Activities:

Without a doubt, using OSINT methods and procedures in criminal investigations or harmful activities would be legal. In these circumstances, however, a follow-up initiative with authorities, such as the infected organization or government agencies, is advised.

Scenario B - Foreign Targets.

In most situations, if not all, OSINT research or inquiry abroad on a foreign topic and target would be legal as long as you are not in that particular nation.

Scenario C - Average Joe.

If there isn't any prohibition prohibiting you from obtaining publicly accessible information on any particular person, applying OSINT methods on that person, even if they are a celebrity, should be permissible. But, if you're doing OSINT research or inquiry on Heads of State or Government, people in the intelligence and military community, common sense dictates that you use caution. Assume, for example, that a government agency discovers your OSINT study or inquiry. You will be on a watch list if such behavior seems suspicious and compromises national interests.

Ethics of OSINT

Since the dawn, humans have been using open-source information - aka OSINT - to solve problems and advance their civilizations. However, there are always critical ethical considerations to take into account. For example, when conducting investigations, it's important to remember that China is a crucial player in the world economy, and its government employs sophisticated methods to track individuals and organizations. As with all investigative work, weigh the pros and cons before taking any action, especially concerning sensitive or classified information. In the end, it's up to the individual or organization using OSINT to make sure they are aware of the law enforcement and intelligence-gathering techniques available to them and that they are using them ethically and lawfully.

The line between black and white was clear for many years as OSINT practitioners in the establishment. We got instructions and carried out OSINT research and investigation to provide public services. However, when it comes to the private sector, the line is blurred, and often OSINT is in the grey zone. By doing OSINT, researchers collect information without prior consent from the targets. OSINT researchers would harden our tools, such as VM, VPN, proxy, and third-party software, and conceive our traces to avoid jeopardizing the investigation. OSINT and privacy are two sides of a coin. Collecting data on targets violates their privacy. It doesn't mean that person who shares the information intended to agree on being gathered and conduct analysis even if the information is publicly available.

The general rule for starting an ethical OSINT investigation is to consolidate reasonable justification first. Still, there are some rules that we strictly follow:

you should not access another user's account.

you should not impersonate another person and hide behind a false identity to engage a topic in discussion or entice them to share information.

you should not access material that is password-protected or requires any other form of login or private credential unless such material is acquired from leaked or breached sources.

Scenarios- Criminal Activities, Foreign Targets, and Average Joe.

Scenario A - Criminal Activities.

OSINT techniques can apply to unlawful activities such as cybercrime or human trafficking and could bring ethical and tangible benefits to help government authorities take further action. Unless you want to locate, join, or extortionate such criminal organizations.

Scenario B - Foreign Targets.

Whenever an OSINT practitioner wants to investigate a particular foreign target for international targets, there will always be a reason. If you are in the public sector and serving your country's national interests, it is ethical for you to conduct OSINT research on a foreign target. However, if it is just for your benefit and you would publish or share the findings with the public, you are invading an innocent person's privacy and should be labeled as unethical OSINT research. This is why many OSINT Youtube channels only use their personal pictures or blurred images to respect any random person's privacy.

Scenario C - Average Joe.

You have the skills and resources to investigate someone's private life as an OSINT practitioner. However, it does not mean you have the right to invade others' privacy. Before you attempt to "OSINT" someone, make sure you ask yourself whether or not you'll be comfortable if that person does the same thing to you. Conducting an OSINT investigation without good cause is not ethically acceptable.

Case: Doing OSINT on China

OSINT research on China is illegal from the Chinese government's perspective.

Only a few organizations are allowed to collect OSINT data in China. These include the intelligence services of the People's Republic of China (PRC), such as the Ministry of State Security, and law enforcement agencies, such as the Public Security Bureau. Other groups authorized to collect intelligence include universities and research institutes conducting national security-related work.

Chinese authorities tightly restrict access to OSINT data by foreign intelligence services operating in China. As a foreigner conducting OSINT research in China, you risk being detected and having your intelligence-gathering operations shut down. If you are engaged in intelligence-gathering activities without proper authorization, you could face criminal charges and restrictions on your ability to operate in China. In several cases, Japanese citizens are put into jail because they are conducting geological surveys without prior permission, which they would never get from the Chinese government.

To put it another way, the Chinese government does not differentiate between public and private data. Therefore, all without-permission data collection will be treated as espionage, resulting in severe punishment. As a result, we strongly recommend that if your OSINT study on China was published and could lead back to your real identities, you should only visit China with proper diplomatic cover.

Yet, OSINT research on authoritarian regimes such as China could be ethical.

Open-source intelligence (OSINT) is frequently a valuable source of information for understanding China despite these restrictions. The political and social landscape, economic circumstances, military capabilities, and international ties can be investigated using OSINT, given China's current political and human rights situation. It is also critical for the outside world to understand the CCP, PLA, and Chinese government's next move using all available means.

The nature of Chinese politics and their military strategy are myths. China has always been a secretive country, so it is challenging to know its real intentions. Their policy is to keep themselves in power by manipulating people and keeping them in the dark about important events. This way, they can control the population without opening up completely or facing opposition. Therefore, we, OSINT on China, believe it is ethical to conduct OSINT investigation or research on them for high-value Chinese targets.

Quick takeaways

In most cases, OSINT is considered legal. However, the main thing to consider when doing OSINT is the jurisdiction in which you work- in some countries, laws may prohibit certain forms of intelligence gathering. In contrast, such rules may only exist in some countries. Additionally, different jurisdictions have different attitudes towards privacy and data retention- it's essential to be aware of these differences before starting any investigations.

To maintain ethicality when performing OSINT, experts recommend avoiding conducting electronic surveillance or hacking targets without appropriate authorization and following strict social media guidelines- anything that could compromise someone's privacy.

2. OSINT could be and should be ethical if the investigation provides adequate justification.

There is no one-size-fits-all answer to this question, as it will vary depending on the case and situation. However, some general advice that can be offered is always to be aware of your surroundings and follow local laws when conducting intelligence activities – it's important not to unnecessarily violate people's privacy or security. Additionally, social media platforms are often rife with information that could potentially be used in intelligence-gathering operations, so It's important to take care when snooping around online. 

3. From a Chinese government standpoint, doing OSINT on China is unlawful, yet it would be ethical in general.

From what we can tell, doing intelligence-related work on China without prior permission from the Chinese government is illegal. In addition, anyone undertaking such an investigation would likely run into trouble if they were to visit China.

Despite this, accurate strategy and workable follow-up actions may be guided by OSINT research on China and the Chinese public, influenced by China's nature. OSINT on China, on the other hand, will be your protection shield, protecting you, your team, and your work. And through OSINT, our expertise, and our network, we at OSINT on China strive to deliver you crucial information.

Frequently Asked Questions

a. How can OSINT help me understand the legality and ethics of a particular situation?

When understanding the legality and ethics of a particular situation, using open-source intelligence (OSINT) is a great way to get started. OSINT refers to collecting and analyzing information using open sources such as online newspapers, blogs, social media posts, etc. Online resources like these allow you to learn more about what's happening in different parts of the world. For example, suppose you're looking into the legality of a situation and want to understand the laws in other countries. In that case, you can use Google Earth and GIS software to map locations and study the terrain. OSINT can also help you gather evidence for your findings. For example, if you believe someone is involved in a crime, you can use social media platforms like Twitter or LinkedIn to share your results. This will help create an educated opinion on the matter.

b. Is it okay to publicly share the information I've obtained through OSINT techniques?

There is no clear answer regarding the appropriateness of publicly sharing information obtained through OSINT techniques. While using OSINT for personal exploration and understanding is generally okay, it's essential to consider the ethics and legality involved in any such activity. Remember that anything you share could be used against you in a court of law - so please think twice before releasing sensitive information!

c. Are there any ethical considerations that should be considered when using OSINT resources?

When using any OSINT resources, knowing the legal and ethical considerations is crucial. Some things you need to keep in mind when conducting your research include the following:

Not breaking any laws.

Always using caution when disclosing sensitive information (including personally identifying information).

Respecting people's privacy.

Additionally, ensure that the source of the data you're using is reputable and can be verified.

Yes, you should apply additional protection to your tools and investigation when it comes to China. OSINT investigations of entities in China often involve sensitive or classified information, so taking appropriate measures to safeguard your data is important. For example, you can protect yourself using a dedicated Hong Kong VPN IP address when researching in China, keeping accounts on secure servers, and avoiding working directly with Chinese intelligence services. There is a high chance of encountering unethical behavior when conducting intelligence-related research in China. In addition, the country's opaque legal system makes it difficult for researchers to know what information is safe to share or not. Therefore, we strongly recommend you avoid visiting China if most of your research concerns the country.