Data Privacy and Mass Surveillance

privacy E2EE secure communication surveillance device Snowden

With Edward Snowden's leaks of NSA and CIA documents in 2013, the existence of global mass surveillance programs was brought to the attention of the world. These documents showed that U.S. intelligence agencies led efforts to compromise telecommunications infrastructure around the world while simultaneously pursuing warrantless surveillance operations in the United States. Snowden further revealed that the U.S. was not only spying on its geopolitical rivals, but it was also collecting communications data from its closest allies and sharing intelligence with allied intelligence agencies such as the UK's GCHQ and New Zealand's SIS. This raises concerns for anyone using the internet regardless of their location, as it is likely that their communications have at some point been collected and analyzed by these intrusive programs.

Prior to Snowden's revelations, the existence of these programs was hidden from the public, and the conduct of electronic surveillance was always presented as a targeted method for seeking out terrorist and criminal activity. In reality, these programs did not have any real limits about who was being targeted, and instead sought to gather intelligence from as many people as possible. This was by design, according to Snowden, who contends that these mass surveillance programs only worked when they collected massive amounts of data, which allowed intelligence agencies to analyse the records and attempt to identify patterns within them. The result, of course, is that the loss of personal privacy was not restricted to the criminals and terrorists these programs were supposed to thwart, but instead extended to all members of modern society.

Another of Snowden's revelations regarded the methods used to collect internet activity around the world. According to documents that Snowden exposed, one of the primary goals of the so-called "Five Eyes" (FVEY) alliance between the U.S., Canada, UK, New Zealand, and Australia was to gain access to the fibre optic cables that carry internet traffic around the globe. The NSA has installed eavesdropping devices on a number of these cables, allowing them to collect all of the metadata and any unencrypted traffic that moves through these cables. This is another example of how these programs do not make any distinction between innocent people and suspected criminals, and instead focus on collecting as much data as possible. 

One of the most disturbing aspects of this story, is the fact that these invasive mass surveillance programs that deprived us all of our online privacy did not even accomplish their stated goals. Internal reports found that Stellarwind - one of the classified operations revealed in 2013 - resulted in "few useful leads" between 2001 and 2004, and no useful leads after 2004. In fact, Snowden has asserted that the sheer volume of information being collected was working against these agencies as it overwhelmed analysts and caused them to miss important leads. This position is reinforced by the findings of multiple internal reviews of American mass surveillance programs, which found that they were "not essential" in the prevention of terrorist attacks, and that traditional investigatory methods were more useful. 

Invasive surveillance practices extend beyond the internet and into perhaps the most ubiquitous piece of modern tech, the smartphone. Unlike programs which target internet traffic, the gathering of mobile phone communications does not necessarily involve compromising existing infrastructure. Instead, phones can be tricked into connecting to devices called IMSI catchers, which pose as legitimate cellular towers. These devices, often referred to as Stingrays, force nearby cellular devices to connect to them, passing all of their communications data to the IMSI catcher before being transmitted to a legitimate cell tower nearby. This process is undetectable by the user, whose devices simply appears to be connecting to the nearest cell tower. As a result, individuals are rarely aware that an IMSI catcher has been used against them. 

Just as internet mass surveillance programs collect data on everyone possible, IMSI catchers also do not discriminate. While these devices might be used by police forces to find information about specific individuals or areas, they collect data from all nearby cellphones regardless of the user. In many nations around the world, these eavesdropping operations are conducted with little transparency or oversight and are in many cases hidden from the public. Even in Canada, police forces have repeatedly lied about whether or not they use IMSI catchers and have mislead the public about the capabilities of such devices. These practices infringe on the privacy of citizens, and in many cases violate the rights that citizens are afforded by their nation's laws. The lack of transparency about what happens to the data collected by IMSI catchers should also concern citizens of any country, as it is often not clear what protections are in place to prevent that data from being used to infringe upon personal rights. 

With the use of IMSI catchers confirmed in multiple nations around the world, it is likely that most people have at one time or another had their mobile data intercepted by one of these devices. Think of everything that you use your phone for, and now consider whether you want all of that information to be sitting in a database whose existence is secret and which lacks any form of oversight. This is the unfortunate reality that we live in today, and as these programs collect more and more data without rebuke, the potential for them to be used to abuse human rights across the globe only increases. 

While extensive legislative change is needed to properly curtail these intrusive activities, individuals can take steps right now to preserve their privacy. End-to-end encryption (E2EE) is one of the most effective methods of doing this and is endorsed by insiders like Snowden. With end-to-end encryption, only the sender and recipient of a communication have the encryption keys that are needed to decipher a message. This ensures that if a third-party intercepts the communication, they will be unable to read its contents, preserving the privacy of your communications. Unfortunately, many governments around the world have tried in the past or are currently trying to undermine the public's ability to access E2EE. While these efforts often adopt the same "national security" rhetoric that has been used to justify mass surveillance for years, there is no evidence that banning access to this technology will lead to a safer society. For now, it is important that individuals exercise their right to use audited, secure encryption to protect their privacy and to push for elected officials to protect their access to this technology. 

  1. Glenn Greenwald, “NSA Collecting Phone Records of Millions of Verizon Customers Daily,” The Guardian, June 6, 2013, Online edition, sec. U.S. Politics.
  2. Mirren Gidda, “Edward Snowden and the NSA Files - Timeline,” The Guardian, August 21, 2013, Online edition, sec. U.S.
  3. Nigel Morris, “Edward Snowden: GCHQ Collected Information from Every Visible User on the Internet,” The Independent, September 25, 2015, Online edition, sec. UK.
  4. Glenn Greenwald and Ryan Gallagher, “New Zealand Launched Mass Surveillance Project While Publicly Denying It,” The Intercept, September 15, 2014
  5. Edward Snowden, “Snowden: New Zealand’s Prime Minister Isn’t Telling the Truth About Mass Surveillance,” The Intercept, September 15, 2014.
  6. James Ball, “US and UK Struck Secret Deal to Allow NSA to ‘unmask’ Britons’ Personal Data,” The Guardian, November 20, 2013, Online edition, sec. World.
  7. Ryan Gallagher, “How Secret Partners Expand NSA’s Surveillance Dragne,” The Intercept, June 18, 2014.
  8. Lauren Kirchner, “What’s the Evidence Mass Surveillance Works? Not Much,” ProPublica, November 18, 2015, Online edition.
  9. Matthew Guariglia, “Too Much Surveillance Makes Us Less Free. It Also Makes Us Less Safe,” The Washington Post, July 18, 2017, Online edition, sec. Analysis.
  10. Jennifer Stisa Granick, “Mass Spying Isn’t Just Intrusive - It’s Ineffective,” Wired, March 2, 2017.
  11. Matthew Braga and Dave Seglins, “Cellphone Surveillance Technology Being Used by Local Police across Canada,” CBC, April 12, 2017, Online edition, sec. Technology & Science.
  12. Kieran Delamont, “Canadian Cops Admit to Using Stingray Devices to Track Cellphones En Masse,” Vice News, March 9, 2018.
  13. Section 8 of the Canadian Charter of Rights and Freedoms provides the right "to be secure against unreasonable search and seizure", which the Supreme Court has said is intended to protect a reasonable expectation of privacy. The Supreme Court has also ruled that anonymity (on the internet) is vital to personal privacy, indicating that the use of IMSI catchers is considered to be a violation of the right to personal privacy afforded by the nation's laws. See the Canadian Government's "Guide to the Canadian Charter of Rights and Freedoms".
  14. Sean Fine, “Canadians Have Right to Online Anonymity, Supreme Court Rules,” The Globe and Mail, June 13, 2014, Online edition.
  15. Stingray Tracking Devices: Who’s Got Them?,” ACLU, no. Online (November 2018)
  16. Joseph Cox, “UK Poice Won’t Admit They’re Tracking People’s Phone Calls,” Vice, August 7, 2014.
  17. Owen Bowcott, “Monitoring of Mobile Phones - Rights Groups Challenge Police,” The Guardian, August 20, 2019, sec. World - Europe.
  18. Ryan Gallagher and Rajeev Syal, “Met Police Using Surveillance System to Monitor Mobile Phones,” The Guardian, October 30, 2011, sec. UK Politics.
  19. Matthias Monroy, “The Tracking Bug in Your Pocket: Mobile Phone Surveillance in Germany,” Security Architecture and Police Collaboration in the EU (blog), December 26, 2019.
  20. Secret Mobile Phone Surveillance by German Authorities on the Rise: Report,” The Local, January 24, 2018, DE edition.
  21. Andreas Bakke Foss, Per Anders Johansen, and Fredrik Hager-Thoresen, “Secret Surveillance of Norway’s Leaders Detected,” Aftenposten, December 13, 2014.
  22. Joseph Cox, “New Data Gives Peek at European IMSI Catcher Exports,” Motherboard - Tech by Vice, March 23, 2018.
  23. Edward Snowden, “Without Encryption, We Will Lose All Privacy. This Is Our New Battleground,” The Guardian, October 15, 2019, Online edition, sec. Opinion.

Previous Post Next Post