With Edward Snowden's leaks of NSA and CIA documents in 2013, the existence of global mass surveillance programs was brought to the attention of the world. These documents showed that U.S. intelligence agencies led efforts to compromise telecommunications infrastructure around the world while simultaneously pursuing warrantless surveillance operations in the United States. Snowden further revealed that the U.S. was not only spying on its geopolitical rivals, but it was also collecting communications data from its closest allies and sharing intelligence with allied intelligence agencies such as the UK's GCHQ and New Zealand's SIS. This raises concerns for anyone using the internet regardless of their location, as it is likely that their communications have at some point been collected and analyzed by these intrusive programs.
Prior to Snowden's revelations, the existence of these programs was hidden from the public, and the conduct of electronic surveillance was always presented as a targeted method for seeking out terrorist and criminal activity. In reality, these programs did not have any real limits about who was being targeted, and instead sought to gather intelligence from as many people as possible. This was by design, according to Snowden, who contends that these mass surveillance programs only worked when they collected massive amounts of data, which allowed intelligence agencies to analyse the records and attempt to identify patterns within them. The result, of course, is that the loss of personal privacy was not restricted to the criminals and terrorists these programs were supposed to thwart, but instead extended to all members of modern society.
Another of Snowden's revelations regarded the methods used to collect internet activity around the world. According to documents that Snowden exposed, one of the primary goals of the so-called "Five Eyes" (FVEY) alliance between the U.S., Canada, UK, New Zealand, and Australia was to gain access to the fibre optic cables that carry internet traffic around the globe. The NSA has installed eavesdropping devices on a number of these cables, allowing them to collect all of the metadata and any unencrypted traffic that moves through these cables. This is another example of how these programs do not make any distinction between innocent people and suspected criminals, and instead focus on collecting as much data as possible.
One of the most disturbing aspects of this story, is the fact that these invasive mass surveillance programs that deprived us all of our online privacy did not even accomplish their stated goals. Internal reports found that Stellarwind - one of the classified operations revealed in 2013 - resulted in "few useful leads" between 2001 and 2004, and no useful leads after 2004. In fact, Snowden has asserted that the sheer volume of information being collected was working against these agencies as it overwhelmed analysts and caused them to miss important leads. This position is reinforced by the findings of multiple internal reviews of American mass surveillance programs, which found that they were "not essential" in the prevention of terrorist attacks, and that traditional investigatory methods were more useful.
Invasive surveillance practices extend beyond the internet and into perhaps the most ubiquitous piece of modern tech, the smartphone. Unlike programs which target internet traffic, the gathering of mobile phone communications does not necessarily involve compromising existing infrastructure. Instead, phones can be tricked into connecting to devices called IMSI catchers, which pose as legitimate cellular towers. These devices, often referred to as Stingrays, force nearby cellular devices to connect to them, passing all of their communications data to the IMSI catcher before being transmitted to a legitimate cell tower nearby. This process is undetectable by the user, whose devices simply appears to be connecting to the nearest cell tower. As a result, individuals are rarely aware that an IMSI catcher has been used against them.
Just as internet mass surveillance programs collect data on everyone possible, IMSI catchers also do not discriminate. While these devices might be used by police forces to find information about specific individuals or areas, they collect data from all nearby cellphones regardless of the user. In many nations around the world, these eavesdropping operations are conducted with little transparency or oversight and are in many cases hidden from the public. Even in Canada, police forces have repeatedly lied about whether or not they use IMSI catchers and have mislead the public about the capabilities of such devices. These practices infringe on the privacy of citizens, and in many cases violate the rights that citizens are afforded by their nation's laws. The lack of transparency about what happens to the data collected by IMSI catchers should also concern citizens of any country, as it is often not clear what protections are in place to prevent that data from being used to infringe upon personal rights.
With the use of IMSI catchers confirmed in multiple nations around the world, it is likely that most people have at one time or another had their mobile data intercepted by one of these devices. Think of everything that you use your phone for, and now consider whether you want all of that information to be sitting in a database whose existence is secret and which lacks any form of oversight. This is the unfortunate reality that we live in today, and as these programs collect more and more data without rebuke, the potential for them to be used to abuse human rights across the globe only increases.
While extensive legislative change is needed to properly curtail these intrusive activities, individuals can take steps right now to preserve their privacy. End-to-end encryption (E2EE) is one of the most effective methods of doing this and is endorsed by insiders like Snowden. With end-to-end encryption, only the sender and recipient of a communication have the encryption keys that are needed to decipher a message. This ensures that if a third-party intercepts the communication, they will be unable to read its contents, preserving the privacy of your communications. Unfortunately, many governments around the world have tried in the past or are currently trying to undermine the public's ability to access E2EE. While these efforts often adopt the same "national security" rhetoric that has been used to justify mass surveillance for years, there is no evidence that banning access to this technology will lead to a safer society. For now, it is important that individuals exercise their right to use audited, secure encryption to protect their privacy and to push for elected officials to protect their access to this technology.