Government Mass Surveillance

View

In this section, we focus on the mass surveillance conducted by the British and American signals intelligence agencies, GCHQ and the NSA. Operating in close partnership, they are believed to have the most sophisticated capacities in the world for bulk interception of electronic communications (such as Internet traffic, phone calls, and satellite data). We know a surprising amount about their capacities thanks to the brave work of whistleblowers.


A leaked presentation slide from the NSA with a world map showing some of the locations where they intercept traffic.
This leaked NSA presentation slide (from 2012) shows some of the locations around the world where they intercept Internet traffic and other communications, for example through direct access agreements, by tapping cables, or by hacking into network infrastructure. (Image source)


Bulk Interception

"Bulk interception results in billions of communications being intercepted each day without any requirement of suspicion or even any discernable link to a particular operation or threat. Liberty understands that the Agencies are currently handling 50 billion communications per day. To place this in context there are only 7 billion people in the world and only 3 billion with access to the internet...

...As demonstrated by GCHQ’s OPTIC NERVE program, this could literally mean subverting millions of webcams into covert home surveillance cameras. Such extraordinary power over the private lives of citizens fundamentally alters the relationship between citizen and state, and will breed distrust in law enforcement while having potentially significant repercussions for the Rule of Law. In human rights terms, such sweeping and speculative powers can never meet a test of necessity and proportionality." - Liberty’s briefing on Part 6 of the Investigatory Powers Bill for Committee Stage in the House of Commons (2016)

💡 When first learning about privacy and data protection law, many technology professionals are surprised to learn that emails count as personal data. They're so commonly used for user logins and as the primary means of communication with users, and most people hand their email out very willingly. Surely they're not so sensitive? While there are other reasons you might want to protect your email address (for example, to avoid hackers trying to steal your identity by abusing password reset flows), mass surveillance is a powerful motivator. The Snowden leaks document how intelligence analysts can - with a few clicks - search by email address to not only link together all the pieces of your digital life, but also actively manipulate your internet traffic, for example to deliver malware to you if you are a high-value surveillance target.



"We Kill People Based on Metadata"

"In 2014, the former director of both the CIA and NSA proclaimed that 'we kill people based on metadata.' Now, a new examination of previously published Snowden documents suggests that many of those people may have been innocent...SKYNET engages in mass surveillance of Pakistan's mobile phone network, and then uses a machine learning algorithm on the cellular network metadata of 55 million people to try and rate each person's likelihood of being a terrorist.

Patrick Ball — a data scientist and the director of research at the Human Rights Data Analysis Group — who has previously given expert testimony before war crimes tribunals, described the NSA's methods as 'ridiculously optimistic'...Somewhere between 2,500 and 4,000 people have been killed by drone strikes in Pakistan since 2004" - The NSA’s SKYNET program may be killing thousands of innocent people (Christian Grothoff and J.M. Porup, The Register, 2016)

☢️ Never believe anyone who tells you that analyzing metadata is "safe" or "not a violation of privacy". Arrests and targeted assassinations of people continue to occur, based solely on metadata. Did you happen to be in the wrong room at the wrong time through no fault of your own? Too bad. The government doesn't care that you're innocent.



But We Need It To Catch The Bad Guys...Right?

"Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack." - Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court – Privacy and Civil Liberties Oversight Board (2014)

🆘 Does this all seem hopeless? It's a grim reality, but there are some steps you can take to fight back. We'll discuss these further in the next section.