Spy Merchants: What is electronic surveillance?

Al Jazeera’s investigative unit answers your questions on privacy, and data security.

Everything you need to know about electronic surveillance. To scroll down to the answer, simply click the question: 

What is electronic surveillance?
Who is doing this electronic surveillance?
Why is all this data being collected?
What’s being collected?
How is it being collected?
Is it legal?
What is an IMSI-catcher?
What is an IP-intercept System?
I have nothing to hide, so why should I care? Isn’t surveillance making me safer?
How can I make sure my communication remains private?
Who sells surveillance systems?
Who buys surveillance systems?
Why do attacks keep happening if so much data is collected; don’t they know everything already?  

What is electronic surveillance?

Electronic surveillance is the monitoring and collection of digital footprints left behind by people. This can be done in a large variety of ways, from following someone on CCTV to reading text messages, sifting through internet browsing history and social media, or even secretly activating webcams or microphones to spy on people.

This type of surveillance can either be a targeted operation by, for instance, a government as part of a criminal investigation, or part of a large-scale intelligence gathering project known as mass surveillance to monitor internet usage.

This means that electronic surveillance can serve many different goals, such as finding incriminating evidence against someone that is suspected of a crime or keeping track of dissidents that are rebelling against a government.

Here are the questions answered below. To find the answers quickly, click the desired question:

Who is doing this electronic surveillance?

Intelligence agencies and other governmental departments are responsible for most widespread electronic surveillance. They have the resources and capabilities to track large groups of people, either within their own country or outside of it. It might not even be just intelligence agencies, but even regular law enforcement that is doing the collecting.

Besides governments, there are also a lot of companies who use the Internet to track what people do. This collection of large swaths of data will then be used in different ways to generate revenue for the company, for example, by providing other companies with the browsing habits of people so ads can be targeted more accurately towards these tracked people. Although it might not be the classical definition of being under surveillance, a lot of critics feel these kinds of tracking techniques invade the privacy of internet users.

Many companies also use electronic surveillance as a way of keeping track of what their employees do during working hours.

Why is all this data being collected?

Knowledge is power.

Most governments will say they need to collect as much information as possible to keep their citizens safe from harm or to keep order in the country. One common government justification is preventing “terrorism”.

However, there are a lot of nefarious uses for all this information. When all of this data is collected about people’s personal lives, governments – and other parties – can use this against people. During the Arab Spring , for example, governments used electronic surveillance to keep track of protesters and other dissidents. Many people were arrested as a direct result of their digital movements, which made them easy targets for law enforcement and intelligence agencies.

What’s being collected?

Theoretically, almost any digital footprint that someone leaves behind can be collected, but it takes a lot of manpower, money and technological skill to do this. For instance, Edward Snowden ‘s leaks about the surveillance techniques of the NSA uncovered that this American intelligence agency can collect almost any digital trace left behind by any person in the world.

However, having these kinds of surveillance capabilities is rare, even for most governments. Despite needing a lot of capabilities

How is it being collected?

The bulk is done by collecting internet and telephone data. These days, people carry their mobile phones – which are often constantly connected to the internet. For intelligence agencies, these phones can be a treasure trove of information. Not only can browsing, calling, and texting history be collected, but smartphones will also send through location data by using GPS systems and mobile phone towers.

However, it’s not just mobile phones. Laptop webcams can be turned on remotely without the user knowing, microphones in smart TV’s can be used to listen in on people, and even something innocuous as a washing machine that tells you via an app when your washing is done can help intelligence agencies or other malevolent actors to snoop on someone.

In short, if a device is able to connect to the internet, it can probably be used in electronic surveillance practices.

Another common form of electronic surveillance is using CCTV’s that are spread throughout cities. Although most people will consider this type of surveillance a necessary law enforcement tool, it’s still possible to use it in nefarious ways.

Is it legal?

Different countries have different laws, so obviously the legality of electronic surveillance varies by country. With the technological advancements of the last few decades, however, governments are introducing new laws to increase their collection capabilities. For instance, the UK recently introduced the Investigatory Powers Act, the so-called “Snooper’s Charter”, which forces telephone companies to store everyone’s browsing history for a year and gives law enforcement access to all of this information, among other things.

This new British law is seen as one of the most pervasive surveillance laws in the world, mostly because it’s indiscriminate. Everyone’s data gets collected, so even people that are not suspected of doing anything wrong can be subjected to having their private communications recorded.

Surveillance is legal under certain circumstances, but many critics of surveillance laws point at the indiscriminate nature of many of the measures taken. Large groups of people are being subjected to surveillance, even when they’re not targeted in the investigation.

As a result of this, the legality of many surveillance practices has been challenged in court, with varying results. Some courts have upheld surveillance laws while others have put a halt to (certain aspects) of electronic monitoring. The European Court of Justice (ECJ) ruled for example that mass collection of emails, something that was mandated by the British Investigatory Powers Act, was illegal as it invaded people’s privacy too much.

What is an IMSI-catcher?

IMSI-catchers are devices that can be used to listen in on mobile phones without the either of the callers knowing. The tool poses as a fake mobile phone tower, which means mobile phones send all information that would usually be sent to a regular tower through this device.

As a result, the person controlling the IMSI-catcher can listen in on phone calls, read and write text messages, and track the target’s whereabouts.

IMSI catchers, won’t just collect the mobile phone information of targeted people, but anyone in the vicinity of the apparatus. That means that innocent bystanders have their privacy invaded.

Since the technology used in IMSI-catchers keeps progressing, these devices are getting smaller and smaller. They can now be mounted on small drones. Even body-worn IMSI-catchers are being sold.

What is an IP-intercept System?

IP-intercept systems like the one shown in the Al Jazeera Investigation, are used to collect internet traffic for large groups. The system records which computer (or phone) visits which website and, in certain cases, see what the user is doing on this site. This makes it easy for governments to monitor citizens, to see, for example, if they are posting things that could be conceived as illegal or inflammatory.

IP-intercept systems are a good way for oppressive regimes to follow what their citizens are doing online. These tools have been used to quell resistance movements in, among others, Egypt and Syria. By following members of the opposition on the internet, law enforcement agencies were able to track them and arrest them.

I have nothing to hide, so why should I care? Isn’t surveillance making me safer?

Everybody has things they want to keep private. It might not be anything illegal, but everyone has certain elements of life that he or she would rather not put out there in the world.

Edward Snowden, the former NSA-contractor who leaked documents about the United States’ indiscriminate collection of data, counters the “I have nothing to hide” argument by saying, “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

Storing large amounts of communications also could be used against anyone in the future. When someone is suspected of having committed a crime, authorities could go back to any conversation ever held and use this against the suspect, even though it might not have anything to do with the crime in question.

Journalists will have a harder time doing their jobs because stories often rely on sources that do not want their information made public. It becomes a lot harder for people who want to leak criminal or dubious practices by governments or companies to safely to do this when all communication is being monitored.

And, as the earlier mentioned examples of Egypt and Syria show, there are legitimate reasons for wanting privacy when communicating with other people.

Voices of dissent against governments will be part of mass surveillance operations, so anyone that wouldn’t comply with the government line will be known to law enforcement. Fear of speaking out helps oppressive regimes strengthen their grasp on their citizens.

How can I make sure my communication remains private?

There are several ways of making sure your communication is not being read or seen by anyone. One of the most important aspects of this is encryption. If you want to send text messages, use Signal or WhatsApp since they use end-to-end encryption.

This means only you and the person you are texting with can see the messages you send and receive. There are other apps, like Telegram, that use different encryption models, with varying results. But even these are not completely safe. A recent disclosure by WikiLeaks shows that agencies like the CIA are very adept at finding ways to get the data they need.

Internet websites have increasingly been switching to so-called https-connections, which means that any communication between the website visitor and website owner remains private. This is especially important when dealing with sensitive information, for example, when putting in credit card information or filling in tax forms online. These secure https-connections can be recognised by the green lock in the address bar of the internet browser.

Another important aspect is using something called Virtual Private Networks (VPN) for internet connections. A VPN service puts all internet traffic through a private tunnel, which increases privacy and makes it harder for anyone to snoop on what you are doing on the internet. This is especially important when using public networks in, for example, airports or coffee shops.

Even safer is using a service called Tor , that completely obfuscates your browsing by sending your internet traffic through several locations in the world. Setting this up is a bit more complicated, but for people that need privacy the most – mostly those living under oppressive regimes – Tor has been a lifesaver, in many cases literally.

Another important aspect is password security. It is important to use different login specifics for different services, and all of these passwords should be hard to guess. That’s why it’s best practice to use a password manager that generates a completely random set of characters for each password. These services act as a safe for all your passwords, so it is important to never forget your so-called master password to access your vault which stores all your other passwords. Services that provide password managers are LastPass, 1Password, KeePass, and Dashlane.

Adding to password security is turning on something called two-factor authentication for services that support it. This creates an extra layer of security when logging into services like Gmail, iCloud or Amazon. Even when someone has somehow obtained the password, it will be useless because they need a randomly generated code that is created by the two-factor authentication. A good comparison is having a door with several locks: even when someone has one key, they can’t open the door because they don’t have the second set of keys to open all locks.

Lastly, there are some common-sense solutions, as well. Never share passwords with anyone, don’t click on things when you don’t know what might happen, cover webcams because they might be turned on to spy on you without you knowing, use antivirus software, and always make sure software is updated to the most recent version to prevent any potential exploits from being used by ill-willing parties.

All these tips won’t guarantee full privacy, however. Complete security is almost impossible, especially when confronting nation-states and big intelligence agencies that have a lot of resources, both financially, as well as in personnel. These precautions, however, will serve as an extra layer of protection against any malevolent actors that might be using electronic surveillance. Besides that, having taken these precautions will also serve as a protection against certain types of cybercrime.

A lot of personal information is stored online these days, so it makes sense to ensure this information is kept safe.

Who sells surveillance systems?

There is a thriving private intelligence industry, both in the public and private sectors. A lot of different corporations and governments create hardware and software that then will be sold to the highest bidder. For example, when US authorities couldn’t crack the phone of one of the suspects in the San Bernardino attacks, law enforcement turned to a private company to presumably buy an exploit that would circumvent the phone’s security measures.

Who buys surveillance systems?

Both governments and private parties buy surveillance systems, but governments remain the biggest buyer. They have the resources to acquire these kinds of systems and get the most use out of them. There are legitimate uses for these kinds of surveillance systems, as they are often used in regular criminal investigations, for example.

Most governments won’t openly declare what kind of systems they are using for surveillance because they feel this might endanger ongoing operations. But listening in on phone calls and tracking someone’s whereabouts online are capabilities that most governments in the world will have.

As the Al Jazeera Investigation shows, some countries aren’t allowed to buy these kinds of technologies because of international sanctions, usually because of human rights concerns.

Why do attacks keep happening if so much data is collected; don’t they know everything already?

Attacks in several countries that have some of the most powerful intelligence agencies in the world have taken place despite the fact that these attackers were under surveillance. There are several reasons for this.

First off, as mentioned, at this moment there are still ways of communicating privately without it being monitored. This can inhibit law enforcement and intelligence agencies ability to read the attackers’ plans.

Second, when conducting mass surveillance, it is really hard to find that one needle in the haystack to prevent an attack. This is especially true now that huge amounts of data are being collected. Targeted surveillance has often proven more effective than collecting everything and sifting through all of the data.

Lastly, for law enforcement and intelligence agencies to prevent all attacks, they have to be lucky every single time to make sure the attacks don’t happen. Attackers, however, only need to be lucky once to successfully conduct an attack.

It’s impossible for anyone or any government to guarantee 100 percent safety, even when everyone is under surveillance and has had their privacy invaded.

Spy Merchants can be viewed on Al Jazeera:

Monday, April 10 – 20:00 GMT

Tuesday, April 11 – 12:00 GMT

Wednesday, April 12 – 01:00 GMT

Thursday, April 12 – 06:00 GMT

Friday, April 14 – 12:00 GMT

Saturday, April 15 – 20:00 GMT

Sunday, April 16 – 01:00 GMT

Monday, April 17 – 06:00 GMT

Source: Al Jazeera