Computer and network surveillance
Computer and network surveillance is the monitoring of computer activity, of data stored on a hard drive, or being transferred over computer networks such as the Internet. The monitoring is often done surreptitiously and may be done by or at the behest of governments, by corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent agency.
Computer and network surveillance programs are widespread today, and almost all Internet traffic is or could potentially be monitored for clues to illegal activity.
Surveillance is very useful to governments and law enforcement to maintain social control, recognize and monitor threats, and prevent/investigate criminal activity. With the advent of programs such as the Total Information Awareness program, technologies such as high speed surveillance computers and biometrics software, and laws such as the Communications Assistance For Law Enforcement Act, governments now possess an unprecedented ability to monitor the activities of citizens.
However, many civil rights and privacy groups, such as Reporters Without Borders, the Electronic Frontier Foundation, and the American Civil Liberties Union, have expressed concern that with ever increasing surveillance of citizens we will end up in a mass surveillance society, with limited political and/or personal freedoms. Fears such as this have led to numerous lawsuits such as Hepting v. AT&T. The hacktivist group Anonymous has hacked into government websites in protest of what it considers "draconian surveillance".
The vast majority of computer surveillance involves the monitoring of data and traffic on the Internet. In the United States for example, under the Communications Assistance For Law Enforcement Act, all phone calls and broadband internet traffic (emails, web traffic, instant messaging, etc.) are required to be available for unimpeded real-time monitoring by Federal law enforcement agencies.
Packet capture (also sometimes referred to as “packet sniffing”) is the monitoring of data traffic on a computer network. Computers communicate over the Internet by breaking up messages (emails, images, videos, web pages, files, etc.) into small chunks called "packets", which are routed through a network of computers, until they reach their destination, where they are assembled back into a complete "message" again. Packet Capture Appliance intercepts these packets as they are travelling through the network, in order to examine their contents using other programs. A packet capture is an information gathering tool, but not an analysis tool. That is it gathers "messages" but it does not analyze them and figure out what they mean. Other programs are needed to perform traffic analysis and sift through intercepted data looking for important/useful information. Under the Communications Assistance For Law Enforcement Act all U.S. telecommunications providers are required to install packet sniffing technology to allow Federal law enforcement and intelligence agencies to intercept all of their customers' broadband Internet and voice over Internet protocol (VoIP) traffic.
There is far too much data gathered by these packet sniffers for human investigators to manually search through all of it. So automated Internet surveillance computers sift through the vast amount of intercepted Internet traffic, and filter out and report to human investigators those bits of information which are "interesting"—such as the use of certain words or phrases, visiting certain types of web sites, or communicating via email or chat with a certain individual or group. Billions of dollars per year are spent, by agencies such as the Information Awareness Office, NSA, and the FBI, to develop, purchase, implement, and operate systems which are intended to intercept and analyze all of this data, and extract only the information which is useful to law enforcement and intelligence agencies.
Similar systems are now operated by Iranian secret police to identify and suppress dissidents. All required hardware and software has been allegedly installed by German Siemens AG and Finnish Nokia.
Corporate surveillance of computer activity is very common. The data collected is most often used for marketing purposes or sold to other corporations, but is also regularly shared with government agencies. It can be used as a form of business intelligence, which enables the corporation to better tailor their products and/or services to be desirable by their customers. Or the data can be sold to other corporations, so that they can use it for the aforementioned purpose. Or it can be used for direct marketing purposes, such as targeted advertisements, where ads are targeted to the user of the search engine by analyzing their search history and emails (if they use free webmail services), which is kept in a database.
For instance, Google, the world's most popular search engine, stores identifying information for each web search. An IP address and the search phrase used are stored in a database for up to 18 months. Google also scans the content of emails of users of its Gmail webmail service, in order to create targeted advertising based on what people are talking about in their personal email correspondences. Google is, by far, the largest Internet advertising agency—millions of sites place Google's advertising banners and links on their websites, in order to earn money from visitors who click on the ads. Each page containing Google advertisements adds, reads, and modifies "cookies" on each visitor's computer. These cookies track the user across all of these sites, and gather information about their web surfing habits, keeping track of which sites they visit, and what they do when they are on these sites. This information, along with the information from their email accounts, and search engine histories, is stored by Google to use to build a profile of the user to deliver better-targeted advertising.
The United States government often gains access to these databases, either by producing a warrant for it, or by simply asking. The Department of Homeland Security has openly stated that it uses data collected from consumer credit and direct marketing agencies for augmenting the profiles of individuals that it is monitoring.
In addition to monitoring information sent over a computer network, there is also a way to examine data stored on a computer's hard drive, and to monitor the activities of a person using the computer. A surveillance program installed on a computer can search the contents of the hard drive for suspicious data, can monitor computer use, collect passwords, and/or report back activities in real-time to its operator through the Internet connection.
There are multiple ways of installing such software. The most common is remote installation, using a backdoor created by a computer virus or trojan. This tactic has the advantage of potentially subjecting multiple computers to surveillance. Viruses often spread to thousands or millions of computers, and leave "backdoors" which are accessible over a network connection, and enable an intruder to remotely install software and execute commands. These viruses and trojans are sometimes developed by government agencies, such as CIPAV and Magic Lantern. More often, however, viruses created by other people or spyware installed by marketing agencies can be used to gain access through the security breaches that they create.
Another method is "cracking" into the computer to gain access over a network. An attacker can then install surveillance software remotely. Servers and computers with permanent broadband connections are most vulnerable to this type of attack. Another source of security cracking is employees giving out information or users using brute force tactics to guess their password.
One can also physically place surveillance software on a computer by gaining entry to the place where the computer is stored and install it from a compact disc, floppy disk, or thumbdrive. This method shares a disadvantage with hardware devices in that it requires physical access to the computer. One well-known worm that uses this method of spreading itself is Stuxnet.
Social network analysis
One common form of surveillance is to create maps of social networks based on data from social networking sites as well as from traffic analysis information from phone call records such as those in the NSA call database, and internet traffic data gathered under CALEA. These social network "maps" are then data mined to extract useful information such as personal interests, friendships & affiliations, wants, beliefs, thoughts, and activities.
Many U.S. government agencies such as the Defense Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), and the Department of Homeland Security (DHS) are currently investing heavily in research involving social network analysis. The intelligence community believes that the biggest threat to the U.S. comes from decentralized, leaderless, geographically dispersed groups. These types of threats are most easily countered by finding important nodes in the network, and removing them. To do this requires a detailed map of the network.
Jason Ethier of Northeastern University, in his study of modern social network analysis, said the following of the Scalable Social Network Analysis Program developed by the Information Awareness Office:
The purpose of the SSNA algorithms program is to extend techniques of social network analysis to assist with distinguishing potential terrorist cells from legitimate groups of people ... In order to be successful SSNA will require information on the social interactions of the majority of people around the globe. Since the Defense Department cannot easily distinguish between peaceful citizens and terrorists, it will be necessary for them to gather data on innocent civilians as well as on potential terrorists.—Jason Ethier
Monitoring from a distance
It has been shown that it is possible to monitor computers from a distance, with only commercially available equipment, by detecting the radiation emitted by the CRT monitor. This form of computer surveillance, known as TEMPEST, involves reading electromagnetic emanations from computing devices in order to extract data from them at distances of hundreds of meters.
IBM researchers have also found that, for most computer keyboards, each key emits a slightly different noise when pressed. The differences are individually identifiable under some conditions, and so it's possible to log key strokes without actually requiring logging software to run on the associated computer.
Policeware and govware
Policeware is software designed to police citizens by monitoring discussion and interaction of its citizens. Within the U.S., Carnivore was a first incarnation of secretly installed e-mail monitoring software installed in Internet service providers' networks to log computer communication, including transmitted e-mails. Magic Lantern is another such application, this time running in a targeted computer in a trojan style and performing keystroke logging. CIPAV, deployed by FBI, is a multi-purpose spyware/trojan.
The "Consumer Broadband and Digital Television Promotion Act" (CBDTA) was a bill proposed in the United States Congress. CBDTPA was known as the "Security Systems and Standards Certification Act" (SSSCA) while in draft form, and was killed in committee in 2002. Had CBDTPA become law, it would have prohibited technology that could be used to read digital content under copyright (such as music, video, and e-books) without Digital Rights Management (DRM) that prevented access to this material without the permission of the copyright holder.
In German-speaking countries, spyware used or made by the government is sometimes called govware. Some countries like Switzerland and Germany have a legal framework governing the use of such software. Known examples include the Swiss MiniPanzer and MegaPanzer and the German R2D2 (trojan).
Surveillance as an aid to censorship
Surveillance and censorship are different. Surveillance can be performed without censorship, but it is harder to engage in censorship without some form of surveillance. And even when surveillance does not lead directly to censorship, the widespread knowledge or belief that a person, their computer, or their use of the Internet is under surveillance can lead to self-censorship.
In March 2013 Reporters Without Borders issued a Special report on Internet surveillance that examines the use of technology that monitors online activity and intercepts electronic communication in order to arrest journalists, citizen-journalists, and dissidents. The report includes a list of "State Enemies of the Internet", Bahrain, China, Iran, Syria, and Vietnam, countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. Computer and network surveillance is on the increase in these countries. The report also includes a second list of "Corporate Enemies of the Internet", Amesys (France), Blue Coat Systems (U.S.), Gamma (UK and Germany), Hacking Team (Italy), and Trovicor (Germany), companies that sell products that are liable to be used by governments to violate human rights and freedom of information. Neither list is exhaustive and they are likely to be expanded in the future.
Protection of sources is no longer just a matter of journalistic ethics; it increasingly also depends on the journalist’s computer skills and all journalists should equip themselves with a “digital survival kit” if they are exchanging sensitive information online or storing it on a computer or mobile phone. And individuals associated with high profile rights organizations, dissident, protest, or reform groups are urged to take extra precautions to protect their online identities.
- Anonymizer, a software system that attempts to make network activity untraceable
- Computer surveillance in the workplace
- Cyber spying
- Differential privacy, a method to maximize the accuracy of queries from statistical databases while minimizing the chances of violating the privacy of individuals.
- ECHELON, a signals intelligence (SIGINT) collection and analysis network operated on behalf of Australia, Canada, New Zealand, the United Kingdom, and the United States, also known as AUSCANNZUKUS and Five Eyes
- GhostNet, a large-scale cyber spying operation discovered in March 2009
- List of government surveillance projects
- Mass surveillance
National Security Agency surveillance
- Surveillance by the United States government:
- 2013 mass surveillance disclosures, reports about NSA and its international partners' mass surveillance of foreign nationals and U.S. citizens
- Bullrun (code name), a highly classified NSA program to preserve its ability to eavesdrop on encrypted communications by influencing and weakening encryption standards, by obtaining master encryption keys, and by gaining access to data before or after it is encrypted either by agreement, by force of law, or by computer network exploitation (hacking)
- Carnivore, a U.S. Federal Bureau of Investigation system to monitor email and electronic communications
- COINTELPRO, a series of covert, and at times illegal, projects conducted by the FBI aimed at U.S. domestic political organizations
- Communications Assistance For Law Enforcement Act
- Computer and Internet Protocol Address Verifier (CIPAV), a data gathering tool used by the U.S. Federal Bureau of Investigation (FBI)
- Dropmire, a secret surveillance program by the NSA aimed at surveillance of foreign embassies and diplomatic staff, including those of NATO allies
- Magic Lantern, keystroke logging software developed by the U.S. Federal Bureau of Investigation
- Mass surveillance in the United States
- NSA call database, a database containing metadata for hundreds of billions of telephone calls made in the U.S.
- NSA warrantless surveillance (2001–07)
- NSA whistleblowers: William Binney, Thomas Andrews Drake, Mark Klein, Edward Snowden, Thomas Tamm, Russ Tice
- Spying on United Nations leaders by United States diplomats
- Stellar Wind (code name), code name for information collected under the President's Surveillance Program
- Tailored Access Operations, NSA's hacking program
- Terrorist Surveillance Program, an NSA electronic surveillance program
- Total Information Awareness, a project of the Defense Advanced Research Projects Agency (DARPA)
- TEMPEST, codename for studies of unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment
- Anne Broache. "FBI wants widespread monitoring of 'illegal' Internet activity". CNET. Retrieved 25 March 2014.
- "Is the U.S. Turning Into a Surveillance Society?". American Civil Liberties Union. Retrieved March 13, 2009.
- "Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society". American Civil Liberties Union. January 15, 2003. Retrieved March 13, 2009.
- "Anonymous hacks UK government sites over 'draconian surveillance' ", Emil Protalinski, ZDNet, 7 April 2012, retrieved 12 March 2013
- Hacktivists in the frontline battle for the internet retrieved 17 June 2012
- Diffie, Whitfield; Susan Landau (August 2008). "Internet Eavesdropping: A Brave New World of Wiretapping". Scientific American. Retrieved 2009-03-13.
- "CALEA Archive -- Electronic Frontier Foundation". Electronic Frontier Foundation (website). Retrieved 2009-03-14.
- "CALEA: The Perils of Wiretapping the Internet". Electronic Frontier Foundation (website). Retrieved 2009-03-14.
- "CALEA: Frequently Asked Questions". Electronic Frontier Foundation (website). Retrieved 2009-03-14.
- Kevin J. Connolly (2003). Law of Internet Security and Privacy. Aspen Publishers. p. 131. ISBN 978-0-7355-4273-0.
- American Council on Education vs. FCC, Decision, United States Court of Appeals for the District of Columbia Circuit, 9 June 2006. Retrieved 8 September 2013.
- "Web filtering software". Retrieved 25 March 2014.
- Hill, Michael (October 11, 2004). "Government funds chat room surveillance research". USA Today. Associated Press. Retrieved 2009-03-19.
- McCullagh, Declan (January 30, 2007). "FBI turns to broad new wiretap method". ZDNet News. Retrieved 2009-03-13.
- "First round in Internet war goes to Iranian intelligence", Debkafile, 28 June 2009. (subscription required)
- Story, Louise (November 1, 2007). "F.T.C. to Review Online Ads and Privacy". New York Times. Retrieved 2009-03-17.
- Butler, Don (January 31, 2009). "Are we addicted to being watched?". The Ottawa Citizen (canada.com). Retrieved 26 May 2013.
- Soghoian, Chris (September 11, 2008). "Debunking Google's log anonymization propaganda". CNET News. Retrieved 2009-03-21.
- Joshi, Priyanki (March 21, 2009). "Every move you make, Google will be watching you". Business Standard. Retrieved 2009-03-21.
- "Advertising and Privacy". Google (company page). 2009. Retrieved 2009-03-21.
- "Spyware Workshop: Monitoring Software on Your OC: Spywae, Adware, and Other Software", Staff Report, U.S. Federal Trade Commission, March 2005. Retrieved 7 September 2013.
- Aycock, John (2006). Computer Viruses and Malware. Springer. ISBN 978-0-387-30236-2.
- "Office workers give away passwords for a cheap pen", John Leyden, The Register, 8 April 2003. Retrieved 7 September 2013.
- "Passwords are passport to theft", The Register, 3 March 2004. Retrieved 7 September 2013.
- "Social Engineering Fundamentals, Part I: Hacker Tactics", Sarah Granger, 18 December 2001.
- "Stuxnet: How does the Stuxnet worm spread?". Antivirus.about.com. 2014-03-03. Retrieved 2014-05-17.
- Keefe, Patrick (March 12, 2006). "Can Network Theory Thwart Terrorists?". New York Times. Retrieved 14 March 2009.
- Albrechtslund, Anders (March 3, 2008). "Online Social Networking as Participatory Surveillance". First Monday 13 (3). Retrieved March 14, 2009.
- Fuchs, Christian (2009). Social Networking Sites and the Surveillance Society. A Critical Case Study of the Usage of studiVZ, Facebook, and MySpace by Students in Salzburg in the Context of Electronic Surveillance. Salzburg and Vienna: Forschungsgruppe Unified Theory of Information. ISBN 978-3-200-01428-2. Retrieved March 14, 2009.
- Ethier, Jason (27 May 2006). "Current Research in Social Network Theory". Northeastern University College of Computer and Information Science. Retrieved 15 March 2009.
- Kawamoto, Dawn (June 9, 2006). "Is the NSA reading your MySpace profile?". CNET News. Retrieved 2009-03-16.
- Ressler, Steve (July 2006). "Social Network Analysis as an Approach to Combat Terrorism: Past, Present, and Future Research". Homeland Security Affairs II (2). Retrieved March 14, 2009.
- McNamara, Joel (4 December 1999). "Complete, Unofficial Tempest Page". Retrieved 7 September 2013.
- Van Eck, Wim (1985). "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?". Computers & Security 4: 269–286. doi:10.1016/0167-4048(85)90046-X.
- Kuhn, M.G. (26–28 May 2004). "Electromagnetic Eavesdropping Risks of Flat-Panel Displays". 4th Workshop on Privacy Enhancing Technologies (Toronto): 23–25.
- Asonov, Dmitri; Agrawal, Rakesh (2004), Keyboard Acoustic Emanations (PDF), IBM Almaden Research Center
- Yang, Sarah (14 September 2005), "Researchers recover typed text using audio recording of keystrokes", UC Berkeley News
- Adi Shamir & Eran Tromer. "Acoustic cryptanalysis". Blavatnik School of Computer Science, Tel Aviv University. Retrieved 1 November 2011.
- Jeremy Reimer (20 July 2007). "The tricky issue of spyware with a badge: meet 'policeware'". Ars Technica.
- Hopper, D. Ian (4 May 4, 2001). "FBI's Web Monitoring Exposed". ABC News.
- "Consumer Broadband and Digital Television Promotion Act", U.S. Senate bill S.2048, 107th Congress, 2nd session, 21 March 2002. Retrieved 8 September 2013.
- "Swiss coder publicises government spy Trojan". News.techworld.com. Retrieved 25 March 2014.
- Basil Cupa, Trojan Horse Resurrected: On the Legality of the Use of Government Spyware (Govware), LISS 2013, pp. 419-428
- "FAQ – Häufig gestellte Fragen". Ejpd.admin.ch. 2011-11-23. Retrieved 2014-05-17.
- "Censorship is inseparable from surveillance", Cory Doctorow, The Guardian, 2 March 2012
- "Online Censorship : Ubiquitous Big Brother, witchhunt for dissidents"[dead link], WeFightCensorship.org, Reporters Without Borders, retrieved 12 March 2013
- The Enemies of the Internet Special Edition : Surveillance, Reporters Without Borders, 12 March 2013
- "When Secrets Aren’t Safe With Journalists", Christopher Soghoian, New York Times, 26 October 2011
- Everyone's Guide to By-passing Internet Censorship, The Citizen Lab, University of Toronto, September 2007
- "The NSA Files (Dozens of articles about the U.S. National Security Agency and its spying and surveillance programs)". The Guardian (London). 8 June 2013.
- "Digital Security and Privacy for Human Rights Defenders", by Dmitri Vitaliev, Published by Front Line - The International Foundation for the Protection of Human Rights Defenders, February 2007, updated in late 2009.
- "Media Freedom Internet Cookbook" by the OSCE Representative on Freedom of the Media, Vienna, 2004.
- "Online Survival Kit", We Fight Censorship project of Reporters Without Borders.
- "Selected Papers in Anonymity", Free Haven Project, accessed 16 September 2011.
- "Ten Things to Look for in a Circumvention Tool", Roger Dingledine, The Tor Project, September 2010.
- "Digital Tools to Curb Snooping", New York Times, 17 July 2013.
- Colin Koopman (January 26, 2014), "The Age of ‘Infopolitics’", New York Times