Computer Surveillance

History

In the earlier days of computing and before computers entered the household sphere, computer surveillance was mainly limited to state espionage. Even when computers started to become more mainstream in the 1980s and early 1990s, their isolation from wider networks made computer surveillance difficult. Most malicious software from that period was limited to viruses and worms that would cause harm to the local machine, usually by deleting data or making the operating system inoperable; it was uncommon for a personal computer virus to collect personal information from the user. However, in recent decades, with the expansion of the Internet, computer surveillance has been accomplished using the Internet as the medium to intercept and collect data.

Two factors are considered to have played a determinative role in the rapid expansion of computerized surveillance practices. First, the radical development of information and communication technologies and networked computing devices, which was made possible due to the increasing availability of inexpensive and efficient data storage. The second factor that has contributed to what is often characterized as a “surveillance society” was the creation of a culture of fear for terrorism, especially after the attacks in New York, Madrid, and London in 2001, 2004, and 2005, respectively.

Main Agents of Computer Surveillance

State Computer Surveillance

States have the financial and technical resources to establish powerful surveillance systems that can gather information from computer devices and their online activities across the world. They gain their legitimacy usually for national security reasons; however, most of the details on how those surveillance scheme projects actually work remain under secrecy. This has changed to a great extent since Edward Snowden’s revelations in June 2013 on global surveillance practices.

Snowden, an American and former National Security Agency (NSA) contractor, with the collaboration of the Guardian, The Washington Post, Der Spiegel, and a number of other media outlets, revealed—and importantly attested—the extent of the American, British, and other intelligence agencies’ surveillance activities. The published material that Snowden leaked to the media demonstrated a vast range of state surveillance programs, such as PRISM, Tempora, and Xkeyscore, which allowed the systematic interception, storage, and analysis of various types of stored and real-time electronic communications of both U.S. and non-U.S. citizens, including mass online, mobile, and landline telephone surveillance, covering nearly all possible communicative transactions.

Workplace Computer Surveillance

Marketing Computer Surveillance

The gathering of information derived from user-generated content for marketing, economic, and targeted advertising purposes is probably the most common type of computer surveillance today. This is very apparent in the cases of very large corporations that dominate the Internet. For example, since 2012, Google maintains a unified privacy policy for all its offered services. This means that data deriving from users’ search queries and analysis of their activities in all of Google’s services (e.g., email, Google+, YouTube) construct invaluable personal marketing profiles for each one of their users. These data are then used to offer personalized search results and ads. Similarly, Facebook uses the information its users voluntarily upload to offer personalized ads and sells these data to third-party entities such as application developers. With the widespread use of smartphones and tablets, economic surveillance on corporate Internet services and social media has seen an enormous growth. Smartphone users often install mobile applications with controversial and obscure privacy policies without first reviewing them. These applications may take advantage of the huge pool of personal information contained in a smartphone device, such as geolocation, contacts, personal and device ID, text messages, Internet history, or even emails and stored passwords.

Industrial and Economic Espionage

The systematic computer surveillance of information by a corporation about an entity ranging from a person to a country constitutes what is called industrial and economic espionage. This type of surveillance primarily aims to protect or to promote corporations’ interests. The information collected for such purposes may or may not come from the same data pools as the marketing computer surveillance. However, instead of being used for personal advertisement or aggregated marketing reports, they are being specifically targeted at activists, advocacy groups, or competing companies. The 2013 Snowden disclosures revealed that corporate surveillance has strong ties with state surveillance, as there seems to be a great amount of information exchange between those two agents.

Main Computer Surveillance Strategies

Data Retention

Following the terrorist attacks in the United States and Europe, many countries developed data retention laws that demand all telecommunication providers to retain all of their customers’ and users’ traffic and location metadata for a specific period of time. These metadata concern all Internet, mobile, and landline communications and may include information such as Internet Protocol (IP) address, time of activity, type of activities performed including websites visited or persons called, location, and details about hardware, software, and operating system. Law enforcement authorities (police or national intelligence services) can then have access to these data, on request, for the purposes of investigating, detecting, and prosecuting criminal activities.

Data retention laws have sparked an international debate not only for their legality and proportionality but also for their necessity and efficiency, in the pursuit of illegal acts and terrorism. As a result of this debate and in a phenomenal decision in April 2014, the Court of Justice of the European Union declared the European Data Retention Directive of 2006 invalid and emphasized its serious violations of various fundamental human rights, such as the right to privacy.

Deep Packet Inspection

By their nature, DPI practices are hard or impossible to account for and control. Although many of its commercial or public applications entail neutral aspects of computer surveillance (e.g., network management and crime investigations), many negative ones have been extensively documented. In the recent uprisings of various parts of the Arab world, for example, DPI technologies were used for sociopolitical control of the revolts, by either censoring their electronic communications or even altering them, in an effort to cause disinformation.

Social Media Analysis

With the fast proliferation of the various social media, Internet users started disclosing more information online than ever. Facebook rapidly attracted hundreds of millions of members, while Twitter has become a global online public opinion and debate tool. Policing agencies and corporate interests found an unprecedented amount of personal information deriving voluntarily from individuals themselves. The collected information can be analyzed to map almost every aspect of a person’s (online) life, such as interests, habits, whereabouts, friendships, beliefs, and so on. Complex algorithms are being developed and tested using predictive analytics, the science behind efforts to predict human behavior. Both the NSA in the United States and Government Communications Headquarters in the United Kingdom are investing a lot of resources on social media analysis and surveillance. Social media analysis is an area that attracts much interest from commercial bodies as well, given the fact that it is a rich source of information that can be used for marketing and advertising purposes. The way of obtaining information varies: Companies can buy data directly from social media services, collect them through social media third party applications, or run custom data mining software.

Malicious Software and Software Vulnerability

Another common surveillance strategy concerns the installation of malicious software, developed by individuals or marketed to law enforcement agencies by corporations. As an example, Finfisher, also known as Finspy, developed by the corporation Gamma International UK Ltd., is a sophisticated surveillance tool that is compatible with most common computer and mobile operating systems, such as Windows, Mac OSX, Linux, Android, iOS, and BlackBerry OS. The software can be installed on site or even remotely by the law enforcement agencies, without the user’s consent, and can bypass (certain) antivirus systems; establish covert communication with headquarters; monitor Skype communications; record most common communication like email, chats, and voice-over-IP; enable live surveillance through webcam and microphone; trace the location of the targeted individual; silently extract files from the hard disk; log keystrokes; conduct live remote forensics on target systems; and use advanced filters to record only important information.

Published evidence suggests that such software has been sold even to governments with a questionable democratic state and a long history of political repression and criminalization of speech. Against corporations’ claims that this kind of software is being used by law intelligence services solely for the surveillance of illegal activities, evidence suggests that in certain countries, it has been used against political activists, with no criminal records or record of wrongdoings.

Physical Access Computer Surveillance

In addition, scientific research has shown that under certain conditions, it is possible to surveil a computer’s communications by intercepting the electromagnetic signals that its display transmits. These signals can then be translated to meaningful, readable information. Other researchers were able to recover text typed on a computer device, by simply analyzing the sound generated by the keystrokes.

Social and Political Implications of Computer Surveillance

Stories around contemporary computer surveillance practices are being covered by different kinds of mainstream and alternative media and play a significant role in modifying citizens’ level of awareness, understanding, and perceptions around privacy, data protection, security, and surveillance. This results in the instillation of fear and insecurity within a society, which may negatively influence important societal values, such as individual freedom, autonomy, solidarity, equality, nondiscrimination, trust, and the rule of law. Importantly, there is the concern that citizens may feel that their privacy is being violated, which can lead to a kind of self-censorship, known as a “chilling effect.” Such values are of paramount importance for the structure of a democratic system and the support of key democratic processes, such as the creation of associations, political interests, constructive and alternative ideas, and the raising of criticism.

The June 2013 revelations on state surveillance programs by Snowden have undoubtedly caused a major shift in how people perceive computer surveillance. Until then, little was known about how these clandestine operations worked, and any information about them was usually treated as speculative and without evidence or even dismissed as conspiracy theory or mere rumor. Snowden’s exposure of NSA, Government Communications Headquarter, and other intelligence agencies’ operations revealed their deep-rooted level as well as their ties with corporate information giants such as Google, Facebook, and Microsoft. These revelations reintensified the debate about the consequences of digital technology and the value of privacy, with their long-term implications yet to be determined.

Protection Against Computer Surveillance

Technical Strategies

There are numerous ways to protect privacy in an increasing surveillance society. Although achieving a completely secure computer environment or communication is very difficult to guarantee, today there are tools and practices offering a significant level of protection for storing or transmitting private data. One of the fundamental aspects of computer security is the protection against malicious software and external networked intrusions. Antivirus, antispyware, and firewall software is, thus, one way by which an individual can be protected from such exploits.

Furthermore, data encryption is a method that the military has been using for many decades to ensure that delivered messages will be read only by the authorized recipient. Today, sophisticated implementations of encryption technology are openly available to the wider public. Some are being used to encrypt local files, or to secure connections between servers and clients like the Secure Sockets Layer and the more recent Transport Layer Security cryptographic protocols, or to protect the confidentiality of communications in emails, such as the Pretty Good Privacy software.

Because proprietary operating systems and software have been found to entail security vulnerabilities or even backdoors to law enforcement agencies, open source software is yet another strategy for the protection of privacy. The important, distinct characteristic of open source software is that its code can be reviewed by developer communities—or by any citizen—for the tracking of vulnerabilities and potential malicious scripts.

Political and Legal Strategies

Computer surveillance practices, to a large extent, come about with a crisis of accountability and lack of transparency. In this sense, restoring these two essential democratic elements is another strategy. This could be done, for instance, by the establishment of parliamentary or congressional oversight committees, which would be led by members of the opposition and that would include a vast range of social actors. The 2013 Snowden revelations have shown that legal safeguards per se do not constitute a real protection against preemptive mass surveillance, as many of the surveillance practices were actually enabled by secret laws while others were being conducted outside the law. Therefore, the legislative process should open up to truly democratic processes that will take into consideration not only the interests of states and corporations but also those of the broader public.

Educational and Advocacy Strategies

Although there are several countersurveillance and privacy protection strategies available, their partial or full adoption by citizens and companies is still limited. The latter can mainly be attributed to lack of awareness and/or the significant technical knowledge and time investment that is demanded to efficiently employ some of these strategies (e.g., email encryption). New educational strategies can be implemented that will increase the level of awareness of citizens about not only the dangers that are entailed in surveillance but also the political, social, and legal implications that can arise. Also, developers can be encouraged to employ a privacy-by-design approach, which could facilitate the shifting of these challenges. Organizations and groups like the Electronic Frontier Foundation and WikiLeaks have aided, so far, in countersurveillance efforts by engaging in legal battles or exposing related classified documents. Nonetheless, critical citizens, advocacy groups, privacy and data protection experts, and policymakers could contribute even more in the increasing of transparency and accountability by closely observing and documenting private and public surveillance developments.

Dimitris Tsapogas and Vassilis Routsis

See also Corporate Surveillance ; Global Surveillance ; Surveillance, Theories of ; Work Surveillance

Further Readings

Acquisti, Alessandro,et al., eds. Digital Privacy: Theory, Technologies and Practices. Boca Raton, FL: Auerbach, 2008.

Fuchs, Christian. “Societal and Ideological Impacts of Deep Packet Inspection Internet Surveillance.” Information, Communication and Society, v.16/8 (2013).

Greenwald, Glenn. “NSA Collecting Phone Records of Millions of Verizon Customers Daily.” The Guardian (June 6, 2013). http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order (Accessed November 2014).

Macaskill, Ewen and Gabriel Dance. “NSA Files: Decoded. What the Revelations Mean for You.” The Guardian (November 1, 2013). http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded#section/1 (Accessed November 2014).

https://citizenlab.ca/storage/finfisher/final/fortheireyesonly.pdf (Accessed November 2014).