Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organisations, such as organizations like the NSA and the FBI,
but it may also be carried out by corporations (either on behalf of
governments or at their own initiative). Depending on each nation's laws
and judicial systems, the legality of and the permission required to
engage in mass surveillance varies. It is the single most indicative
distinguishing trait of totalitarian regimes. It is also often distinguished from targeted surveillance.
Mass surveillance has often been cited as necessary to fight terrorism, prevent crime and social unrest, protect national security, and control the population. Conversely, mass surveillance has equally often been criticized for violating privacy rights, limiting civil and political rights and freedoms, and being illegal under some legal or constitutional systems. Another criticism is that increasing mass surveillance could lead to the development of a surveillance state or an electronic police state where civil liberties are infringed or political dissent is undermined by COINTELPRO-like programs. Such a state could be referred to as a totalitarian state.
In 2013, the practice of mass surveillance by world governments was called into question after Edward Snowden's 2013 global surveillance disclosure. Reporting based on documents Snowden leaked to various media outlets triggered a debate about civil liberties and the right to privacy in the Digital Age. Mass surveillance is considered a global issue.
Mass surveillance has often been cited as necessary to fight terrorism, prevent crime and social unrest, protect national security, and control the population. Conversely, mass surveillance has equally often been criticized for violating privacy rights, limiting civil and political rights and freedoms, and being illegal under some legal or constitutional systems. Another criticism is that increasing mass surveillance could lead to the development of a surveillance state or an electronic police state where civil liberties are infringed or political dissent is undermined by COINTELPRO-like programs. Such a state could be referred to as a totalitarian state.
In 2013, the practice of mass surveillance by world governments was called into question after Edward Snowden's 2013 global surveillance disclosure. Reporting based on documents Snowden leaked to various media outlets triggered a debate about civil liberties and the right to privacy in the Digital Age. Mass surveillance is considered a global issue.
By country
Privacy International's
2007 survey, covering 47 countries, indicated that there had been an
increase in surveillance and a decline in the performance of privacy
safeguards, compared to the previous year. Balancing these factors,
eight countries were rated as being 'endemic surveillance societies'. Of
these eight, China, Malaysia and Russia scored lowest, followed jointly by Singapore and the United Kingdom, then jointly by Taiwan, Thailand and the United States. The best ranking was given to Greece, which was judged to have 'adequate safeguards against abuse'.
Many countries throughout the world have already been adding thousands of surveillance cameras to their urban, suburban and even rural areas. For example, in September 2007 the American Civil Liberties Union
(ACLU) stated that we are "in danger of tipping into a genuine
surveillance society completely alien to American values" with "the
potential for a dark future where our every move, our every transaction,
our every communication is recorded, compiled, and stored away, ready
to be examined and used against us by the authorities whenever they
want."
On 12 March 2013, Reporters Without Borders published a Special report on Internet Surveillance.
The report included a list of "State Enemies of the Internet",
countries whose governments are involved in active, intrusive
surveillance of news providers, resulting in grave violations of freedom
of information and human rights. Five countries were placed on the
initial list: Bahrain, China, Iran, Syria, and Vietnam.
Bahrain
Bahrain
is one of the five countries on Reporters Without Borders' March 2013
list of "State Enemies of the Internet", countries whose governments are
involved in active, intrusive surveillance of news providers, resulting
in grave violations of freedom of information and human rights. The
level of Internet filtering and surveillance in Bahrain is one of the
highest in the world. The royal family is represented in all areas of
Internet management and has sophisticated tools at its disposal for
spying on its subjects. The online activities of dissidents and news
providers are closely monitored and the surveillance is increasing.
China
China
is one of the five countries on Reporters Without Borders' March 2013
list of "State Enemies of the Internet", countries whose governments are
involved in active, intrusive surveillance of news providers, resulting
in grave violations of freedom of information and human rights. All
Internet access in China is owned or controlled by the state or the Communist Party.
Many foreign journalists in China have said that they take for granted
that their telephones are tapped and their email is monitored.
The tools put in place to filter and monitor the Internet are collectively known as the Great Firewall of China.
Besides the usual routing regulations that allow access to an IP
address or a particular domain name to be blocked, the Great Firewall
makes large-scale use of Deep Packet Inspection
(DPI) technology to monitor and block access based on keyword
detection. The Great Firewall has the ability to dynamically block encrypted connections. One of the country's main ISPs, China Unicom, automatically cuts a connection as soon as it is used to transmit encrypted content.
The monitoring system developed by China is not confined to the
Great Firewall, monitoring is also built into social networks, chat
services and VoIP. Private companies are directly responsible to the
Chinese authorities for surveillance of their networks to ensure banned
messages are not circulated. The QQ application, owned by the firm
Tencent, allows the authorities to monitor in detail exchanges between
Internet users by seeking certain keywords and expressions. The author
of each message can be identified by his or her user number. The QQ
application is effectively a giant Trojan horse. And since March 2012,
new legislation requires all new users of micro-blogging sites to
register using their own name and telephone number.
Skype,
one of the world's most popular Internet telephone platforms, is
closely monitored. Skype services in China are available through a local
partner, the TOM media group. The Chinese-language version of Skype,
known as TOM-Skype, is slightly different from the downloadable versions in other countries. A report by OpenNet Initiative Asia
says everyday conversations are captured on servers. Interception and
storage of a conversation may be triggered by a sender's or recipient's
name or by keywords that occur in the conversation.
On 30 January, the New York Times
reported that it had been the target of attacks by the Chinese
government. The first breach took place on 13 September 2012 when the
newspaper was preparing to publish an article about the fortune amassed
by the family of outgoing Prime Minister Wen Jiabao.
The newspaper said the purpose of attacks was to identify the sources
that supplied the newspaper with information about corruption among the
prime minister's entourage. The Wall Street Journal and CNN also said they had been the targets of cyber attacks from China. In February, Twitter
disclosed that the accounts of some 250,000 subscribers had been the
victims of attacks from China similar to those carried out on the New York Times.
Mandiant, the company engaged by the NYT to secure its network,
identified the source of the attacks as a group of hackers it called
Advanced Persistent Threat 1, a unit of the People's Liberation Army
operating from a 12-story building in the suburbs of Shanghai that had
hundreds, possibly thousands, of staff and the direct support of the
Chinese government.
The newest form of mass surveillance in China is the Social Credit System, where citizens and businesses are given or deducted good behavior points depending on their choices.
According to UK-based technology research organization, Comparitech, a city in China called Chongqing
is the most surveilled city in the entire world, with 2.5m cameras
watching over almost 15.35 million people. As per the data accumulated,
the Chinese city beats Shanghai, Beijing, and Shenzhen, in terms of mass surveillance in China.
East Germany
Before the Digital Revolution, one of the world's biggest mass surveillance operations was carried out by the Stasi, the secret police of the former East Germany.
By the time the state collapsed in 1989, the Stasi had built up an
estimated civilian network of 300,000 informants (approximately one in
fifty of the population), who monitored even minute hints of political
dissent among other citizens. Many West Germans
visiting friends and family in East Germany were also subject to Stasi
spying, as well as many high-ranking West German politicians and persons
in the public eye.
Most East German citizens were well aware that their government
was spying on them, which led to a culture of mistrust: touchy political
issues were only discussed in the comfort of their own four walls and
only with the closest of friends and family members, while widely
maintaining a façade of unquestioning followership in public.
European Union
The right to privacy is a highly developed area of law in Europe. The Data Protection Directive regulates the processing of personal data within the European Union.
For comparison, the US has no data protection law that is comparable to
this; instead, the US regulates data protection on a sectoral basis.
Since early 2012, the European Union has been working on a General Data Protection Regulation to replace the Data Protection Directive and harmonise data protection and privacy law. On 20 October 2013, a committee at the European Parliament
backed the measure, which, if it is enacted, could require American
companies to seek clearance from European officials before complying
with United States warrants seeking private data. The vote is part of
efforts in Europe to shield citizens from online surveillance in the
wake of revelations about a far-reaching spying program by the U.S. National Security Agency.
European Union justice and rights commissioner Viviane Reding said "The
question has arisen whether the large-scale collection and processing
of personal information under US surveillance programmes is necessary
and proportionate to meet the interests of national security." The EU is
also asking the US for changes to US legislation to match the legal
redress offered in Europe; American citizens in Europe can go to the
courts if they feel their rights are infringed but Europeans without
right of residence in America cannot. When the EU / US arrangement to implement International Safe Harbor Privacy Principles were struck down by the European Court of Justice, a new framework for transatlantic data flows, called the "EU-US Privacy Shield", was adopted in July 2016.
In April 2014, the European Court of Justice declared invalid the EU Data Retention Directive. The Court said it violates two basic rights - respect for private life and protection of personal data. The legislative body of the European Union passed the Data Retention Directive
on 15 December 2005. It requires that telecommunication operators
retain metadata for telephone, Internet, and other telecommunication
services for periods of not less than six months and not more than two
years from the date of the communication as determined by each EU member
state and, upon request, to make the data available to various
governmental bodies. Access to this information is not limited to
investigation of serious crimes, nor is a warrant required for access.
Undertaken under the Seventh Framework Programme for research and technological development (FP7 - Science in Society) some multidisciplinary and mission oriented mass surveillance activities (for example INDECT and HIDE) were funded by the European Commission in association with industrial partners.
The INDECT Project ("Intelligent information system supporting
observation, searching and detection for security of citizens in urban
environment")
develops an intelligent urban environment observation system to
register and exchange operational data for the automatic detection,
recognition and intelligent processing of all information of abnormal behaviour or violence.
The main expected results of the INDECT project are:
- Trial of intelligent analysis of video and audio data for threat detection in urban environments,
- Creation of tools and technology for privacy and data protection during storage and transmission of information using quantum cryptography and new methods of digital watermarking,
- Performing computer-aided detection of threats and targeted crimes in Internet resources with privacy-protecting solutions,
- Construction of a search engine for rapid semantic search based on watermarking of content related to child pornography and human organ trafficking,
- Implementation of a distributed computer system that is capable of effective intelligent processing.
HIDE ("Homeland Security, Biometric Identification & Personal Detection Ethics") was a research project funded by the European Commission within the scope of the Seventh RTD Framework Programme (FP7). The consortium, coordinated by Emilio Mordini, explored the ethical and privacy implications of biometrics
and personal detection technologies, focusing on the continuum between
personal detection, authentication, identification and mass
surveillance.
Germany
In 2002 German citizens were tipped off about wiretapping when a software error led to a phone number allocated to the German Secret Service being listed on mobile telephone bills.
India
The Indian parliament passed the Information Technology Act
of 2008 with no debate, giving the government fiat power to tap all
communications without a court order or a warrant. Section 69 of the act
states "Section 69 empowers the Central Government/State Government/
its authorized agency to intercept, monitor or decrypt any information
generated, transmitted, received or stored in any computer resource if
it is necessary or expedient so to do in the interest of the sovereignty
or integrity of India, defence of India, security of the State,
friendly relations with foreign States or public order or for preventing
incitement to the commission of any cognizable offence or for
investigation of any offence."
India is setting up a national intelligence grid called NATGRID,
which would be fully set up by May 2011 where each individual's data
ranging from land records, Internet logs, air and rail PNR, phone
records, gun records, driving license, property records, insurance, and
income tax records would be available in real time and with no
oversight. With a UID from the Unique Identification Authority of India
being given to every Indian from February 2011, the government would be
able track people in real time. A national population registry of all
citizens will be established by the 2011 census, during which
fingerprints and iris scans would be taken along with GPS records of
each household.
As per the initial plan, access to the combined data will be given to 11 agencies, including the Research and Analysis Wing, the Intelligence Bureau, the Enforcement Directorate, the National Investigation Agency, the Central Bureau of Investigation, the Directorate of Revenue Intelligence and the Narcotics Control Bureau.
Several states within India have already installed CCTV
surveillance systems with face matching capabilities using biometrics in
Aadhaar.
Andhra Pradesh and Telangana are using information linked with Aadhaar
across different agencies to create a 360-degree profile of a person,
calling it the Integration Information Hub. Other states are now
planning to follow this model.
Iran
Iran
is one of the five countries on Reporters Without Borders' March 2013
list of "State Enemies of the Internet", countries whose governments are
involved in naturally active efforts to news providers . The government
runs or controls almost all of the country's institutions for
regulating, managing or legislating on telecommunications. The Supreme
Council for Cyberspace, which was headed by President Ahmadinejad,
was established in March 2012 and now determines digital policy. The
construction of a parallel "Iranian Internet", with a high connection
speed but fully monitored and censored, is almost complete.
The tools used by the Iranian authorities to monitor and control the Internet include data interception tools capable of Deep Packet Inspection. Interception products from leading Chinese companies such as ZTE and Huawei are in use. The products provided by Huawei to Mobin Net,
the leading national provider of mobile broadband, can be used to
analyze email content, track browsing history and block access to sites.
The products that ZTA sold to the Telecommunication Company of Iran
(TCI) offer similar services plus the possibility of monitoring the
mobile network. European companies are the source of other spying and
data analysis tools. Products designed by Ericsson and Nokia Siemens Networks (later Trovicor) are in use. These companies sold SMS interception and user location products to Mobile Communication Company of Iran and Irancell, Iran's two biggest mobile phone companies, in 2009 and they were used to identify Iranian citizens during the post-election uprising
in 2009. The use of Israeli surveillance devices has also been detected
in Iran. The network traffic management and surveillance device
NetEnforcer was provided by Israel to Denmark and then resold to Iran.
Similarly, US equipment has found its way to Iran via the Chinese
company ZTE.
Malaysia
In
July 2018, the Malaysian police announced the creation of the Malaysian
Internet Crime Against Children Investigation Unit (Micac) that is
equipped with real-time mass internet surveillance software developed in
the United States and is tasked with the monitoring of all Malaysian
internet users, with a focus on pornography and child pornography. The
system creates a "data library" of users which includes details such as
IP addresses, websites, locations, duration and frequency of use and
files uploaded and downloaded.
Mexico
After
struggling with drug trafficking and criminal groups for decades Mexico
has been strengthening their military mass surveillance. Approximately
half of the population in Mexico does not support democracy as a form of
government, and believe an authoritarian system is better if social
matters are solved through it.
The relevance of these political beliefs may make it easier for mass
surveillance to take spread within the country. "This does not
necessarily mean the end of democratic institutions as a whole—such as
free elections or the permanence of critical mass media—but it means
strengthening the mechanisms for exercising power that exclude dialogue,
transparency and social agreement." Developing intelligence agencies has been on Mexico's radar for a while for means of security.
Netherlands
According
to a 2004 report, the government of the Netherlands carries out more
clandestine wire-taps and intercepts than any country, per capita, in
the world.
The Dutch military intelligence service MIVD operates a satellite
ground station to intercept foreign satellite links and also a facility
to eavesdrop on foreign high-frequency radio traffic.
North Korea
Having attained the nickname 'surveillance state', North Korea's
government has complete control over all forms of telecommunications and
Internet. It is routine to be sent to a prison camp for communicating
with the outside world. The government enforces restrictions around the
types of appliances North Koreans may own in their home, in case radio
or TV sets pick up signals from nearby South Korea, China and Russia.
There is no attempt to mask the way this government actively spies on
their citizens. In North Korea, an increasing number of citizens do have
smartphones. However, these devices are heavily controlled and are
being used to censor and observe everything North Koreans do on their
phones. Reuters reported in 2015 that Koryolink, North Korea's official
mobile phone network, has around 3 million subscribers in a country of
24 million. Obviously, in order to have digital data to draw from, the
citizens must have access to phones and other things online.
Russia
The SORM (and SORM-2) laws enable complete monitoring of any communication, electronic or traditional, by eight state agencies, without warrant. These laws seem to be in conflict with Article 23 of the Constitution of Russia which states:
- Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
- Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
In 2015, the European Court for Human Rights ruled that the legislation violated Article 8 of the European Convention on Human Rights (Zakharov v. Russia).
Yarovaya Law required storage and unconditional access to private communication data for law enforcement.
Singapore
Singapore is known as a city of sensors. Singapore's surveillance structure spreads widely from Closed-circuit television in public areas even around the neighbourhood, internet monitoring/ traffic monitoring and to the use of surveillance metadata for government initiatives. In Singapore,
SIM card registration is mandatory even for prepaid card. Singapore's
government have the rights to access communication data. Singapore's
largest telecompany, Singtel,
has close relations to the government and Singapore's laws are broadly
phrased to allow the government to obtain sensitive data such as
text-messages, email, call logs and web surfing history from its people
without the need for court permission.
The installation of mass surveillance cameras in Singapore is an effort to act as a deterrence not only for terror attacks but also for public security such as loan sharks, illegal parking and more. As part of Singapore's Smart Nation
initiative to build a network of sensors to collect and connect data
from city life (including the citizen's movement), the Singapore
government rolled out 1000 sensors ranging from computer chips to
surveillance cameras, to track almost everything in Singapore from air quality to public safety in 2014.
In 2016, in a bid to increase security, the Singapore Police Force installed 62,000 police cameras in 10,000 Housing and Development Board (HDB) blocks covering the lifts and multi-storey car parks.
With rising security concerns, the number of CCTV cameras in public
areas such as monitoring of the public transport system and commercial/
government buildings in Singapore is set to increase.
In 2018, the Singapore
government would be rolling out new and more advanced surveillance
systems. Starting with Singapore's maritime borders, new panoramic
electro-optic sensors will be put in place on the north and south
coasts, monitoring a 360-degree view of the area. A tethered unmanned aerial vehicle
(UAV) will also be operational, which can be used during search and
rescue operations including hostage situations and public order
incidents.
Spain
According to a 2017 report by Privacy International, Spain may be part of a group of 21 European countries that is withholding information, also known as data retention.
In 2014, many defense lawyers tried to overturn multiple cases that
used mass storage as their evidence to convict, according to the European Agency for Fundamental Rights.
Sweden
Prior to 2009, the National Defence Radio Establishment (FRA) was limited to wireless signals intelligence (SIGINT), although it was left largely unregulated. In December 2009, new legislation went into effect, allowing the FRA to monitor cable bound signals passing the Swedish border.
Communications service providers are legally required, under
confidentiality, to transfer cable communications crossing Swedish
borders to specific "interaction points", where data may be accessed
after a court order.
The FRA has been contested since the change in its legislation,
mainly because of the public perception the change would enable mass
surveillance. The FRA categorically deny this allegation, as they are not allowed to initialize any surveillance on their own, and has no direct access to communication lines. All SIGINT has to be authorized by a special court and meet a set of narrow requirements, something Minister for Defence Sten Tolgfors have been quoted as saying, "should render the debate on mass surveillance invalid."
Due to the architecture of Internet backbones in the Nordic area, a
large portion of Norwegian and Finnish traffic will also be affected by
the Swedish wiretapping.
Syria
Syria
is one of the five countries on Reporters Without Borders' March 2013
list of "State Enemies of the Internet", countries whose governments are
involved in active, intrusive surveillance of news providers, resulting
in grave violations of freedom of information and human rights. Syria
has stepped up its web censorship and cyber-monitoring as the country's civil war has intensified. At least 13 Blue Coat proxy servers are in use, Skype calls are intercepted, and social engineering techniques, phishing, and malware attacks are all in use.
Turkey
The failed coup attempt 15 June 2016 led to an authoritarian shift that uses mass surveillance to suppress opposite views. Digital surveillance
is part of everyday life due to the box the government puts the Turkish
citizens in. They have a digital and physical strong hold over any
knowledge that goes against their regime. Today, the surveillance of
academicians goes along with the state's oppression in Turkey. It is
hard to say what will happen in the next few years in Turkey as they
become increasingly more authoritarian. The centralization of state
power along with digitalization expands the scope of the state
surveillance. The digitalization and the centralization of state power
are closely related to the regime of power that becomes prominent in
this conjuncture.
National security and terrorism are Turkey's main explanations to the
world on this topic, although there is clearly more happening there.
According to the report of Human Rights Joint Platform published on 23
February 2017, during the nine months period of the state of emergency,
the number of dismissed academicians reached 4,811, increasing to 7,619
with the addition of academicians who were working in the universities
closed after the failed coup attempt. The extended surveillance in Turkey helped them to control the population at a massive scale.
United Arab Emirates
In October 2016, The Intercept
released a report detailing the experience of an Italian security
researcher Simone Margaritelli, of allegedly being hired for mass
surveillance operations run by United Arab Emirates. According to Margaritelli, he was called for an interview with the Abu Dhabi-based cybersecurity firm called DarkMatter.
Margaritelli says he declined the offer and instead wrote a blog post
titled “How the United Arab Emirates Intelligence Tried to Hire Me to
Spy on Its People”. In response to The Intercept inquiries, DarkMatter
responded by stating: “No one from DarkMatter or its subsidiaries have
ever interviewed Mr. Margaritelli.” Kevin Healy, director of
communications for DarkMatter, wrote in an email responding to The
Intercept that the man Margaritelli says interviewed him was previously
only an advisory consultant to DarkMatter and is currently no longer an
advisor to the company. Dark Matter responded by saying “While we
respect an author’s right to express a personal opinion, we do not view
the content in question as credible, and therefore have no further
comment.”
In January 2019, Reuters released a detailed account of a 2014 state-surveillance operation – dubbed as Project Raven – led by the United Arab Emirates with the help of former NSA officials like Lori Stroud, an ex-NSA cyberspy. Counter-terrorism strategy was the primary motive of setting up the unit. However, soon the project began being used as a surveillance program to spy on rival leaders, critical dissidents and journalists.
In December 2019, Google Play Store and Apple App Store removed an Emirati messaging application called ToTok following allegations that it was a state surveillance application, according to The New York Times report.
The application's privacy policy clearly stated that it may share
personal data of the users with “regulatory agencies, law enforcement,
and other lawful access requests.” The allegations were denied by the
co-founders of ToTok, Giacomo Ziani and Long Ruan, respectively. The
application was restored on Google Play Store later on.
United Kingdom
State surveillance in the United Kingdom
has formed part of the public consciousness since the 19th century. The
postal espionage crisis of 1844 sparked the first panic over the
privacy of citizens. However, in the 20th century, electronic surveillance capabilities grew out of wartime signal intelligence and pioneering code breaking. In 1946, the Government Communications Headquarters (GCHQ) was formed. The United Kingdom and the United States signed the bilateral UKUSA Agreement
in 1948. It was later broadened to include Canada, Australia and New
Zealand, as well as cooperation with several "third-party" nations. This
became the cornerstone of Western intelligence gathering and the "Special Relationship" between the UK and the USA.
After the growth of the Internet and development of the World Wide Web, a series of media reports in 2013 revealed more recent programs and techniques involving GCHQ, such as Tempora.
The use of these capabilities is controlled by laws made in the UK Parliament.
In particular, access to the content of private messages (that is,
interception of a communication) must be authorized by a warrant signed
by a Secretary of State. In addition European Union data privacy law applies in UK law. The UK exhibits governance and safeguards as well as use of electronic surveillance.
The Investigatory Powers Tribunal,
a judicial oversight body for the intelligence agencies, ruled in
December 2014 that the legislative framework in the United Kingdom does
not breach the European Convention on Human Rights. However, the Tribunal stated in February 2015 that one particular aspect, the data sharing arrangement that allowed UK Intelligence services to request data from the US surveillance programs Prism and Upstream,
had been in contravention of human rights law prior to this until two
paragraphs of additional information, providing details about the
procedures and safeguards, were disclosed to the public in December
2014.
In its December 2014 ruling, the Investigatory Powers Tribunal
found that the legislative framework in the United Kingdom does not
permit mass surveillance and that while GCHQ collects and analyses data
in bulk, it does not practice mass surveillance. A report on Privacy and Security published by the Intelligence and Security Committee of Parliament
also came to this view, although it found past shortcomings in
oversight and said the legal framework should be simplified to improve
transparency. This view is supported by independent reports from the Interception of Communications Commissioner. However, notable civil liberties groups continue to express strong views to the contrary and plan to appeal the ruling to the European Court of Human Rights, while others have criticised these viewpoints in turn.
The Regulation of Investigatory Powers Act 2000
(RIP or RIPA) is a significant piece of legislation that granted and
regulated the powers of public bodies to carry out surveillance and
investigation.
In 2002 the UK government announced plans to extend the Regulation of
Investigatory Powers Act so that at least 28 government departments
would be given powers to access metadata about citizens' web, e-mail, telephone and fax records, without a warrant and without a subject's knowledge.
The Protection of Freedoms Act 2012
includes several provisions related to controlling and restricting the
collection, storage, retention, and use of information in government
databases.
Supported by all three major political parties, the UK Parliament passed the Data Retention and Investigatory Powers Act in July 2014 to ensure police and security services retain existing powers to access phone and Internet records.
This was superseded by the Investigatory Powers Act 2016,
a comprehensive statute which made public a number of previously secret
powers (equipment interference, bulk retention of metadata,
intelligence agency use of bulk personal datasets), and enables the
Government to require internet service providers and mobile phone
companies to maintain records of (but not the content of) customers'
Internet connections for 12 months. In addition, it created new
safeguards, including a requirement for judges to approve the warrants
authorised by a Secretary of State before they come into force. The Act was informed by two reports by David Anderson QC, the UK's Independent Reviewer of Terrorism Legislation: A Question of Trust (2015) and the report of his Bulk Powers Review (2016),
which contains a detailed appraisal (with 60 case studies) of the
operational case for the powers often characterised as mass
surveillance. It may yet require amendment as a consequence of legal
cases brought before the Court of Justice of the European Union and the European Court of Human Rights.
Many advanced nation-states have implemented laws that partially protect citizens from unwarranted intrusion, such as the Human Rights Act 1998 and Data Protection Act 1998 in the United Kingdom, and laws that require a formal warrant before private data may be gathered by a government.
The vast majority of video surveillance cameras in the UK are not
operated by government bodies, but by private individuals or companies,
especially to monitor the interiors of shops and businesses. According
to 2011 Freedom of Information Act requests, the total number of local government operated CCTV cameras was around 52,000 over the entirety of the UK. The prevalence of video surveillance in the UK is often overstated due to unreliable estimates being requoted;
for example one report in 2002 extrapolated from a very small sample to
estimate the number of cameras in the UK at 4.2 million (of which
500,000 in London).
More reliable estimates put the number of private and local government
operated cameras in the United Kingdom at around 1.85 million in 2011.
United States
Historically, mass surveillance was used as part of wartime
censorship to control communications that could damage the war effort
and aid the enemy. For example, during the world wars, every
international telegram from or to the United States sent through
companies such as Western Union was reviewed by the US military. After the wars were over, surveillance continued in programs such as the Black Chamber following World War I and project Shamrock following World War II. COINTELPRO
projects conducted by the U.S. Federal Bureau of Investigation (FBI)
between 1956 and 1971 targeted various "subversive" organizations,
including peaceful anti-war and racial equality activists such as Albert Einstein and Martin Luther King Jr.
Billions of dollars per year are spent, by agencies such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), to develop, purchase, implement, and operate systems such as Carnivore, ECHELON, and NarusInsight to intercept and analyze the immense amount of data that traverses the Internet and telephone system every day.
Since the September 11 attacks,
a vast domestic (and to some extent, global) intelligence apparatus has
been built to collect information using the NSA, FBI, local police,
state homeland security offices and military criminal investigators. The
intelligence apparatus collects, analyzes and stores information about
millions of (if not all) American (and sometimes foreign) citizens, many
of whom have not been accused of any wrongdoing.
Under the Mail Isolation Control and Tracking
program, the U.S. Postal Service photographs the exterior of every
piece of paper mail that is processed in the United States – about 160
billion pieces in 2012. The U.S. Postmaster General stated that the
system is primarily used for mail sorting, but the images are available
for possible use by law enforcement agencies.
Created in 2001 following the anthrax attacks that killed five people,
it is a sweeping expansion of a 100-year-old program called "mail cover" which targets people suspected of crimes.
The FBI developed the computer programs "Magic Lantern" and CIPAV, which they can remotely install on a computer system, in order to monitor a person's computer activity.
The NSA has been gathering information on financial records,
Internet surfing habits, and monitoring e-mails. They have also
performed extensive analysis of social networks such as Myspace.
The PRISM
special source operation system legally immunized private companies
that cooperate voluntarily with U.S. intelligence collection. According
to The Register, the FISA Amendments Act of 2008
"specifically authorizes intelligence agencies to monitor the phone,
email, and other communications of U.S. citizens for up to a week
without obtaining a warrant" when one of the parties is outside the U.S. PRISM was first publicly revealed on 6 June 2013, after classified documents about the program were leaked to The Washington Post and The Guardian by American Edward Snowden.
The Communications Assistance for Law Enforcement Act (CALEA) requires that all U.S. telecommunications and Internet service providers modify their networks to allow easy wiretapping of telephone, VoIP, and broadband Internet traffic.
In early 2006, USA Today reported that several major telephone companies were providing the telephone call records of U.S. citizens to the National Security Agency (NSA), which is storing them in a large database known as the NSA call database. This report came on the heels of allegations that the U.S. government had been conducting electronic surveillance of domestic telephone calls without warrants. In 2013, the existence of the Hemisphere Project, through which AT&T provides telephone call data to federal agencies, became publicly known.
Traffic cameras,
which were meant to help enforce traffic laws at intersections, may be
used by law enforcement agencies for purposes unrelated to traffic
violations.
Some cameras allow for the identification of individuals inside a
vehicle and license plate data to be collected and time stamped for
cross reference with other data used by police. The Department of Homeland Security is funding networks of surveillance cameras in cities and towns as part of its efforts to combat terrorism.
The New York City Police Department infiltrated and compiled dossiers on protest groups before the 2004 Republican National Convention, leading to over 1,800 arrests.
Modern surveillance in the United States was thought of more of a
wartime effort before Snowden disclosed in depth information about the
National Security Agency in June 2013.
The constant development and improvements of the Internet and
technology has made it easier for mass surveillance to take hold. Such
revelations allow critical commentators to raise questions and
scrutinize the implementation, use, and abuse of networking
technologies, devices, and software systems that partake in a "global
surveillant assemblage" (Bogard 2006; Collier and Ong 2004; Haggerty and
Ericson 2000; Murakami Wood 2013).
The NSA collected millions of Verizon user's telephone records in
between 2013–2014. The NSA also collected data through Google and
Facebook with a program called 'Prism'. Journalists through Snowden
published nearly 7,000 top-secret documents since then, yet the
information disclosed seems to be less than 1% of the entire
information. Having access to every individual's private records seems
to directly contradict the fourth amendment.
Vietnam
Vietnam
is one of the five countries on Reporters Without Borders' March 2013
list of "State Enemies of the Internet", countries whose governments are
involved in active, intrusive surveillance of news providers, resulting
in grave violations of freedom of information and human rights. Most of
the country's 16 service providers are directly or indirectly
controlled by the Vietnamese Communist Party. The industry leader, Vietnam Posts and Telecommunications Group, which controls 74 per cent of the market, is state-owned. So is Viettel, an enterprise of the Vietnamese armed forces. FPT Telecom is a private firm, but is accountable to the Party and depends on the market leaders for bandwidth.
Service providers are the major instruments of control and
surveillance. Bloggers monitored by the government frequently undergo man-in-the-middle attacks.
These are designed to intercept data meant to be sent to secure (https)
sites, allowing passwords and other communication to be intercepted. According to a July 2012 Freedom House
report, 91 percent of survey respondents connected to the Internet on
their mobile devices and the government monitors conversations and
tracks the calls of "activists" or "reactionaries."
Commercial mass surveillance
As a result of the digital revolution,
many aspects of life are now captured and stored in digital form.
Concern has been expressed that governments may use this information to
conduct mass surveillance on their populations. Commercial mass
surveillance often makes use of copyright laws and "user agreements"
to obtain (typically uninformed) 'consent' to surveillance from
consumers who use their software or other related materials. This allows
gathering of information which would be technically illegal if
performed by government agencies. This data is then often shared with
government agencies - thereby - in practice - defeating the purpose of
such privacy protections.
One of the most common forms of mass surveillance is carried out
by commercial organizations. Many people are willing to join supermarket
and grocery loyalty card
programs, trading their personal information and surveillance of their
shopping habits in exchange for a discount on their groceries, although
base prices might be increased to encourage participation in the
program.
Through programs like Google's AdSense, OpenSocial
and their increasing pool of so-called "web gadgets", "social gadgets"
and other Google-hosted services many web sites on the Internet are
effectively feeding user information about sites visited by the users,
and now also their social connections, to Google. Facebook
also keep this information, although its acquisition is limited to page
views within Facebook. This data is valuable for authorities,
advertisers and others interested in profiling users, trends and web
site marketing performance. Google, Facebook and others are increasingly
becoming more guarded about this data as their reach increases and the
data becomes more all inclusive, making it more valuable.
New features like geolocation
give an even increased admission of monitoring capabilities to large
service providers like Google, where they also are enabled to track
one's physical movements while users are using mobile devices,
especially those which are syncing without any user interaction.
Google's Gmail
service is increasingly employing features to work as a stand-alone
application which also might activate while a web browser is not even
active for synchronizing; a feature mentioned on the Google I/O 2009 developer conference while showing the upcoming HTML5 features which Google and others are actively defining and promoting.
In 2008 at the World Economic Forum in Davos,
Google CEO Eric Schmidt, said: "The arrival of a truly mobile Web,
offering a new generation of location-based advertising, is set to
unleash a 'huge revolution'".
At the Mobile World Congress in Barcelona on 16 February 2010, Google
presented their vision of a new business model for mobile operators and
trying to convince mobile operators to embrace location-based services
and advertising. With Google as the advertising provider, it would mean
that every mobile operator using their location-based advertising
service would be revealing the location of their mobile customers to
Google.
Google will also know more about the customer - because it benefits the customer to tell Google more about them. The more we know about the customer, the better the quality of searches, the better the quality of the apps. The operator one is "required", if you will, and the Google one will be optional. And today I would say, a minority choose to do that, but I think over time a majority will... because of the stored values in the servers and so forth and so on....
— 2010 Mobile World Congress keynote speech, Google CEO Eric Schmidt
Organizations like the Electronic Frontier Foundation are constantly informing users on the importance of privacy, and considerations about technologies like geolocation.
Computer company Microsoft
patented in 2011 a product distribution system with a camera or capture
device that monitors the viewers that consume the product, allowing the
provider to take "remedial action" if the actual viewers do not match
the distribution license.
Reporters Without Borders' March 2013 Special report on Internet Surveillance
contained a list of "Corporate Enemies of the Internet", companies that
sell products that are liable to be used by governments to violate
human rights and freedom of information. The five companies on the
initial list were: Amesys (France), Blue Coat Systems (U.S.), Gamma Group (UK and Germany), Hacking Team (Italy), and Trovicor (Germany), but the list was not exhaustive and is likely to be expanded in the future.
Surveillance state
A
surveillance state is a country where the government engages in
pervasive surveillance of large numbers of its citizens and visitors.
Such widespread surveillance is usually justified as being necessary for
national security, such as to prevent crime or acts of terrorism, but may also be used to stifle criticism of and opposition to the government.
Examples of early surveillance states include the former Soviet Union and the former East Germany, which had a large network of informers and an advanced technology base in computing and spy-camera technology. However, these states did not have today's technologies for mass surveillance, such as the use of databases and pattern recognition software to cross-correlate information obtained by wire tapping, including speech recognition and telecommunications traffic analysis, monitoring of financial transactions, automatic number plate recognition, the tracking of the position of mobile telephones, and facial recognition systems and the like which recognize people by their appearance, gait, DNA profiling, etc.
Smart cities
The development of smart cities has seen the increased adoption of
surveillance technologies by governments, although the primary purpose
of surveillance in such cities is to use information and communication technologies to improve the urban environment. The implementation of such technology by a number of cities
has resulted in increased efficiencies in urban infrastructure as well
as improved community participation. Sensors and systems monitor a smart
city's infrastructure, operations and activities and aim to help it run
more efficiently. For example, the city could use less electricity; its
traffic run more smoothly with fewer delays; its citizens use the city
with more safety; hazards can be dealt with faster; citizen infractions
of rules can be prevented, and the city's infrastructure; power
distribution and roads with traffic lights for example, dynamically
adjusted to respond to differing circumstances.
The development of smart city technology has also led to an increase in potential unwarranted intrusions into privacy and restrictions upon autonomy.
The widespread incorporation of information and communication
technologies within the daily life of urban residents results in
increases in the surveillance capacity of states
- to the extent that individuals may be unaware of what information is
being accessed, when the access occurs and for what purpose. It is
possible that such conditions could give rise to the development of an electronic police state.
Shanghai, Amsterdam, San Jose, Dubai, Barcelona, Madrid, Stockholm, and
New York are all cities that use various techniques from smart city
technology.
Electronic police state
An electronic police state is a state
in which the government aggressively uses electronic technologies to
record, collect, store, organize, analyze, search, and distribute
information about its citizens. Electronic police states also engage in mass government surveillance of landline and cellular
telephone traffic, mail, email, web surfing, Internet searches, radio,
and other forms of electronic communication as well as widespread use of
video surveillance. The information is usually collected in secret.
The crucial elements are not politically based, so long as the
government can afford the technology and the populace will permit it to
be used, an electronic police state can form. The continual use of
electronic mass surveillance can result in constant low-level fear
within the population, which can lead to self-censorship and exerts a powerful coercive force upon the populace.
Seventeen factors for judging the development of an electronic police state were suggested in The Electronic Police State: 2008 National Rankings:
- Daily documents: Requirement for the use and tracking of state-issued identity documents and registration.
- Border and travel control: Inspections at borders, searching computers and cell phones, demanding decryption of data, and tracking travel within as well as to and from a country.
- Financial tracking: A state's ability to record and search financial transactions: checks, credit cards, wires, etc.
- Gag orders: Restrictions on and criminal penalties for the disclosure of the existence of state surveillance programs.
- Anti-crypto laws: Outlawing or restricting cryptography and/or privacy enhancing technologies.
- Lack of constitutional protections: A lack of constitutional privacy protections or the routine overriding of such protections.
- Data storage: The ability of the state to store the data gathered.
- Data search: The ability to organize and search the data gathered.
- Data retention requirements: Laws that require Internet and
other service providers to save detailed records of their customers'
Internet usage for a minimum period of time.
- Telephone data retention requirements: Laws that require telephone companies to record and save records of their customers' telephone usage.
- Cell phone data retention requirements: Laws that require cellular telephone companies to record and save records of their customers' usage and location.
- Medical records: Government access to the records of medical service providers.
- Enforcement: The state's ability to use force to seize anyone they want, whenever they want.
- Lack of habeas corpus: Lack of a right for a person under arrest to be brought before a judge or into court in a timely fashion or the overriding of such rights.
- Lack of a police-intel barrier: The lack of a barrier between police organizations and intelligence organizations, or the overriding of such barriers.
- Covert hacking: State operatives collecting, removing, or adding digital evidence to/from private computers without permission or the knowledge of the computers' owners.
- Loose or no warrants: Arrests or searches made without warrants or without careful examination and review of police statements and justifications by a truly independent judge or other third-party.
The list includes factors that apply to other forms of police states,
such as the use of identity documents and police enforcement, but go
considerably beyond them and emphasize the use of technology to gather
and process the information collected.
In popular culture
The concept of being monitored by our government collects a large
audience of curious citizens. Mass surveillance has been prominently
featured in a wide array of books, films, and other media. Advances in
technology over the last century have led to possible social control
through the Internet and the conditions of late capitalism. Many
directors and writers have been enthralled with the potential stories
that could come from mass surveillance. Perhaps the most iconic example
of fictional mass surveillance is George Orwell's 1949 novel Nineteen Eighty-Four, which depicts a dystopian surveillance state.
Here are a few other works that focus on mass surveillance:
- We, a 1920 novel by Russian author Yevgeny Zamyatin , that predates Nineteen Eighty-Four and was read by its author George Orwell.
- Little Brother is a novel by Cory Doctorow, and is set in San Francisco after a major terrorist attack. The DHS uses technologies such as RFIDs and surveillance cameras to create a totalitarian system of control.
- The Lives of Others, is a 2006 German drama film, which movingly conveys the impact that relentless surveillance has on the emotional well-being and the outcome of individuals subjected to it.
- The Hunger Games by Suzanne Collins is a trilogy in which 'the capital' has totalitarian surveillance & control over all aspects of the other 'districts'.
- Digital Fortress, novel by Dan Brown, involving an NSA code breaking machine called 'TRANSLTR'. The machine read and decrypted email messages, with which the NSA used to foil terrorist attacks and mass murders.