Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, such as organizations like the NSA, but it may also be carried out by corporations (either on behalf of governments or at their own initiative). Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is also often distinguished from targeted surveillance.
Mass surveillance has often been cited as necessary to fight terrorism, prevent crime and social unrest, protect national security, and control the population. At the same time, mass surveillance has equally often been criticized for violating privacy rights, limiting civil and political rights and freedoms, and being illegal under some legal or constitutional systems. Another criticism is that increasing mass surveillance could lead to the development of a surveillance state or an electronic police state where civil liberties are infringed or political dissent is undermined by COINTELPRO-like programs. Such a state could be referred to as a totalitarian state.
In 2013, the practice of mass surveillance by world governments was called into question after Edward Snowden's 2013 global surveillance disclosure on the practices by the National Security Agency (NSA) of the United States. Reporting based on documents Snowden leaked to various media outlets triggered a debate about civil liberties and the right to privacy in the Digital Age. Mass surveillance is considered a global issue. The Aerospace Corporation of the United States describes a near-future event they call the "GEOINT Singularity" in which everything on the surface of the earth will be monitored at all times, analyzed by artificial intelligence systems, and then redistributed and made available to the general public globally in realtime.
By country
Privacy International's 2007 survey, covering 47 countries, indicated that there had been an increase in surveillance and a decline in the performance of privacy safeguards, compared to the previous year. Balancing these factors, eight countries were rated as being 'endemic surveillance societies'. Of these eight, China, Malaysia and Russia scored lowest, followed jointly by Singapore and the United Kingdom, then jointly by Taiwan, Thailand and the United States. The best ranking was given to Greece, which was judged to have 'adequate safeguards against abuse'.
Many countries throughout the world have already been adding thousands of surveillance cameras to their urban, suburban and even rural areas. For example, in September 2007 the American Civil Liberties Union (ACLU) stated that we are "in danger of tipping into a genuine surveillance society completely alien to American values" with "the potential for a dark future where our every move, our every transaction, our every communication is recorded, compiled, and stored away, ready to be examined and used against us by the authorities whenever they want".
On 12 March 2013, Reporters Without Borders published a Special report on Internet Surveillance. The report included a list of "State Enemies of the Internet", countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. Five countries were placed on the initial list: Bahrain, China, Iran, Syria, and Vietnam.
Australia
Bahrain
Bahrain is one of the five countries on Reporters Without Borders' March 2013 list of "State Enemies of the Internet", countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. The level of Internet filtering and surveillance in Bahrain is one of the highest in the world. The royal family is represented in all areas of Internet management and has sophisticated tools at its disposal for spying on its subjects. The online activities of dissidents and news providers are closely monitored and the surveillance is increasing.
Media reports published in July 2021 exposed the use of NSO Group's phone malware software, Pegasus, for spying on rights activists, lawyers, and journalists, globally, by authoritarian governments. Bahrain was among the many countries listed as the Israeli firm's clients accused of hacking and conducting unauthorized mass surveillance using phone malware despite a poor human rights record. The software is said to infect devices, allowing its operators to get access to the target's messages, photos, record calls, and activate the microphone and camera.
Yusuf al-Jamri had no idea that even after fleeing Bahrain, he won't be able to escape the government's prying eyes, even after taking asylum in the UK. After moving to the UK and getting his asylum request accepted, Al-Jamri legally filed charges against Bahrain along with the notorious spyware firm, NSO Group for infecting his phone with a malware, built with military-grade technology in August 2019. The hacking was verified by the researchers at Toronto based CitizenLab. As a result of which Yusuf complained of being subjected to personal injury, loss of privacy, distress and anxiety. Al-Jamri's lawyers made claims about the same in a pre-claim letter sent to both the accused, NSO Group and the Bahraini government. No response was received from the two on being approached for comments.
China
China is one of the five countries on Reporters Without Borders' March 2013 list of "State Enemies of the Internet", countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and basic human rights. All Internet access in China is owned or controlled by the state or the Chinese Communist Party. Many foreign journalists in China have said that they take for granted that their telephones are tapped and their email is monitored.
The tools put in place to filter and monitor the Internet are collectively known as the Great Firewall of China. Besides the usual routing regulations that allow access to an IP address or a particular domain name to be blocked, the Great Firewall makes large-scale use of Deep Packet Inspection (DPI) technology to monitor and block access based on keyword detection. The Great Firewall has the ability to dynamically block encrypted connections. One of the country's main ISPs, China Unicom, automatically cuts a connection as soon as it is used to transmit encrypted content.
The monitoring system developed by China is not confined to the Great Firewall, monitoring is also built into social networks, chat services and VoIP. Private companies are directly responsible to the Chinese authorities for surveillance of their networks to ensure banned messages are not circulated. The QQ application, owned by the firm Tencent, allows the authorities to monitor in detail exchanges between Internet users by seeking certain keywords and expressions. The author of each message can be identified by his or her user number. The QQ application is effectively a giant Trojan horse. And since March 2012, new legislation requires all new users of micro-blogging sites to register using their own name and telephone number.
Skype, one of the world's most popular Internet telephone platforms, is closely monitored. Skype services in China are available through a local partner, the TOM media group. The Chinese-language version of Skype, known as TOM-Skype, is slightly different from the downloadable versions in other countries. A report by OpenNet Initiative Asia says everyday conversations are captured on servers. Interception and storage of a conversation may be triggered by a sender's or recipient's name or by keywords that occur in the conversation.
On 31 January 2013, The New York Times reported that it had been the target of attacks by the Chinese hackers. The first breach took place on 13 September 2012 when the newspaper was preparing to publish an article about the fortune amassed by the family of outgoing Prime Minister Wen Jiabao. The newspaper said the purpose of attacks was to identify the sources that supplied the newspaper with information about corruption among the prime minister's entourage. The Wall Street Journal and CNN also said they had been the targets of cyber attacks from China. In February, Twitter disclosed that the accounts of some 250,000 subscribers had been the victims of attacks from China similar to those carried out on The New York Times. Mandiant, the company engaged by the NYT to secure its network, identified the source of the attacks as a group of hackers it called Advanced Persistent Threat 1, a unit of the People's Liberation Army operating from a 12-story building in the suburbs of Shanghai that had hundreds, possibly thousands, of staff and the direct support of the Chinese government.
The newest form of mass surveillance in China is the Social Credit System, where citizens and businesses are given or deducted good points based on social behavior such as adherence to laws, honesty, tax evasion or political activism. The Chinese government also plans to network and interlink up to 20 million surveillance cameras equipped with facial recognition as part of the 'Skynet' project in order to track down wanted fugitives and suspects within minutes.
According to UK-based technology research organization, Comparitech, the Chinese city of Chongqing is the most surveilled city in the entire world, with 2.5m cameras watching over almost 15.35 million people. As per the data accumulated, Chongqing beats Shanghai, Beijing, and Shenzhen, in terms of mass surveillance in China.
Internet surveillance is pervasive within China, under the Cybersecurity Law of the People's Republic of China, all SIM cards purchases require real name registration, all WiFi hotspots throughout the country require SMS verification through a phone number which is incidentally linked to a user's resident ID card and all instant messaging and internet service providers including but not limited to ISP's, internet cafes and gaming service providers are required to verify the real identity of users through either a foreign passport or national ID card prior to the provision of a service. All domestic flight tickets and purchases of high speed train tickets and banking and financial services also require real name ID in order to be provided in order to be purchased.
East Germany
Before the Digital Revolution, one of the world's biggest mass surveillance operations was carried out by the Stasi, the secret police of the former East Germany. By the time the state collapsed in 1989, the Stasi had built up an estimated civilian network of 189,000 informants, who monitored even minute hints of political dissent among other citizens. Many West Germans visiting friends and family in East Germany were also subject to Stasi spying, as well as many high-ranking West German politicians and persons in the public eye.
Most East German citizens were well aware that their government was spying on them, which led to a culture of mistrust: touchy political issues were only discussed in the comfort of their own four walls and only with the closest of friends and family members, while widely maintaining a façade of unquestioning followership in public.
European Union
The right to privacy is a highly developed area of law in Europe. The Data Protection Directive regulates the processing of personal data within the European Union. For comparison, the US has no data protection law that is comparable to this; instead, the US regulates data protection on a sectoral basis.
Since early 2012, the European Union has been working on a General Data Protection Regulation to replace the Data Protection Directive and harmonise data protection and privacy law. On 20 October 2013, a committee at the European Parliament backed the measure, which, if it is enacted, could require American companies to seek clearance from European officials before complying with United States warrants seeking private data. The vote is part of efforts in Europe to shield citizens from online surveillance in the wake of revelations about a far-reaching spying program by the U.S. National Security Agency. European Union justice and rights commissioner Viviane Reding said "The question has arisen whether the large-scale collection and processing of personal information under US surveillance programmes is necessary and proportionate to meet the interests of national security." The EU is also asking the US for changes to US legislation to match the legal redress offered in Europe; American citizens in Europe can go to the courts if they feel their rights are infringed but Europeans without right of residence in America cannot. When the EU / US arrangement to implement International Safe Harbor Privacy Principles were struck down by the European Court of Justice, a new framework for transatlantic data flows, called the "EU-US Privacy Shield", was adopted in July 2016.
In April 2014, the European Court of Justice declared invalid the EU Data Retention Directive. The Court said it violates two basic rights – respect for private life and protection of personal data. The legislative body of the European Union passed the Data Retention Directive on 15 December 2005. It requires that telecommunication operators retain metadata for telephone, Internet, and other telecommunication services for periods of not less than six months and not more than two years from the date of the communication as determined by each EU member state and, upon request, to make the data available to various governmental bodies. Access to this information is not limited to investigation of serious crimes, nor is a warrant required for access.
Undertaken under the Seventh Framework Programme for research and technological development (FP7 - Science in Society) some multidisciplinary and mission oriented mass surveillance activities (for example INDECT and HIDE) were funded by the European Commission in association with industrial partners. The INDECT Project ("Intelligent information system supporting observation, searching and detection for security of citizens in urban environment") develops an intelligent urban environment observation system to register and exchange operational data for the automatic detection, recognition and intelligent processing of all information of abnormal behaviour or violence.
The main expected results of the INDECT project are:
- Trial of intelligent analysis of video and audio data for threat detection in urban environments,
- Creation of tools and technology for privacy and data protection during storage and transmission of information using quantum cryptography and new methods of digital watermarking,
- Performing computer-aided detection of threats and targeted crimes in Internet resources with privacy-protecting solutions,
- Construction of a search engine for rapid semantic search based on watermarking of content related to child pornography and human organ trafficking,
- Implementation of a distributed computer system that is capable of effective intelligent processing.
HIDE ("Homeland Security, Biometric Identification & Personal Detection Ethics") was a research project funded by the European Commission within the scope of the Seventh RTD Framework Programme (FP7). The consortium, coordinated by Emilio Mordini, explored the ethical and privacy implications of biometrics and personal detection technologies, focusing on the continuum between personal detection, authentication, identification and mass surveillance.
France
Germany
In 2002 German citizens were tipped off about wiretapping when a software error led to a phone number allocated to the German Secret Service being listed on mobile telephone bills.
India
The Indian parliament passed the Information Technology Act of 2008 with no debate, giving the government fiat power to tap all communications without a court order or a warrant. Section 69 of the act states "Section 69 empowers the Central Government/State Government/ its authorized agency to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence."
India is setting up a national intelligence grid called NATGRID, which would be fully set up by May 2011 where each individual's data ranging from land records, Internet logs, air and rail PNR, phone records, gun records, driving license, property records, insurance, and income tax records would be available in real time and with no oversight. With a UID from the Unique Identification Authority of India being given to every Indian from February 2011, the government would be able track people in real time. A national population registry of all citizens will be established by the 2011 census, during which fingerprints and iris scans would be taken along with GPS records of each household.
As per the initial plan, access to the combined data will be given to 11 agencies, including the Research and Analysis Wing, the Intelligence Bureau, the Enforcement Directorate, the National Investigation Agency, the Central Bureau of Investigation, the Directorate of Revenue Intelligence and the Narcotics Control Bureau.
Several states within India have already installed CCTV surveillance systems with face matching capabilities using biometrics in Aadhaar. Andhra Pradesh and Telangana are using information linked with Aadhaar across different agencies to create a 360-degree profile of a person, calling it the Integration Information Hub. Other states are now planning to follow this model.
Iran
Iran is one of the five countries on Reporters Without Borders' March 2013 list of "State Enemies of the Internet", countries whose governments are involved in naturally active efforts to news providers . The government runs or controls almost all of the country's institutions for regulating, managing or legislating on telecommunications. The Supreme Council for Cyberspace, which was headed by President Ahmadinejad, was established in March 2012 and now determines digital policy. The construction of a parallel "Iranian Internet", with a high connection speed but fully monitored and censored, is almost complete.
The tools used by the Iranian authorities to monitor and control the Internet include data interception tools capable of Deep Packet Inspection. Interception products from leading Chinese companies such as ZTE and Huawei are in use. The products provided by Huawei to Mobin Net, the leading national provider of mobile broadband, can be used to analyze email content, track browsing history and block access to sites. The products that ZTA sold to the Telecommunication Company of Iran (TCI) offer similar services plus the possibility of monitoring the mobile network. European companies are the source of other spying and data analysis tools. Products designed by Ericsson and Nokia Siemens Networks (later Trovicor) are in use. These companies sold SMS interception and user location products to Mobile Communication Company of Iran and Irancell, Iran's two biggest mobile phone companies, in 2009 and they were used to identify Iranian citizens during the post-election uprising in 2009. The use of Israeli surveillance devices has also been detected in Iran. The network traffic management and surveillance device NetEnforcer was provided by Israel to Denmark and then resold to Iran. Similarly, US equipment has found its way to Iran via the Chinese company ZTE.
Malaysia
In July 2018, the Malaysian police announced the creation of the Malaysian Intercept Crimes Against Children Unit (icacu) that is equipped with real-time mass internet surveillance software developed in the United States and is tasked with the monitoring of all Malaysian internet users, with a focus on pornography and child pornography. The system creates a "data library" of users which includes details such as IP addresses, websites, locations, duration and frequency of use and files uploaded and downloaded.
Mexico
After struggling with drug trafficking and criminal groups for decades Mexico has been strengthening their military mass surveillance. Approximately half of the population in Mexico does not support democracy as a form of government, and believe an authoritarian system is better if social matters are solved through it. The relevance of these political beliefs may make it easier for mass surveillance to spread within the country. "This does not necessarily mean the end of democratic institutions as a whole—such as free elections or the permanence of critical mass media—but it means strengthening the mechanisms for exercising power that exclude dialogue, transparency and social agreement." Developing intelligence agencies has been on Mexico's radar for a while for means of security.
Netherlands
According to a 2004 report, the government of the Netherlands carries out more clandestine wire-taps and intercepts than any country, per capita, in the world. The Dutch military intelligence service MIVD operates a satellite ground station to intercept foreign satellite links and also a facility to eavesdrop on foreign high-frequency radio traffic. An example of mass surveillance carried out by corporations in the Netherlands is an initiative started by five Dutch banks (ABN AMRO, ING, Rabobank, Triodos Bank and de Volksbank). In July 2020 these five banks have decided to establish Transaction Monitoring Netherlands (TMNL) in the collective fight against money laundering and the financing of terrorism. The goal of TMNL-organization is to gather all transaction information provided by Dutch banks in a centralized database to enable full-scale collective transaction monitoring. Preparations have been started but the actual monitoring by TMNL can start after an amendment of the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act.
North Korea
Having attained the nickname 'surveillance state', North Korea's government has complete control over all forms of telecommunications and Internet. It is routine to be sent to a prison camp for communicating with the outside world. The government enforces restrictions around the types of appliances North Koreans may own in their home, in case radio or TV sets pick up signals from nearby South Korea, China and Russia. There is no attempt to mask the way this government actively spies on their citizens. In North Korea, an increasing number of citizens do have smartphones. However, these devices are heavily controlled and are being used to censor and observe everything North Koreans do on their phones. Reuters reported in 2015 that Koryolink, North Korea's official mobile phone network, has around 3 million subscribers in a country of 24 million. Obviously, in order to have digital data to draw from, the citizens must have access to phones and other things online.
Russia
The SORM (and SORM-2) laws enable complete monitoring of any communication, electronic or traditional, by eight state agencies, without warrant. These laws seem to be in conflict with Article 23 of the Constitution of Russia which states:
- Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
- Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
In 2015, the European Court for Human Rights ruled that the legislation violated Article 8 of the European Convention on Human Rights (Zakharov v. Russia).
СAMERTON is a global vehicle tracking system, control and tracking, identification of probable routes and places of the most frequent appearance of a particular vehicle, integrated with a distributed network of radar complexes of photo-video fixation and road surveillance camera. Developed and implemented by the "Advanced Scientific - Research Projects" enterprise St. Petersburg. Within the framework of the practical use of the system of the Ministry of Internal Affairs of the Russian Federation, it has made it possible to identify and solve grave and especially grave crimes, the system is also operated by other state services and departments.
Singapore
Singapore is known as a city of sensors. Singapore's surveillance structure spreads widely from closed-circuit television (CCTV) in public areas even around the neighbourhood, internet monitoring/traffic monitoring and to the use of surveillance metadata for government initiatives. In Singapore, SIM card registration is mandatory even for prepaid card. Singapore's government have the rights to access communication data. Singapore's largest telecompany, Singtel, has close relations to the government and Singapore's laws are broadly phrased to allow the government to obtain sensitive data such as text-messages, email, call logs, and web surfing history from its people without the need for court permission.
The installation of mass surveillance cameras in Singapore is an effort to act as a deterrence not only for terror attacks but also for public security such as loan sharks, illegal parking, and more. As part of Singapore's Smart Nation initiative to build a network of sensors to collect and connect data from city life (including the citizen's movement), the Singapore government rolled out 1000 sensors ranging from computer chips to surveillance cameras, to track almost everything in Singapore from air quality to public safety in 2014.
In 2016, in a bid to increase security, the Singapore Police Force installed 62,000 police cameras in 10,000 Housing and Development Board (HDB) blocks covering the lifts and multi-storey car parks. With rising security concerns, the number of CCTV cameras in public areas such as monitoring of the public transport system and commercial/ government buildings in Singapore is set to increase.
In 2018, the Singapore government rolled out new and more advanced surveillance systems. Starting with Singapore's maritime borders, new panoramic electro-optic sensors were put in place on the north and south coasts, monitoring a 360-degree view of the area. A tethered unmanned aerial vehicle (UAV) was unveiled by the Singapore Police Force to be used during search and rescue operations including hostage situations and public order incidents.
Spain
According to a 2017 report by Privacy International, Spain may be part of a group of 21 European countries that is withholding information, also known as data retention. In 2014, many defense lawyers tried to overturn multiple cases that used mass storage as their evidence to convict, according to the European Agency for Fundamental Rights.
Sweden
Prior to 2009, the National Defence Radio Establishment (FRA) was limited to wireless signals intelligence (SIGINT), although it was left largely unregulated. In December 2009, new legislation went into effect, allowing the FRA to monitor cable bound signals passing the Swedish border. Communications service providers are legally required, under confidentiality, to transfer cable communications crossing Swedish borders to specific "interaction points", where data may be accessed after a court order.
The FRA has been contested since the change in its legislation, mainly because of the public perception the change would enable mass surveillance. The FRA categorically deny this allegation, as they are not allowed to initialize any surveillance on their own, and has no direct access to communication lines. All SIGINT has to be authorized by a special court and meet a set of narrow requirements, something Minister for Defence Sten Tolgfors have been quoted as saying, "should render the debate on mass surveillance invalid". Due to the architecture of Internet backbones in the Nordic area, a large portion of Norwegian and Finnish traffic will also be affected by the Swedish wiretapping.
Syria
Syria is one of the five countries on Reporters Without Borders' March 2013 list of "State Enemies of the Internet", countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. Syria has stepped up its web censorship and cyber-monitoring as the country's civil war has intensified. At least 13 Blue Coat proxy servers are in use, Skype calls are intercepted, and social engineering techniques, phishing, and malware attacks are all in use.
United Arab Emirates
In October 2016, The Intercept released a report detailing the experience of an Italian security researcher Simone Margaritelli, of allegedly being hired for mass surveillance operations run by United Arab Emirates. According to Margaritelli, he was called for an interview with the Abu Dhabi-based cybersecurity firm called DarkMatter. Margaritelli says he declined the offer and instead wrote a blog post titled "How the United Arab Emirates Intelligence Tried to Hire Me to Spy on Its People". In response to The Intercept inquiries, DarkMatter responded by stating: "No one from DarkMatter or its subsidiaries have ever interviewed Mr. Margaritelli." Kevin Healy, director of communications for DarkMatter, wrote in an email responding to The Intercept that the man Margaritelli says interviewed him was previously only an advisory consultant to DarkMatter and is currently no longer an advisor to the company. Dark Matter responded by saying "While we respect an author's right to express a personal opinion, we do not view the content in question as credible, and therefore have no further comment."
In January 2019, Reuters released a detailed account of a 2014 state-surveillance operation – dubbed as Project Raven – led by the United Arab Emirates with the help of former NSA officials like Lori Stroud, an ex-NSA cyberspy. Counter-terrorism strategy was the primary motive of setting up the unit. However, soon the project began being used as a surveillance program to spy on rival leaders, critical dissidents and journalists.
In December 2019, Google Play Store and Apple App Store removed an Emirati messaging application called ToTok following allegations that it was a state surveillance application, according to The New York Times report. The application's privacy policy clearly stated that it may share personal data of the users with "regulatory agencies, law enforcement, and other lawful access requests". The allegations were denied by the co-founders of ToTok, Giacomo Ziani and Long Ruan, respectively. The application was restored on Google Play Store later on.
In July 2020, the United Arab Emirates came under renewed questions about mass surveillance amidst the coronavirus outbreak. Experts highlighted that the country has one of the highest per capita concentrations of surveillance cameras in the world. In a statement, the Emirati government acknowledged that cameras are used to counter the threat of terrorism and have helped the country rank as one of the safest countries in the world.
United Kingdom
State surveillance in the United Kingdom has formed part of the public consciousness since the 19th century. The postal espionage crisis of 1844 sparked the first panic over the privacy of citizens. However, in the 20th century, electronic surveillance capabilities grew out of wartime signal intelligence and pioneering code breaking. In 1946, the Government Communications Headquarters (GCHQ) was formed. The United Kingdom and the United States signed the bilateral UKUSA Agreement in 1948. It was later broadened to include Canada, Australia and New Zealand, as well as cooperation with several "third-party" nations. This became the cornerstone of Western intelligence gathering and the "Special Relationship" between the UK and the US.
After the growth of the Internet and development of the World Wide Web, a series of media reports in 2013 revealed more recent programs and techniques involving GCHQ, such as Tempora.
The use of these capabilities is controlled by laws made in the UK Parliament. In particular, access to the content of private messages (that is, interception of a communication) must be authorized by a warrant signed by a Secretary of State. In addition European Union data privacy law applies in UK law. The UK exhibits governance and safeguards as well as use of electronic surveillance.
The Investigatory Powers Tribunal, a judicial oversight body for the intelligence agencies, ruled in December 2014 that the legislative framework in the United Kingdom does not breach the European Convention on Human Rights. However, the Tribunal stated in February 2015 that one particular aspect, the data sharing arrangement that allowed UK Intelligence services to request data from the US surveillance programs Prism and Upstream, had been in contravention of human rights law prior to this until two paragraphs of additional information, providing details about the procedures and safeguards, were disclosed to the public in December 2014.
In its December 2014 ruling, the Investigatory Powers Tribunal found that the legislative framework in the United Kingdom does not permit mass surveillance and that while GCHQ collects and analyses data in bulk, it does not practice mass surveillance.[105][106][107] A report on Privacy and Security published by the Intelligence and Security Committee of Parliament also came to this view, although it found past shortcomings in oversight and said the legal framework should be simplified to improve transparency. This view is supported by independent reports from the Interception of Communications Commissioner. However, notable civil liberties groups continue to express strong views to the contrary and plan to appeal the ruling to the European Court of Human Rights, while others have criticised these viewpoints in turn.
The Regulation of Investigatory Powers Act 2000 (RIP or RIPA) is a significant piece of legislation that granted and regulated the powers of public bodies to carry out surveillance and investigation. In 2002 the UK government announced plans to extend the Regulation of Investigatory Powers Act so that at least 28 government departments would be given powers to access metadata about citizens' web, e-mail, telephone and fax records, without a warrant and without a subject's knowledge.
The Protection of Freedoms Act 2012 includes several provisions related to controlling and restricting the collection, storage, retention, and use of information in government databases.
Supported by all three major political parties, the UK Parliament passed the Data Retention and Investigatory Powers Act in July 2014 to ensure police and security services retain existing powers to access phone and Internet records.
This was superseded by the Investigatory Powers Act 2016, a comprehensive statute which made public a number of previously secret powers (equipment interference, bulk retention of metadata, intelligence agency use of bulk personal datasets), and enables the Government to require internet service providers and mobile phone companies to maintain records of (but not the content of) customers' Internet connections for 12 months. In addition, it created new safeguards, including a requirement for judges to approve the warrants authorised by a Secretary of State before they come into force. The Act was informed by two reports by David Anderson QC, the UK's Independent Reviewer of Terrorism Legislation: A Question of Trust (2015) and the report of his Bulk Powers Review (2016), which contains a detailed appraisal (with 60 case studies) of the operational case for the powers often characterised as mass surveillance. It may yet require amendment as a consequence of legal cases brought before the Court of Justice of the European Union and the European Court of Human Rights.
Many advanced nation-states have implemented laws that partially protect citizens from unwarranted intrusion, such as the Human Rights Act 1998, the Data Protection Act 1998, (updated as the Data Protection Act 2018, to include the General Data Protection Regulation), and the Privacy and Electronic Communications (EC Directive) Regulations 2003 in the United Kingdom, and laws that require a formal warrant before private data may be gathered by a government.
The vast majority of video surveillance cameras in the UK are not operated by government bodies, but by private individuals or companies, especially to monitor the interiors of shops and businesses. According to 2011 Freedom of Information Act requests, the total number of local government operated CCTV cameras was around 52,000 over the entirety of the UK. The prevalence of video surveillance in the UK is often overstated due to unreliable estimates being requoted; for example one report in 2002 extrapolated from a very small sample to estimate the number of cameras in the UK at 4.2 million (of which 500,000 in London). More reliable estimates put the number of private and local government operated cameras in the United Kingdom at around 1.85 million in 2011.
United States
National Security Agency surveillance |
---|
Historically, mass surveillance was used as part of wartime censorship to control communications that could damage the war effort and aid the enemy. For example, during the world wars, every international telegram from or to the United States sent through companies such as Western Union was reviewed by the US military. After the wars were over, surveillance continued in programs such as the Black Chamber following World War I and project Shamrock following World War II. COINTELPRO projects conducted by the U.S. Federal Bureau of Investigation (FBI) between 1956 and 1971 targeted various "subversive" organizations, including peaceful anti-war and racial equality activists such as Albert Einstein and Martin Luther King Jr.
Billions of dollars per year are spent, by agencies such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), to develop, purchase, implement, and operate systems such as Carnivore, ECHELON, and NarusInsight to intercept and analyze the immense amount of data that traverses the Internet and telephone system every day.
Under the Mail Isolation Control and Tracking program, the U.S. Postal Service photographs the exterior of every piece of paper mail that is processed in the United States – about 160 billion pieces in 2012. The U.S. Postmaster General stated that the system is primarily used for mail sorting, but the images are available for possible use by law enforcement agencies. Created in 2001 following the anthrax attacks that killed five people, it is a sweeping expansion of a 100-year-old program called "mail cover" which targets people suspected of crimes.
The FBI developed the computer programs "Magic Lantern" and CIPAV, which they can remotely install on a computer system, in order to monitor a person's computer activity.
The NSA has been gathering information on financial records, Internet surfing habits, and monitoring e-mails. They have also performed extensive analysis of social networks such as Myspace.
The PRISM special source operation system legally immunized private companies that cooperate voluntarily with U.S. intelligence collection. According to The Register, the FISA Amendments Act of 2008 "specifically authorizes intelligence agencies to monitor the phone, email, and other communications of U.S. citizens for up to a week without obtaining a warrant" when one of the parties is outside the U.S. PRISM was first publicly revealed on 6 June 2013, after classified documents about the program were leaked to The Washington Post and The Guardian by American Edward Snowden.
The Communications Assistance for Law Enforcement Act (CALEA) requires that all U.S. telecommunications and Internet service providers modify their networks to allow easy wiretapping of telephone, VoIP, and broadband Internet traffic.
In early 2006, USA Today reported that several major telephone companies were providing the telephone call records of U.S. citizens to the National Security Agency (NSA), which is storing them in a large database known as the NSA call database. This report came on the heels of allegations that the U.S. government had been conducting electronic surveillance of domestic telephone calls without warrants. In 2013, the existence of the Hemisphere Project, through which AT&T provides telephone call data to federal agencies, became publicly known.
Traffic cameras, which were meant to help enforce traffic laws at intersections, may be used by law enforcement agencies for purposes unrelated to traffic violations. Some cameras allow for the identification of individuals inside a vehicle and license plate data to be collected and time stamped for cross reference with other data used by police. The Department of Homeland Security is funding networks of surveillance cameras in cities and towns as part of its efforts to combat terrorism.
The New York City Police Department infiltrated and compiled dossiers on protest groups before the 2004 Republican National Convention, leading to over 1,800 arrests.
Modern surveillance in the United States was thought of more of a wartime effort before Snowden disclosed in depth information about the National Security Agency in June 2013. The constant development and improvements of the Internet and technology has made it easier for mass surveillance to take hold. Such revelations allow critical commentators to raise questions and scrutinize the implementation, use, and abuse of networking technologies, devices, and software systems that partake in a "global surveillant assemblage" (Bogard 2006; Collier and Ong 2004; Haggerty and Ericson 2000; Murakami Wood 2013). The NSA collected millions of Verizon user's telephone records in between 2013 and 2014. The NSA also collected data through Google and Facebook with a program called 'Prism'. Journalists through Snowden published nearly 7,000 top-secret documents since then, yet the information disclosed seems to be less than 1% of the entire information. Having access to every individual's private records seems to directly contradict the fourth amendment.
Vietnam
Vietnam is one of the five countries on Reporters Without Borders' March 2013 list of "State Enemies of the Internet", countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. Most of the country's 16 service providers are directly or indirectly controlled by the Vietnamese Communist Party. The industry leader, Vietnam Posts and Telecommunications Group, which controls 74 per cent of the market, is state-owned. So is Viettel, an enterprise of the Vietnamese armed forces. FPT Telecom is a private firm, but is accountable to the Party and depends on the market leaders for bandwidth.
Service providers are the major instruments of control and surveillance. Bloggers monitored by the government frequently undergo man-in-the-middle attacks. These are designed to intercept data meant to be sent to secure (https) sites, allowing passwords and other communication to be intercepted. According to a July 2012 Freedom House report, 91 percent of survey respondents connected to the Internet on their mobile devices believe that the government monitors conversations and tracks the calls of "activists" or "reactionaries". In 2018, the Vietnam National Assembly also passed a cybersecurity law closely resembling one passed in China, requiring localisation of user data and censorship of anti-state content.
Commercial mass surveillance
As a result of the digital revolution, many aspects of life are now captured and stored in digital form. Concern has been expressed that governments may use this information to conduct mass surveillance on their populations. Commercial mass surveillance often makes use of copyright laws and "user agreements" to obtain (typically uninformed) 'consent' to surveillance from consumers who use their software or other related materials. This allows gathering of information which would be technically illegal if performed by government agencies. This data is then often shared with government agencies, thereby, in practice, defeating the purpose of such privacy protections.
One of the most common forms of mass surveillance is carried out by commercial organizations. Many people are willing to join supermarket and grocery loyalty card programs, trading their personal information and surveillance of their shopping habits in exchange for a discount on their groceries, although base prices might be increased to encourage participation in the program.
Through programs like Google's AdSense, OpenSocial and their increasing pool of so-called "web gadgets", "social gadgets", and other Google-hosted services many web sites on the Internet are effectively feeding user information about sites visited by the users, and now also their social connections, to Google. Facebook also keep this information, although its acquisition is limited to page views within Facebook. This data is valuable for authorities, advertisers and others interested in profiling users, trends and web site marketing performance. Google, Facebook and others are increasingly becoming more guarded about this data as their reach increases and the data becomes more all inclusive, making it more valuable.
New features like geolocation give an even increased admission of monitoring capabilities to large service providers like Google, where they also are enabled to track one's physical movements while users are using mobile devices, especially those which are syncing without any user interaction. Google's Gmail service is increasingly employing features to work as a stand-alone application which also might activate while a web browser is not even active for synchronizing; a feature mentioned on the Google I/O 2009 developer conference while showing the upcoming HTML5 features which Google and others are actively defining and promoting.
In 2008 at the World Economic Forum in Davos, Google CEO Eric Schmidt, said: "The arrival of a truly mobile Web, offering a new generation of location-based advertising, is set to unleash a 'huge revolution'". At the Mobile World Congress in Barcelona on 16 February 2010, Google presented their vision of a new business model for mobile operators and trying to convince mobile operators to embrace location-based services and advertising. With Google as the advertising provider, it would mean that every mobile operator using their location-based advertising service would be revealing the location of their mobile customers to Google.
Google will also know more about the customer—because it benefits the customer to tell Google more about them. The more we know about the customer, the better the quality of searches, the better the quality of the apps. The operator one is "required", if you will, and the Google one will be optional. And today I would say, a minority choose to do that, but I think over time a majority will... because of the stored values in the servers and so forth and so on....
— 2010 Mobile World Congress keynote speech, Google CEO Eric Schmidt
Organizations like the Electronic Frontier Foundation are constantly informing users on the importance of privacy, and considerations about technologies like geolocation.
Computer company Microsoft patented in 2011 a product distribution system with a camera or capture device that monitors the viewers that consume the product, allowing the provider to take "remedial action" if the actual viewers do not match the distribution license.
Reporters Without Borders' March 2013 Special report on Internet Surveillance contained a list of "Corporate Enemies of the Internet", companies that sell products that are liable to be used by governments to violate human rights and freedom of information. The five companies on the initial list were: Amesys (France), Blue Coat Systems (U.S.), Gamma Group (UK and Germany), Hacking Team (Italy), and Trovicor (Germany), but the list was not exhaustive and is likely to be expanded in the future.
EFF found that a company by the name of Fog Data Science purchases location data from apps and sells it to the law enforcement agencies in the U.S. without requiring a warrant or a court order.
Surveillance state
A surveillance state is a country where the government engages in pervasive surveillance of large numbers of its citizens and visitors. Such widespread surveillance is usually justified as being necessary for national security, such as to prevent crime or acts of terrorism, but may also be used to stifle criticism of and opposition to the government.
Examples of early surveillance states include the former Soviet Union and the former East Germany, which had a large network of informers and an advanced technology base in computing and spy-camera technology. However, these states did not have today's technologies for mass surveillance, such as the use of databases and pattern recognition software to cross-correlate information obtained by wire tapping, including speech recognition and telecommunications traffic analysis, monitoring of financial transactions, automatic number plate recognition, the tracking of the position of mobile telephones, and facial recognition systems and the like which recognize people by their appearance, gait, DNA profiling, etc.
Smart cities
The development of smart cities has seen the increased adoption of surveillance technologies by governments, although the primary purpose of surveillance in such cities is to use information and communication technologies to control the urban environment. The implementation of such technology by a number of cities has resulted in increased efficiencies in urban infrastructure as well as improved community participation. Sensors and systems monitor a smart city's infrastructure, operations and activities and aim to help it run more efficiently. For example, the city could use less electricity; its traffic run more smoothly with fewer delays; its citizens use the city with more safety; hazards can be dealt with faster; citizen infractions of rules can be prevented, and the city's infrastructure; power distribution and roads with traffic lights for example, dynamically adjusted to respond to differing circumstances.
The development of smart city technology has also led to an increase in potential unwarranted intrusions into privacy and restrictions upon autonomy. The widespread incorporation of information and communication technologies within the daily life of urban residents results in increases in the surveillance capacity of states – to the extent that individuals may be unaware of what information is being accessed, when the access occurs and for what purpose. It is possible that such conditions could give rise to the development of an electronic police state. Shanghai, Amsterdam, San Jose, Dubai, Barcelona, Madrid, Stockholm, and New York are all cities that use various techniques from smart city technology.
Electronic police state
An electronic police state is a state in which the government aggressively uses electronic technologies to record, collect, store, organize, analyze, search, and distribute information about its citizens. Electronic police states also engage in mass government surveillance of landline and cellular telephone traffic, mail, email, web surfing, Internet searches, radio, and other forms of electronic communication as well as widespread use of video surveillance. The information is usually collected in secret.
The crucial elements are not politically based, so long as the government can afford the technology and the populace will permit it to be used, an electronic police state can form. The continual use of electronic mass surveillance can result in constant low-level fear within the population, which can lead to self-censorship and exerts a powerful coercive force upon the populace.
Seventeen factors for judging the development of an electronic police state were suggested in The Electronic Police State: 2008 National Rankings:
- Daily documents: Requirement for the use and tracking of state-issued identity documents and registration.
- Border and travel control: Inspections at borders, searching computers and cell phones, demanding decryption of data, and tracking travel within as well as to and from a country.
- Financial tracking: A state's ability to record and search financial transactions: checks, credit cards, wires, etc.
- Gag orders: Restrictions on and criminal penalties for the disclosure of the existence of state surveillance programs.
- Anti-crypto laws: Outlawing or restricting cryptography and/or privacy enhancing technologies.
- Lack of constitutional protections: A lack of constitutional privacy protections or the routine overriding of such protections.
- Data storage: The ability of the state to store the data gathered.
- Data search: The ability to organize and search the data gathered.
- Data retention requirements: Laws that require Internet and
other service providers to save detailed records of their customers'
Internet usage for a minimum period of time.
- Telephone data retention requirements: Laws that require telephone companies to record and save records of their customers' telephone usage.
- Cell phone data retention requirements: Laws that require cellular telephone companies to record and save records of their customers' usage and location.
- Medical records: Government access to the records of medical service providers.
- Enforcement: The state's ability to use force to seize anyone they want, whenever they want.
- Lack of habeas corpus: Lack of a right for a person under arrest to be brought before a judge or into court in a timely fashion or the overriding of such rights.
- Lack of a police-intel barrier: The lack of a barrier between police organizations and intelligence organizations, or the overriding of such barriers.
- Covert hacking: State operatives collecting, removing, or adding digital evidence to/from private computers without permission or the knowledge of the computers' owners.
- Loose or no warrants: Arrests or searches made without warrants or without careful examination and review of police statements and justifications by a truly independent judge or other third-party.
The list includes factors that apply to other forms of police states, such as the use of identity documents and police enforcement, but go considerably beyond them and emphasize the use of technology to gather and process the information collected.
In popular culture
The concept of being monitored by our governments collects a large audience of curious citizens. Mass surveillance has been prominently featured in a wide array of books, films, and other media. Advances in technology over the last century have led to possible social control through the Internet and the conditions of late capitalism. Many directors and writers have been enthralled with the potential stories that could come from mass surveillance. Perhaps the most iconic example of fictional mass surveillance is George Orwell's 1949 novel Nineteen Eighty-Four, which depicts a dystopian surveillance state.
Here are a few other works that focus on mass surveillance:
- We, a 1920 novel by Russian author Yevgeny Zamyatin, that predates Nineteen Eighty-Four and was read by its author George Orwell.
- Little Brother is a novel by Cory Doctorow, and is set in San Francisco after a major terrorist attack. The DHS uses technologies such as RFIDs and surveillance cameras to create a totalitarian system of control.
- The Lives of Others, is a 2006 German drama film, which conveys the impact that relentless surveillance has on the emotional well-being and the outcome of individuals subjected to it.
- The Hunger Games by Suzanne Collins is a trilogy in which 'the Capitol' has totalitarian surveillance and control over all aspects of the other 'districts'.
- Digital Fortress, novel by Dan Brown, involving an NSA code breaking machine called 'TRANSLTR'. The machine read and decrypted email messages, with which the NSA used to foil terrorist attacks and mass murders.
- Valve's 2004 video game Half-Life 2 is set in City 17, a fictional police state in Eastern Europe in which citizens are under constant surveillance.
- The Ubisoft video game series Watch Dogs is set in the near future with AI connected cities that use surveillance systems to monitor their people in increasingly invasive ways. In particular, Watch Dogs: Legion is set in a dystopian London where an oppressive regime has taken power and incorporates heavy use of surveillance software to control the populace following a series of terrorist attacks.