Mass Surveillance

From Resistance Manual
This is the approved revision of this page; it is not the most recent. View the most recent revision.
Jump to: navigation, search


State of Mass Surveillance

Since 2001, the government bodies concerned with collecting and collating signals intelligence, information obtained from communications, have undergone an extraordinary expansion in their power. Numerous new programs, created and managed mostly by the National Security Agency (NSA), have granted US intelligence agencies access to information stored on the servers of private corporations, access to the underlying infrastructure of the Internet, and the resources to capture and store the vast majority of all communications passing through the United States.

The PRISM program, which began after the September 11, 2001 attacks, enables NSA analysts to query the information stored by Facebook, Google, Yahoo, MSN, Apple, Youtube, AOL, and Skype[1]. Information indicating which specific companies are a part of this program was released in 2013 as part of the Snowden disclosures, and it is likely that more companies have been added to the system in the time since those materials were created.

The XKeyscore program, also started after September 11, is a complex software system which enables NSA analysts to access any of NSA's data as quickly as possible. Quoting from Wikipedia:

On January 26, 2014, the German broadcaster Norddeutscher Rundfunk asked Edward Snowden in its TV interview: "What could you do if you would [sic] use XKeyscore?" and he answered:[2]

You could read anyone's email in the world, anybody you've got an email address for. Any website: You can watch traffic to and from it. Any computer that an individual sits at: You can watch it. Any laptop that you're tracking: you can follow it as it moves from place to place throughout the world. It's a one-stop-shop for access to the NSA's information.

…You can tag individuals… Let's say you work at a major German corporation and I want access to that network, I can track your username on a website on a form somewhere, I can track your real name, I can track associations with your friends and I can build what's called a fingerprint, which is network activity unique to you, which means anywhere you go in the world, anywhere you try to sort of hide your online presence, your identity.

According to The Guardian's Glenn Greenwald, low-level NSA analysts can, via systems like XKeyscore, "listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst."[3]

He added that the NSA's databank of collected communications allows its analysts to listen "to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you've entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future".[4]

These programs and others enable NSA to access, without restriction or significant oversight, the vast majority of all communications sent over the Internet.

Dangers of Mass Surveillance

Legal limitations on the use of NSA's surveillance capabilities are few and far between. It is entirely possible that President Trump, or other figures in the Trump administration, could decide to use NSA's data to target political opponents, dissidents, journalists, or—given Trump's record—Twitter rivals. NSA's data collection capabilities make this threat an extremely urgent one. A hostile regime with access to the kind of data collected by NSA would be able to see not only information about terrorists or foreign nationals, but also about ordinary American citizens guilty of no crime. If this sounds strangely unqualified, it is. The infrastructure for the most repressive surveillance state in human history is already there—all it takes to go from what we have now to that is a change in norms, not policy, which could be put into place without the input or approval of Congress.

In fact, there is precedent for this kind of information sharing between NSA and other law enforcement agencies. In 2014, Reuters revealed[5] that NSA and DEA have routinely engaged in so-called "parallel construction"—a process whereby NSA feeds "hints" to DEA officials, and DEA enforcement agents then find some pretense to act upon those hints. By this process, NSA's domestic surveillance information, obtained under the pretense of stopping international terrorism, could be used to bring about prosecutions of American citizens for crimes totally unrelated to terrorism without leading to having to include in evidence any classified information obtained via mass surveillance.

Apart from the consequences of a hostile government taking control of these resources, surveillance has a well-documented "chilling effect" on freedom of expression. Think of singing in the shower. If you knew someone could see you in the shower, would you sing? The simple fact of knowing that it's possible somebody could be paying attention to your actions severely reduces the scope of the actions you're willing to take. This impacts everything from political dissidence to art, and is a serious problem regardless of whether those with access to surveillance information make active use of that information.

Policies and Entities Enabling Mass Surveillance

The Foreign Intelligence Surveillance Act of 1978[6][7] describes procedures which the government must follow in conducting domestic surveillance. It was passed after a bipartisan effort to create more strictly-defined rules on the matter after revelations about President Nixon's use of government resources to spy on opposition political parties. The Act provides means by which American spy agencies can be approved for secret warrants to conduct surveillance on individuals within US jurisdiction, via electronic surveillance, physical searches, telephone surveillance, access to business records, or certain other means. The Act created a secret court, the Foreign Intelligence Surveillance Court (commonly known as the FISA Court), which examines these surveillance requests without making the content of the requests public and decides whether to approve or deny the request. Between 1979, the year of the court's creation, and 2013, of 35,529 requests submitted, 12 were denied.

The USA Patriot Act, initially signed by George W. Bush in 2001 and later re-authorized in part by Barack Obama in 2011, widened and enhanced the capabilities authorized by FISA. Previously only conventional wiretaps (on phones) were authorizable under FISA, the Patriot Act added wiretaps on packet-switched networks (the Internet) to the list. It provided for lower-level FBI officials to issue National Security Letters, which require the recipient to provide some information to the Bureau, but also contain a gag order prohibiting the recipient from disclosing the existence of the NSL to anybody other than an attorney.

How to Protect Yourself from Digital Surveillance

The single most important step you can take toward securing your communications is to use strong encryption. The surveillance infrastructure built up by the Five Eyes in the wake of the September 11 attacks is fundamentally reliant on the fact that most information sent over the Internet is totally unsecured. Sending an email without encryption, for example, is the equivalent of sending a postcard in the mail: anybody with access to the message can read its contents, and because information on the Internet will pass through multiple systems before reaching its final destination, any of the systems which pass your emails on to the next server in the chain could be reading their contents.

An encrypted communication, by contrast, is illegible to anybody without the correct key to decrypt it. The intermediate servers passing it along cannot make sense of it without knowing the precise way in which it was encrypted. There is some debate about NSA's capabilities with respect to breaking commonly-used encryption methods, but it is broadly believed that one of the reasons for the agency's massive expansion in data storage capacity in recent years[8] is to enable a "store until relevant" methodology, whereby the agency simply stores all communications it can intercept, regardless of relevance or encryption, and returns to them when the necessary decryption keys become available or computing power reaches a point that enables vastly accelerated brute-force decryption methods. The broad consensus, however, is that encrypting your communications is the single most important step you can take to avoid having them read by third parties of any kind.

You can refer to this Medium post [9] for a straightforward guide to encrypting your communications easily and safely.

Of equal or greater importance in securing your communications is reducing your use of online services to the absolute minimum necessary to communicate effectively. Anything you post, message, or even type into a text box on Facebook is compromised information that can be easily collected by intelligence agencies. Information stored on Google's servers is easily accessible to NSA analysts. Your Amazon shopping history, Twitter posts, private messages on any digital service, Snapchat photos or messages, Reddit posts and private messages, et cetera are also fair game. In general, anything you post to an online service, whether it's in a private message or a public post, is available to surveillance agencies with little to no effort. Never use a third-party service for private communications unless you are absolutely confident the contents of those communications could not be used against you. Privacy / Surveillance