A couple of weeks back, we wrote about the hypocrisy of the US during the recent Huawei 5G infrastructure fiasco. In essence, it is all about any government’s right to place its citizens under surveillance.
The US claims that allowing Huawei to operate in the US could expose their citizens to Chinese surveillance. But US citizens (and citizens of other countries) already live under the most extensive surveillance program in history.
Following that article, we got plenty of requests for
insight into these US and Global surveillance programs. Sam Bocetta, our US-based
security guru, will take you through them.
A Guide to the state of global surveillance – Sam Bocetta
“The genie is well and truly out of the bottle – every move you make, every breath you take someone is watching you.”
While you may think that a little dramatic consider the massive personal data Facebook has on you. Google and Apple know every search and every move. Uber knows where it took you and loyalty programs track your every purchase.
Hell, US Law enforcement uses private citizens webcams and bank ATM cams to monitor neighbourhoods. When was the last time you did not see citizen smartphone or crash-cam footage on the news?
Then there are security camera’s with Face ID. They are on traffic lights, power poles, railway and bus stations, and almost every street corner. It is almost impossible to escape surveillance. But, it goes far deeper than what we voluntarily let Zuckerberg et al., know!
‘Deeper’ means older, more entrenched, and more secretive.
The oldest and most powerful international surveillance
program is Five Eyes. Founded in 1941 this alliance was initially a response to
the need to share intelligence between the US and UK during WW2.
Five Eyes collects and shares intelligence through a surveillance network known as ECHELON. The initial intent was to monitor communications with and from the USSR and its allies. This system was pretty basic by today’s standards. But the US and Great Britain still felt the need to deny its existence until it admitted to the public in the late 1990s.
The ‘War on Terror’ was all the justification that the Five Eyes countries needed for total surveillance of their citizens. As the Snowden leaks reveal, this led to a massive expansion in the level of surveillance, during which the private communications of average citizens were intercepted and stored by default.
There are two expanded Five Eyes country alliances. Unfortunately, there has never been a public admission that these programs exist, and nor has there been a whistle-blower like Snowden to reveal their capabilities. Still, there is some evidence that they exist, even if little is known about what they can and can’t do.
The first is Nine Eyes, which adds Denmark, France, the
Netherlands, and Norway to the network. Though these countries have less access
to surveillance data than the core members of Five Eyes, they still cooperate
in collecting information for them. The Netherlands, for instance, may have a
spying ‘array’ that feeds data to the broader network.
Then there is SIGINT Seniors Europe, more commonly known as Fourteen Eyes. This network adds Germany, Belgium, Italy, Spain and Sweden. We know little about the capabilities or level of sharing within this network. It appears to be primarily a system for sharing military information between members. Not that this makes it any less scary: post-2001, almost any piece of data can be deemed as having ‘military value’ and is potentially shared.
Though these intelligence networks have been around for decades now, they have come under increased scrutiny following the Huawei 5G scandal and recent Chinese attacks on Telegram and other US-based communications companies.
One huge Five/Nine/Fourteen Eyes issue is the potential use of Huawei’s 5G products and security threats posed by the 5G rollout. Given the scale of information sharing between members of the network, the Chinese government infiltrating the infrastructure of any of them potentially compromises data collected anywhere.
Some suggest that, especially given the rising number of cyberattacks in recent years, that further centralisation and control of the communications network is necessary. Those proposing that starting a US Department of Cybersecurity is the solution to help to protect consumers might have another motive. This new Federal department would also ensure that intelligence collected via Five/Nine/Fourteen Eyes is safe from China, Russia, or Iran.
On the other hand, the alliances also seem to have expanded to more countries. A few years ago, the US proposed that France (part of Nine Eyes) upgrade to the Five Eyes Alliance. The then-president of France, Sarkozy, said that this Alliance should go much further. Reports indicate that Germany (Fourteen Eyes) is now part of the Nine Eyes group.
At the broadest level, this co-operation is already evident.
There is even a 43 Eyes group, which extends 14 Eyes to the members of the International Security Assistance Forces for a NATO-led security mission in Afghanistan.
It’s not clear how extending the network to more and more
members equates to an increased threat profile that all these countries face.
Surely including more countries increases the chances that secret information
will be stolen or leaked?
Well, yes, but it also increases the surveillance
capabilities of the core Five Eyes members, and especially the US. And at the
end of the day, that might be a price worth paying.
Do global surveillance programs work?
The most critical question is this: do these surveillance
programs ‘work’? Do they prevent crime, terrorism, and inter-state
Unfortunately, because of the operations of the highly secretive nature of the alliances, it is difficult to tell. However, even if they are effective, there is a broader principle at stake. All of these programs, and especially the PRISM system, collect information on everyday citizens, whether they have committed a crime or not. And that, in my opinion, is simply wrong.
What’s Joe Average to do?
When you’ve got governments watching your every move and major tech companies like Facebook collecting any scrap of data you leave behind, what’s the average citizen to do to maintain a modicum of privacy online? (Insert creepy extended laughter with an evil inflection). Sorry, that war is long lost, and there are no do-overs.
Your best bet, short of going off-grid and adopting an 1820 lifestyle, is to deploy the usual privacy/cybersecurity tools: a good security suite, firewall, and a VPN to encrypt your internet connection and mask your IP address.
Then stop entering your data into every form that comes
along and pay attention to what privacy and end-user licence policies say. A
little education and discretion go a long way.
There’s a couple of ways it might go from here. The first –
personal privacy is lost, and it is not coming back. The second – blockchain
and AI might eventually re-establish some of what we have lost.
Or it might hasten the pace of loss. Good luck to us all. We
are going to need it.
GadgetGuy’s take – Australian surveilance is right up there as a Five Eyes member
Sam paints a global picture that has been going on now for over 60 years. But in reality, the internet has been the great enabler over the past 20 years.
The Australian government has long exerted strict
surveillance measures via
It’s Five Eyes participation via the Australian Signals Directorate United States National Security Agency
Telephone, internet, communications right down to it no longer being possible to access the comms network without providing adequate identification.
Finance, banking, superannuation and insurance systems
Vehicle and transport systems including automatic number-plate recognition, taxi, Uber and other rideshare records
International air and sea and now domestic air travel
Cashless OPAL card and the like networks for train, buses and ferries and now all commuter carparks
Aircraft and seacraft via the Jindalee Operational Radar Network, Pine Gap, Shoal Bay, HMAS Harman, and the Australian Defence Satellite Communications Station
Utilities monitoring (gas, electricity, water)
Government services (Centrelink and any financial support) and local government rates and services Government bodies including ASIC, ACCC, APRA, ATO, ACMA, ASIO, Australia Post, Fisheries Management and many more Qangos.
Hospital and medical records
And many more like a network of concerned citizens to dob in offenders or suspects
The Assistance and Access Bill 2018 now mandates that any software provider, carriage service etc. must have an encrypted backdoor (but cannot compel it if it results in systemic weakness or vulnerability). Whatsapp, Instagram, Facebook, Google, Microsoft, Apple, Amazon et al. co-operate with legitimate requests.
Its surveilance justification is via two broad statements.
First, ordinary law-abiding citizens have nothing to worry about (and that is mainly true as there seems to be adequate data safeguards).
Second, it is necessary to protect necessary us from
criminal or terrorist activities (and the majority of Australian’s support this).
Do people trust the government?
People do not trust politicians of any ilk. But, we refer
back to the first justification – if you have nothing to hide you must support
Where is all this surveillance information stored?
At present, there is no single supercomputer that stores everything. Its unlikely that the computing power needed to do this for 26 million Australians really exists, let alone is affordable.
At present Joe Average has a level of protection because data resides across thousands of disparate computers. But given the advances in machine learning, artificial intelligence and distributed (cloud) networks that may not be too far away. Then Skynet runs our lives.