Surveillance – how to tell if the Government is watching you (hint: you’re breathing)

Suirveillance

A couple of weeks back, we wrote about the hypocrisy of the US during the recent Huawei 5G infrastructure fiasco. In essence, it is all about any government’s right to place its citizens under surveillance.

The US claims that allowing Huawei to operate in the US could expose their citizens to Chinese surveillance. But US citizens (and citizens of other countries) already live under the most extensive surveillance program in history.

Following that article, we got plenty of requests for insight into these US and Global surveillance programs. Sam Bocetta, our US-based security guru, will take you through them. 

Surveillance

A Guide to the state of global surveillance – Sam Bocetta

“The genie is well and truly out of the bottle – every move you make, every breath you take someone is watching you.”

While you may think that a little dramatic consider the massive personal data Facebook has on you. Google and Apple know every search and every move. Uber knows where it took you and loyalty programs track your every purchase.

Hell, US Law enforcement uses private citizens webcams and bank ATM cams to monitor neighbourhoods. When was the last time you did not see citizen smartphone or crash-cam footage on the news?

Then there are security camera’s with Face ID. They are on traffic lights, power poles, railway and bus stations, and almost every street corner. It is almost impossible to escape surveillance. But, it goes far deeper than what we voluntarily let Zuckerberg et al., know!

Surveillance

‘Deeper’ means older, more entrenched, and more secretive.

Five Eyes

The oldest and most powerful international surveillance program is Five Eyes. Founded in 1941 this alliance was initially a response to the need to share intelligence between the US and UK during WW2.

Five Eyes

In 1946, the alliance became formal in the UKUSA Agreement 1940-1956, allowing the two governments to share intelligence from their ‘listening posts’. Over the following decade, three more countries came into the alliance: Canada, Australia, and New Zealand. While members since 1955 the agreement was so secretive that even the Australian Prime Minister did not know about it until 1973, and the public kept in the dark until 2005

ECHELON
Typical Echelon installation

Five Eyes collects and shares intelligence through a surveillance network known as ECHELON. The initial intent was to monitor communications with and from the USSR and its allies. This system was pretty basic by today’s standards. But the US and Great Britain still felt the need to deny its existence until it admitted to the public in the late 1990s.

Following 9/11, there was a massive expansion of the Five Eyes network and capabilities.

The ‘War on Terror’ was all the justification that the Five Eyes countries needed for total surveillance of their citizens. As the Snowden leaks reveal, this led to a massive expansion in the level of surveillance, during which the private communications of average citizens were intercepted and stored by default. 

This surveillance meant the development of vast networks of listening posts and bugs, feeding into a system named PRISM. A series of laws in all Five Eyes countries mandated that communications companies share their data with authorities. In practice, this means that Australian tech companies, Canadian web-hosting providers, mobile operators in the UK, and even US companies offering supposedly secure messaging services, must give this data to surveillance agencies. 

Other Global Surveillance Programs

PRISM

There are two expanded Five Eyes country alliances. Unfortunately, there has never been a public admission that these programs exist, and nor has there been a whistle-blower like Snowden to reveal their capabilities. Still, there is some evidence that they exist, even if little is known about what they can and can’t do.

The first is Nine Eyes, which adds Denmark, France, the Netherlands, and Norway to the network. Though these countries have less access to surveillance data than the core members of Five Eyes, they still cooperate in collecting information for them. The Netherlands, for instance, may have a spying ‘array’ that feeds data to the broader network.

Then there is SIGINT Seniors Europe, more commonly known as Fourteen Eyes. This network adds Germany, Belgium, Italy, Spain and Sweden. We know little about the capabilities or level of sharing within this network. It appears to be primarily a system for sharing military information between members. Not that this makes it any less scary: post-2001, almost any piece of data can be deemed as having ‘military value’ and is potentially shared.

The Future

Though these intelligence networks have been around for decades now, they have come under increased scrutiny following the Huawei 5G scandal and recent Chinese attacks on Telegram and other US-based communications companies.

One huge Five/Nine/Fourteen Eyes issue is the potential use of Huawei’s 5G products and security threats posed by the 5G rollout. Given the scale of information sharing between members of the network, the Chinese government infiltrating the infrastructure of any of them potentially compromises data collected anywhere. 

Some suggest that, especially given the rising number of cyberattacks in recent years, that further centralisation and control of the communications network is necessary. Those proposing that starting a US Department of Cybersecurity is the solution to help to protect consumers might have another motive. This new Federal department would also ensure that intelligence collected via Five/Nine/Fourteen Eyes is safe from China, Russia, or Iran.

More Surveillance

On the other hand, the alliances also seem to have expanded to more countries. A few years ago, the US proposed that France (part of Nine Eyes) upgrade to the Five Eyes Alliance. The then-president of France, Sarkozy, said that this Alliance should go much further. Reports indicate that Germany (Fourteen Eyes) is now part of the Nine Eyes group.

Eyes

At the broadest level, this co-operation is already evident.

There is even a 43 Eyes group, which extends 14 Eyes to the members of the International Security Assistance Forces for a NATO-led security mission in Afghanistan.

It’s not clear how extending the network to more and more members equates to an increased threat profile that all these countries face. Surely including more countries increases the chances that secret information will be stolen or leaked? 

Well, yes, but it also increases the surveillance capabilities of the core Five Eyes members, and especially the US. And at the end of the day, that might be a price worth paying.

Do global surveillance programs work?

The most critical question is this: do these surveillance programs ‘work’? Do they prevent crime, terrorism, and inter-state espionage? 

Unfortunately, because of the operations of the highly secretive nature of the alliances, it is difficult to tell. However, even if they are effective, there is a broader principle at stake. All of these programs, and especially the PRISM system, collect information on everyday citizens, whether they have committed a crime or not. And that, in my opinion, is simply wrong.

What’s Joe Average to do?

When you’ve got governments watching your every move and major tech companies like Facebook collecting any scrap of data you leave behind, what’s the average citizen to do to maintain a modicum of privacy online? (Insert creepy extended laughter with an evil inflection). Sorry, that war is long lost, and there are no do-overs. 

Your best bet, short of going off-grid and adopting an 1820 lifestyle, is to deploy the usual privacy/cybersecurity tools: a good security suite, firewall, and a VPN to encrypt your internet connection and mask your IP address.

Then stop entering your data into every form that comes along and pay attention to what privacy and end-user licence policies say. A little education and discretion go a long way.

There’s a couple of ways it might go from here. The first – personal privacy is lost, and it is not coming back. The second – blockchain and AI might eventually re-establish some of what we have lost. 

Or it might hasten the pace of loss. Good luck to us all. We are going to need it.

GadgetGuy’s take – Australian surveilance is right up there as a Five Eyes member

Sam paints a global picture that has been going on now for over 60 years. But in reality, the internet has been the great enabler over the past 20 years.

The Australian government has long exerted strict surveillance measures via

  • It’s Five Eyes participation via the Australian Signals Directorate United States National Security Agency
  • Telephone, internet, communications right down to it no longer being possible to access the comms network without providing adequate identification.
  • Finance, banking, superannuation and insurance systems
  • Vehicle and transport systems including automatic number-plate recognition, taxi, Uber and other rideshare records
  • International air and sea and now domestic air travel
  • Cashless OPAL card and the like networks for train, buses and ferries and now all commuter carparks
  • Aircraft and seacraft via the Jindalee Operational Radar Network, Pine Gap, Shoal Bay, HMAS Harman, and the Australian Defence Satellite Communications Station
  • Utilities monitoring (gas, electricity, water)
  • Policing
  • Government services (Centrelink and any financial support) and local government rates and services
    Government bodies including ASIC, ACCC, APRA, ATO, ACMA, ASIO, Australia Post, Fisheries Management and many more Qangos.
  • Hospital and medical records
  • And many more like a network of concerned citizens to dob in offenders or suspects
Australia Surveillance

The Assistance and Access Bill 2018 now mandates that any software provider, carriage service etc. must have an encrypted backdoor (but cannot compel it if it results in systemic weakness or vulnerability). Whatsapp, Instagram, Facebook, Google, Microsoft, Apple, Amazon et al. co-operate with legitimate requests.

Face ID

Its surveilance justification is via two broad statements.

First, ordinary law-abiding citizens have nothing to worry about (and that is mainly true as there seems to be adequate data safeguards).

Second, it is necessary to protect necessary us from criminal or terrorist activities (and the majority of Australian’s support this).

Do people trust the government?

People do not trust politicians of any ilk. But, we refer back to the first justification – if you have nothing to hide you must support surveillance.

Where is all this surveillance information stored?

Politicians

At present, there is no single supercomputer that stores everything. Its unlikely that the computing power needed to do this for 26 million Australians really exists, let alone is affordable.

At present Joe Average has a level of protection because data resides across thousands of disparate computers. But given the advances in machine learning, artificial intelligence and distributed (cloud) networks that may not be too far away. Then Skynet runs our lives.