Even if you're not doing anything wrong, you're being watched and recorded.Edward Snowden
Mass surveillance systems
Mass surveillance systems are nothing new. If in the past that mainly came down to intercepting phone calls and telegrams, in the digital era the collected information is mostly about gathering the data about activity and communication on the Internet and cell phone services.
In the majority of cases mass surveillance systems are responsible for legally collecting data via various communications channels. This includes collection and storing phone calls, the coordinates that fix the location of the caller’s calls – the so-called billing, and, of course, the collection and storing Internet traffic. Users are aware of data collection, at least, the society doesn’t find anything surprising about the existence of such systems.
Of course, there is the bigger evil – the illegal data collection, for instance, the program called RAMPART-A, one of the disclosures made by Edward Snowden. According to the information published by NSA, USA secretly negotiated agreements with 33 countries in Western and Eastern Europe, Asia and Africa to access and monitor fiber-optic cables carrying internet data in those nations.
Almost every country has its own mass data collection system: in Russia – this is COMP, in Canada, Australia, New Zealand, the US and Great Britain – ECHELON, in France – Frenchelon, in China – Golden Shield. You are going to find out more about these systems in the chapter devoted to mass surveillance systems and the methods of protection against them.
Progress constantly moves along, and these systems periodically evolve. New solutions for storing information emerge, capable of storing more data in smaller space, with a smaller price tag or more efficiently performing the search for the required information in the collected data.
For instance, take the relatively new technology – search by voiceprint. If the government possesses the records of your voice, they can always identify your calls, no matter what the phone number you used when making them. Such solutions are costly and employed by special services of just a few countries.
Special services don’t have enough space for storing my data over many years.
Unfortunately, they have enough space to store information about every person on the planet for many years ahead.
Take a look at the photo below. You may have already seen this building. This is NSA’s Utah Data Center that probably stores all your calls, correspondence in IM services and on social networks, emails over the last years.
You must’ve heard about the methods of protection against mass surveillance, similar instructions are actively spread on the Internet by human rights groups and activists. According to them, to guard against mass surveillance, it suffices to encrypt your communications, or better yet, use VPN for comprehensive encryption of your entire Internet traffic.
They do have a point here, don’t they? How can you be watched when your traffic is encrypted? VPN can really encrypt your entire Internet traffic up to the VPN server, and the system of data interception at the level of your Internet provider will get only encrypted traffic. But on the VPN server your traffic will be decrypted, and at best, you’ll be left with the encrypted connection up to site (HTTPS), which is no rocket science for special services.
Interview widget: Do you use VPN or Tor when using the Internet?
If the country where your VPN server is located doesn’t have a mass data collection system in place (though I know none such countries), it may be farther on its way to the site. But if both the VPN server and the site’s server you connect to are located in one data center and there is no mass data collection system between them, in this event the only encrypted data are the information collected by your Internet provider or another party in any other space on the way to the VPN server.
Except, there is one more condition to be met – your VPN must be set up appropriately, otherwise there can be leaks up to the transmission of unprotected data bypassing the encrypted tunnel. You will learn how to do it.
Many experts say that encryption solves the problem of total surveillance. Unfortunately, this is far from the truth. In reality, if you use a reliable encryption algorithm, and the software doesn’t have knowingly made vulnerabilities, currently the encrypted data is very unlikely to be decrypted. But progress always moves along, and many encryption algorithms that were considered to be secure, are not regarded as reliable today.
For instance, an RSA with a 768-bit key length was actively used by government bodies, major companies and even in the defense industry until in 2009 a group of researchers broke into it, and everyone was prompted to switch to 1024-bit keys. A while later and in 2018 users are recommended to switch to 2048-bit RSA. The quantum computer whose emergence is very likely in the near future will be able to crack all the data encrypted today.
You’ll have to reconcile to the thought that encryption offers just temporary protection, this is not a remedy to the problem. All your correspondence, phone calls, Internet traffic can be decrypted with time, and meanwhile, all this can be just collected and stored.
There have been a number of cases when law enforcement seized encrypted storage devices but failed to defeat them. For instance, Daniel Dantas, the Brazilian banker arrested in Rio de Janeiro on charges of fraud by the Brazilian authorities. The Brazilian National Institute of Criminology and FBI tried for over a year without success to break into his hard drives but failed. Perhaps one day they will still succeed in accessing their contents…
Do not delude yourself with the idea that your encrypted data will never be defeated. Maybe already in a couple of years the encryption that is being used today will cease to be secure.
Perhaps the encryption used today is already unreliable… You don’t think that after the special services design a method to defeat the encrypted communication, they will hasten with an official statement saying “Dear users, we have found a way of defeating the data encrypted by algorithm N, please make sure to switch to more secure solutions”?
Modern algorithms are carefully studied, and there is a small probability it could happen, but we cannot rule out it altogether, all the more so after we have recently witnessed similar examples.
For instance, since 2004 RSA Security had been offering its customers a knowingly weakened pseudorandom number generator Dual EC DRBG that allows NSA to get access to encrypted data at any moment. It was revealed that RSA was paid $10 million by NSA to create the back door.
What about experts? The suspicions around weaknesses in Dual EC DRBG emerged earlier dating back to 2007, but they were known only to a small number of specialists until in 2013 Edward Snowden disclosed the truth to the world. And only after that the society raised concerns about security calling on to discontinue to use the compromised algorithm. The weakened solution was used for many years by thousands of customers, including such giants as Adobe, Oracle, Sony and Nintendo.
In this introductory article you have learned about the threats posed by mass surveillance systems and got a sneak peek of the solutions for them. You are already aware of the fact that a lot of data are being collected about you, and most probably, as technologies become more and more sophisticated, they will do it more actively and store this information longer.
How and who will use this data? Do you really want someone to snoop on something you wrote when you were eighteen years old? What videos you watched? What sites you visited? Won’t the ignorance and delusions of youth become a blackmail tool capable of running your life many years later? Who will guarantee that this data will not be leaked to a third party, or the government won’t use it to exert pressure on you? All these concerns make mass data collection a serious threat of this century.