Targeted surveillance

Targeted surveillance (or targeted interception) is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance (or bulk interception). Both untargeted and targeted surveillance is routinely accused of treating innocent people as suspects in ways that are unfair, of violating human rights, international treaties and conventions as well as national laws,[1] and of failing to pursue security effectively.[2]

A 2014 report to the UN General Assembly by the United Nations' top official for counter-terrorism and human rights condemned mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. The report also makes a distinction between "targeted surveillance" - which "depend[s] upon the existence of prior suspicion of the targeted individual or organization" — and "mass surveillance", by which "states with high levels of Internet penetration can [...] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites".[3]

The United Kingdom's House of Lords also distinguishes between these two broad types of surveillance:[4]

  • Mass surveillance is also known as “passive” or “undirected” surveillance. [...] It is not targeted on any particular individual but gathers images and information for possible future use. CCTV and databases are examples of mass surveillance.
  • Targeted surveillance is surveillance directed at particular individuals and can involve the use of specific powers by authorised public agencies. Targeted surveillance can be carried out overtly or covertly, and can involve human agents. Under the Regulation of Investigatory Powers Act 2000 (RIPA), targeted covert surveillance is “directed” if it is carried out for a specific investigation or operation. By comparison, if it is carried out on designated premises or on a vehicle, it is “intrusive” surveillance. Targeting methods include the interception of communications, the use of communications “traffic” data, visual surveillance devices, and devices that sense movement, objects or persons.

Only targeted interception of traffic and location data in order to combat serious crime, including terrorism, is justified, according to a decision by the European Court of Justice.[5][6][7][8]

Selection of targets

NSA's selector lists

The current approach of the NSA and its related organizations is attempting to collect all signals of everybody at all times without any prior selection.[9][10][11] So any current selection is only used for targets of special interest, human review or special resource allocation.

Such selectors include searching the web for the privacy-enhancing software tools such as Tor.[12][13]

A leaked document revealed that for the XKeyscore program, using languages that are out of place for the region one is in, using encryption, and searching the web for 'suspicious stuff', were suggested as selectors.[14][15][16]

NSA and Germany's selector lists

In Operation Eikonal, German BND agents received "Selector Lists" − search terms for their dragnet surveillance. They contain IP addresses, mobile phone numbers and email accounts with the BND surveillance system containing hundreds of thousands and possibly more than a million such targets.[17] These lists have been subject of controversy since in 2008 when it was revealed that they contained some terms targeting the European Aeronautic Defence and Space Company (EADS), the Eurocopter project[18] as well as French administration,[19][17] which were first noticed by BND employees in 2005.[18] Other selectors were found to target the administration of Austria.[20] After the revelations made by whistle-blower Edward Snowden the BND decided to investigate the issue whose October 2013 conclusion was that at least 2,000 of these selectors were aimed at Western European or even German interests which has been a violation of the Memorandum of Agreement that the US and Germany signed in 2002 in the wake of the 9/11 terror attacks.[17] After reports emerged in 2014 that EADS and Eurocopter had been surveillance targets the Left Party and the Greens filed an official request to obtain evidence of the violations.[17][21]

The BND's project group charged with supporting the NSA investigative committee in German parliament was set up in spring 2014. It reviewed the selectors and discovered 40,000 suspicious search parameters, including espionage targets in Western European governments and numerous companies. The group also confirmed suspicions that the NSA had systematically violated German interests and concluded that the Americans could have perpetrated economic espionage directly under the Germans' noses.[17][22] The investigative parliamentary committee was not granted access to the NSA's selectors list as an appeal led by opposition politicians failed at Germany's top court. Instead, the ruling coalition appointed an administrative judge, Kurt Graulich, as a "person of trust" who was granted access to the list and briefed the investigative commission on its contents after analyzing the 40,000 parameters.[23][24] In his almost 300-paged report,[25] Graulich concluded that European government agencies were targeted massively and that Americans hence broke contractual agreements. He also found that German targets which received special protection from surveillance of domestic intelligence agencies by Germany's Basic Law (Grundgesetz) − including numerous enterprises based in Germany − were featured in the NSA's wishlist in a surprising plenitude.[26] While the magnitude differs there have also been problematic BND-internal selectors which have been used until end of 2013 - around two thirds of 3300 targets were related to EU and NATO states.[27][28][29] Klaus Landefeld, member of the board at the Internet industry association Eco International, has met intelligence officials and legislators to present suggestions for improvement, like streamlining the selector system.[30]

Calls for targeted surveillance

Intelligence officials

Former NSA director and whistleblower William Binney testified that while targeted data collection operations could help prevent terror attacks, "overcollection" of mass data undermined security and had consistently cost lives because of "analysis paralysis".[31] He said the British government should "redirect" intelligence agencies and law enforcement to targeted surveillance with it being "based on probable cause and developing knowledge about the targets and make sure they qualify for things like warrants". He also states that "retroactively analysing people, anybody you want, any time you want, that's certainly possible with bulk acquisition of data but that's certainly not what democracies are built on". According to him "that's what totalitarian states are built on".[32]

In November 2016 whistleblower Edward Snowden stated:

What I protest most strongly is mass surveillance, indiscriminate surveillance where they are watching everyone. Targeted surveillance that's backed by a court...is the least intrusive means of achieving these investigative goals without destroying the rights of everyone else in a free society

— Edward J. Snowden, [33]

Snowden also noted that the men who committed recent terrorist attacks in France, Canada and Australia were under surveillance but they weren't singled out.

It wasn't the fact that we weren't watching people or not, it was the fact that we were watching people so much that we did not understand what we had. The problem is that when you collect it all, when you monitor everyone, you understand nothing.

— Edward J. Snowden, [34]

In May 2015 The Intercept revealed that it obtained documents that showed that officials inside the NSA have criticized the 'collect it all'-approach as well with the documents having titles such as "Data Is Not Intelligence", "The Fallacies Behind the Scenes", "Cognitive Overflow?", "Summit Fever", "In Praise of Not Knowing", "Dealing With a 'Tsunami' of Intercept", "Overcome by Overload?" and "Too Many Choices".[35]

The document's conclusions include:

  • The SIGINT mission is far too vital to unnecessarily expand the haystacks while we search for the needles. Prioritization is key.
  • We in the agency are at risk of a similar, collective paralysis in the face of a dizzying array of choices every single day
  • 'Analysis paralysis' isn't only a cute rhyme. It's the term for what happens when you spend so much time analyzing a situation that you ultimately stymie any outcome [...] It's what happens in SIGINT when we have access to endless possibilities, but we struggle to prioritize, narrow, and exploit the best ones.

Politics

United Kingdom's Liberal Democrats have demanded that the Government end indiscriminate mass surveillance and introduce a more targeted and effective counter-terrorism policy that uses targeted surveillance of specific individuals who are suspected of wrongdoing.[36] Liberal Democrats home affairs spokesperson Alistair Carmichael asks that, "mass spying on the British people should be replaced with targeted surveillance of specific individuals suspected of wrongdoing".[37]

In the 2015 "Resolution 2045", the European Parliamentary Assembly "recognises the need for effective, targeted surveillance of suspected terrorists and other organised criminal groups" and states that "such targeted surveillance can be an effective tool for law enforcement and crime prevention", while at the same time "according to independent reviews carried out in the United States, mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials. Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act".[38]

Organizations

Privacy campaigners argue that instead of "wasting resources gathering and sifting through the volume of data being accumulated through mass surveillance", resources would be better allocated in providing more personnel for targeted surveillance.[39]

In an analysis of 10 recent terror attacks, Ryan Gallagher of The Intercept concludes that, "if any lesson can be learned from studying the perpetrators of recent attacks, it is that there needs to be a greater investment in conducting targeted surveillance of known terror suspects and a move away from the constant knee-jerk expansion of dragnet surveillance, which has simply not proven itself to be effective, regardless of the debate about whether it is legal or ethical in the first place".[40]

After Privacy International launched a legal case against Britain's security services, Thomas de la Mare QC of the group states there is a danger that "de facto constant surveillance", such as the services' orders for bulk data from telecom companies on request, could become "the most potent instrument of repression", and argued during the hearing, that such non-targeted forms of surveillance have turned investigations on their head. The campaigners argue that whereas in the past, individual inquiries based on suspicion would throw up leads, it is now algorithmic processing of data providing those leads with that amounting to mass surveillance.[41][42]

Civil rights group Liberty, which is challenging the legality of bulk collection in the European Court of Human Rights criticizes the "Report of the bulk powers review" by David Anderson QC for failing to answer whether information gathered via bulk powers was the "critical factor in preventing or detecting serious crime, and whether that information could have been obtained from smart, targeted surveillance instead".[43]

Other

Lord Paddick comments the 2016 Investigatory Powers Act, saying "as with any legislation, there is a significant risk that authorities will use powers in a way that parliament never intended" and called for proper oversight to ensure any surveillance is targeted and proportionate.[5] Privacy campaigners say the bill clearly lays out the mass surveillance powers that would be at the disposal of the security services, and want it be amended so that the surveillance is targeted and based on suspicion. They argue that the powers are so sweeping, and the bill's language so general, that not just the security services but also government bodies will be able to analyze the records of millions of people even if they are not under suspicion.[41]

Troy Wolverton notes that the documents leaked by Snowden revealed widespread abuses, both at home and abroad. He says that "instead of targeted surveillance of particular threats, the NSA had a motto and mentality of 'collect it all' on everybody, the privacy of anyone involved be damned".[44]

Jo Glanville, editor of Index on Censorship and a member of the Ministry of Justice working party on libel reform, asserts that keeping the country safe does not entitle the government or the intelligence services to act without regards to our human rights and that "it is possible to conduct targeted surveillance with effective oversight while according respect to all our rights".[45]

Software

Computer scientists at the University of Pennsylvania have developed an algorithmic framework for conducting targeted surveillance of individuals within social networks while protecting the privacy of "untargeted" digital bystanders that "outputs a list of confirmed targeted individuals discovered in the network, for whom any subsequent action (e.g., publication in a most-wanted list, further surveillance, or arrest in the case of terrorism; medical treatment or quarantine in the case of epidemics) will not compromise the privacy of the protected".[46][47]

In January 2017 it was reported that German federal agencies are using a new program called "Radar", developed by the BKA and the University of Zürich, that aims to help evaluate the risk posed by persons. It includes a catalog of questions such as about the person's relationship to violence and access to weapons and takes into account data on past terrorists.[48][49]

The crypto and security communities can make the Internet more secure by making population-wide surveillance technically or economically infeasible, understanding that modest amounts of targeted surveillance will always be technically and economically feasible.[50]

Edward Snowden notes that "we're thwarting mass surveillance when we use encryption. We're not stopping targeted surveillance. Because even, again, if you have the most well-encrypted device in the world, if the government spends a million dollars to pay a hacker to exploit your phone personally, they will very likely succeed".[51]

Attempts to legalize mass surveillance as targeted surveillance

The Electronic Frontier Foundation claims that the NSA and its defenders are trying to pass off their mass surveillance as being authorized under Section 702 of the FISA Amendments Act as "targeted surveillance" even though it includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more which according to them fits the definition "mass surveillance" under Section 702.[52]

Furthermore, the organization asks how the US government justified the Yahoo email scanning under FISA, asking whether the Foreign Intelligence Surveillance Court has interpreted FISA – which authorizes targeted surveillance of certain foreigners' (such as spies or terrorists) communications – to mean that the government can conscript Yahoo into mass surveillance of all of its users' emails.[53]

According to documents obtained from Edward Snowden and published by Glenn Greenwald, the NSA and GCHQ have been automating targeted operations, allowing for "industrial scale exploitation" that can potentially infect "millions" of machines with malware.[54][55]

See also

References

  1. ^ *Harding, Luke (26 January 2015). "Mass surveillance is fundamental threat to human rights, says European report". The Guardian. Retrieved 2 January 2017.
  2. ^ Hadjimatheou, Katerina (1 January 2014). "The Relative Moral Risks of Untargeted and Targeted Surveillance". Ethical Theory and Moral Practice. 17 (2): 187–207. doi:10.1007/s10677-013-9428-1. S2CID 144516798. Retrieved 2 January 2017.
  3. ^ Greenwald, Glenn (15 October 2014). "UN Report Finds Mass Surveillance Violates International Treaties and Privacy Rights". The Intercept. Retrieved 2 January 2017.
  4. ^ "Surveillance: Citizens and the State - Constitution Committee". House of Lords. Retrieved 2 January 2017.
  5. ^ a b Asthana, Anushka (25 December 2016). "Revealed: British councils used Ripa to secretly spy on public". The Guardian. Retrieved 2 January 2017.
  6. ^ "European court's snooping judgment 'bolsters privilege'". Law Society Gazette. Retrieved 3 January 2017.
  7. ^ Bowcott, Owen (21 December 2016). "EU's highest court delivers blow to UK snooper's charter". The Guardian. Retrieved 3 January 2017.
  8. ^ Heathman, Amelia (21 December 2016). "EU court deals major blow to UK's controversial snooper's charter". Wired UK. Retrieved 3 January 2017.
  9. ^ "The crux of the NSA story in one phrase: 'collect it all'". The Guardian. 15 July 2013. Retrieved 4 January 2017.
  10. ^ Maass, Peter (28 May 2015). "Inside NSA, Officials Privately Criticize "Collect It All" Surveillance". The Intercept. Retrieved 4 January 2017.
  11. ^ Cole, David (12 May 2014). "'No Place to Hide' by Glenn Greenwald, on the NSA's sweeping efforts to 'Know it All'". The Washington Post. Retrieved 4 January 2017.
  12. ^ Zetter, Kim (3 July 2014). "The NSA Is Targeting Users of Privacy Services, Leaked Code Shows". WIRED. Retrieved 4 January 2017.
  13. ^ "NSA targets the privacy-conscious". Das Erste. Retrieved 4 January 2017.
  14. ^ Leyden, John. "New NSA tool exposed: XKeyscore sees 'nearly EVERYTHING you do online'". The Register. Retrieved 8 January 2017.
  15. ^ Gallagher, Ryan (31 July 2013). "NSA Targets Internet Users Who Search for "Suspicious Stuff," Newly Revealed Documents Show". Slate. Retrieved 8 January 2017.
  16. ^ "XKeyscore presentation from 2008 – read in full". The Guardian. 31 July 2013. Retrieved 8 January 2017.
  17. ^ a b c d e "Spying Close to Home: German Intelligence Under Fire for NSA Cooperation - SPIEGEL ONLINE - International". Der Spiegel. SPIEGEL ONLINE. 24 April 2015. Retrieved 4 January 2017.
  18. ^ a b Dehmer, Dagmar; Haselberger, Stephan (4 May 2015). "BND und NSA: Die Chronologie des Spionageskandals – Politik – Tagesspiegel". tagesspiegel.de (in German).
  19. ^ "Wie die NSA europäische Unternehmen ausspionierte". Süddeutsche.de (in German). 24 April 2015.
  20. ^ "NSA-Spitzelei: BND soll 12.000 Suchbegriffe gelöscht haben". Faz.net (in German). Frankfurter Allgemeine Zeitung GmbH. 1 May 2015.
  21. ^ "Bundesverfassungsgericht - BVerfG, Beschluss des Zweiten Senats vom 13. n". bundesverfassungsgericht.de (in German). 13 October 2016. Retrieved 4 January 2017.
  22. ^ Denkler, Thorsten. "Geheimdienst-Affäre: NSA jubelte BND deutsche Spähziele unter". Süddeutsche Zeitung (in German). Retrieved 4 January 2017.
  23. ^ "German Constitutional Court rules out access to NSA's 'selectors' list". Deutsche Welle. Retrieved 4 January 2017.
  24. ^ Meiritz, Annett (July 2015). "Designierter NSA-Sonderermittler: Ein Mann, 40.000 brisante Daten". Der Spiegel. SPIEGEL ONLINE. Retrieved 4 January 2017.
  25. ^ "Der Graulich-Abschlussbericht" (PDF). Retrieved 4 January 2017.
  26. ^ Baumgärtner, Maik; Knobbe, Martin (30 October 2015). "Geheimdienstaffäre: Sonderermittler spricht von klarem Vertragsbruch der NSA". Der Spiegel. SPIEGEL ONLINE. Retrieved 4 January 2017.
  27. ^ "Geheimdienstkontrolleure: BND hat gegen Recht und Auftrag verstoßen" (in German). Heise Online. 17 December 2015. Retrieved 4 January 2017.
  28. ^ "BND hat jahrelang unter Freunden spioniert". Deutsche Welle. Retrieved 4 January 2017.
  29. ^ Decker, Markus. "Geheimdienst-Affäre: BND spitzelte mit eigenen Selektoren". Frankfurter Rundschau (in German). Retrieved 4 January 2017.
  30. ^ Somaskanda, Sumi. "Is Big Brother coming to Germany?". Al Jazeera. Retrieved 4 January 2017.
  31. ^ Travis, Alan; Bowcott, Owen (6 January 2016). "'Snooper's charter' will cost British lives, MPs are warned". The Guardian. Retrieved 2 January 2017.
  32. ^ Burgess, Matt (6 January 2016). "UK mass surveillance 'totalitarian' and will 'cost lives', warns ex-NSA tech boss". Wired UK. Retrieved 2 January 2017.
  33. ^ "Snowden Prompts Americans to Focus on 'Broad Social Issues' After US Election". Sputnik. 10 November 2016.
  34. ^ Rusbridger, Alan; Gibson, Janine; MacAskill, Ewen (22 May 2015). "Edward Snowden: NSA reform in the US is only the beginning". The Guardian. Retrieved 5 January 2017.
  35. ^ Maass, Peter (28 May 2015). "Inside NSA, Officials Privately Criticize "Collect It All" Surveillance". The Intercept. Retrieved 5 January 2017.
  36. ^ "Lib Dems call for targeted surveillance not Big Brother". Liberal Democrats. 17 September 2016. Retrieved 2 January 2017.
  37. ^ "British spies illegally kept databases on UK citizens. But it's all fine now". The Independent. 17 October 2016. Archived from the original on 2022-05-26. Retrieved 2 January 2017.
  38. ^ "Mass surveillance - Resolution 2045 (2015)". Parliamentary Assembly. Retrieved 2 January 2017.
  39. ^ MacAskill, Ewen (22 December 2016). "Does the Berlin attack make the case for increased surveillance?". The Guardian. Retrieved 2 January 2017.
  40. ^ Gallagher, Ryan (18 November 2015). "From Paris to Boston, Terrorists Were Already Known to Authorities". The Intercept. Retrieved 2 January 2017.
  41. ^ a b Viña, Gonzalo. "Surveillance: Taking liberties?". Financial Times. Retrieved 2 January 2017.
  42. ^ Lomas, Natasha. "UK heading towards era of parliament-approved mass surveillance". TechCrunch. Retrieved 2 January 2017.
  43. ^ Lomas, Natasha. "UK spy agencies' use of mass surveillance backed by external reviewer". TechCrunch. Retrieved 2 January 2017.
  44. ^ Wolverton, Troy. "Opinion: Tech industry should lead Snowden pardon charge". Retrieved 2 January 2017.
  45. ^ Wright, David; Kreissl, Reinhard (2014-09-19). Surveillance in Europe. Routledge. ISBN 9781317915461. Retrieved 2 January 2017.
  46. ^ Byrne, Michael (11 January 2016). "Algorithms Claim to Hunt Terrorists While Protecting the Privacy of Others". Vice Motherboard. Retrieved 2 January 2017.
  47. ^ Kearns, Michael; Roth, Aaron; Wu, Zhiwei Steven; Yaroslavtsev, Grigory (26 January 2016). "Private algorithms for the protected in social network search". Proceedings of the National Academy of Sciences. 113 (4): 913–918. Bibcode:2016PNAS..113..913K. doi:10.1073/pnas.1510612113. ISSN 0027-8424. PMC 4743768. PMID 26755606.
  48. ^ "Neues Sicherheitssystem: "Radar" soll Gefährder besser erkennen". n-tv.de (in German). Retrieved 30 March 2017.
  49. ^ "Neue BKA-Software soll Gefährder beurteilen". tagesschau.de (in German). Retrieved 30 March 2017.
  50. ^ Preneel, Bart; Rogaway, Philipp; Ryan, Mark D.; Ryan, Peter Y. A. (2015). "Privacy and Security in an Age of Surveillance". Dagstuhl Manifestos. 5 (1): 25–37. doi:10.4230/DagMan.5.1.25. S2CID 13137112.
  51. ^ "Snowden: 'Journalists Are a Threatened Class' in Era of Mass Surveillance". Common Dreams. Retrieved 2 January 2017.
  52. ^ "Word Games: What the NSA Means by "Targeted" Surveillance Under Section 702". Electronic Frontier Foundation. 24 August 2016. Retrieved 2 January 2017.
  53. ^ "It's Time for Answers on Yahoo's Email Scanning". Electronic Frontier Foundation. 25 October 2016. Retrieved 2 January 2017.
  54. ^ Kopfstein, Janus (12 March 2014). "The NSA's "Targeted" Surveillance Is Looking Less Targeted All the Time". Slate. Retrieved 2 January 2017.
  55. ^ Doctorow, Cory (6 July 2014). "NSA trove shows 9:1 ratio of innocents to suspicious people in "targeted surveillance"". Boing Boing. Retrieved 2 January 2017.