Blog

How Government Surveillance Kills Your Online Privacy

By February 17, 2020 February 24th, 2020 No Comments
Government Surveillance

Government surveillance is, without a doubt, the biggest threat to your online privacy.

All other threats pale in comparison. They’re merely cogs in the privacy-killing machine called government surveillance.

In the ongoing fight to protect our online privacy, knowledge is our simplest (and arguably best) weapon. Without understanding what online privacy is and why it matters, we can’t start taking steps to protect it.

And we need to understand the ways our online privacy is under attack so we can take the right steps.

This is just a quick-and-dirty guide to get you started on understanding the behemoth of government surveillance. Stick around to the end to find out how you can learn even more.

The History of Government Surveillance

No discussion on government surveillance would be complete without first taking a brief look at its history. And the best way to do so is to turn to Professor Brian Hochman, who’s been studying that history for the past several years.

Professor Brian Hochman

“It starts long before the telephone,” Hochman revealed. “The earliest statute prohibiting wiretapping was written in California in 1862, just after the Pacific Telegraph Company reached the West Coast.”

“Until the 1920s, wiretapping was most often used by private detectives and corporations,” he continued. “It wasn’t until Prohibition that it became a common law enforcement tool… it’s not really until the 1950s that [wiretapping is] seen as a national problem. Even then, it’s mostly the issue of private wiretapping that concerns people…

“Feelings were mixed about ‘official’ wiretapping. By 1965, the normative political position in the United States was that wiretapping for national security was a necessary evil, whereas wiretapping in the service of the enforcement of criminal law… was outrageous and an abuse of power.”

When asked what the 150-plus-years history of wiretapping revealed about today’s situation, Hochman answered:

“There is something categorically different about electronic surveillance in our contemporary moment: the extent to which it operates on a mass scale. Wiretapping and electronic eavesdropping was highly individualized up until the 1980s… Now… we’re talking about a scale of surveillance that scarcely seems fathomable from the perspective of [the past].”

5 Eyes, 9 Eyes, and 14 Eyes

“[Most people started worrying about government surveillance] with Watergate, when the public saw abuses of wiretapping by the executive branch,” Hochman said, “and it has spiked again with the Edward Snowden revelations about the National Security Agency.”

This is an important part of the history we’re unfolding – so much so that it warrants having this subsection all to itself. In fact, the topic is so broad we can only fit the barest of details here.

It all starts with the UKUSA Agreement.

KeepSolid Encryption

Originally a secret, informal agreement branching off from the Atlantic Charter (1941), the UKUSA Agreement was first renewed in the 1943 BRUSA Agreement and finally officially enacted in 1946. At first, only the UK and USA were part of the agreement, but Australia, Canada, and New Zealand were quickly roped in as well.

These 5 “founding” members have since become known as the 5 Eyes Alliance.

Five Eyes

Over the years, it’s been expanded as the 9 Eyes and (later) 14 Eyes Alliances, with several unofficial members joining in as well.

Ultimately, the agreement forms the backbone of an international coalition. The various intelligence agencies of the participating nations collectively spy on their own and each other’s citizens. Personal data collected by each agency is typically shared with the others (particularly among the 5 Eyes jurisdictions).

Edward Snowden’s revelations brought this multinational spy ring to the public’s attention in 2013. But rather than put an end to these invasive practices, you could say these revelations left the general public relatively complacent, believing the government’s insistence that national security trumps our human right to online privacy.

“Americans have come to terms with the inconvenient truth that there is no such thing as electronic communication without electronic eavesdropping,” Hochman observed.

5 Ways the Government Is Spying On All of Us

NSA

Before we get into the topic of whether or not national security really is more important than our online privacy, let’s take a quick look at 5 ways the government (and the NSA in particular) are spying on all of us.

Once again, these are just brief overviews meant to act as an introduction.

1. Your Smartphone

iPhone No Privacy

The USA Freedom Act of 2015 was supposed to limit the NSA’s access to citizens’ phone records. However, in typical fashion, it did no such thing – in 2017, the NSA harvested more than 534 million phone calls and text messages. That’s more than triple the amount it was in 2015.

According to Press Announcement 010 of June 18, 2018, the NSA “began deleting all call detail records (CDR) acquired since 2015 under Title V of the Foreign Intelligence Surveillance Act (FISA).”

The reason given was the NSA supposedly received some CDRs that it “was not authorized to receive,” and that it would be “infeasible to identify and isolate properly produced data.” Some outlets misunderstood the announcement to mean the NSA would no longer be collecting these records.

However, the final sentence of the PA begins: “The root cause of the problem has since been addressed for future CDR acquisitions.”

Why You Should Care

We should stop and clarify the CDRs do not include actual recordings of phone conversations. Senator Dianne Feinstein actually tried to use that fact in the NSA’s defense back in 2013: “This is just metadata. There is no content involved.

It’s an inherently dishonest defense because it fails to address how that metadata is used.

The short version is the metadata holds a lot of valuable information. Some of it can be used to personally identify you, which the rest needs to be seen in relation to other data to do the same.

To properly elaborate, we need to add the NSA (and other government agencies) can also track your location, albeit indirectly.

Your smartphone – or any other smart device, like your FitBit or Apple Watch – sends and receives GPS signals almost constantly. Even without those signals, your phone company’s towers are able to pinpoint your location based on any of your other electronic communications.

SmartPhone GPS

Your service provider is legally obligated to record this information. And all the government needs to do is request it via court order… which they can get using your CDR metadata to make even the most implausible connection between you and someone (or a group) under surveillance.

Still not sure why this is a bad thing?

Here’s what Edward Snowden says on the matter:

“You could be the most innocent person in the world, but if somebody who is programmed to see patterns of criminality looks at your data, they’re not going to find you – they’re going to find a criminal. Having been an analyst sitting at the desks and targeting people using surveillance, I know that the information that’s in data banks can lead people very easily to the wrong conclusion – particularly when the people who are looking at this data are looking for terrorists and criminals.”

2. Online Services (Including Your Internet Service Provider)

It’s no secret online services collect user data, ranging from your contact details when signing up to things like your device type, browser type, and IP address. Many of them openly admit to using this data to display ads they think will be relevant to you.

Free online services especially use ads to generate revenue. They’re effectively turning you into the product by selling your personal data to other companies, which is then used to generate and display personalized ads. This is also why you might get a notification asking you to turn your ad-blocker off when trying to access a website:

AdBlocker

What you might not realize is these online services aren’t merely selling your personal data to generate ad-based revenue. Some of them – like Google, Facebook, and Apple – openly admit to handing that same data to the NSA as part of the agency’s PRISM surveillance program.

What’s even more disconcerting is the fact these major services certainly aren’t alone. One of the biggest offenders is your ISP – no matter which company you’re with.

And you wonder why the US government allowed ISPs to sell your private data without your consent? It’s not just because your ISP is making campaign donations – it’s practically a reward for helping make government surveillance that much easier.

That’s not the end of it, though.

The government, via the NSA, “monitors international payments, banking and credit card transactions.

They don’t even need e-commerce sites to hand over your online purchase records, because they already have it themselves – without needing to piece together metadata from the different online stores you frequent.

3. Expanding the Internet of Things

The Internet of Things (IoT) is an increasingly all-pervasive aspect of many people’s lives. Our smartphone is connected to our smartwatch, to our fridges, to… just about everything.

For the sake of brevity, let’s set aside the fact smart speakers (Amazon Echo, Google Assistant, Apple HomePod, etc) are, as Brian Hochman puts it, “essentially wiretaps. They’re constantly listening.”

Let’s even gloss over the fact these devices send your data to unexpected third-parties.

Internet of Things Data Privacy

Yes, your webcam and mic can and almost certainly are being used to spy on you too. And your fingerprints can be replicated with 100% accuracy from photos taken at 1.5 meters away. AI might not even need a photo to be able to replicate fingerprints well enough to fool biometric ID scanners, for that matter.

Or how about the dozens of apps designed to help create deepfakes by tricking you into thinking it’s a hilarious trend?

Let’s face it – private tech companies are making it increasingly difficult to trust technology. They offer convenience at premium prices – and then steal enough personally identifiable information to create a virtual copy of you.

The government is tapping into all of these resources all of the time.

And, as OneZero recently revealed, the military is spending more than $4.5 million to build long-range facial recognition that even works in the dark… making it easier than ever before for them to follow you everywhere.

4. Built-in Vulnerabilities

The NSA is known for coercing manufacturers into adding “backdoors” (security vulnerabilities) allowing the agency to easily hack into your devices.

As far back as 2013, it was already becoming public knowledge that when unable to force manufacturers to do so – such as with overseas companies – the NSA would intercept shipping packages to add backdoors themselves.

While the articles linked to above are fairly old news by now, they pale in comparison to what’s happening today.

Your Tax Dollars Fund the Death of Your Online Privacy

Apple vs NSA

Back in 2015 and 2016, there was a huge blowout between the FBI and Apple over the tech company’s refusal to create a backdoor allowing law enforcement to crack the San Bernardino shooter’s iPhone.

Tim Cook, Apple’s CEO, said:

“The implication of the government’s demands are chilling… In the wrong hands, this [backdoor] – which does not exist today – would have the potential to unlock any iPhone in someone’s physical possession.”

In March 2016, US Attorney Eileen Decker announced “Our decision to conclude the litigation based solely on the fact that, with the recent assistance of a third-party, we are now able to unlock that iPhone.”

Skipping forward to 2019, the government – led by Attorney General William Barr – tried to force messaging app companies like WhatsApp to dismantle their end-to-end encryption. The effort failed, of course, but it hasn’t stopped Barr from going after Apple yet again in 2020.

Here’s where it gets really scary.

Remember Decker said the government was able to use third-party software to hack into the San Bernardino shooter’s iPhone? Barr is blatantly lying by saying they don’t have that kind of option today.

OneZero discovered law enforcement agencies all across America – even local police departments – have been using that same software for years.

Some are contracting it (at upwards of $200,000 a year) from the same company suspected of aiding the government in 2016, Cellebrite. Others are spending just as much buying it from similar third-parties.

This means the government is already capable of hacking into everyone’s phones. And they’re using our tax dollars to pay for it.

5. The NSA’s International Wiretapping and Hacking

NSA Wiretapping

People in the US aren’t the only ones subject to NSA-led government surveillance. Whatever information they can’t get through their 5 Eyes, 9 Eyes, and 14 Eyes alliances, they simply steal by wiretapping international internet lines.

As the original reporting by The Guardian explains, it was actually the Government Communications Headquarters (GCHQ), the UK’s version of the NSA, who spearheaded these operations.

But the NSA was almost immediately invited to join in processing the intercepted data.

What’s terrifying is each of the fiber-optic cables (of which there are many) handles more than 21 petabytes on a daily basis. To put that in perspective, 1 petabyte is equal to 1,048,576 gigabytes.

These cables aren’t the only things the government is hacking to spy on you, though.

Evidence shows the NSA has been hacking into the internal networks of other countries’ major telecommunications networks since at least 2002. And the agency developed elite hacking tools allowing them to exploit software around the world.

You want to know what’s even scarier than the fact the government has these tools?

They get leaked by hacking groups like the Shadow Brokers.

EternalBlue was one such example. Not long after it was leaked, it was used by North Korean government hackers in the WannaCry ransomware attacks.

Wannacry

This just goes to prove, without a shadow of a doubt, that cryptographers (and Apple) are right: giving the government a backdoor into security features is the same as putting it into the hands of cybercriminals around the world.

What You Can Do To Protect Yourself

There are a few things you can do to boost your online privacy:

If enough people are interested, we’ll consider doing an ultimate guide discussing all of these aspects (and more) of government surveillance.

Let us know in the comments if you prefer a long-form article or an ebook to save and read offline!

Mandee Rose

Mandee Rose

Mandee Rose is the editor and lead writer & researcher at TheVPNShop. A technical writer and blogger with 6+ years of experience in the cybersecurity sector. During her college years, she chased the dual-major of Cyber Security and Journalism while simultaneously offering freelance services online. As a result, Mandee was able to combine both of her passions by writing for companies like LatestHackingNews, BestVPN, Tactical Engine, Hoxhunt, AI Jobs (Medium Blog), and more. Today, she continues sharing her technical knowledge via investigative writing on topics like VPNs, programming, data breaches, artificial intelligence, and other infosec concepts.

Leave a Reply