Computer surveillance
Encyclopedia
Computer surveillance is the act of performing surveillance
of computer activity, and of data stored on a hard drive or being transferred over the Internet
.
Computer surveillance programs are widespread today, and almost all Internet traffic is closely monitored for clues of illegal activity.
Supporters say that watching all Internet traffic is important, because by knowing everything that everyone is reading and writing, they can identify terrorists and criminals, and protect society from them.
Critics cite concerns over privacy and the possibility of a totalitarian state where political dissent is impossible and opponents of state policy are removed in COINTELPRO
-like purges. Such a state may be referred to as an Electronic Police State
, in which the government aggressively uses electronic technologies to record, organize, search and distribute forensic evidence against its citizens.
and traffic
on the Internet
. In the United States for example, under the Communications Assistance For Law Enforcement Act
, all phone calls and broadband internet traffic (emails, web traffic, instant messaging, etc.) are required to be available for unimpeded real-time monitoring by Federal law enforcement agencies.
Packet sniffing
is the monitoring of data traffic on a computer network
. Computers communicate over the Internet
by breaking up messages (emails, images, videos, web pages, files, etc.) into small chunks called "packets", which are routed through a network of computers, until they reach their destination, where they are assembled back into a complete "message" again. Packet sniffers are programs that intercept these packets as they are travelling through the network, in order to examine their contents using other programs. A packet sniffer is an information gathering tool, but not an analysis tool. That is it gathers "messages" but it does not analyze them and figure out what they mean. Other programs are needed to perform traffic analysis
and sift through intercepted data looking for important/useful information. Under the Communications Assistance For Law Enforcement Act
all U.S. telecommunications providers are required to install packet sniffing technology to allow Federal law enforcement and intelligence agencies to intercept all of their customers' broadband Internet traffic.
There is far too much data gathered by these packet sniffers for human investigators to manually search through all of it. So automated Internet surveillance computers sift through the vast amount of intercepted Internet traffic, and filter out and report to human investigators those bits of information which are "interesting" -- such as the use of certain words or phrases, visiting certain types of web sites, or communicating via email or chat with a certain individual or group. Billions of dollars per year are spent, by agencies such as the Information Awareness Office
, NSA, and the FBI, to develop, purchase, implement, and operate systems which intercept and analyze all of this data, and extract only the information which is useful to law enforcement and intelligence agencies.
Similar systems are now operated by Iranian secret police to identify and suppress dissidents. All required hardware and software has been allegedly installed by German Siemens AG
and Finnish Nokia
, which enables the corporation to better tailor their products and/or services to be desirable by their customers. Or the data can be sold to other corporations, so that they can use it for the aforementioned purpose. Or it can be used for direct marketing purposes, such as targeted advertisements, where ads are targeted to the user of the search engine by analyzing their search history and emails (if they use free webmail services), which is kept in a database.
For instance, Google
, the world's most popular search engine, stores identifying information for each web search. An IP address
and the search phrase used are stored in a database for up to 18 months. Google also scans the content of emails of users of its Gmail webmail service, in order to create targeted advertising based on what people are talking about in their personal email correspondences. Google is, by far, the largest Internet advertising agency—millions of sites place Google's advertising banners and links on their websites, in order to earn money from visitors who click on the ads. Each page containing Google advertisements adds, reads, and modifies "cookies"
on each visitor's computer. These cookies track the user across all of these sites, and gather information about their web surfing habits, keeping track of which sites they visit, and what they do when they are on these sites. This information, along with the information from their email accounts, and search engine histories, is stored by Google to use to build a profile of the user to deliver better-targeted advertising.
The United States government often gains access to these databases, either by producing a warrant for it, or by simply asking. The Department of Homeland Security has openly stated that it uses data collected from consumer credit and direct marketing agencies for augmenting the profiles of individuals that it is monitoring.
, Computer virus
, Trojan (computer security), Keylogger, Backdoor (computing)
In addition to monitoring information sent over a computer network, there is also a way to examine data stored on a computer's hard drive, and to monitor the activities of a person using the computer. A surveillance program installed on a computer can search the contents of the hard drive for suspicious data, can monitor computer use, collect password
s, and/or report back activities in real-time to its operator through the Internet connection.
There are multiple ways of installing such software. The most common is remote installation, using a backdoor created by a computer virus
or trojan. This tactic has the advantage of potentially subjecting multiple computers to surveillance. Viruses often spread to thousands or millions of computers, and leave "backdoors" which are accessible over a network connection, and enable an intruder to remotely install software and execute commands. These viruses and trojans are sometimes developed by government agencies, such as CIPAV and Magic Lantern
. More often, however, viruses created by other people or spyware
installed by marketing agencies can be used to gain access through the security breaches that they create.
Another method is "cracking" into the computer to gain access over a network. An attacker can then install surveillance software remotely. Server
s and computers with permanent broadband
connections are most vulnerable to this type of attack.
One can also physically place surveillance software on a computer by gaining entry to the place where the computer is stored and install it from a compact disc
, floppy disk
, or thumbdrive. This method shares a disadvantage with hardware devices in that it requires physical access
to the computer.
s based on data from social networking sites as well as from traffic analysis
information from phone call records such as those in the NSA call database
, and internet traffic data gathered under CALEA
. These social network
"maps" are then data mined
to extract useful information such as personal interests, friendships & affiliations, wants, beliefs, thoughts, and activities.
Many U.S. government agencies such as the Defense Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), and the Department of Homeland Security (DHS) are currently investing heavily in research involving social network analysis. The intelligence community believes that the biggest threat to the U.S. comes from decentralized, leaderless, geographically dispersed groups. These types of threats are most easily countered by finding important nodes in the network, and removing them. To do this requires a detailed map of the network.
Jason Ethier of Northeastern University, in his study of modern social network analysis, said the following of the Scalable Social Network Analysis Program developed by the Information Awareness Office
:
emitted by the CRT
monitor
. This form of computer surveillance, known as TEMPEST
, involves reading electromagnetic emanations from computing devices in order to extract data from them at distances of hundreds of meters.
IBM researchers have also found that, for most computer keyboards, each key emits a slightly different noise when pressed. The differences are individually identifiable under some conditions, and so it's possible to log key strokes without actually requiring logging software to run on the associated computer.
And it has also been shown, by Adi Shamir
et al., that even the high frequency noise
emitted by a CPU
includes information about the instructions being executed.
The CBDTPA for "Consumer Broadband and Digital Television Promotion Act" was a bill proposed in the United States Congress. The CBDTPA was known as the "SSSCA" while in draft form, and was killed in committee in 2002. Had the CBDTPA become law, it would have prohibited technology that read digital content (such as music, video, and e-books) without Digital Rights Management (DRM) that prevented access to this material without the permission of the copyright holder.
Surveillance
Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people. It is sometimes done in a surreptitious manner...
of computer activity, and of data stored on a hard drive or being transferred over the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
.
Computer surveillance programs are widespread today, and almost all Internet traffic is closely monitored for clues of illegal activity.
Supporters say that watching all Internet traffic is important, because by knowing everything that everyone is reading and writing, they can identify terrorists and criminals, and protect society from them.
Critics cite concerns over privacy and the possibility of a totalitarian state where political dissent is impossible and opponents of state policy are removed in COINTELPRO
COINTELPRO
COINTELPRO was a series of covert, and often illegal, projects conducted by the United States Federal Bureau of Investigation aimed at surveilling, infiltrating, discrediting, and disrupting domestic political organizations.COINTELPRO tactics included discrediting targets through psychological...
-like purges. Such a state may be referred to as an Electronic Police State
Electronic police state
The term electronic police state describes a state in which the government aggressively uses electronic technologies to record, organize, search and distribute forensic evidence against its citizens.- Definition :...
, in which the government aggressively uses electronic technologies to record, organize, search and distribute forensic evidence against its citizens.
Network surveillance
The vast majority of computer surveillance involves the monitoring of dataData mining
Data mining , a relatively young and interdisciplinary field of computer science is the process of discovering new patterns from large data sets involving methods at the intersection of artificial intelligence, machine learning, statistics and database systems...
and traffic
Traffic analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...
on the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
. In the United States for example, under the Communications Assistance For Law Enforcement Act
Communications Assistance for Law Enforcement Act
The Communications Assistance for Law Enforcement Act is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton...
, all phone calls and broadband internet traffic (emails, web traffic, instant messaging, etc.) are required to be available for unimpeded real-time monitoring by Federal law enforcement agencies.
Packet sniffing
Packet sniffer
A packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...
is the monitoring of data traffic on a computer network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. Computers communicate over the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
by breaking up messages (emails, images, videos, web pages, files, etc.) into small chunks called "packets", which are routed through a network of computers, until they reach their destination, where they are assembled back into a complete "message" again. Packet sniffers are programs that intercept these packets as they are travelling through the network, in order to examine their contents using other programs. A packet sniffer is an information gathering tool, but not an analysis tool. That is it gathers "messages" but it does not analyze them and figure out what they mean. Other programs are needed to perform traffic analysis
Traffic analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...
and sift through intercepted data looking for important/useful information. Under the Communications Assistance For Law Enforcement Act
Communications Assistance for Law Enforcement Act
The Communications Assistance for Law Enforcement Act is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton...
all U.S. telecommunications providers are required to install packet sniffing technology to allow Federal law enforcement and intelligence agencies to intercept all of their customers' broadband Internet traffic.
There is far too much data gathered by these packet sniffers for human investigators to manually search through all of it. So automated Internet surveillance computers sift through the vast amount of intercepted Internet traffic, and filter out and report to human investigators those bits of information which are "interesting" -- such as the use of certain words or phrases, visiting certain types of web sites, or communicating via email or chat with a certain individual or group. Billions of dollars per year are spent, by agencies such as the Information Awareness Office
Information Awareness Office
The Information Awareness Office was established by the Defense Advanced Research Projects Agency in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to national security,...
, NSA, and the FBI, to develop, purchase, implement, and operate systems which intercept and analyze all of this data, and extract only the information which is useful to law enforcement and intelligence agencies.
Similar systems are now operated by Iranian secret police to identify and suppress dissidents. All required hardware and software has been allegedly installed by German Siemens AG
Siemens AG
Siemens AG is a German multinational conglomerate company headquartered in Munich, Germany. It is the largest Europe-based electronics and electrical engineering company....
and Finnish Nokia
Nokia
Nokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
Corporate surveillance
Corporate surveillance of computer activity is very common. The data collected is most often used for marketing purposes or sold to other corporations, but is also regularly shared with government agencies. It can be used as a form of business intelligenceBusiness intelligence
Business intelligence mainly refers to computer-based techniques used in identifying, extracting, and analyzing business data, such as sales revenue by products and/or departments, or by associated costs and incomes....
, which enables the corporation to better tailor their products and/or services to be desirable by their customers. Or the data can be sold to other corporations, so that they can use it for the aforementioned purpose. Or it can be used for direct marketing purposes, such as targeted advertisements, where ads are targeted to the user of the search engine by analyzing their search history and emails (if they use free webmail services), which is kept in a database.
For instance, Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
, the world's most popular search engine, stores identifying information for each web search. An IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
and the search phrase used are stored in a database for up to 18 months. Google also scans the content of emails of users of its Gmail webmail service, in order to create targeted advertising based on what people are talking about in their personal email correspondences. Google is, by far, the largest Internet advertising agency—millions of sites place Google's advertising banners and links on their websites, in order to earn money from visitors who click on the ads. Each page containing Google advertisements adds, reads, and modifies "cookies"
HTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
on each visitor's computer. These cookies track the user across all of these sites, and gather information about their web surfing habits, keeping track of which sites they visit, and what they do when they are on these sites. This information, along with the information from their email accounts, and search engine histories, is stored by Google to use to build a profile of the user to deliver better-targeted advertising.
The United States government often gains access to these databases, either by producing a warrant for it, or by simply asking. The Department of Homeland Security has openly stated that it uses data collected from consumer credit and direct marketing agencies for augmenting the profiles of individuals that it is monitoring.
Malicious software
For a more detailed discussion of topics mentioned in this section see: SpywareSpyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, Computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, Trojan (computer security), Keylogger, Backdoor (computing)
In addition to monitoring information sent over a computer network, there is also a way to examine data stored on a computer's hard drive, and to monitor the activities of a person using the computer. A surveillance program installed on a computer can search the contents of the hard drive for suspicious data, can monitor computer use, collect password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s, and/or report back activities in real-time to its operator through the Internet connection.
There are multiple ways of installing such software. The most common is remote installation, using a backdoor created by a computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
or trojan. This tactic has the advantage of potentially subjecting multiple computers to surveillance. Viruses often spread to thousands or millions of computers, and leave "backdoors" which are accessible over a network connection, and enable an intruder to remotely install software and execute commands. These viruses and trojans are sometimes developed by government agencies, such as CIPAV and Magic Lantern
Magic Lantern (software)
Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation. Magic Lantern was first reported in a column by Bob Sullivan of MSNBC on 20 November 2001 and by Ted Bridis of the Associated Press.-How it works:...
. More often, however, viruses created by other people or spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
installed by marketing agencies can be used to gain access through the security breaches that they create.
Another method is "cracking" into the computer to gain access over a network. An attacker can then install surveillance software remotely. Server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
s and computers with permanent broadband
Broadband
The term broadband refers to a telecommunications signal or device of greater bandwidth, in some sense, than another standard or usual signal or device . Different criteria for "broad" have been applied in different contexts and at different times...
connections are most vulnerable to this type of attack.
One can also physically place surveillance software on a computer by gaining entry to the place where the computer is stored and install it from a compact disc
Compact Disc
The Compact Disc is an optical disc used to store digital data. It was originally developed to store and playback sound recordings exclusively, but later expanded to encompass data storage , write-once audio and data storage , rewritable media , Video Compact Discs , Super Video Compact Discs ,...
, floppy disk
Floppy disk
A floppy disk is a disk storage medium composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic carrier lined with fabric that removes dust particles...
, or thumbdrive. This method shares a disadvantage with hardware devices in that it requires physical access
Physical access
Physical access is a term in computer security that refers to the ability of people to physically gain access to a computer system. According to Gregory White, "Given physical access to an office, the knowledgeable attacker will quickly be able to find the information needed to gain access to the...
to the computer.
Social network analysis
One common form of surveillance is to create maps of social networkSocial network
A social network is a social structure made up of individuals called "nodes", which are tied by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, sexual relationships, or relationships of beliefs, knowledge or prestige.Social...
s based on data from social networking sites as well as from traffic analysis
Traffic analysis
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...
information from phone call records such as those in the NSA call database
NSA call database
The United States' National Security Agency maintains a database containing hundreds of billions of records of telephone calls made by U.S...
, and internet traffic data gathered under CALEA
Communications Assistance for Law Enforcement Act
The Communications Assistance for Law Enforcement Act is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton...
. These social network
Social network
A social network is a social structure made up of individuals called "nodes", which are tied by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, sexual relationships, or relationships of beliefs, knowledge or prestige.Social...
"maps" are then data mined
Data mining
Data mining , a relatively young and interdisciplinary field of computer science is the process of discovering new patterns from large data sets involving methods at the intersection of artificial intelligence, machine learning, statistics and database systems...
to extract useful information such as personal interests, friendships & affiliations, wants, beliefs, thoughts, and activities.
Many U.S. government agencies such as the Defense Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), and the Department of Homeland Security (DHS) are currently investing heavily in research involving social network analysis. The intelligence community believes that the biggest threat to the U.S. comes from decentralized, leaderless, geographically dispersed groups. These types of threats are most easily countered by finding important nodes in the network, and removing them. To do this requires a detailed map of the network.
Jason Ethier of Northeastern University, in his study of modern social network analysis, said the following of the Scalable Social Network Analysis Program developed by the Information Awareness Office
Information Awareness Office
The Information Awareness Office was established by the Defense Advanced Research Projects Agency in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to national security,...
:
Emanations
It has been shown that it is possible to surveil computers from a distance, with only commercially available equipment, by detecting the radiationRadiation
In physics, radiation is a process in which energetic particles or energetic waves travel through a medium or space. There are two distinct types of radiation; ionizing and non-ionizing...
emitted by the CRT
Cathode ray tube
The cathode ray tube is a vacuum tube containing an electron gun and a fluorescent screen used to view images. It has a means to accelerate and deflect the electron beam onto the fluorescent screen to create the images. The image may represent electrical waveforms , pictures , radar targets and...
monitor
Computer display
A monitor or display is an electronic visual display for computers. The monitor comprises the display device, circuitry, and an enclosure...
. This form of computer surveillance, known as TEMPEST
TEMPEST
TEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
, involves reading electromagnetic emanations from computing devices in order to extract data from them at distances of hundreds of meters.
IBM researchers have also found that, for most computer keyboards, each key emits a slightly different noise when pressed. The differences are individually identifiable under some conditions, and so it's possible to log key strokes without actually requiring logging software to run on the associated computer.
And it has also been shown, by Adi Shamir
Adi Shamir
Adi Shamir is an Israeli cryptographer. He is a co-inventor of the RSA algorithm , a co-inventor of the Feige–Fiat–Shamir identification scheme , one of the inventors of differential cryptanalysis and has made numerous contributions to the fields of cryptography and computer...
et al., that even the high frequency noise
Noise
In common use, the word noise means any unwanted sound. In both analog and digital electronics, noise is random unwanted perturbation to a wanted signal; it is called noise as a generalisation of the acoustic noise heard when listening to a weak radio transmission with significant electrical noise...
emitted by a CPU
Central processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...
includes information about the instructions being executed.
Policeware
Policeware is software designed to police citizens by monitoring discussion and interaction of its citizens. Within the U.S., Carnivore was a first incarnation of secretly installed e-mail monitoring software installed in Internet service providers' networks to log computer communication, including transmitted e-mails. Magic Lantern is another such application, this time running in a targeted computer in a trojan style and performing keystroke logging. Oasis, software developed by Central Intelligence Agency (CIA), is designed for converting intercepted audio into searchable text. CIPAV, deployed by FBI, is a spyware/trojan allegedly designed for identification of a computer.The CBDTPA for "Consumer Broadband and Digital Television Promotion Act" was a bill proposed in the United States Congress. The CBDTPA was known as the "SSSCA" while in draft form, and was killed in committee in 2002. Had the CBDTPA become law, it would have prohibited technology that read digital content (such as music, video, and e-books) without Digital Rights Management (DRM) that prevented access to this material without the permission of the copyright holder.
See also
- Computer surveillance in the workplaceComputer surveillance in the workplaceComputer surveillance in the workplace refers to the issues related to the element of employee monitoring and workplace surveillance in which an employer engages in actively monitoring the usage of a company owned computer or terminal by an employee....
- SurveillanceSurveillanceSurveillance is the monitoring of the behavior, activities, or other changing information, usually of people. It is sometimes done in a surreptitious manner...
- CarnivoreCarnivore (FBI)Carnivore was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user's Internet traffic...
- Total Information Awareness
- Magic LanternMagic Lantern (software)Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation. Magic Lantern was first reported in a column by Bob Sullivan of MSNBC on 20 November 2001 and by Ted Bridis of the Associated Press.-How it works:...
- CIPAV
- ECHELONECHELONECHELON is a name used in global media and in popular culture to describe a signals intelligence collection and analysis network operated on behalf of the five signatory states to the UK–USA Security Agreement...
- NSA call databaseNSA call databaseThe United States' National Security Agency maintains a database containing hundreds of billions of records of telephone calls made by U.S...
- TEMPESTTEMPESTTEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
- GhostNetGhostNetGhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an Advanced Persistent Threat...
- Cyber spyingCyber spyingCyber spying or Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information , from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using illegal exploitation methods on...
- Differential privacyDifferential privacyDifferential privacy aims to provide means to maximize the accuracy of queries from statistical databases while minimizing the chances of identifying its records.- Situation :...