Computer and network surveillance encompasses the discreet observation of computer activities, local data storage, and information transmitted via networks like the Internet.

Various entities, including governments, corporations, criminal organizations, and individuals, may engage in this monitoring. Its legality and necessity for authorization from courts or independent government agencies can vary. In today’s world, nearly all Internet traffic is susceptible to monitoring [1].

By conducting surveillance, governments and other organizations can exert social control, identify and track potential threats or irregular activities, and deter or investigate criminal actions.

The Total Information Awareness program’s inception, high-speed surveillance computers, biometrics software, and legislation such as the Communications Assistance For Law Enforcement Act have granted governments unparalleled capabilities to scrutinize citizens’ conduct.

Civil rights and privacy advocates, like Reporters Without Borders, the Electronic Frontier Foundation, and the American Civil Liberties Union, expressed concerns that escalating citizen surveillance may culminate in a mass surveillance society, constricting political and personal freedoms.

These apprehensions have given rise to numerous legal cases, such as Hepting v. AT&T. In addition, in protest of perceived “draconian surveillance,” the hacktivist group Anonymous has targeted government websites [2].

Network Surveillance

The lion’s share of computer surveillance revolves around monitoring personal data and online traffic [3]. In the United States, for instance, the Communications Assistance For Law Enforcement Act [4] necessitates free, real-time accessibility of phone calls and broadband internet traffic (such as emails, web traffic, and instant messaging) to federal law enforcement agencies.

“Packet sniffing” or packet capture involves observing data traffic on networks. Data transmitted between computers on the Internet or other networks are divided into small chunks called packets, which are reassembled into a complete message upon reaching their destination. Packet capture appliances intercept these packets for examination and analysis.

Advanced computer technology is crucial for traffic analysis and sifting through intercepted data to identify valuable information. Under the Communications Assistance For Law Enforcement Act [4], all U.S. telecom providers must install packet capture technology, enabling federal law enforcement and intelligence agencies to intercept all broadband Internet and VoIP traffic.

The sheer volume of data collected by packet sniffers renders manual searches by human investigators impossible. Consequently, automated Internet surveillance computers sift through intercepted Internet traffic, filtering and reporting “interesting” information—such as specific words, phrases, website visits, or email and chat communications with particular individuals or groups.

Annually, agencies like the Information Awareness Office, NSA, and FBI spend billions of dollars on the development, purchase, implementation, and operation of systems for intercepting and analyzing this data, extracting valuable information from law enforcement and intelligence agencies.

Iranian Security has adopted similar systems, allegedly installed by German Siemens AG and Finnish Nokia, to distinguish peaceful citizens from terrorists. The Internet’s rapid growth has made it a primary communication medium, subjecting more people to potential surveillance. Network monitoring presents both advantages and disadvantages.

For example, “Web 2.0” platforms, as described by Tim O’Reilly, encourage user-generated content and motivate people to communicate online. However, Internet surveillance also harbors drawbacks.

One Uppsala University researcher argues that “Web 2.0 surveillance” entails mass self-surveillance, with surveillance companies monitoring people preoccupied with work or entertainment. Employers also monitor their employees to safeguard assets, control public communications, and ensure productivity.

Virtual assistants like Amazon’s Alexa or Apple’s Siri, which currently cannot call 911 or local services, have been integrated into our lives. They constantly listen for commands and record conversation snippets to refine algorithms.

If law enforcement could access virtual assistants, they would also access all device-stored information and the user’s exact location. While these devices are widespread, privacy concerns persist as they listen to every conversation, regardless of whether the owner engages the virtual assistant [5].

Corporate Surveillance

Computer surveillance in the workplace, or corporate video surveillance, is widespread. The data gathered is frequently used for marketing purposes or sold to other corporations but is also routinely shared with government agencies.

This information can serve as a form of business intelligence, enabling corporations to better tailor their products and services to their customer’s desires.

The data can be sold to other corporations for the same purpose or used for direct marketing purposes, such as targeted advertising, where ads are tailored to search engine users based on their search history and emails (if they use free webmail services), which are stored in a database.

Corporate monitoring can serve various business objectives, including:

  • Preventing resource misuse: Companies can discourage unproductive personal activities like online shopping or web surfing during work hours. Monitoring employee performance can reduce unnecessary network traffic and decrease bandwidth consumption.
  • Ensuring policy adherence: Online surveillance can verify employees’ compliance with company networking policies.
  • Avoiding lawsuits: Companies can be held liable for workplace discrimination or harassment. Organizations can also face infringement lawsuits because employees distribute copyrighted material over corporate networks.
  • Protecting records: Federal legislation requires organizations to safeguard personal information. Monitoring can assess compliance with company policies and information security programs. It may also deter the unauthorized appropriation of personal data and potential spam or viruses.
  • Safeguarding company assets: Protecting intellectual property, trade secrets, and business strategies is essential. The ease of information transmission and storage necessitates employee monitoring as part of a broader policy.

Determining technology resource ownership is the second component of prevention. The ownership of a company’s networks, servers, computers, files, and emails should be explicitly stated, and the company should distinguish between employees’ electronic devices and those owned by the company.

For example, Google Search stores identifying information for each web search, including IP addresses and search phrases, in a database for up to 18 months. Google also scans Gmail users’ email content to create targeted advertising based on personal conversations.

As the most prominent internet advertising agency, millions of sites feature Google’s advertising banners and links, earning revenue from visitor clicks. Each page with Google ads adds, reads, and modifies “cookies” on each visitor’s computer [6].

These cookies track users across websites, gathering information about their web surfing habits, the sites they visit, and their activities on these sites. This information, combined with data from their email accounts and search engine histories, is used by Google to create user profiles for better-targeted advertising [6].

The U.S. government often accesses these databases by obtaining a warrant or asking for it. In addition, the Department of Homeland Security has openly stated that it uses data from consumer credit and direct marketing agencies to augment the profiles of individuals it monitors.

See more: How Do I Choose A Business Surveillance System?



Joseph Ferdinando is the founder of Building Security Services, a company that provides security solutions to businesses and organizations. He has more than 40 years of experience in the security industry, and he is a recognized expert in the field. Joseph is also a member of Building Owners and Managers Association (BOMA), where he's held position of Director on the Board of Directors in both the New York and new Jersey chapters.