Computer and network surveillance encompasses the discreet observation of computer activities, local data storage, and information transmitted via networks like the Internet.
Various entities, including governments, corporations, criminal organizations, and individuals, may engage in this monitoring. Its legality and necessity for authorization from courts or independent government agencies can vary. In today’s world, nearly all Internet traffic is susceptible to monitoring [1].
Purpose and Implications of Surveillance
By conducting surveillance, governments and other organizations can exert social control, identify and track potential threats or irregular activities, and deter or investigate criminal actions.
The Total Information Awareness program’s inception, high-speed surveillance computers, biometrics software, and legislation such as the Communications Assistance For Law Enforcement Act have granted governments unparalleled capabilities to scrutinize citizens’ conduct.
Civil rights and privacy advocates, like Reporters Without Borders, the Electronic Frontier Foundation, and the American Civil Liberties Union, expressed concerns that escalating citizen surveillance may culminate in a mass surveillance society, constricting political and personal freedoms.
These apprehensions have given rise to numerous legal cases, such as Hepting v. AT&T. In addition, in protest of perceived “draconian surveillance,” the hacktivist group Anonymous has targeted government websites [2].
Network Surveillance
During my years working in cybersecurity, I’ve observed that a significant portion of computer surveillance is centered on monitoring personal data and online traffic.
The lion’s share of computer surveillance revolves around monitoring personal data and online traffic [3].
In the U.S., where I’ve consulted for various tech firms, the Communications Assistance For Law Enforcement Act [4] mandates real-time access to phone calls and broadband internet traffic, like emails and instant messaging, for federal agencies. This has always been a point of contention in our internal discussions.
Packet Sniffing and Data Traffic Analysis
From my hands-on experience in network management, “packet sniffing” or packet capture is a fundamental tool we use. When data is transmitted between computers, it’s broken down into small chunks, known as packets. I’ve spent countless hours working with packet capture appliances, intercepting and analyzing these packets to ensure network integrity and security.
Advanced computer technology is crucial for traffic analysis and sifting through intercepted data to identify valuable information. Under the Communications Assistance For Law Enforcement Act [4], all U.S. telecom providers must install packet capture technology, enabling federal law enforcement and intelligence agencies to intercept all broadband Internet and VoIP traffic.
The sheer volume of data collected by packet sniffers renders manual searches by human investigators impossible. Consequently, automated Internet surveillance computers sift through intercepted Internet traffic, filtering and reporting “interesting” information—such as specific words, phrases, website visits, or email and chat communications with particular individuals or groups.
Annually, agencies like the Information Awareness Office, NSA, and FBI spend billions of dollars on the development, purchase, implementation, and operation of systems for intercepting and analyzing this data, extracting valuable information from law enforcement and intelligence agencies.
Pros and Cons of Network Monitoring
Iranian Security has adopted similar systems, allegedly installed by German Siemens AG and Finnish Nokia, to distinguish peaceful citizens from terrorists. The Internet’s rapid growth has made it a primary communication medium, subjecting more people to potential surveillance. Network monitoring presents both advantages and disadvantages.
For example, “Web 2.0” platforms, as described by Tim O’Reilly, encourage user-generated content and motivate people to communicate online. However, Internet surveillance also harbors drawbacks.
One Uppsala University researcher argues that “Web 2.0 surveillance” entails mass self-surveillance, with surveillance companies monitoring people preoccupied with work or entertainment. Employers also monitor their employees to safeguard assets, control public communications, and ensure productivity.
Knowing teams that tested the security of virtual assistants, I can attest to the capabilities of devices like Amazon’s Alexa or Apple’s Siri. While they can’t currently dial emergency services, they’re deeply integrated into our daily routines. I’ve seen firsthand how they’re always on standby, capturing snippets of conversations to enhance their algorithms.
If law enforcement could access virtual assistants, they would also access all device-stored information and the user’s exact location. While these devices are widespread, privacy concerns persist as they listen to every conversation, regardless of whether the owner engages the virtual assistant [5].
Corporate Surveillance
Computer surveillance in the workplace, or corporate video surveillance, is widespread. The data gathered is frequently used for marketing purposes or sold to other corporations but is also routinely shared with government agencies.
Use of Gathered Data for Business Intelligence
This information can serve as a form of business intelligence, enabling corporations to better tailor their products and services to their customer’s desires.
The data can be sold to other corporations for the same purpose or used for direct marketing purposes, such as targeted advertising, where ads are tailored to search engine users based on their search history and emails (if they use free webmail services), which are stored in a database.
Business Objectives of Corporate Monitoring
Corporate monitoring can serve various business objectives, including:
- Preventing resource misuse: Companies can discourage unproductive personal activities like online shopping or web surfing during work hours. Monitoring employee performance can reduce unnecessary network traffic and decrease bandwidth consumption.
- Ensuring policy adherence: Online surveillance can verify employees’ compliance with company networking policies.
- Avoiding lawsuits: Companies can be held liable for workplace discrimination or harassment. Organizations can also face infringement lawsuits because employees distribute copyrighted material over corporate networks.
- Protecting records: Federal legislation requires organizations to safeguard personal information. Monitoring can assess compliance with company policies and information security programs. It may also deter the unauthorized appropriation of personal data and potential spam or viruses.
- Safeguarding company assets: Protecting intellectual property, trade secrets, and business strategies is essential. The ease of information transmission and storage necessitates employee monitoring as part of a broader policy.
Determining technology resource ownership is the second component of prevention. The ownership of a company’s networks, servers, computers, files, and emails should be explicitly stated, and the company should distinguish between employees’ electronic devices and those owned by the company.
Case Study: Google’s Data Collection and Advertising
For example, Google Search stores identifying information for each web search, including IP addresses and search phrases, in a database for up to 18 months. Google also scans Gmail users’ email content to create targeted advertising based on personal conversations.
As the most prominent internet advertising agency, millions of sites feature Google’s advertising banners and links, earning revenue from visitor clicks. Each page with Google ads adds, reads, and modifies “cookies” on each visitor’s computer [6].
These cookies track users across websites, gathering information about their web surfing habits, the sites they visit, and their activities on these sites. This information, combined with data from their email accounts and search engine histories, is used by Google to create user profiles for better-targeted advertising [6].
The U.S. government often accesses these databases by obtaining a warrant or asking for it. In addition, the Department of Homeland Security has openly stated that it uses data from consumer credit and direct marketing agencies to augment the profiles of individuals it monitors.
See more: How Do I Choose A Business Surveillance System?
Sources:
- https://www.cnet.com/culture/fbi-wants-widespread-monitoring-of-illegal-internet-activity/
- https://www.zdnet.com/article/anonymous-hacks-uk-government-sites-over-draconian-surveillance/
- https://www.scientificamerican.com/article/internet-eavesdropping/
- https://www.fcc.gov/calea
- https://time.com/4766611/alexa-takes-the-stand-listening-devices-raise-privacy-issues/
- https://policies.google.com/technologies/ads
Joseph Ferdinando
Joseph Ferdinando is the visionary founder of Building Security Services, a leading security company renowned for its comprehensive security services. With an illustrious career spanning over 40 years in the security industry, Joseph has been instrumental in elevating the standards of security guard services for a broad spectrum of businesses and organizations. As an influential member of the Building Owners and Managers Association (BOMA) in both New York and New Jersey chapters, Joseph has played a pivotal role in shaping industry standards and practices.