Understand important categories surveillance technologies: network and tactical. We include case studies of how technologies have been used against opponents and activists around the world. We also cover the revealing nature of metadata and modern communications surveillance.
Data and Surveillance -- Useful Definitions
Communications surveillance: Communications surveillance is the monitoring, interception, collection, preservation and retention of information that has been communicated, relayed or generated over communications networks to a group of recipients by a third party. This includes phone calls, emails, text messages, pictures, and messaging apps.
Data protection: Data protection is the law designed to protect your personal information, which is collected, processed and stored by “automated” means or intended to be part of a filing system. In modern societies, to empower us to control our information and to protect us from abuses, it is essential that data protection laws restrain and shape the activities of companies and governments
Data retention: Data retention is the storage of data for a period because of a policy or law. It is relevant to communications surveillance when there is a requirement for a telecommunications company to store communications or metadata for a period of time, meaning that it is possible for security agencies to listen and view communications in the past.
Network surveillance: In communications surveillance, network surveillance is technologies that require physical installation onto a network to perform communications surveillance.
Tactical surveillance: In communications surveillance, tactical surveillance is technologies that do not require physical installation onto a network. These are technologies can thus often be easily transported to different locations for deployment. An example of this is an IMSI catcher.
Device: In this sector, a "device" is something that we can use to communicate: a landline telephone, a mobile phone, a tablet, a computer etc.
Biometrics: Biometrics is the capturing and storage of the physiological and behavioural characteristics of individuals. These include fingerprints, facial recognition, and iris scans; behavioural biometrics includes walking styles and typing rates. Biometrics are usually immutable, and last for an individual's entire life. Biometrics is used in some countries for passports, ID cards, and other forms of identification.
Encryption: Encryption is encoding a message so it can only be read by the intended recipient. A message would appear nonsensical to anyone without the proper "key", through which they can read the content of the message. So, if a message is intercepted by The Adversary, they would not be able to read the content of the message without a key. A common form of encryption is PGP.
Malware: Malware is software that is installed on a device to monitor communications, record information, or disrupt the device. It is installed without the user’s knowledge, which may or may not need physical access to a device. Examples of malware are keyloggers on computers (that record every key press made, gathering the contents of communications as well as passwords), and software maliciously installed on phones to record conversations.
Metadata: Metadata is all information about a communication, apart from the content of the communication itself. For example, for a mobile phone call, this includes information on what number you called, where you were when you called them, what time you called, and how long that call lasted. Other examples of metadata are the websites visited and the time and location of a Tweet. Many states have looser regulation over metadata than the content of communications, despite the fact that the metadata contains a lot of information – often, it’s more intrusive than the content of a communication.
IMEI: International Mobile Equipment Identity: this is a unique identifier that, along with the IMSI, identifies your physical handset to the network. It can be found by dialing *#06# on your handset. Even if you change the SIM card in your phone, the IMEI remains the same.
IMSI: International Mobile Subscriber Identity: this is a unique identifier stored on a SIM card, to identify your SIM card when you connect to the network.
IMSI Catcher: An IMSI Catcher is a form a tactical surveillance, and has other names like a Stingray. There are various types of IMSI catcher, with different capabilities, but they all work through being a fake cell tower - completely invisible to the user. They are most commonly used to gather the IMSI numbers of everyone in a particular vicinity - for example, at a protest. As the IMSI number is unique to a SIM card, this can be used to tell the identity of the SIM cards in the area. Thus it is a tool that can be used to tell who is in a particular area at a particular time. As a piece of tactical surveillance, this means that an IMSI catcher can be used without connecting it to the phone network, so does not require the cooperation of the telecommunicating companies; this means that it is possible to be used with less oversight.
Internet of Things: The Internet of Things is a term for the connection of objects, vehicles, and sensors to the Internet. This includes devices to track the location of your car over the Internet, control the heating in your home, and a remote sensor to see how a solar panel is being used. There can be privacy concerns, as the Internet of Things means that more and more data is generated about our everyday life, not just when we are using a communications device.
SIM card registration: SIM card registration is when the details of the person owning a SIM card is taken, particularly when the details are held by the state even if a telecommunications company collects the information. This particularly applies to pre-paid, Pay As You Go (PAYG) sim cards, as the telecommunications company already has information for post-paid SIM cards on a contract. SIM card registration might be using an official ID, passport, or proof of address; in some countries, biometrics are also collected. SIM card registration allows the state to know the identity of the owner of a SIM card, and thus who is most likely making a call or sending a message. It can also be used in conjunction with an IMSI catcher to know the possible identities of everyone in a particular area.
Smart cities: 'Smart cities" is a term used to described the growing role of data in the running of a city. A smart city collects data on its inhabitants to varying degrees, including traffic data, people's movements, and even their power usage and how much rubbish they produce.