What is communications surveillance?
Communications surveillance is the monitoring, interception, collection, preservation and retention of information that has been communicated, relayed or generated over communications networks to a group of recipients by a third party.
This third party could be a law enforcement agency, intelligence agency, a private company, or a malicious actor. Communications surveillance does not require a human to read the intercepted communication, as any automated action of communications surveillance represents an interference with the right to privacy. Communications surveillance can take place on a mass scale, such asunder the UK's Tempora program, or on a more intrusive scale, like the installation of malware onto a computer.
Communication plays a huge role in all of our lives. It helps us build relationships, share experiences, and develop as individuals and as a society. As such, communications surveillance is a significant interference with this fundamental need to communicate, and to do so on our own terms, and with confidence that our thoughts are not shared beyond our control. People behave differently when they know they are being watched, which can lead to self-censorship or a hesitancy to engage in society.
Without the security of knowing that your communications are private, our ability to create safe boundaries and manage our relationships falls apart.
How is communications surveillance conducted?
Developments in communications have brought us access to a diverse set of networks on which to communicate. As communications technologies developed, from the telegraph to fixed landlines to mobile communications and the internet, we have been given more control over who we communicate with and the method in which to do so.
With each step, however, communications surveillance technologies have become more and more sophisticated, and capable of grabbing even more information than ever before.
In turn, communications surveillance is no longer limited to intercepting a messenger or attaching a 'crocodile clip' to a telephone line. There are now four main methods of communications surveillance: internet monitoring, mobile phone interception, fixed line interception, and intrusion technologies (which are explained in detail below). Surveillance over internet, mobile, and fixed-line networks can take place with or without the cooperation of the network operator:
Authorities request assistance for surveillance from operators: Cooperation with telecommunication providers is sometimes referred to by surveillance proponents as 'lawful access', when laws require communications service operators to deliver information to either law enforcement or intelligence agencies when requested. This is often the surveillance described in transparency reports released by companies, such as Vodafone, but not all forms of lawful access are necessarily reported to the public.
Authorities have direct access to networks and services and can pull information themselves: Surveillance can be initiated directly by the government agency without the knowledge of the communications service provider. This would involve the government using communications surveillance technologies that interfere directly with the communication path. Examples of these types of technologies that conduct this form of surveillance are IMSI catchers, which pretend to be mobile phone base stations to collect information on nearby devices, and mass monitoring systems, such as the Zebra system sold by South African company VASTech.
What are the differences between the surveillance performed over different networks?
While there are several types of technologies that can be sold to perform communications surveillance, we have broken them into four categories: Internet Monitoring, Mobile Phone Monitoring, Fixed Line Interception, and Intrusion technology.
Who are the actors performing communications surveillance?
Anyone with these types of technologies can perform communications surveillance. It is often the case that these actors include law enforcement agencies, intelligence agencies, private company,or a malicious actor.
While some countries such as the United States and United Kingdom develop these types of technology in-house, there is also a large commercial surveillance market, where companies sell these technologies to countries and support ongoing surveillance systems.
Is communications surveillance legal?
All surveillance must meet the minimum standards of being both necessary in a democratic society to achieve a legitimate aim and proportionate to that aim. Individuals must be protected against arbitrary interference with their right to communicate privately. When a government wishes to conduct communications surveillance, it must only be done in accordance with clear and transparent law.
The lawful interception of communications must be performed with proper legal authorisation, but what this authorisation looks like varies across jurisdictions. Since communications surveillance directly interferes with the right to privacy, any laws that allow for it must be in accordance with human rights principles. The mere existence of surveillance laws do not make the act of communications surveillance lawful.
Acts that regulate communications surveillance exist because of the fundamental right to privacy that we all share. The right to privacy and specifically for correspondence is in international and regional human rights documents, including the Universal Declaration on Human Rights (Article 12),the International Convention on Civil and Political Rights (Article 17), the Arab Charter of Human Rights (Article 21), the European Convention on Human Rights (Article 8), and the American Convention on Human Rights (Article 11). Addtionally, there are 136 constitutions around the worldthat protect the privacy of communications.
Despite this clear international and constitutional agreement, in many countries laws governing surveillance and the processes around its conduct remain unclear. Often, laws are vague and broadly interpreted; courts authorise and review surveillance in secret; and individuals are monitored surreptitiously, and are not notified that they were placed under surveillance.
In many cases, laws governing communications surveillance have become outdated in the face of powerful new technologies. The greatest problem is that communications surveillance technology is not waiting around for legislation to catch up and reach those minimum standards. Another key problem is that legislators and the judiciary too rarely understand communications technology and surveillance capabilities. A final challenge is that government authorities are calling for new laws because they are lacking in capabilities even though they have more power to conduct surveillance today than ever before.
What can be done?
In recent years, there have been remarkable advancements around the world to protect an individual's right to privacy in the face of growing surveillance. Both courts and civil society have been making efforts address some of the dated ideas of communications surveillance.
In 2014, the European Court of Justice struck down the Data Retention Directive, calling mandatory data retention "an interference with the fundamental rights of practically the entire European population...without such an interference being precisely circumscribed by provisions to ensure that is is actually limited to what is strictly necessary". This decision represented a strong authoritative recognition of the safeguards that must be in place to protect our right to privacy.
The Philippines Supreme Court the same year ruled against a section of a cybercrime bill that would allow for the interception of a communication's origin, destination and route of message without the need to apply for authorisation. This decision recognised the revealing nature of metadata and the need for a process of authorisation to be in place for its interception.
To pushback against bad surveillance laws, civil society groups launched the International Principles on the Application of Human Rights to Communications Surveillance in 2014. The initiative aims to address the need for a framework to evaluate communications surveillance policies and practices against human rights.
The principles are an interpretation of existing state obligations in light of new technological understandings. They represent what States are obliged to meet in domestic law, and serves as an advocacy tool for civil society to pressure governments to meet certain standards in respect to communications surveillance.
Nonetheless, as the Edward Snowden disclosures showed, the capability of governments to operate in secret and to conduct surveillance across borders in unaccountable ways has grown significantly within our modern communications infrastructure. And courts remain reluctant to address secret surveillance and have yet to consider challenges to state power exerted across borders.