Chapter 1. Online Privacy and Mass Surveillance
Some people say there is no privacy or a way to avoid snooping when using Internet-capable devices and electronic communications.
Paranoia aside, the current level of mass surveillance is appalling, indeed. Talking about mass surveillance, we no longer think NSA or MI6. The complex web of monitoring is enabled and managed by a wealth of entities – state and private. Sometimes, it’s hard to say where one ends and the other begins.
There’s no point in dividing the state and corporate surveillance if you ask me. Both come hand in hand, cooperate, share intelligence, and reap profits.
Mass surveillance has become mainstream, as communications companies store and turn over an unprecedented wealth of consumers’ data. Data about phone calls, text messages, Internet activities, location histories, fitness tracking apps’ data, Google voice search database, Facebook facial recognition data, to name a few.
Tech giants not only engage in data mining, but they also deploy sophisticated programs to allow law enforcement backdoor access to snoop on users – RFID chips, semiconductors, the said Intel ME controller chip, backdoors in popular chat apps and cloud storage services. The same technology is used to track users’ location and whereabouts.
According to a two-year-old Washington Post investigation, at least 2,000 private security companies and 1.200 state organizations are involved in intelligence gathering.
Tech corporations receive government contracts and funding and hand over their users’ personal information and usage logs in return.
Data aggregators aggressively profile users and sell that data to:
- state agencies
- financial services
- insurance companies
- telecommunications firms
- healthcare providers
- travel companies
- marketing agencies
- prediction and analytics companies
- tech companies
- and the list goes on.
Corporate surveillance in the form of logging user emails and phone records was exposed when Hewlett-Packard contracted an outside security firm to identify an internal leak in 2005. The investigation targeted the journalists that published the leaked materials.
Using pretexting, a technique that sees an investigator impersonate the target to obtain their phone records, Social Security numbers, dates of birth, call logs, subscriber information, and billing records. Based on the collected data, the investigators were able to identify the leak.
Surveillance is not the privilege of NSA. It is a commodity any entity can buy since there is a wealth of data brokers that use deception techniques and data mining to obtain personally identifiable information on anyone and their online behavior patterns. Official data brokers like Equifax do exactly that – trade your data.
While Facebook and WhatsApp share data and Twitter stores your unpublished Tweets, audio beacons put another nail in the coffin of online privacy.
Audio beacons are small pings humans do not distinguish. They come embedded in TV commercials and YouTube ads. In most cases, marketing and big data firms use them to pinpoint which devices belong to a particular user.
While you’re making a sandwich skipping TV commercials, audio beacons trigger certain apps or games in your devices. Smartphones, tablets, computers, when triggered by an audio beacon, ping back to the advertiser’s server to identify a user.
Say, you have three accounts with different names and emails set up on various devices. When they are triggered by an audio beacon, they reveal that all of them belong at least to the same household with a specific IP, and specific account details (Apple ID, Google email, etc.).
Audio beacons are just an example of how data matching and comparing of electronic data records from different sources allows for sophisticated user profiling.
Consider: A few years ago, the New York Times reported about how Target profiles its customers. By keeping and analyzing its customers’ shopping patterns, Target creates loyalty programs, targeted promotions, ads, and the like.
A loyalty program for expecting parents, for instance, is based on shopping patterns that include products expecting mothers usually buy (like unscented lotions). Target’s software then estimates delivery dates, and the retailer sends out tailored coupons to women at different stages of pregnancy.
When a teen’s father received baby clothes coupons for several times, he confronted Target’s management and discovered his underage daughter had been flagged as pregnant by Target’s smart software based on her changed shopping pattern. The girl was pregnant, indeed.
The New Oil
Be it to control and oppress, or monetize, states and corporations want your data, and they thrive on it. Your data is their gold, oil, diamonds, and furs.
You are their product and the foundation of a new, data-driven economy. An entire industry buys, sells, and analyzes your data. The results of the analysis are sold to a wide range of companies – risk assessment, law firms, marketers, retailers, political entities, and more.
The Fourteen Eyes and Data Retention Laws
Tech giants and states form an alliance that legitimately practices – and benefits from – mass surveillance.
Known as The Fourteen Eyes, the group of 14 countries collects, analyzes and shares intelligence data among its members in an amicable, cooperative manner.
The member states spy on their own citizens, and each others’ citizens to avoid breaking domestic privacy laws. That way, they exchange intel on each others’ citizens and come out clean. That is an elegant legal hack of any privacy regulation.
Also, the member states are notorious for stringent data retention laws that oblige tech providers to log users and store that data and hand over that data to law enforcement. Often, a request for data does not require a warrant (Australia) or is served with a gag order (USA).
You want to know all about data retention laws in your country and the country where your email or cloud storage or VPN provider is headquartered. Because this is the jurisdiction that governs your data held by these private companies, most of which advertise complete privacy and anonymity.
A study suggests nearly no one. A group of researchers studied the behavior of 543 students signing up to a fake social network (they thought it was the real thing). None read the ToS, which required the user should give up their first born and explicitly stated they log user activities and send that data straight to NSA.
On a serious note, if you want to regain your privacy – and if you got this far, you want it – always read the fine print. Do your research, ask tech community about the provider or service.
Stop signing away your privacy blindly if you care so much about it.
A sad byproduct of state surveillance-enabled backdoors and intentional “design features” in our tech are hoards of hackers that exploit them.
Ransomware, identity theft, honeypots and evil twins at public Wi-Fi hotspots, cyberbullying, phishing, and a few dozen more cyber crimes are enabled by the “design features” big companies implement intentionally.
This is not to say you should quit using the Internet or any tech whatsoever. But if you want privacy, you need to change your mindset.
We’ll be publishing a series of Online Privacy 101 articles, covering security and privacy guidelines and tips on:
- Secure Email
- Secure Cloud Storage
- Secure Messaging
- Mobile Security
- Privacy-Focused Devices
- Social Networks
So, stay tuned and check out our Fortknoxster encrypted communications platform in the meantime.
Please also join our Telegram group and visit our Facebook page and Twitter page for more inspiration.