Essay: Should the government should have mass surveillance schemes?

A network is a vastly beneficial system that allows you to connect with the rest of the world. In this essay, I will be looking in depth at network liabilities, exploitation by the government, and the tools available to the government. I will also be exploring the conspiracies related to government data monitoring, how network exploitation occurs and how the government monitors the network.
State Network Monitoring Schemes
There are many surveillance projects launched by the government to monitor public data. Some of these schemes are even on an international scale, for example, the ECHELON project which operates on behalf of New-Zealand, United Kingdom, United States, Australia and Canada. The idea for this project was established by the five countries in the 1960s and the project commenced in 1971.
ECHELON is a signal intelligence collection and analysis network. It enables the government of these five nations to intercept signals, especially communication signals. It collects data through a vast range of satellites which monitor any forms of communication. To manage web traffic, they can use a “sniffer” device. “Sniffer” devices detect congestion in a network and as such, are used to regulate the flow of traffic. However, they can also be used to capture data packets. [1]
This scheme allowed them to tap into a person’s phones call via the satellite using a method known as Downlink Interception. When you are calling someone, you transmit a signal to a satellite which redirects the signal to the person you are trying to contact. During this transmission, any ground station with an antenna facing the satellite can intercept the signal. If a computer catches the signal, a program called “Oratory” is enlisted to analyse the signal by isolating target words in all the common languages and dialects on this planet. [2]
The government has monitoring schemes in place to prevent terrorism of any form doing damage to their economy. This could possibly offer the public a sense of security as if people knew they were being watched they would think before committing a crime. On the other hand, it may spark a sense of fear in other people due to the lack of privacy as there is a possibility that they are constantly being watched. The real debate lies between privacy or security. We are all suspected like criminals when some of us have never even committed a crime. Where does the boundary lie? If it’s considered a crime when a person is recorded without their consent, why is it not considered a crime when the government records us without our consent? This is an invasion of privacy. Nonetheless, if the government wants to monitor public data why not publicly announce the project? If they want transparency, why are they not offering the public any?
Governments are cooperating internationally for mass surveillance schemes. The clear majority of countries have very few surveillance schemes set up; however, in contrast to most, the USA has an extensive amount of these projects.
Bullrun, a decryption program for online communication data, is one of the schemes the USA has in place. This program includes several different methods of network exploitation. It works by inserting vulnerabilities into viable commercial products.[4] They can do this due to their cooperative relationships with very specific industry partners. Nonetheless, If the industry partners do not comply, network exploitation is used and “advanced mathematical techniques” are applied to decrypt them.
Bullrun has many critical capabilities; it can decrypt TLS (Transport Layer Security) and SSL (Secure Sockets Layer). [4] It is globally associated with GCHQ through the NSA which analyses trends weekly about encryption. To weaken encryption, the “Key Provisioning Service” which automatically decodes the data without the need for immense effort, is enlisted.[5]
Bullrun has the capability to decrypt VPN (Virtual Private Network) protocols. Bullrun is a scheme operated by the NSA. It entails details about the exploitation of Virtual Private Networks common protocols. According to the NSA, they succeeded in penetrating the Russian carrier ‘Transaero’ as well as Moscow-based telecommunications firm ‘Mir Telematiki’. So, how does the exploitation of VPN protocols occur? PPTP (Point-to-Point Tunnelling Protocol) is a protocol in a VPN which is decrypted by Bullrun to collect data on the client side. All of this is acquired through XKeyScore.
Government programs themselves contain vulnerabilities; so how can we trust them when they say that mass surveillance processes are secure? In most programs security is a significant issue as anyone can tap into the program to re-route the data into their network. This is extremely dangerous if their systems are insecure as individuals with ill intent can garner access to extremely important information. Yet the government still expects us to cooperate while they are data mining.
IPSEC (Internet Protocol Security) is another protocol used. ISPEC is seen to be very secure in contrast to PPTP, which is considered very insecure, but viable commercially. If the companies are not involved with TAO (Tailored Access Operations)[15], then the NSA resorts to obtaining the key by compromising the security of the router to collect metadata.[14]
These schemes are very beneficial, helping to reduce crime rates and allow the government to keep with the technology available to the public. They also enable the government to locate the criminals with ease and prevent attacks from occurring. No doubt these protocols are there to ensure our safety, so if the government holds the Keys to decrypt data securely where they are hard to access by unauthorised entities, should we still be worried?
Nevertheless, I may argue that the government tries to convey that these schemes are there to protect us. Nevertheless, is weakened encryption offering us protection when we are making transactions online? Are we able to say that we are protected by our government when they are the reason for weakened encryption, the only safety measure we can rely on online? If they can obtain decryption keys legally, what is stopping non-government entities from doing this illegally? If decrypting data sent online was not enough, when people tried to establish a safer network(VPN), the government found a way to decrypt them to extract content. So, is there a reason to trust the government when they do not seem to have trust in us?
PRISM is another major mass surveillance program under the United States National Security Agency. This monitoring scheme collects metadata from the biggest internet providers in the US such as AT&T, Verizon and Sprint.[5] The Laws of the Patriots Act enables the US government to obtain data from these companies. Without this law, brute force i.e network hacking would be required to gain access to such data. Other companies such as Facebook, Apple, Google and other major enterprises are also required to provide them with content.[5] They are able to collect all of this under FISA Amendments Act Section 702.
As times have changed, our lives have also changed. Many students and adults have access to Facebook, Twitter, Instagram and many other social media networking sites. So, should there be an issue with the government monitoring data that you have willingly put online? Many people often don’t realize that data links with other enterprises and how data is processed, so they are unaware that all their personal information is being censored online by the government.
Why is the government criticized for monitoring when some companies data mine regardless; is it any better than the government doing it? The government is being criticised for ‘spying’ on us when other companies carry out the same process without our knowledge. So why are we only criticising the government? If companies can monitor our information registered on their network and in some cases, sell this information to 3rd parties, why is the government not allowed access to our data?
On the other hand, this is a major breach of privacy. This is no different to being watched by “Big Brother” as mentioned in the book ‘1984’ by George Orwell. While we do upload a part of our life on social media, I may defend that we only let the world see a select part of our life that we are comfortable with. However, the government forces the companies to hand over the data. If it is not rightful to force a person, how can the government force the companies to create backdoors so that they can browse over the content this is a violation of human rights.
What resources are available to the government?
GOPHERSET is a project that monitors SIM cards (Subscriber Identity Module) through a software implant in your SIM card.[6] This implant allows the NSA to extract data from your phone using SIM Toolkit (STK). STK is a series of commands that enables the SIM to decrypt the trigger and sends instructions to retrieve the information via an SMS.
PICASSO is a program that collects location of the user.[6] It allows the NSA to find out your IMSI (international mobile subscribers identity), which is a unique 15-digit number. PICASSO can also extract data from your registered phone networks, or the area code of the places you have visited in addition to PINs entered into the phone. This is an efficient way of tracing a person in the event that their SIM card has changed, as you can always determine their IMSI number.
WARRIOR PRIDE is a spyware installed on iPhone and Androids; it differs on how it behaves with the iPhone and Androids.[7] In the WARRIOR PRIDE project, there were many different sections. DREAMY SMURF is used to monitor the phones power management, so this will affect the user’s ability to turn their phone on and off. NOSEY SMURF, which is used to turn the microphone on and off and hence record or listen in on the conversation. TRACKER SMURF, which is used to provide Geolocation of the person at any given point. WARRIOR PRIDE has additional network exploitation techniques used to collect metadata from apps.
NIGHTSTAND is a project which focuses on wireless exploitation and injection, it allows the government to monitor targets such as Win2k, WinXP and internet explorer, who cannot be allowed wired access.[6] NIGHTSTAND enables the NSA to inject packets in a single computer or multiple computers. When the packet is inserted the attack to the network is completely undetectable by the user. Nevertheless, there are some restrictions as to where and when you can use this program. To collect data successfully you will need to use external amplifiers and to amplify the signal, you have to operate under eight miles of the target.
“Sniffer” devices are used for passive types of attacks; the aim of this attack is to capture data such as password and bank details. IP packets contain a lot of information. There are various methods for data sniffing for example protocol sniff, ARP sniffing and TCP session stealing. The ARP method is the most popular of network sniffing. This allows the hackers to create a map of mac addresses which creates more dangerous attacks and find vulnerabilities in the networks.[8]
XKeyScore is a way to search through metadata and content on the web but it has capabilities to analyse VoIP. This is NSA most versatile programme yet designed to be applied and used in many different scenarios, with the help of this tool they could hack in to the “internal network of the largest of cell phone SIM cards” to obtain the encryption keys so they can monitor mobile communications. This tool allows the NSA to take advantage of the companies monitoring their own users through cookies and IP address whether they are connected over public networks or VPNs.[9]
These are just some of the resources the government has available to use; there are many more projects that have the same if not many more capabilities. Government has always ensured us that these measures are essential for our security and protection. However, before technology became this advanced crime rates were lower. By increasing our knowledge, have we endangered ourselves? I question this as since recently, US cybercrime rate is 23% more than any other country.[10]
Conspiracy Theories
Regarding Network surveillance, there are many different theories which may or may not influence the public’s perception of state monitoring schemes, as well as the resources used by the government.
There are many conspiracy theories about the NSA. Recently ‘The Shadow Brokers’ a hacking group, published on the 15th of August the vast number of cyber weapons used by the NSA for network exploitation. [11] The archives of the files were released on Twitter, GitHub and many other sites. The first archived released held up to “300MB” of data. After the data was made publicly available, the RiskBased Security stated that the it was not possible for them to be genuine tools available to the NSA. However, after further investigation Cisco verified that this attack was indeed real and that this compromised the security of tools and the NSA.
In June 2013 Edward Snowden exposed the USA’s biggest mass surveillance scheme, where he released a set of documents defining the resources the government use to monitor public behaviour. Not only did Edward Snowden expose the schemes in the USA but also ‘Tempora’, which is a surveillance scheme established in the UK by the GCHQ.
The Shadow Brokers were able to exploit the government network and breach their security protocols, without having access to the advance tools available to the government. So, should the public trust the government to hold their data securely? This was not the first time as in 2013, data from NSA was also leaked. If this had happened once, where the NSA can justify and demonstrate that they have put further security measures in place to prevent this from occurring again, then it would raise less questions. However, because this has happened with the NSA twice, it could change the public’s perception because it appears there are no security measures in place to prevent this kind of security breach from occurring. To the public, this could suggest a lack of care and disregard by the government about the data that they hold. It solidifies to some members of the public, the view about this these monitoring schemes not being right. Furthermore, it contradicts the fact that this is a security measure; how can a security measure be so vulnerable?
Another conspiracy linked to the United States was for the movie “The Interview”, where the DNS (Domain Name Server) was targeted. [12] DNS severs are for translation of URLs (Uniform Resource Locator) into IP addresses. This is very useful for Hollywood as an industry as it would stop piracy completely, because without the DNS there is no way to access the website. North Korea then seeing the release of the film threated the USA with Cyber Attacks. Seeing as the NSA network can be exploited, as done by the ‘The Shadow Brokers’, then any group of talented hackers could possibly do the same and hence gain access to the public’s data. This would put everyone in the United States at risk. So, the same question arises again, how can government monitoring schemes say they are keeping the public safe when if their security is compromised, they endanger lives?
It is known that China and USA have engaged in cyber-attacks against one another. In 2013 there were a series of attacks launched by China on the USA’s defence servicers and government.[13] Amidst of all the attacks it was revealed that USA Pentagon security measures are weak. In the Washington Post it was stated that:
“The Pentagon cannot be confident that its military computer systems are not compromised because some use components made in countries with high-end cyber-capabilities, the report says. It says only a few countries, including China and Russia, have the skills to create vulnerabilities in protected systems by interfering with components.”[13]
If the government’s main base ‘Pentagon’, which is a military base for warfare can be threatened with a series of network exploitations, then what else is vulnerable? Considering how data from monitoring schemes is shared between different departments within the government, then it makes it possible for this data to be compromised if the Pentagon is vulnerable. As indicated above, the government has advanced techniques for launching cyber-attacks but not for defence against one. So, since the government is unable to defend itself against cyber-attacks, should they have monitoring schemes in place?
Conclusion
After researching and analysing both sides of the arguments on whether the government should have mass surveillance schemes, I can firmly conclude that they should not be able to monitor public data. The government has shown that they are incapable of ensuring the public that their data will always remain safe and not in the hands of unauthorised entities with ill intent. There have been many instances where government data networks have been compromised, so how can the public trust that their data will always be safe? Hence why I believe It would be safer for the public to not be monitored.