It’s Not (Exactly) 1984, but Big Brother Is Certainly Watching! Over the decades, there was always a fear of government spying, but it couldn’t be confirmed. Fast forward to 2013, and all of that changed when the planet’s most famous whistleblower, , disclosed top-secret documents that revealed extensive global surveillance programs run by American, British, and other foreign security agencies. Edward Snowden But it’s not all about hacking or spying. With the refinement of artificial intelligence technologies like pattern and , citizen data can also be used to control them. The authorities can also use the law, in some circumstances, to view the information stored inside devices (and data centers). facial recognition Because of Snowden’s revelations, perhaps the most famous organization engaging in such shadow activities is the American National Security Agency (NSA). While these projects may have been initiated to fight terrorism, they have  been used for a wide range of nefarious activities. According to , Author, Advisor, Serial Entrepreneur, and President of Nordic IT Association, “surveillance is like a cyber kill chain, and unfortunately, corporate and government security is a mess. The fact that Governments are illegally orchestrating blanket surveillance is one thing, but harvesting that data gives attackers a treasure trove at the end of the tunnel, resulting in increasing and more sophisticated ransomware attacks. US border control was hit with a recent breach and a good example. Yet, despite the cyber pandemic, surveillance activity isn't showing signs of slowing down, in fact it's the opposite now with facial recognition being rolled out. This is all in the name of anti terrorism? We are inadvertently creating new attack surfaces for terrorists, cyber terrorists. Unfortunately, we are not well prepared for what I fear is a cyber storm coming our way, and it is us the people that will suffer for it.” Alexander H Reay (MoD) (CDIS) Even the Federal Bureau of Investigation (FBI) have been found to use sophisticated tools to look at sensitive data without a warrant. Recently, FBI agents were found between 2017 and 2018. guilty of conducting tens of thousands of illegal searches on citizens The FBI was awarded NSA tools to search for evidence of a crime, as part of an investigation on foreign targets, or to monitor cyberthreats, and terrorism suspects. However, agents used these tools to engage in warrantless searches of databases for information about coworkers, family, and friends. So How Does the Government Spy on Citizens? Backdoors A is a technique that’s used by hackers and government agencies to bypass the system’s security mechanism, undetected. It helps them spy and access user data without anyone noticing what’s going on. backdoor (or trapdoor) The backdoor methods are also sometimes written by the programmers who build the software. But in 2013, Snowden revealed that the to build backdoors and compromise products. NSA was spending as much as $250 million a year "Obviously, a backdoor is a huge hole in the defense, and as we saw with NSA tools, sadly, this information ends up leaking and [is] exploited by criminal organizations. If not, they eventually get found by security researcher[s], or worse, by criminal organization security specialists, which [who] obviously will never reveal what they found, and while the backdoor creator might think he is alone using it, well, a bunch of people may be too…," stated , Cyber Risk Subject Matter Expert and Director of Security at Adaware. Alexandre Blanc Today, governments in the U.S., Europe, and Australia are demanding backdoor access to and encrypted messaging apps. If tech giants agree to do this, it’ll have significant consequences for all of us. social media platforms (like Facebook) Traffic Monitoring/Data Collection is a tool that was developed and used by the NSA to monitor and analyze global data. It’s highly sophisticated and can monitor global internet traffic in real-time. XKeyScore or XKS XKS allows authorities to access: Browsing history Documents shared online Private emails Search queries Track your device movements This tool also enables security agencies to virtually access devices to monitor everything in real-time. As you can see from the above, such tools provide the government (and potentially bad actors) access to your whole virtual life. Spyware/Malware The NSA's , an elite group of hackers, used spyware or malware to gather data. The TOA was excellent at compromising devices to use them as a surveillance tool or to collect information about different users. Tailored Access Operations (TAO) They also consistently looked for security loopholes to break into software, mobile apps, and other platforms. However, their go-too tool was malware to compromise devices. They achieved this by rerouting traffic from fake versions of popular websites to monitor user activity and logs. Through the years, the TAO has also been known to work with tech companies to develop backdoors in routers, both virtually and physically. Unfortunately, some of the (who aren't working for the government). hacking tools developed by the NSA have fallen into the hands of hackers So we now have hackers targeting high-value servers with NSA hacking tools like (to monitor and exfiltrate data), (a backdoor), and (a plugin for analysis) to infect servers running Windows Server 2003 and 2008 in Egypt, Iran, and Russia. DanderSpritz DarkPulsar Fuzzbunch According to , some of the infected organizations were companies with IT and R&D departments in aerospace and nuclear energy. Other NSA-built hacking tools like have already been used in the infamous WannaCry and NotPetya attacks. Kaspersky Labs EternalBlue Local and International Law The authorities can also leverage the law to access your data. The police, for example, can and even access your car data. The same scenario can happen (especially in the United States). get a warrant to go through all your electronic devices without a warrant at the border In the U.K., it was found that to extract user data from digital devices. However, data were collected for all types of crime, including low-level offenses. 93% of police forces were using mobile phone extraction technology While the forces demand data extraction by default, there are no clear national guidelines as to how citizen data should be extracted, stored, and deleted. As a result, they have also been able to obtain data without a warrant. According to , Cyber Security Specialist, IT Security Awareness, and Senior Full Stack Web Developer at CoreSolutions Software Inc., “we already saw publicized cases of people in powerful positions getting caught putting in mobile unlock passwords on camera. And this is just a simple case. Surveillance can also be used to track for longer periods of time, and with more data points, you can ascertain much more information about a target that can be used to access private information. I use [the word] target on purpose here. When this in place, I feel you stop becoming citizens and now become targets.” Ron Craig Government Surveillance in China The internet (still) remains free in North America and Europe. In China (and to some extent in Russia), the story is quite different. They have their own, highly controlled internet with what’s known as “ ” that keeps citizens in and foreigners out. This makes it easy for Chinese authorities to spy on their citizens, censor information, and exert control. The Great Fire Wall This was evidenced recently when an executive for the . China’s response was quick and resulted in apologies and a ban on speaking about Chinese affairs. National Basketball Association’s Houston Rockets tweeted support for the Hong Kong protesters At the same time, government-backed hackers deployed bots across social media platforms to spread disinformation and attack media companies based in Hong Kong. It was also later revealed that Chinese police were also using these tools to control Muslim Uighurs minorities. . Russia has been accused of doing the same The world of espionage is also quite murky and full of surprises. Security researchers, for example, found that the Chinese were using tools developed by the NSA to hack US agencies. In another incident, Israeli hackers caught Russian spies using Moscow-based antivirus and malware scanner, , to hack American spies. Kaspersky Government Surveillance in Russia Russia has also actively monitored its citizens by installing special equipment at service providers. This enables authorities to track, filter, block, and reroute internet traffic at will. With a , the government can also directly censor content without informing the public. change in the nation’s law is also well documented and evidences the fact that governments are going far beyond controlling what happens within their borders. With and the U.K., it remains to be seen if the Russians will continue to meddle in world politics. Russian interference in the U.S. elections elections coming up again in U.S. The Kremlin has also been accused time and again of to engage in cyber espionage. This sets a dangerous precedent for all other sovereign nations, political parties that form the opposition, and activists (in a country that has a poor human rights record). working together with hackers Government Surveillance in the U.S.A. Because of Snowden and Wikileaks, we are now quite familiar with how the authorities collect citizen data and engage in surveillance activities. Aside from using sophisticated hacking tools, the U.S. government is also on a . relentless campaign to end encryption Part of this crusade includes a demand for tech companies like Facebook and Apple to provide backdoor access to their messaging platform. While most of these initiatives are done under the guise of terrorism, this one focuses on the protection of children. However, the recent takedown of one of the largest dark web child porn marketplaces, , reaffirms the fact there are other ways to tackle the child abuse problem without installing backdoors and ending encryption. Welcome to Video Government Surveillance in Switzerland This subheading is misleading because the Swiss government doesn’t spy on its citizens. In fact, this Central European nation’s y. However, the government can engage in surveillance when there’s a proven case of terrorism (or unlawful activity) that demands the collection of evidence through proper legal channels. Switzerland has been consistently strict on these terms. laws are designed to ensure strict privacy and securit As a result, Switzerland’s reputation in the cloud security market is growing rapidly. According to , Founder and CEO of the cloud security company , “Switzerland has always maintained its status as a neutral nation that respects the privacy of its citizens. What was once a highly attractive destination for banking is also the safest place to host your data.” Mateo Meier Artmotion Meier makes an excellent point as Swiss law protects personal and enterprise data from government subpoenas. So even if, for example, a corrupt government tried to access trade secrets to help a local company gain an advantage, they won’t be able to access it without the explicit permission of the owner (of the data). So How Do You Protect Your Data from Spies? There is no one-size-fits-all type of solution. Protecting data will demand a combination of tools, awareness, and continuous updates to keep up with rapidly evolving hacking technology. Tor and Other Secure Browsers You can engage in secure browsing using Google Chrome, Microsoft Edge, and Safari, but these companies will collect data and track your online behavior. As a result, sensitive information can always be at risk of a data breach or a subpoena. The Tor browser, on the other hand, like , , and . , once properly configured, is also a reasonable option to keep your browsing data private. For secure searching, there’s . keeps you anonymous without the need for extra privacy tools Qubes Tails Whonix Firefox Quantum DuckDuckGo Encrypted Virtual Private Networks (VPNs) To secure your connection to the internet, you can also leverage . As VPN technology sends your data through an encrypted tunnel, you can protect your data from the prying eyes of rogue governments, hackers, and even your internet service provider. VPNs to ensure online privacy Server-Side Encryption While VPN tools can help encrypt the connection (and secure data in motion), server-side encryption can help protect the data where it lives (in the data center). Encryption is based on and comes in different forms like 128-bit, 256-bit Advanced Encryption Standard (AES), and XTS block cipher. The latter is a computer cipher or an algorithm that’s leveraged to achieve robust encryption. advanced mathematical formulae As we enter the age of hyper digitization, you can expect the authorities to try and exert more control over businesses and citizens through spying. As a result, efforts to secure personal and enterprise data will require an on-going, adaptable, and evolving approach to help ensure enhanced privacy and security. Is There Another, More Secure Approach to Ensuring National Security without Compromising Privacy and Cybersecurity? According to Reay “we certainly need independent standards and appropriate procedures and boundaries for offensive cyber operations. More specifically, there is no consensus for military cyber organizations that pretty much can gain access to systems and networks as they please. It's unconstitutional, and certainly a privacy issue, yet people seem to let them get away with it. Is privacy dead? Perhaps, despite the current privacy legislation, there is still a lot of smoke and mirrors. Yes, we have more secure approach, continuous monitoring, secure development approaches by design, defining the external and internal threats leads to a more secure approach to ensure national security. Better awareness, and allowing for people to take their own data and take agency over it. Of course one could put forward the merits of DLT (Distributed Ledger Technology) for that.” Blanc said “well, the aggregated data should be stored in secure data centers, which could only receive information and not let anything out through the same channel. Aggregation of METAdata should be enough to get patterns, leading to [a] warrant, which then could lead to [a] seizure. Sadly, [the] current state of the art on the market is collecting data without any concerns, ripping of privacy. While [the] government is kind of following restrictions, private tech organization[s] just navigate above the laws. First, we need more regulation, and then we need metadata correlation, being [a] mandatory requirement with external proofs or assessment to get a warrant, which should then trigger research. We can't stop private entities [from looking] for vulnerabilities, criminal organizations do so as well, but I think there should be a mandatory disclosure delay, so as any identified weakness should be published in such delay[s], like 90 days or so. This way, while it makes investigation a bit more complex, it would stimulate research, allow [the] most advanced to gather data, and yet enhance overall security…” , IT Security Consultant at Gallant-Daigle IT Security Consultant, Inc. and former IT Security Analyst at IBM Microelectronics Division, suggests another approach. “I believe that it would be possible to use the current technology to establish a Universal Device Authentication Infrastructure (UDAI). This infrastructure could be designed to allow legitimate surveillance, with a warrant, separation of powers. The most important idea behind such public infrastructure is virtual artifact traceability. Authorities and businesses need to have complete visibility of which devices were involved in the creation and modification of computer files, and this would be the main goal of the infrastructure.” Maria Gallant-Daigle However, Craig added that “there very well might not be a way currently to ensure national security from cyber crime without resorting to having a skeleton key, but the reality is this will never work for long. People will find ways to create and control the encryption or the means of transport between themselves. These home grown methods will not abide by the same rules and won’t have the back doors inserted. So that leaves them now with having to control that too. So whatever you can’t decrypt is now criminal or suspect in nature and must be intercepted and blocked from reaching its target or traced to the source and target. That will get lucky a few times at best. Then, they will adapt and send another way. Remember, this is a cat and mouse game, and it’s endless as we keep playing the same game. Maybe it’s time to change the game, but that’s for people much smarter than I to figure out.” What else can you do to ensure privacy and security? For the time being, . However, individuals and companies alike still need to follow cybersecurity best practices and take advantage of the latest innovations to keep their valuable data safe. the best available option is to store your data in Switzerland Let’s take this conversation over to Twitter!

Apple

BUNCH

Facebook

Google

Microsoft

Privacy Tools

Target

Twitter

How To Integrate Security Testing Into Your Software Development Life Cycle

Research Suggests That a Hard Brexit Could Lead to Significant Confusion within the UK Cloud Market

Follow Me on Twitter!

Read My Stories

Too Long; Didn't Read

Boost your HackerNoon story @ $159.99! 🚀

How Does the Government Access Your Data?

How Does the Government Access Your Data?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Balancing Cybersecurity Risk with Technological Innovation: Using Policy as Code

Complete Setup For Home Media Server!!

How Artificial Intelligence Hype Keeps Us Stuck in “The Good Old Days”

Could decentralized VPNs become the Holy Grail of privacy in the Big Brother’s Brave New World?

Finding The Privacy Balance - Is There Such Thing as Too Much Privacy?

Balancing Cybersecurity Risk with Technological Innovation: Using Policy as Code

Complete Setup For Home Media Server!!

How Artificial Intelligence Hype Keeps Us Stuck in “The Good Old Days”

Could decentralized VPNs become the Holy Grail of privacy in the Big Brother’s Brave New World?

Finding The Privacy Balance - Is There Such Thing as Too Much Privacy?

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps