State Sponsored Surveillance - The New Norm?

Technology and surveillance

With the increased use of smartphones and growing technologies like Artificial Intelligence (AI), the public has become an easy target for mass surveillance. Also, the smartphone industry is increasingly less focused on user privacy and security. As smartphones are always active, they are susceptible to various tracking forms, like cellular signals, GPS, Bluetooth, and Wifi. In today's scenario, one wrong click and a system can be compromised.

AI is a powerful tool for mass surveillance, especially in video/audio recognition and analytics. It eliminates human error, is highly accurate, and very fast. Interestingly, in some cases, AI can even process image data from low-lit environments and still be used for surveillance.

With the rapid advancement in automation and technology, it has become easier to carry out surveillance than ever before. The following sections discuss various concerns and issues around state-sponsored surveillance.

The Bright Side

Some benefits of surveillance:

• Police can identify and reach a crime scene much faster, and possibly while the crime is still in action.
• Many past or unnoticed crimes come onto the radar while analyzing older video footage using new methods like facial and incident recognition with AI.
• Surveillance can also help instantly identify and track new disease outbreaks before turning into an epidemic or a pandemic.

Although the benefits of surveillance seem to be effective, some downsides are equally concerning.

Privacy Concerns and Abuse

In a survey conducted by Amnesty International (Human Rights Organization), more than seventy(70%) of the worldwide participants opposed the US Government monitoring and spying on them. Even though people decide to give up privacy for the good that surveillance might achieve, surveillance abuse is the result.

While various governments claim that increased video surveillance is crucial for stopping terrorism, being recorded and getting their acts broadcasted is one of their primary intentions. Also, the surveillance systems in place have not proven to be efficient or effective in helping public issues, like safety and healthcare, compared to its use for political and military agendas.

Most often, journalists and social activists are the prime targets of surveillance, which endangers the right to open and free speech. Surveillance cameras can be abused in many ways, resulting in the manipulation or deletion of evidence. Also, due to improper vigilance on surveillance operations and collected data, it often leads to personal, discriminatory, or criminal abuse.

The CIA Leaks

On March 7th, 2017, Wikileaks (an international non-profit organization that discloses classified information and media submitted by anonymous sources) released a series of leaks called the Vault 7. These leaks contained various documents about the CIA's global mass surveillance program and its dozens of 0-day exploits and malware arsenal targeting a wide range of devices manufactured by global tech industries. It is believed that the CIA's hackers have developed and used more code than it takes to run the social media platform for Facebook. Even the court stated that the CIA's hacking capabilities far exceeded its given powers and lacked public oversight. After this and the previous Edward Snowden leaks in 2013, which exposed how the NSA was collecting phone records of Verizon customers, the public started to realize the overpowered abilities of the government's surveillance program and all the unnecessary and invasive spying being carried out on them.

In the 1970s, the Foreign Intelligence And Surveillance Act (FISA) Court had a three-judge panel that authorized electronic surveillance of people suspected of espionage against the US. Still, after the 9/11 attack, the NSA was secretly permitted to bypass the court and surveil Al-Qaeda suspects. This decision led to leverage, which caused relaxation to the rules in 2005, stating the government does not need any specific target to obtain a court order.

COVID19 - Surveillance becoming the "New Normal"

Surveillance helped track the COVID-19 pandemic, but various activists and privacy experts believe that the current situation has become leveraged to implement a permanent mass surveillance system, instead of flexible and temporary surveillance measures for use in emergencies.

A government built app in India called Aarogya Setu faced a lot of criticism as the application uses both Bluetooth and location data to operate and was suspected of having major security vulnerabilities. So the government decided to make the application open source and introduced a bug bounty program for better transparency and security.

Amnesty International's security lab reported that the various contact tracing applications developed for tracking COVID-19 were either flawed or intrusive. The organization also conducted a study analyzing various COVID-19 contact tracking apps and found that Kuwait and Bahrain use the apps intended for public health safety as mass surveillance tools. They found three specific applications that were collecting live satellite location data and matching that data with people's real identities. A live television show and the Bahrain app were linked in which the host randomly video called citizens to check if they were indoor or outdoor.

Ultimately, not much effort is being put into making the applications more friendly or compliant with privacy regulations besides leveraging the situation to retain new widespread surveillance capabilities.

COVID19 & malicious activity by state-sponsored groups

After the COVID-19 outbreak, a rapid 50% spike has been observed in phishing attempts and other attack vectors to steal intellectual property data by state-sponsored hacking groups. Google also issued a similar report about government-backed hacking groups using the pandemic as a cover for phishing attempts and malware infestation, which you can read here.

A group called the Cozy Bear (APT29), which is believed to be a part of the Russian intelligence organization, is found targeting COVID-19 researchers around the world who are working on a vaccine. Furthermore, the United States government accused Chinese hackers of targeting specific networks belonging to organizations involved in coronavirus research.

Unfortunately, many organizations are not well prepared to detect cyber intrusions. Vulnerable servers and other infrastructure containing critical information is available openly on the internet, and a compromise can lead to stealing, deletion, or manipulation of data. Unknowingly working with manipulated research data could cause serious and irreparable damage.

Organizations must ensure adequate safeguards and detection measures against unexpected intrusions and attacks.

Remarks

Everyone must follow certain precautions for better privacy, such as:

• Proactively update devices.
• Proactively revoke unwanted permissions given to applications.
• Cover cameras while not in use.
• Use applications that support strong encryption.
• Avoid the use of third-party or pirated software.
• Use strong and unique passwords.
• Enable, where possible, multi-factor authentication.

Also, always verify any information before opening attachments or links in an email to avoid falling for a phishing attack.

I highly recommend checking out the free "Cybersecurity Awareness" course provided by Cybrary, where you can learn many best practices to protect yourself and stay secure.