Bulk Tracking or Mass Surveillance

Mass Surveillance
Part 1 - Risks, Opportunities and Mitigation StrategiesMass Surveillance

EUROPEAN PARLIAMENT
STUDY
Assessment of Scientific and Technological Options
ERPS | European Parliamentary Research Service (Research Unit of the European Parliament), Scientific Foresight (STOA) Unit (Scientific Prospective Unit)

(Republished with translations of selected sections by: EU Bookshop,Mass Surveillance", Publication Year: 2015, 978-92-823-5535, two: 0 / 10.2861, 269619-05-14-EL-Pdf file, 66 pages in English])

Bulk Tracking or Mass Surveillance
What are the risks to citizens and what are the opportunities for the European Information Society? What are the possible mitigation strategies?

Part 1 - Risks and opportunities presented by the current generation
of network services and applications

Study, IP / G / STOA / FWC-2013-1 / LOT 9 / C5 / SC1, January 2015, PE 527.409

About version:

The STOA project, "Mass Surveillance Part 1 - Risks, Opportunities and Mitigation Strategies" was held TECNALIA Research and Investigation in Spain.

Mass Surveillance Mass Surveillance

AUTHORS:
Arkaitz Gamino Garcia
Concepción Cortes Velasco
Eider Iturbe Zamalloa
Erkuden Rios Velasco
Iñaki Eguía Elejabarrieta
Javier Herrera Lotero
Jason Mansell (Language Examination)
José Javier Larrañeta Ibañez
Stefan Schuster (Editing)

The authors acknowledge and would like to thank the following experts for their contributions to this report:
Prof. Nigel Smart, University of Bristol,
Matteo E. Bonfanti PhD, Research Fellow in International Law and Security, Scuola Superiore Sant'Anna Pisa,
Prof. Fred Piper, University of London,
Caspar Bowden, independent researcher,
Maria Pilar Torres Bruna, Head of Cybersecurity, Everis Aerospace, Defense and Security,
Prof. Kenny Paterson, University of London,
Agustin Martin and Luis Hernández Encinas, Tenured Scientists, Department of Information Processing and Cryptography (Cryptology and Information Security Group), CSIC,
Alessandro Zanasi, Zanasi & Partners,
Fernando Acero, Expert on Open Source Software,
Luigi Coppolino, University of Naples,
Marcello Antonucci, EZNESS srl,
Rachel Oldroyd, Managing Editor of the Bureau of Investigative Journalism,
Peter Kruse, Founder of CSIS Security Group A / S,
Ryan Gallagher, Investigating Reporter of The Intercept,
Captain Alberto Redondo, Guardia Civil,
Prof. Bart Preneel, KU Leuven,
Raoul Chiesa, Security Brokers SCpA, CyberDefcon Ltd.,
Prof. Hugo Scolnik, Departamento de Computación, Universidad Buenos Aires.

Research Director of STOA
Peter Ide-Kostic
Scientific Foresight (STOA) Unit
Directorate for Impact Assessment and European Added Value
Directorate-General for Parliamentary Research Services
European Parliament, Rue Wiertz 60, B-1047 Brussels
E-: peter.ide-kostic@europarl.europa.eu

Language performance
Original: EN (in English)

About the Publisher
To contact STOA or to subscribe to his newsletter, please send a message to: STOA@ep.europa.eu
This document is available online at: http://www.ep.europa.eu/stoa/

The manuscript was completed in January of 2015
Brussels, European Union, 2015

Denial of responsibility
The contents of this document are the sole responsibility of the author and any opinions expressed on it do not necessarily represent the official position of the European Parliament. Addresses MEPs and EP staff on their parliamentary work. Reproduction and translation for non-commercial purposes is permitted provided the source is acknowledged and the European Parliament has been informed in advance and a copy sent to it.
PE 527.409, ISBN: 978-92-823-5535-0, DOI: 10.2861 / 269619, CAT: QA-05-14-155-EN-N

Mass Surveillance Mass Surveillance

Short summary

Mass Surveillance Mass SurveillanceThis document identifies the risks of data breaches for users of publicly available Internet services, such as e-mail, social networks and cloud computing, as well as the possible consequences for them and for the European Information Society. It presents its latest developments s that allow the analysis of user data and its metadata, on a massive scale for tracking purposes. Identifies technological and organizational measures and key stakeholders to reduce identified risks. Finally, the study suggests possible policy options to support the risk reduction measures identified by the study.

This study covers the analysis of the existing generation of Internet services and applications at the time of the study (2014) and on what short and medium term technical measures and policy options are appropriate to address the practices of mass monitoring and to ensure the privacy and security of electronic communication channels.

Future long-term technological and policy options to address the of privacy and security in the field of information and communication technologies, are described in the second part of this study, published by STOA.

This study is accompanied by an annex, which provides detailed answers to the thirty-five questions asked in the initial survey for this study. The annex is published as a separate document:

Science / Technology Options Assessment (STOA) / Scientific and Technological Options
Mass Surveillance
Part 2 - Technology foresight, options for longer term security and privacy improvements / Part 2 - Technological perspectives, possibilities for long-term improvements in security and privacy
[pdf file, 100 pages in English]

Mass Surveillance Mass Surveillance

Table of Contents

SUMMARY
1. IMPORT

2 STRUCTURE OF THE DOCUMENT AND METHODOLOGICAL APPROACH

  • 2,1 Οι Συμ formatting
  • 2.2 The Document Structure
  • 2.3 The methodological approach applied

3 CURRENT PRACTICES FOR SUBSCRIPTION AND ANALYSIS OF USER TRANSFERRED DATA

  • 3.1 The types of metadata and their preservation
  • 3.2 The role of commercial cookies and trackers
  • 3.3 Analysis of metadata for mass monitoring purposes
  • 3.4 Complaint between mass monitoring organizations and other parties

4 RELIABILITY OF CROPING IN A "MID-SNOWDEN" WORLD

  • 4.1 Current and upcoming cryptography problems
  • 4.2 Malware on platforms and end-points
  • 4.3 The arena of cryptography and electronic warfare
  • 4.4 The telecommunications sector

5 POSSIBILITIES OF COMMERCIAL PRODUCTS IN THE PRACTICE OF MASS MONITORING

  • 5.1 The commercial assets mass surveillance
  • 5.2 The legal framework for mass monitoring tools and services
  • 5.3 Efficiency of Supervision Products and Resources Required
  • 5.4 Cryptography and encryption analysis

6 TECHNICAL ASSURANCE OF HACKING CAPABILITIES OF NATIONAL SECURITY AGENCIES

  • 6.1 The cooperation of private companies with national security agencies
  • 6.2 The hacking capabilities of national security agencies
  • 6.3 The effectiveness of information service monitoring programs
  • 6.4 Category reliability for mass follow-up
  • 6.5 Effectiveness of solutions to combat mass surveillance
  • 6.6 Threats and Opportunities from Using Other Operating Systems (OS) and Applications (APPS) in Public Administration

7 TECHNICAL AND POLITICAL OPTIONS PROPOSED FOR THE MEASUREMENT OF DETECTED RISKS

  • 7.1 Best Practices to Avoid Cryptographic Problems
  • 7.2 Technical solutions to mitigate risk from monitoring
  • 7.3 Short- and medium-term policy options for monitoring bulk tracking

8 CONCLUSIONS

ABBREVIATIONS
ANNEX (see separate document: ANNEX / ANNEX, Science and Technology Options Assessment (STOA) / Scientific and Technological Options, Mass Surveillance / Part 2 - Technology foresight, options for longer term security and privacy improvements / Part 2 - Technological Perspectives , opportunities for long-term improvements in security and privacy)

SUMMARY [page 1]

Mass Surveillance Mass Surveillance Mass Surveillance Mass Surveillance Mass Surveillance Mass SurveillanceThe disclosure of controversial mass surveillance programs used by espionage and national security services has prompted an international debate on the right of citizens to be protected from illegal or unlicensed collection and analysis of their data and metadata. This report / study aims to identify the risks of data breaches for users on publicly available online services such as web browsers, e-mail, social networks, cloud computing or voice communications via personal computers or mobile devices and on what the potential impact on citizens and the European information society is.

In this context, a clear distinction must be made between data and metadata (metadata). There should also be a clear distinction between mass without a warrant and indiscriminate interception and targeted lawful internet surveillance and telephony data for law enforcement and criminal investigation purposes. Whilst targeted legal monitoring is an indispensable and legitimate means of intelligence and law enforcement, mass surveillance (Mass Surveillance) is seen as a threat to civil liberties, as well as to the right to freedom of opinion and expression. These citizens' freedoms are indispensable for human rights in democratic societies and are of particular importance for securing independent journalism and political opposition.

Mass Surveillance Mass SurveillanceMetadata is data generated when electronic communication channels, such as the Internet or telephony, are used and provide information on the time, origin of destination, location, duration and frequency of communications. Metadata, however, does not contain the content of the communications itself. There are two types of metadata, metadata that provide information about the content (eg reading / writing / modifying a file's properties, the author of the document, the position from the GPS to an image, etc.) and the metadata about the communication (e.g., the sender, the recipient, the duration of the communication, the date and time of commencement of the communication, the communication channel, the communication protocol used, etc.). In the context of this study, the main interest is in metadata about communication.

Communication metadata is usually collected by telecommunications providers and internet service providers as part of their business activities. Different laws and regulations exist in Europe and other countries, which determine the retention period of this data. Lawful metadata tracking is intended for tracking required by law enforcement and is not considered bulk tracking. Analyzing metadata, despite not containing the content itself, can reveal very detailed information about the person who created it.

Mass Surveillance Mass SurveillanceAnother possible source of information containing private data is Cookies (HTTP cookie). Cookies are text files that websites we visit store on our hard disk. Cookies allow for smarter and faster navigation, and are commonly used to shape the content of a web page, as well as the ads and features of third party affiliates when we revisit it. No evidence has been found to confirm that government agencies have used the information that can be extracted from the data contained in cookies through their cooperation with tracking traders.

The structured nature of metadata is ideal for analysis using techniques of data (data mining), όπως είναι η αναγνώριση προτύπων (pattern recognition), η μάθηση (machine learning) και η συγχώνευση πληροφοριών ή δεδομένων (information or data fusion). Η ανάλυση μετα-δεδομένων μπορεί να αποκαλύψει ένα εξαιρετικά πλούσιο ποσό από πληροφορίες σχετικά με τις συνήθειες και τις σχέσεις των ανθρώπων και όταν συγκεντρώνονται (aggregated) -δεδομένα με την πάροδο του χρόνου ή η σύνδεση τους με άλλα σύνολα δεδομένων- μπορούν να εκθέσουν ακόμα πιο πλούσιες προσωπικές πληροφορίες και λεπτομέρειες συσχετισμών. Αν δεν ληφθούν ειδικές προφυλάξεις, μερικά από τα προσωπικά μυστικά της καθημερινής μας ζωής δεν θα αντέξουν σε μια προσεκτική ανάλυση των μετα-δεδομένων μας.

Government departments monitor metadata either through their own technical capabilities, or access them through service providers based on legitimate requests / generalized warrants or threatened with fines. They also have powerful capabilities to break the protection of a system and penetrate systems and networks by implementing advanced hardware and software (e.g. Fiber tapping and PRISM (surveillance program)].

Mass Surveillance Mass SurveillanceCommercial monitoring technology vendors sell software applications and tools for tracking purposes and advanced solutions for lawful interception, collection, processing and / or analysis of communications data (including both metadata and the content of communications). Their customers are governments, intelligence agencies, national security and law enforcement agencies, using these platforms and information tools for collecting, processing and analyzing both bulk and targeted communications data.

The legal framework for commercial monitor technology suppliers is defined in different national and international laws, agreements and regulations. The Wassenaar (Wassenaar Agreement), a comprehensive international treaty on export controls, including monitoring technology, is signed by 42 states and 2013 has been extended to include collection or equipment tools and IP network monitoring systems by the information / enforcement. However, the June 2004 2014 UN Human Rights Watch (OHCHR) report states that in most countries legal standards are either non-existent or inadequate to deal with the modern communications monitoring environment (see Report of the Office of the United Nations High Commissioner for Human Rights, A / HRC / 27 / 37,The right to privacy in the digital age", 30 June 2014).

Mass Surveillance Mass SurveillanceBut national security services themselves have developed a set of sophisticated hardware and monitoring software tools that enable them to penetrate networking equipment, monitor mobile phones and computers and divert or even modify data without making perceived.

A particular emphasis on the effort of mass surveillance is found in breaking the encryption that prevents information and law enforcement services from accessing the relevant data. Software deficiencies in the implementation of encryption algorithms can lead to vulnerabilities that can be easily exploited, regardless of complexity, theoretical endurance, or the quality of the technical implementation of encryption. Security agencies have been able to exploit these vulnerabilities, supposedly allowing them to enter backdoor encryption standards, but have only limited success with traditional cryptanalytical attacks.

Mass Surveillance Mass SurveillanceThe new generation of encryption technology is good enough to avoid deterministic brute force attacks and provides the most reliable protection against unauthorized access to data if its application parameters and configuration are done correctly. Major attacks occur when implementations of current cryptographic technologies do not conform closely to their specifications, or when και λάθη -μερικές φορές σκόπιμα- εγχέονται στο επίπεδο του κώδικα. Αυτός είναι ο λόγος της έκκλησης για μια πολιτική δράση που θα εγγυάται την πρόσβαση των Ευρωπαίων πολιτών σε πιστοποιημένες, ανθεκτικές και ανοιχτού κώδικα εφαρμογές, διαφορετικών προδιαγραφών, κρυπτογραφήσεις.

It is virtually impossible for the end user to determine whether the metadata generated when browsing the internet, sending messages or performing other communications over the internet is analyzed or used by third parties and even less if one system is subject to a complex attack orchestrated by strong opponents such as government agencies. Citizens can protect their privacy by implementing conscious security practices and using special software tools and services to help hide their digital traces. Firewalls, anti-virus software, Virtual Private Networks, anonymizing proxies and networks, and, most importantly, cryptography, are those technical tools that are accessible to end-users. But even if it is possible to prevent unauthorized access to personal data or metadata by applying a mix of different protection mechanisms, there is no means to ensure complete exemption from such attacks.

Mass Surveillance Mass SurveillancePolicy choices that are considered to help reduce the risk of privacy invasion by mass monitoring in a short and medium term are: (a) promoting operating systems and applications that allow continuous inspection and control by a large open source expert community and verification and validation bodies, and b) to invest and stimulate the integration of user-friendly tools with software solutions.

The threat from mass surveillance practices can not, however, be resolved on technical grounds. Information and Security Organizations will always have a competitive advantage in being able to win such a technological advance over Internet security because of the resources they have. The problem has to be addressed at a political level. An appropriate balance between civil liberties and legitimate national security interests must be determined on the basis of a public debate that enables citizens to decide both on their political rights that are affected and on their social values ​​at stake .

...

Mass Surveillance Mass Surveillance

8 CONCLUSIONS [page 55]

Οι πρακτικές της μαζικής παρακολούθησης από τις υπηρεσίες πληροφοριών και ασφαλείας έχουν τραβήξει το ενδιαφέρον των μέσων μαζικής ενημέρωσης και στο ευρύ κοινό, με την δημοσίευση των απορρήτων εγγράφων που από τον Edward Snowden. Η μαζική παρακολούθηση αποτελεί σήμερα μια πραγματικότητα και εφαρμόζεται εδώ και χρόνια από τις εθνικές υπηρεσίες πληροφοριών σε έναν αριθμό από χώρες, όπως είναι πχ. η FIVE EYES alliance, but also by some other EU Member States and other countries.

Οι οργανισμοί που συμμετέχουν στην πρακτική της μαζικής παρακολούθησης δικαιολογούν αυτές τις μεθόδους με το δόγμα της πρόληψης του εγκλήματος και της τρομοκρατίας και στην υιοθέτηση της αρχής της παντογνωσίας ως τον βασικό τους σκοπό. Ο στόχος της ανάσχεσης κάθε επικοινωνίας που λαμβάνει χώρα πάνω στο διαδίκτυο ή/και στα τηλεφωνικά δίκτυα, σε πολλές περιπτώσεις επιδιώκεται με αμφίβολη εφαρμογή νομοθεσίας, αν δεν είναι και οριστικά παράνομες ως εισβολές στον τομέα της πληροφορικής και των τηλεπικοινωνιακών συστημάτων. Αυτή η στρατηγική συσσωρεύει μια ποσότητα πληροφοριών που μπορούν να επεξεργαστούν και να αναλυθούν με συστήματα ς νοημοσύνης, που είναι σε θέση να διακρίνουν σχήματα που δείχνουν παράνομες, εγκληματικές ή τρομοκρατικές δραστηριότητες.

Whilst the legitimate (and legal warrant) lawful monitoring of data on targeted suspects is a mandatory and indisputable law enforcement tool for the competent services to have access to data, the generalized collection approach through mass surveillance violates the the right to privacy and the freedom of speech. The rendering of judgments about suspicious types of data or behavior of citizens in intelligent computer systems, in addition, prevents accountability and threatens the implementation of an Orwellian-type monitoring society.

Many citizens are not aware of the threats they may face when using the internet or telecommunication devices. To date, the only way for citizens, to neutralize surveillance and have a prevention against the violation of their privacy, is to ensure an indestructible end-to-end (end-to-end) encrypting the content and the transport channel in all their communications.

Due to the number / complexity / heterogeneity of these tools, however, it is a very complex task to achieve by the majority of technically untrained users. This situation also requires sensitization and the provision of integrated, user-friendly and easy-to-use solutions that will guarantee the privacy and security of their communications.

But policy-makers need to understand that the issue of mass monitoring (first of all understanding that it is really a problem) can not be solved on technical ground but needs to be addressed at a political level. An appropriate balance between civil liberties and legitimate national security interests must be found and this balance should be based on a public debate that enables citizens to decide both on their political rights and on their social values at stake.

Mass Surveillance Mass Surveillance Mass Surveillance

Mass Surveillance Mass Surveillance Mass Surveillance

Pirated information

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).