Communication in a world of pervasive surveillance: Sources and methods: Counter-strategies against pervasive surveillance architecture

[grarpamp]

> https://research.tue.nl/en/publications/communication-in-a-world-of-pervasive-surveillance-sources-and-me
> Appelbaum, Jacob R.. /Communication in a world of pervasive surveillance :
> Sources and methods: Counter-strategies against pervasive surveillance
> architecture. Eindhoven : Eindhoven University of Technology, 2022. 327 p.


CHAPTER 1
Introduction

        "Wer die Wahrheit nicht weiß, der ist bloß ein Dummkopf. Aber
wer sie weiß
        und sie eine Lüge nennt, der ist ein Verbrecher." 1
                                         -- Bertold Brecht, Das Leben
des Galilei, Seite 71

Electronic surveillance systems, in their twenty-first century
totality, create an environ-
ment of pervasive surveillance where most, if not all, communications
channels are mon-
itored in some capacity. Sociologists and other academic researchers
define surveillance
in many different ways [Mar15]. We consider the definition from Lyon
from Surveillance
Studies: "any systematic, routine, and focused attention to personal
details for a given pur-
pose (such as management, influence, or entitlement)" [Lyo14]. Today's
Internet is the pri-
mary terrain of struggle [GBC11, Kat90, Her00, Ziz08, Cun15, GE07]
between those com-
mitted to attacking electronic communications, whether in targeted
[Bam16] surveillance
of individuals or indiscriminate mass surveillance [Eur18, Eur78,
Eur06, Eur84, Eur10,
Eur87, Eur15, Eur16] of whole populations, and those committed to
securing communi-
cations from attack.
    The two most prevalent surveillance adversaries are state [Gre14b]
and corporate
[Zub19, Int21a, Int21b] actors, though in some situations there is no
meaningful distinc-
tion between these. Fusion Centers [Wik21i] for example, are an
American domestic
intelligence apparatus that aggregates data provided by government
agencies, corpora-
tions, and private persons, resulting at times in Americans being
persecuted for engaging
in constitutionally protected activities. Surveillance data of all
kinds collected from other
terrains [Goo21, War15b] readily merges into the Internet's IP traffic
flows. This collec-
tion is not merely through passive observation of our communications,
but also through
active interaction and exploitation, along with analysis of behavioral
data, other systems
data, and data at rest. To name just a few examples:
    · In-person, face-to-face meetings when personal or professional
electronic equip-
        ment is present in the same room [ATL06, CCTM16].
    · Targeted and mass surveillance of telephone metadata and call
content [SM13,
        GS14].
    · Targeted and mass surveillance of postal mail [Nix13].
    · Public and private video surveillance, especially when used in
tandem with machine
        learning for identification based on height, gait, and/or
facial structure among oth-
        ers [EKGBSBA16].
    · Stylometry of written text to identify anonymous authors [BAG12].
    · Analysis of video and images of biological structures such as
veins, ear shape, as
        well as of body modifications such as piercings and tattoos [RP14].
As new sources of data become available in nearly every realm of life,
we find new surveil-
lance tools being designed to exploit them. Understanding these
surveillance practices is
critical for building defenses.
    It is now commonly understood that the US Government does "kill
people based on
metadata" [Col14] including children [Sca13a, Bon13, Kri19, AR21],
intentionally 2 and
unintentionally. The state's capacity for violence is enhanced with
additional surveillance
capabilities. Historical as well as contemporary use of data and
metadata to socially sort
[Lyo03] has enabled human rights abuses such as persecuting political
refugees [CM+ 17,
DNI21], assassinations [Col14] and genocide [Bla12].
    Modern proponents of both targeted and mass surveillance regularly
claim that grant-
ing authorities surveillance powers will help to prevent terrorist
acts. We know that
while this is sometimes true [EM13, BSSC14], it is often false, with
disastrous conse-
quences [GRS14, Rot15]. We also know that the existence of
interception capabilities
puts both the operators [Bam16] and users of communication
infrastructure at direct
risk, and that the same surveillance methods intended for terrorists
are diverted to tar-
geting democratically elected leaders [JAS13]. This leads us to ask:
In order to protect
our societies from terrorist acts, must we leave ourselves vulnerable?
Is it worth the
trade-off to occasionally catch the least competent would-be
terrorists, corrupt officials,
spies, criminals, and thieves? The questions themselves seem absurd
when the answer
promotes criminality of all kinds: corporate espionage, economic
warfare, government
espionage, human-rights violations, lawfare, so-called "targeted
killings" (assassinations),
untargeted killings, etc. Yet an affirmative answer to those questions
is an observable na-
tional policy in countries around the world.
    The deployment of standardized communications protocols in the
last century made
it possible to perform surveillance in a highly automated fashion. We
investigate some
of these surveillance systems extensively with help from documents
exposed by whistle-
blowers, known and unknown, or other anonymous insiders. We compare
the intentions
and stated beliefs of surveillance adversaries with those of protocol
designers, who in
recent years have belatedly started to introduce the term
surveillance, and later mass
surveillance, into Internet-related protocol publications [FT14, BSJ+ 15a].

1
"He who does not know the truth is merely a fool. But whoever knows it
and calls it a lie is a criminal."
2
The President of The United States of America is directly involved in
some assassination decisions [Poi14,
Par15], something of an explicit concern [Ken11] to the founders of the country.