Surveillance (original) (raw)

Surveillance is a process of close monitoring of behaviour.

It is commonly used to describe observation from a distance by means of electronic equipment or other technological means, for example:

However, surveillance can also be carried out by low-technology methods such as postal interception and watching by covert surveillance teams.


The term can also be used to describe the monitoring of diseases by epidemiologists.


Surveillance and counter-surveillance

Surveillance is the art of monitoring the activities of persons or groups without them knowing they are being monitored. Surveillance has been an intrinsic part of human history. Sun Tzu's The Art of War, written 2,500 years ago, discusses how spies should be used against a person's enemies. But modern electronic and computer technology have given surveillance a whole new means of operation. Surveillance can be automated using computers, and people leave extensive records that describe their activities.

Counter surveillance is the practice of avoiding surveillance or making it difficult. Before computer networks, counter surveillance involved avoiding agents and communicating secretly. With recent development of the Internet and computer databases counter surveillance has grown. Now counter surveillance involves everything from knowing how to delete a file on a computer to avoiding becoming the target of direct advertising agencies.

The greatest impact of computer-enabled surveillance is the numbers of organisations involved in surveillance operations:

For those who are peacefully working to change society, surveillance presents a problem. Particularly after the September 11th, 2001 terrorist attacks, many states now view political dissent as a problem, and have introduced new laws to strengthen their surveillance powers. Many states have also redefined their legal definition of terrorism to not only include violent acts, but also types of direct action protest. Even where groups have no involvement in violence, states and corporations may try to use information obtained about groups or individuals to discredit their work. As the scope of surveillance increases, it is important that groups and individuals manage their exposure to different types of surveillance to limit the damage it can do to them, or their work.

Modern surveillance cannot be totally avoided. If the state uses all of their resources to investigate your activities, they will be able to do so. However, non-state groups may employ surveillance techniques against your organisation, and some precautions can reduce their success. States are also limited in how extensively they can conduct general surveillance of people they have no particular reason to suspect.

Note: In all the forms of surveillance mentioned below, the issue of patterns is important. Although in isolation a single piece of communications data seems useless, when collected together with the communications data of other people it can disclose a lot of information about organisational relationships, work patterns, contacts and personal habits. The collection and processing of communications data is largely automated using computers. See also: traffic analysis

Telephones and mobile telephones

The official and unofficial tapping of telephone lines is widespread.

The contracts or licenses by which the state controls telephone companies means that they must provide access for tapping lines to the security services and the police.

For mobile phones the major threat is the collection of communications data. This data not only includes information about the time and duration of the call, but also the geographical location where the call was made from and to whom. This data can be determined generally because the geographic communications cell that the call was made in is stored with the details of the call. But it is also possible to get greater resolution of a persons location by combining information from a number of cells surrounding the persons location.

Mobile phones are, in surveillance terms, a major liability. This liability will only increase as the new third-generation (3G) phones are introduced. This is because the base stations will be located closer together.

See the article telephone tapping for more details.

Postal services

As more people use faxes and email the significance of the postal system is decreasing (this may not be the case in all countries, certainly the case with international communications, but probably not local). But interception of post is still very important to the security services.

There is no easy way to know your post is being read. The machines used to sort and stamp letters often rip up items anyway, so damage is no certain indicator that your post is being read.

The simplest counter-measure to stop your post being opened is to put sticky tape along each edge and the seams of the envelope, and then sign the tape with an indelible marker. That prevents all but the most expert tampering.

People used to send floppy disks via the post. Today these files can go easily by email. But [[Compact disc|CD]s and DVDs of data are still regularly sent by post. To ensure that this data is not open to reading by anyone, even if its just wrongly delivered, you should encrypt the data.

Surveillance devices - 'bugs'

Surveillance devices or 'bugs' are not really a communications medium, but they are a device that requires a communications channel. The idea of a 'bug' usually involves a radio transmitter, but there are many other options for carrying a signal; you can send radio frequencies through the main wiring of a building and pick them up outside, you can pick up the transmissions from a cordless phones, and you can pick up the data from poorly configured wireless computer networks or tune in to the radio emissions of a computer monitor.

Bugs come in all shapes and sizes. The original purpose of bugs was to relay sound. Today the miniaturisation of electronics has progressed so far then even TV pictures can be broadcast via bugs that incorporate miniature video cameras (something made popular recently during TV coverage sports events, etc.). The cost of these devices has dramatically fallen.

See the article on bugging for more details.

Computer Surveillance

At the very basic level, computers are a surveillance target because you confide your secrets into them. Anyone who can and access or remove your computer can retrieve your information. If someone is able to install software on your system they can turn your computer into a surveillance device.

Computers can be tapped by a number of methods, ranging from the installation of physical bugs, to the installation of surveillance software or remote interception of the radio transmissions generated by the normal operation of computers.

See the article computer surveillance for more details.

Photography

Photography is becoming more valuable as a means of surveillance. In recent years there has been a significant expansion in the level of stills and video photography carried out at public demonstrations in many countries. At the same time there have been advances in closed circuit television (CCTV) technology and computer image processing that enable digital images taken from cameras to be matched with images stored in a database.

Photographs have long been collected as a form of evidence. But as protest and civil disobedience become an ever greater liability to governments and corporations, images are gathered not only as evidence for prosecution, but also as a source of intelligence information. The collection of photographs and video also has another important function - it scares people.

Closed circuit TV

Closed circuit TV (CCTV) - where the picture is viewed or recorded, but not broadcast - initially developed as a means of security for banks. Today it has developed to the point where it is simple and inexpensive enough to be used in home security systems, and for everyday surveillance.

The widespread use of CCTV by the police and governments has developed over the last 10 years. In the UK, cities and towns across the country have installed large numbers of cameras linked to police authorities. The justification for the growth of CCTV in towns is that it deters crime - although there is still no clear evidence that CCTV reduces crime. The recent growth of CCTV in housing areas also raises serious issues about the extent to which CCTV is being used as a social control measure rather than simply a deterrent to crime.

The development of CCTV in public areas, linked to computer databases of people's pictures and identity, presents a serious risk to civil liberties. Potentially you will not be able to meet anonymously in a public place. You will not be able to drive or walk anonymously around a city. Demonstrations or assemblies in public places could be affected as the state would be able to collate lists of those leading them, taking part, or even just talking with protesters in the street.

See the article CCTV for more details.

Documentation trails

Modern society creates huge amounts of data. Every time you use a bank machine, pay by credit card, use a phone card or make a call from home you clock up electronic records of transactions. In the past these would have been called 'paper trails'. But today many of these records are electronic. This information, if obtained by the state, or obtained through unofficial channels (sorting your rubbish/bribing those in charge of keeping the information) can also describe how you live and work.

One of the greatest freedoms we have is to buy a book, or a newspaper, or to donate money to a cause, and do so with complete anonymity. When transactions are electronic, that anonymity is lost.

Marketing and credit reporting agencies rival the state intelligence services for their collection of dossiers. Today a whole web of information is collected by marketing companies in order to sell you things, or determine how companies should run their marketing strategies. The details from a whole range of transactions, from credit agreements to the electoral register, are all purchased by market research companies to provide information on the habits of the public as potential customers.

Data profiling

Most of the information described above is generalised - it identifies trends from large quantities of data, and the role of the individual in that is very minor. Data profiling on the other hand is a process whereby someone seeks to get as much information about you as possible - personally - in order to assemble a picture of your specific life and habits.

Data profiling is very important in intelligence operations and has many applications - from deciding whether a person is vulnerable to bribery, through to conducting profiling of suspects to decide where they can be apprehended. The state has powers to do this by issuing orders that banks, credit companies or even your employer supply data to them. But even corporations and private investigators can assemble this information if they are well connected.

Much personal information is not very well protected, because small amounts of information is not considered sensitive. But once this information is brought together it can describe in detail the actions, habits and preferences of the individual.

Historically, much information has been protected by practical obscurity, the difficulty of aggregating or analyzing a large number of data points. This has lead to unexpected results as birth records, property tax rolls, and other records are brought online, where they can be easily collated by computer.

Identities

There are instances when we wish to hide our identity - to remain anonymous - for a whole range of reasons. To eliminate this will be a serious erosion of our civil liberties. This is possible as we move towards the development of 'electronic identities. There are two aspects to this:

The development of identity systems is being pushed on two fronts:

One of the simplest forms of identification is the carrying of credentials. Some countries have an identity card system to aid identification. Other documents, such as drivers licenses, library cards, bankers or credit cards are also used to verify identity. The problem with identity based on credentials is that the individual must carry them, and be identifiable, or face a legal penalty. This problem is compounded if the form of the identify card is 'machine-readable' (could you explain more) In this case it may create a document trail as it is used to verify transactions.

As a means of combating the problem of people carrying or falsifying credentials, researchers are increasingly looking at biometrics - measuring biological or physical characteristics - as a way to determine identity. One of the oldest forms of biometrics is fingerprints. Every finger of every person (identical twins included) has a unique pattern, and these have been used for many years to help identify suspects in police enquiries. A finger/thumb print can be reduced to a brief numeric description, and such systems are being used in banks and secure areas to verify identity.

A more recent development is DNA fingerprinting, which looks at some of the major markers in the body's DNA to produce a match. However, the match produced is less accurate than ordinary fingerprints because it only identifies people to a certain probability of matching. Further, identical twins have identical DNA, and so are indistinguishable by this method.

Handwriting - primarily your signature - has been used for many years to determine identity. However other characteristics of the individual can also be used to check identity. Voice analysis has been used for some as a means to prove identity - but it is not suited to portable use because of the problems of storing a range of voice prints. But perhaps the two most viable portable systems, because identities can be reduced to a series of numeric data points rather than a detailed image or sound, are:

By combining some form of personal identifying feature, with a system of verification it is possible to do everything from buying food to travelling abroad. The important issue is how this information is managed in order to reduce the likelihood of tracking. If you were to combine a particular biometric system with new smart card technology to store the description, that system would be immune from tracking (unless the transaction produced a document/electronic trial). But if the identifying features are stored centrally, and a whole range of systems have access to those descriptions, it is possible that other uses could be made of the data; for example, using high resolution CCTV images with a databases of facial identities in order to identify people at random.

Human operatives and social engineering

The most invasive form of surveillance is the use of human operatives. This takes two forms:

Running operatives is very expensive, and for the state the information recovered from operatives can be obtained from less problematic forms of surveillance. If discovered, it can also be a public relations disaster for the government or corporation involved. For these reasons, the use of operatives to infiltrate organisations is not as widespread as many believe. But infiltration is still very likely from other organisations who are motivated to discover and monitor the work of campaign groups. This may be for political or economic motivations. There are also many informal links between large corporations and police or security services, and the trading of information about groups and activists is part of this relationship.

It is not possible to guard against the infiltration of an organisation without damaging the viability or effectiveness of the organisation. Worrying too much about infiltration within the organisation can breed mistrust and bad working relationships within an organisation. Rather like other forms of surveillance, the professional infiltration of operatives into and organisation is difficult to guard against.

Another more likely scenario, especially when dealing with the media or corporate public relations, is social engineering. Social engineering is where someone phones you, interviews you, or just talks to you in the street and tries to make you believe they are someone else, or someone with an innocuous interest in you. But their real interest is to obtain some specific information that they believe you possess.

You should develop clear procedures for handling enquiries about your work. For example, one day you get a phone call saying "hi, I'd really like to come on your demonstration against Company X, when is it?", or, "I'm calling for john, he's lost the password for the computer can you give it to me?". You have to guard against the disclosure of information in this way:

Unless you have an extremely good reason to, you should never give any security-related information over the phone, and via the Internet you should encrypt security information.

Social engineering is easily identified by asking a series a questions to see if a person is aware of facts or future plans that they should not have awareness of.

Journalists for well known media organisation can be verified by phoning the editor of that organisation, but freelance or independent journalists should be treated with care - they could be working for anyone.

There is of course a balance to be struck here. You need to be able to allow people a certain amount of access to your campaigns. But you also need to preserve the integrity of the groups of people most closely involved in the campaigns work. How you arrive at this balance is your own, difficult, problem to resolve. But however it is resolved, it must be agreed between all those involved in a particular issue in order that you have a consistent policy with all those involved.

Personal counter-surveillance

Counter-surveillance is reliant on good information security planning. Protecting information is the first stage of counter-surveillance. But counter surveillance must also be seen as a balancing of opposing objectives.

If you are very good at restricting all information, that state or corporations will have problems monitoring you. However, you are also likely to become more isolated and secretive in the process. Therefore, like information security, counter surveillance requires an effort to protect those activities or information that are sensitive, whilst giving less emphasis to those activities that can be open to all.

Information security is primarily based on protecting equipment with security procedures and barriers. Personal counter-surveillance is based on much the same process, but instead you provide security and barriers around your own personal habits. As humans we are creatures of habit. If we exhibit very predictable habits, this makes monitoring of our activities easier. But if on certain occasions we break our habits, it can also give away the fact that we are doing something at that time which is not part of our everyday work.

The best way to begin thinking about avoiding surveillance is to think about breaking the regular patterns in your life. This masks regular activity, so making it harder to practice routine surveillance. But it also masks the times when you may undertake activities out of the ordinary.

Breaking regular patterns does not mean going to bed at different times, or working different hours everyday. Instead it requires that any activities you wish to avoid being the subject of surveillance are integrated into the other events in your life - but not to the extent that they become predictable. If you change the route you take to work or to shop on a random basis, you make it more difficult to monitor your movements. If you build irregular appointments into activities that might involve surveillance, it creates a background 'noise' in the pattern of your activities that masks any change in your habits.

Securing the information on your computer will help your overall security. If you have a portable computer you are presented with a whole new problem because you move that system outside of your ordinary systems of security and access barriers. Therefore special care should be taken with portable computers:

Primarily, when dealing with sensitive information, avoid generating any kind of documentation or opportunities for surveillance. Think about implementing the following as part of your work:

See also

References