Mass Surveillance

Mass Surveillance

Mass Surveillance Mass Surveillance What are the risks for the citizens and the opportunities for the European Information Society? What are the possible mitigation strategies? Part 1 - Risks and opportunities raised by the current generation of network services and applications Study IP/G/STOA/FWC-2013-1/LOT 9/C5/SC1 January 2015 PE 527.409 STOA - Science and Technology Options Assessment The STOA project “Mass Surveillance Part 1 – Risks, Opportunities and Mitigation Strategies” was carried out by TECNALIA Research and Investigation in Spain. AUTHORS Arkaitz Gamino Garcia Concepción Cortes Velasco Eider Iturbe Zamalloa Erkuden Rios Velasco Iñaki Eguía Elejabarrieta Javier Herrera Lotero Jason Mansell (Linguistic Review) José Javier Larrañeta Ibañez Stefan Schuster (Editor) The authors acknowledge and would like to thank the following experts for their contributions to this report: Prof. Nigel Smart, University of Bristol; Matteo E. Bonfanti PhD, Research Fellow in International Law and Security, Scuola Superiore Sant’Anna Pisa; Prof. Fred Piper, University of London; Caspar Bowden, independent privacy researcher; Maria Pilar Torres Bruna, Head of Cybersecurity, Everis Aerospace, Defense and Security; Prof. Kenny Paterson, University of London; Agustín Martin and Luis Hernández Encinas, Tenured Scientists, Department of Information Processing and Cryptography (Cryptology and Information Security Group), CSIC; Alessandro Zanasi, Zanasi & Partners; Fernando Acero, Expert on Open Source Software; Luigi Coppolino,Università degli Studi di Napoli; Marcello Antonucci, EZNESS srl; Rachel Oldroyd, Managing Editor of The Bureau of Investigative Journalism; Peter Kruse, Founder of CSIS Security Group A/S; Ryan Gallagher, investigative Reporter of The Intercept; Capitán Alberto Redondo, Guardia Civil; Prof. Bart Preneel, KU Leuven; Raoul Chiesa, Security Brokers SCpA, CyberDefcon Ltd.; Prof. Hugo Scolnik, Departamento de Computación, Universidad Buenos Aires STOA RESEARCH ADMINISTRATOR Peter Ide-Kostic Scientific Foresight (STOA) Unit Directorate for Impact Assessment and European Added Value Directorate-General for Parliamentary Research Services European Parliament, Rue Wiertz 60, B-1047 Brussels E-mail: [email protected] LINGUISTIC VERSION Original: EN ABOUT THE PUBLISHER To contact STOA or to subscribe to its newsletter please write to: [email protected] This document is available on the Internet at: http://www.ep.europa.eu/stoa/ Manuscript completed in January 2015 Brussels, © European Union, 2015 DISCLAIMER The content of this document is the sole responsibility of the author and any opinions expressed therein do not necessarily represent the official position of the European Parliament. It is addressed to the Members and staff of the EP for their parliamentary work. Reproduction and translation for non- commercial purposes are authorised, provided the source is acknowledged and the European Parliament is given prior notice and sent a copy. PE 527.409 ISBN: 978-92-823-5535-0 DOI: 10.2861/269619 CAT: QA-05-14-155-EN-N Mass Surveillance - Part 1: Risks, Opportunities and Mitigation Strategies Abstract This document identifies the risks of data breaches for users of publicly available Internet services such as email, social networks and cloud computing, and the possible impacts for them and the European Information Society. It presents the latest technology advances allowing the analysis of user data and their meta-data on a mass scale for surveillance reasons. It identifies technological and organisational measures and the key stakeholders for reducing the risks identified. Finally the study proposes possible policy options, in support of the risk reduction measures identified by the study. This study covers the analysis of the existing generation of network services and applications at the time of the study (2014) and the short to mid-term technical measures and policy options suitable for counteracting mass surveillance practices and guaranteeing privacy and security of electronic communication channels. Future long-term technological and policy options addressing privacy and security in information and communication technologies are outlined in part two of this study, published by STOA. This study is accompanied by an Annex, which provides detailed answers to the thirty five questions posed in the original tender for this study. The annex is published as a separate document. STOA - Science and Technology Options Assessment Mass Surveillance - Part 1: Risks, Opportunities and Mitigation Strategies Table of contents EXECUTIVE SUMMARY.................................................................................................................................... 1 1 INTRODUCTION........................................................................................................................................ 4 2 DOCUMENT STRUCTURE AND METHODOLOGICAL APPROACH ............................................ 5 2.1 Format conventions............................................................................................................................ 5 2.2 Document Structure ........................................................................................................................... 5 2.3 Methodological approach applied ................................................................................................... 5 3 CURRENT PRACTICES OF INTERCEPTION AND ANALYSIS OF END-USER META-DATA ... 7 3.1 Types of Meta-Data and their retention .......................................................................................... 7 3.2 The role of commercial Cookies and trackers................................................................................. 9 3.3 Meta-data analysis for mass surveillance purposes..................................................................... 11 3.4 Complicity between mass surveillance organizations and other parties.................................. 12 4 CRYPTOGRAPHY RELIABILITY IN A “POST SNOWDEN” WORLD............................................ 16 4.1 Current and upcoming cryptography problems.......................................................................... 17 4.2 Malware in platforms and end-points ........................................................................................... 21 4.3 Cryptography and cyber warfare arena ........................................................................................ 22 4.4 Telecommunication sector............................................................................................................... 23 5 EFFICIENCY OF COMMERCIAL PRODUCTS FOR DOING MASS SURVEILLANCE ................ 26 5.1 Commercially available mass surveillance products................................................................... 26 5.2 Legal context for mass surveillance tools and services ............................................................... 29 5.3 Effectiveness of surveillance products and resources needed ................................................... 31 5.4 Cryptography and encryption analysis......................................................................................... 33 6 TECHNICAL CREDIBILITY OF NATIONAL SECURITY AGENCIES’ HACKING CAPABILITIES ...................................................................................................................................................................... 35 6.1 Cooperation of private companies with national security agencies.......................................... 35 6.2 Hacking capabilities of national security agencies ...................................................................... 35 6.3 Efficiency of intelligence services surveillance programs........................................................... 37 6.4 Credibility of accusations on mass surveillance........................................................................... 40 6.5 Efficiency of solutions to fight mass surveillance ........................................................................ 40 6.6 Threats and opportunities of using foreign OS and applications in public administration... 42 7 TECHNICAL AND POLICY OPTIONS PROPOSED FOR MITIGATING THE IDENTIFIED RISKS ................................................................................................................................................................... 44 7.1 Best practices for preventing cryptography problems ................................................................ 44 7.2 Technical options for mitigating surveillance risk....................................................................... 45 7.3 Short to mid-term policy options for controlling mass surveillance ......................................... 53 STOA - Science and Technology Options Assessment 8 CONCLUSIONS ........................................................................................................................................ 55 LIST OF ABBREVIATIONS .............................................................................................................................. 56 ANNEX (see separate document) Mass Surveillance - Part 1: Risks, Opportunities and Mitigation Strategies EXECUTIVE SUMMARY The disclosure of controversial mass surveillance programmes by intelligence and national security agencies has evoked an international debate on the right of citizens to be protected from illegitimate or warrantless collection and analysis of their data and meta-data. This report aims

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    66 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us