Mass Surveillance Mass Surveillance What are the risks for the citizens and the opportunities for the European Information Society? What are the possible mitigation strategies? Part 1 - Risks and opportunities raised by the current generation of network services and applications Annex IP/G/STOA/FWC-2013-1/LOT 9/C5/SC1 January 2015 PE 527.409 STOA - Science and Technology Options Assessment The STOA project 'Mass Surveillance - Part 1: Risks and opportunities raised by the current generation of network services and applications' was carried out by TECNALIA Research and Investigation. AUTHORS Arkaitz Gamino Garcia Concepción Cortes Velasco Eider Iturbe Zamalloa Erkuden Rios Velasco Iñaki Eguía Elejabarrieta Javier Herrera Lotero José Javier Larrañeta Ibañez Stefan Schuster (Editor) STOA RESEARCH ADMINISTRATOR Peter Ide-Kostic Scientific Foresight Unit Directorate for Impact Assessment and European Added Value Directorate-General for Parliamentary Research Services European Parliament, Rue Wiertz 60, B-1047 Brussels E-mail: [email protected] LINGUISTIC VERSION Original: EN ABOUT THE PUBLISHER To contact STOA or to subscribe to its newsletter please write to: [email protected] This document is available on the Internet at: http://www.ep.europa.eu/stoa/ Manuscript completed in January 2015 Brussels, © European Union, 2015 DISCLAIMER The content of this document is the sole responsibility of the author and any opinions expressed therein do not necessarily represent the official position of the European Parliament. It is addressed to the Members and staff of the EP for their parliamentary work. Reproduction and translation for non- commercial purposes are authorised, provided the source is acknowledged and the European Parliament is given prior notice and sent a copy. PE 527.409 ISBN: 978-92-823-5537-4 DOI: 10.2861/566206 CAT: QA-05-14-156-EN-N ANNEX Mass surveillance - Part 1:Risks, Opportunities and Mitigation Strategies Abstract This document contains the Annex to the Study on Mass Surveillance, commissioned by STOA of the European Parliament. This Annex contains detailed information and references that were used as the basis for the elaboration of the Study. The motivation for providing this Annex in conjunction with the Study is to provide the reader with a means to delve deeper into relevant information concerning the questions posed in the tender of the Study. In order to facilitate the reader an appropriate orientation and guidance for accessing this information, this Annex is structured according to the themes and questions specified in the original tender. Specific information or crosslinks to information that is relevant for more than one question are provided for each of the thirty five questions documented in the tender. STOA - Science and Technology Options Assessment ANNEX Mass surveillance - Part 1:Risks, Opportunities and Mitigation Strategies CONTENTS LIST OF ABBREVIATIONS ................................................................................................................................ 1 LIST OF TABLES.................................................................................................................................................. 3 LIST OF FIGURES ................................................................................................................................................ 4 1 THEME 1 - CURRENT PRACTICES OF INTERCEPTION AND ANALYSIS OF END-USER META-DATA ............................................................................................................................................... 5 1.1 Question 1............................................................................................................................................ 5 1.2 Question 2.......................................................................................................................................... 10 1.3 Question 3.......................................................................................................................................... 13 1.4 Question 4.......................................................................................................................................... 17 1.5 Question 5.......................................................................................................................................... 19 1.6 Question 6.......................................................................................................................................... 20 2 THEME 2 - CRYPTOGRAPHY RELIABILITY IN A “POST SNOWDEN” WORLD ....................... 33 2.1 Question 7.......................................................................................................................................... 33 2.2 Question 8.......................................................................................................................................... 38 2.3 Question 9.......................................................................................................................................... 41 2.4 Question 10........................................................................................................................................ 42 2.5 Question 11........................................................................................................................................ 44 2.6 Question 12........................................................................................................................................ 45 2.7 Question 13........................................................................................................................................ 46 2.8 Question 14........................................................................................................................................ 49 2.9 Question 15........................................................................................................................................ 51 2.10 Question 16........................................................................................................................................ 53 2.11 Question 17........................................................................................................................................ 53 2.12 Question 18........................................................................................................................................ 54 3 THEME 3 - EFFICIENCY OF COMMERCIAL PRODUCTS FOR DOING MASS SURVEILLANCE ...................................................................................................................................................................... 56 3.1 Question 19........................................................................................................................................ 56 3.2 Question 20........................................................................................................................................ 68 3.3 Question 21........................................................................................................................................ 75 3.4 Question 22........................................................................................................................................ 79 3.5 Question 23........................................................................................................................................ 80 3.6 Question 24........................................................................................................................................ 83 3.7 Question 25........................................................................................................................................ 86 STOA - Science and Technology Options Assessment 3.8 Question 26........................................................................................................................................ 87 3.9 Question 27........................................................................................................................................ 88 3.10 Question 28........................................................................................................................................ 90 3.11 Question 29........................................................................................................................................ 90 4 THEME 4 - TECHNICAL CREDIBILITY OF NATIONAL SECURITY AGENCIES HACKING CAPABILITIES........................................................................................................................................... 92 4.1 Question 30........................................................................................................................................ 92 4.2 Question 31........................................................................................................................................ 93 4.3 Question 32........................................................................................................................................ 96 4.4 Question 33........................................................................................................................................ 99 4.5 Question 34...................................................................................................................................... 102 4.6 Question 35.....................................................................................................................................