Electronic Surveillance - Out of sight out of mind
February 24, 2015 | Business Crime
NZ Security magazine writes:
Following the spectacular mass surveillance revelations in the lead up to last year’s national elections - and failure of these revelations to gain traction the issue of internet and electronic surveillance appears to have fallen off our collective radar. But while the election may now be a distant pre-festive season memory, the reality is that the threats to our privacy and livelihoods posed by illicit surveillance haven’t gone away.
New Zealand Security Magazine recently caught up with three experts from across the electronic surveillance space, to get an update on the surveillance threat landscape.
Our experts include Dr John Farnsworth, Internet Surveillance Specialist from the University of Otago’s Department Media, Film and Communication; Private Investigator Daniel Toresen, Director of specialist corporate investigations firm Thompson & Toresen; and Des Hope, TSCM Specialist and Managing Director at Auckland-based Pacific Sunrise Limited.
Should New Zealanders be concerned
about their privacy and illicit surveillance?
The Academic: According to Dr Farnsworth, New Zealanders need to be deeply concerned about their privacy and their rights. “We are at the beginning, not the end, of a surveillance society with tools so extensive it’s hard for most of us to grasp,” he warns. “This is not simply in terms of state surveillance – the GCSB and other bodies – but with corporate bodies. And this is not just within New Zealand but globally.”
We have reason to be particularly concerned, he warns, with our links to the Five Eyes network. “This invites foreign intrusion because our government feeds and has access to global surveillance data,” he says, clarifying that ‘foreign’ surveillance also includes corporate and commercial surveillance.
The Professionals: Des Hope agrees with his academic colleague on this point. “If you’re going global,” he cautions, “you can be sure that the foreign party will target you.”
“Overseas governments, such as the US and China, use information for geopolitical reasons and for the advancement of their countries’ businesses, he observes, citing Langley and the Pudong surveillance centre as prominent examples. “There are unscrupulous people about,” he continues, “and to think that they are not operating in New Zealand is to put your head in the sand.”
Unsurprisingly, Daniel Toresen’s views are not wildly inconsistent. He sees real risk in overseas parties, including card swipers, anonymous and issues motivated individuals/groups, such as animal activists, gaining information. “Imagine if someone got into your emails?” he asks. “Things said in private becoming public can be devastating for a company.” Compounding the risk, he adds, is that “people aren’t deleting things anymore,” so the amount of information on offer to attackers are greater than ever.
How conscious are New Zealanders of illicit surveillance? Are we now more or less aware than in the past?
The Academic: Most individuals, it appears, have little idea of how information is collected about them, says Dr Farnsworth, whether via Facebook, Google or someone else, and even less an idea of what uses their information is put to.
One reason for this is that people have little idea of just how powerful algorithms are in detecting patterns of usage and identifying how individuals and consumers behave. “This is why, for example, when we surf the internet, we keep hitting advertisements related to previous searches we’ve made on Amazon or other sites.” And, he says, we are always seduced into believing this is either beneficial or harmless.
The Professionals: In Daniel’s view, there is low interest among the public on what the Government is doing in terms of electronic surveillance. People tend to assume that Wellington is “doing the right thing”, and they tend to glaze over when confronted with the topic. But, he warns, privacy is being eroded rapidly, and people are increasingly accepting and lax in relation to it. “People are more aware, but less interested, as it’s hard to keep up with the increasing technological complexity of the issue.”
Des is in agreement with his counterparts on this issue. People understand that surveillance exists, he says, “but they seem to think in the main that it’s something that happens in North America and Europe but not here.”
There is a natural inclination, he suggests, to assume that businesses wouldn’t engage in that sort of activity, but the fact remains that some are drawn to the potential gains of being a “fly on the wall”. Although a company’s senior management would likely avoid the temptation, there may be rogue elements within an organisation that wouldn’t.
Such information may make its way up the management chain with the caveat “You don’t want to know where this information comes from, but…”
How has surveillance technology and/or the threat environment changed over the past 12months?
The Academic: According to Dr Farnsworth, the landscape is continually changing, and in ways that are not commonly revealed. “Existing technologies such as Xkeyscore continue to threaten our security whilst, at the same time, we have little idea about what new forms of surveillance have been developed.” Edward Snowden’s data releases have given us startling insights into “how much has been developed about which no one had any idea.”
“There has been, and will be, no guarantee internationally that this has changed or that new surveillance mechanisms have stopped being developed,” he says. On the contrary, he points out that there is extensive evidence that new, subtler recognition and simulation software is becoming available.
The Professionals: Des points to the major changes that have occurred in the last five years in terms of the surveillance of mobile phones. “Up until 18 months ago, the only people who could tap into them were service providers or government,” has says, but this has changed. Now anyone can download software into the operating system of another person’s phone ‘as they speak’.
“I can then call your phone and use it to make calls, track you to within three metres (in a city), enliven the microphone and hear anything within an eight metre radius of the phone.”
And the scary part is that such software remains undetectable to service providers and to most forensics.
What are the main reasons why New Zealand businesses are seeking TSCM (Technical Surveillance Counter-Measures) examinations?
This was a question for our electronic surveillance professionals.
According to Daniel, it’s a case of weighing up the likelihood of eavesdropping against the potential harm that can come of it. Electronic listening devices, he says, are quite rare to find in boardrooms or businesses, and the chances of such surveillance occurring are negligible. While some companies have protocols dictated by overseas headquarters that require TSCM checks, others get it done as a precaution.
Des likens TSCM work to insurance: “You wouldn’t go and buy a Mercedes without a cover note or insurance on it. The chance of sideswiping is minimal, but it does happen.”
According to Des, the big turn off to potential TSCM customers in New Zealand is price. “But you are paying for experience and very, very sophisticated equipment,” he states. “There is a hell of a lot of loose talk out there and TSCM eliminates one area.”
How do you see the landscape evolving over the next 12 months?
The Academic: According to Dr Farnsworth, there will be more local disputes around privacy and surveillance, and indeed a necessity for it. “There needs to be more political scrutiny and accountability,” he says, “…but there will be more, largely invisible, surveillance unless brave journalists such as Nicky Hager, bring this to light.”
The Professionals: Systems are built by people, Daniel reminds us, “and as such it will be impossible to prevent people hacking into systems.” Email breaches will continue, and damage to companies will continue to range from embarrassment to large sums of money being stolen. He also points to the increasing sophistication of cyber crime, and the fact that chasing essentially nomadic cyber criminals across multiple international jurisdictions will continue to be a near impossible endeavour.
He offers a few simple tips. “Have your network looked at by a computer security professional to ensure there areno gaping holes in your security,” he advises, and “ensure staff are security aware and have been briefed on good password security habits.” Following basic security precautions, such as having passwords regularly changed and having good protocols around that, can make all the difference.
We’ll see more and more cell phone attacks, according to Des Hope, and the means of attack will become easier and more sophisticated. Tele-controlled eavesdropping devices that can be turned on and off remotely, such a GSM bugs, have been around for about three years, but are becoming increasingly affordable.
“People are just damned careless in the handling of information and documentation,” observes Des. Again, simple security measures like following clean desk policies and ensuring that contractors are supervised at all times in the workplace can protect against privileged information being reproduced or removed.
Despite the issue of surveillance being relegated to the political scrap heap during 2014’s national elections, our expert panel is in agreement that we should be taking the issue far more seriously than we do.
We do not fear, it seems, what we can’t see, and in terms of surveillance it really does appear that we have developed an unnatural state of non-fear in relation to the unknown.
For a nation that is characteristically skeptical about a whole range of things, it is strange that our individual and collective survival instincts fail to register either mass government or targeted commercial electronic surveillance as a threat.
A little skepticism is surely not a bad thing.
Article source: http://www.newzealandsecurity.co.nz/free-magazine.php
