The Future of Government Surveillance - Looks Like This
Before the Internet, when surveillance consisted largely of government-on-government espionage, agencies like the NSA would target specific communications circuits: that Soviet undersea cable between Petropavlovsk and Vladivostok, a military communications satellite, a microwave network. This was for the most part passive, requiring large antenna farms in nearby countries.
Modern targeted surveillance is likely to involve actively breaking into an adversary's computer network and installing malicious software designed to take over that network and "exfiltrate" data—that's NSA talk for stealing it. To put it more plainly, the easiest way for someone to eavesdrop on your communications isn't to intercept them in transit anymore; it's to hack your computer.
In 2011, an Iranian hacker broke into the Dutch certificate authority DigiNotar. This enabled him to impersonate organizations like Google, the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter, and Microsoft's Windows Update service. That, in turn, allowed him to spy on users of these services. He passed this ability on to others—almost certainly in the Iranian government—who in turn used it for mass surveillance on Iranians and probably foreigners as well. Fox-IT estimated that 300,000 Iranian Gmail accounts were accessed.
In 2009, Canadian security researchers discovered a piece of malware called GhostNet on the Dalai Lama's computers. It was a sophisticated surveillance network, controlled by a computer in China. Flame is a surveillance tool that researchers detected on Iranian networks in 2012; these experts believe the United States and Israel put it there and elsewhere. Red October, which hacked and spied on computers worldwide for five years before it was discovered in 2013, is believed to be a Russian surveillance system. So is Turla, which targeted Western government computers and was ferreted out in 2014. The Mask, also discovered in 2014, is believed to be Spanish. Iranian hackers have specifically targeted U.S. officials. There are many more known surveillance tools like these, and presumably others still undiscovered.
Stuxnet is the first military-grade Cyber weapon known to be deployed by one country against another. It was launched in 2009 by the United States and Israel against the Natanz nuclear facility in Iran, and succeeded in causing significant physical damage. A 2012 attack against Saudi Aramco that damaged some 30,000 of the national oil company's computers is believed to have been retaliation by Iran.
There's an interesting monopolistic effect that occurs with surveillance. Espionage basically follows geopolitical lines; a country gets together with its allies to jointly spy on its adversaries. That's how we did it during the Cold War. It's politics.
Mass surveillance is different. If you're truly worried about attacks coming from anyone anywhere, you need to spy on everyone everywhere. And since no one country can do that alone, it makes sense to share data with other countries.
But whom do you share information with? You could share with your traditional military allies, but they might not be spying on the countries you're most worried about. Or they might not be spying on enough of the planet to make sharing worthwhile. It makes the best sense to join the most extensive spying network around. And that's the United States.
This is what's happening right now. U.S. intelligence agencies partner with many countries as part of an extremely close relationship of wealthy, English-speaking nations called the Five Eyes: the U.S., U.K., Canada, Australia, and New Zealand. Other partnerships include the Nine Eyes, which adds Denmark, France, the Netherlands, and Norway; and the Fourteen Eyes, which adds Germany, Belgium, Italy, Spain, and Sweden. And the United States partners with countries that have traditionally been much more standoffish, like India, and even with brutally repressive regimes like Saudi Arabia's.
All of this gives the NSA access to almost everything. In testimony to the European Parliament in 2014, Snowden said, "The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements."
The endgame of this isn't pretty: It's a global surveillance network where all countries collude to surveil everyone on the entire planet. It'll probably not happen for a while—there will be holdout countries like Russia that will insist on doing it themselves, and rigid ideological differences will never let countries like Iran cooperate fully with either Russia or the United States—but most smaller countries will be motivated to join. From a very narrow perspective, it's the rational thing to do.
