Corporate surveillance and government surveillance aren’t separate. They’re intertwined; the two support each other. It’s a public-private surveillance partnership that spans the world. This isn’t a formal agreement; it’s more an alliance of interests. Although it isn’t absolute, it’s become a de facto reality, with many powerful stakeholders supporting its perpetuation. And though Snowden’s revelations about NSA surveillance have caused rifts in the partnership, it’s still strong.
The Snowden documents made it clear how much the NSA relies on US corporations to eavesdrop on the Internet. The NSA didn’t build a massive Internet eavesdropping system from scratch. It noticed that the corporate world was already building one, and tapped into it. Through programs like PRISM, the NSA legally compels Internet companies like Microsoft, Google, Apple, and Yahoo to provide data on several thousand individuals of interest. Through other programs, the NSA gets direct access to the Internet backbone to conduct mass surveillance on everyone. Sometimes those corporations work with the NSA willingly. Sometimes they’re forced by the courts to hand over data, largely in secret. At other times, the NSA has hacked into those corporations’ infrastructure without their permission.
This is happening all over the world. Many countries use corporate surveillance capabilities to monitor their own citizens. Through programs such as TEMPORA, the UK’s GCHQ pays telcos like BT and Vodafone to give it access to bulk communications all over the world. Vodafone gives Albania, Egypt, Hungary, Ireland, and Qatar—possibly 29 countries in total—direct access to Internet traffic flowing inside their countries. We don’t know to what extent these countries are paying for access, as the UK does, or just demanding it. The French government eavesdrops on France Télécom and Orange. China and Russia partner with companies in their countries to eavesdrop on their citizens. About a dozen countries have data retention laws—declared unconstitutional in the EU in 2014—requiring ISPs to keep surveillance data on their customers for some months in case the government wants access to it. Internet cafes in Iran, Vietnam, India, and elsewhere must collect and retain identity information of their customers.
Read the rest here...