Targeted surveillance

Targeted surveillance (or targeted interception) is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance (or bulk interception). Both untargeted and targeted surveillance is routinely accused of treating innocent people as suspects in ways that are unfair, of violating human rights, international treaties and conventions as well as national laws, * and of failing to pursue security effectively.

A 2014 report to the UN General Assembly by the United Nations' top official for counter-terrorism and human rights condemned mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. The report also makes a distinction between "targeted surveillance" - which "depend[s] upon the existence of prior suspicion of the targeted individual or organization" — and "mass surveillance", by which "states with high levels of Internet penetration can [...] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites".

The United Kingdom's House of Lords also distinguishes between these two broad types of surveillance:


 * Mass surveillance is also known as “passive” or “undirected” surveillance. [...] It is not targeted on any particular individual but gathers images and information for possible future use. CCTV and databases are examples of mass surveillance.
 * Targeted surveillance is surveillance directed at particular individuals and can involve the use of specific powers by authorised public agencies. Targeted surveillance can be carried out overtly or covertly, and can involve human agents. Under the Regulation of Investigatory Powers Act 2000 (RIPA), targeted covert surveillance is “directed” if it is carried out for a specific investigation or operation. By comparison, if it is carried out on designated premises or on a vehicle, it is “intrusive” surveillance. Targeting methods include the interception of communications, the use of communications “traffic” data, visual surveillance devices, and devices that sense movement, objects or persons.

Only targeted interception of traffic and location data in order to combat serious crime, including terrorism, is justified, according to a decision by the European Court of Justice.

NSA's selector lists
The current approach of the NSA and its related organizations is attempting to collect all signals of everybody at all times without any prior selection. So any current selection is only used for targets of special interest, human review or special resource allocation.

Such selectors include searching the web for the privacy-enhancing software tools such as Tor.

A leaked document revealed that for the XKeyscore program, using languages that are out of place for the region one is in, using encryption, and searching the web for 'suspicious stuff', were suggested as selectors.

NSA and Germany's selector lists
In Operation Eikonal, German BND agents received "Selector Lists" − search terms for their dragnet surveillance. They contain IP addresses, mobile phone numbers and email accounts with the BND surveillance system containing hundreds of thousands and possibly more than a million such targets. These lists have been subject of controversy since in 2008 when it was revealed that they contained some terms targeting the European Aeronautic Defence and Space Company (EADS), the Eurocopter project as well as French administration, which were first noticed by BND employees in 2005. Other selectors were found to target the administration of Austria. After the revelations made by whistle-blower Edward Snowden the BND decided to investigate the issue whose October 2013 conclusion was that at least 2,000 of these selectors were aimed at Western European or even German interests which has been a violation of the Memorandum of Agreement that the US and Germany signed in 2002 in the wake of the 9/11 terror attacks. After reports emerged in 2014 that EADS and Eurocopter had been surveillance targets the Left Party and the Greens filed an official request to obtain evidence of the violations.

The BND's project group charged with supporting the NSA investigative committee in German parliament was set up in spring 2014. It reviewed the selectors and discovered 40,000 suspicious search parameters, including espionage targets in Western European governments and numerous companies. The group also confirmed suspicions that the NSA had systematically violated German interests and concluded that the Americans could have perpetrated economic espionage directly under the Germans' noses. The investigative parliamentary committee was not granted access to the NSA's selectors list as an appeal led by opposition politicians failed at Germany's top court. Instead, the ruling coalition appointed an administrative judge, Kurt Graulich, as a "person of trust" who was granted access to the list and briefed the investigative commission on its contents after analyzing the 40,000 parameters. In his almost 300-paged report, Graulich concluded that European government agencies were targeted massively and that Americans hence broke contractual agreements. He also found that German targets which received special protection from surveillance of domestic intelligence agencies by Germany's Basic Law (Grundgesetz) − including numerous enterprises based in Germany − were featured in the NSA's wishlist in a surprising plenitude. While the magnitude differs there have also been problematic BND-internal selectors which have been used until end of 2013 - around two thirds of 3300 targets were related to EU and NATO states. Klaus Landefeld, member of the board at the Internet industry association Eco International, has met intelligence officials and legislators to present suggestions for improvement, like streamlining the selector system.

Intelligence officials
Former NSA director and whistleblower William Binney testified that while targeted data collection operations could help prevent terror attacks, "overcollection" of mass data undermined security and had consistently cost lives because of "analysis paralysis". He said the British government should "redirect" intelligence agencies and law enforcement to targeted surveillance with it being "based on probable cause and developing knowledge about the targets and make sure they qualify for things like warrants". He also states that "retroactively analysing people, anybody you want, any time you want, that's certainly possible with bulk acquisition of data but that's certainly not what democracies are built on". According to him "that's what totalitarian states are built on".

In November 2016 whistleblower Edward Snowden stated: "What I protest most strongly is mass surveillance, indiscriminate surveillance where they are watching everyone. Targeted surveillance that's backed by a court...is the least intrusive means of achieving these investigative goals without destroying the rights of everyone else in a free society"

- Edward J. Snowden

Snowden also noted that the men who committed recent terrorist attacks in France, Canada and Australia were under surveillance but they weren't singled out. "It wasn't the fact that we weren't watching people or not, it was the fact that we were watching people so much that we did not understand what we had. The problem is that when you collect it all, when you monitor everyone, you understand nothing."

- Edward J. Snowden

In May 2015 The Intercept revealed that it obtained documents that showed that officials inside the NSA have criticized the 'collect it all'-approach as well with the documents having titles such as "Data Is Not Intelligence", "The Fallacies Behind the Scenes", "Cognitive Overflow?", "Summit Fever", "In Praise of Not Knowing", "Dealing With a 'Tsunami' of Intercept", "Overcome by Overload?" and "Too Many Choices".

The document's conclusions include:
 * The SIGINT mission is far too vital to unnecessarily expand the haystacks while we search for the needles. Prioritization is key.
 * We in the agency are at risk of a similar, collective paralysis in the face of a dizzying array of choices every single day
 * 'Analysis paralysis' isn't only a cute rhyme. It's the term for what happens when you spend so much time analyzing a situation that you ultimately stymie any outcome [...] It's what happens in SIGINT when we have access to endless possibilities, but we struggle to prioritize, narrow, and exploit the best ones.

Politics
United Kingdom's Liberal Democrats have demanded that the Government end indiscriminate mass surveillance and introduce a more targeted and effective counter-terrorism policy that uses targeted surveillance of specific individuals who are suspected of wrongdoing. Liberal Democrats home affairs spokesperson Alistair Carmichael asks that, "mass spying on the British people should be replaced with targeted surveillance of specific individuals suspected of wrongdoing".

In the 2015 "Resolution 2045", the European Parliamentary Assembly "recognises the need for effective, targeted surveillance of suspected terrorists and other organised criminal groups" and states that "such targeted surveillance can be an effective tool for law enforcement and crime prevention", while at the same time "according to independent reviews carried out in the United States, mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials. Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act".

Organizations
Privacy campaigners argue that instead of "wasting resources gathering and sifting through the volume of data being accumulated through mass surveillance", resources would be better allocated in providing more personnel for targeted surveillance.

In an analysis of 10 recent terror attacks, Ryan Gallagher of The Intercept concludes that, "if any lesson can be learned from studying the perpetrators of recent attacks, it is that there needs to be a greater investment in conducting targeted surveillance of known terror suspects and a move away from the constant knee-jerk expansion of dragnet surveillance, which has simply not proven itself to be effective, regardless of the debate about whether it is legal or ethical in the first place".

After Privacy International launched a legal case against Britain's security services, Thomas de la Mare QC of the group states there is a danger that "de facto constant surveillance", such as the services' orders for bulk data from telecom companies on request, could become "the most potent instrument of repression", and argued during the hearing, that such non-targeted forms of surveillance have turned investigations on their head. The campaigners argue that whereas in the past, individual inquiries based on suspicion would throw up leads, it is now algorithmic processing of data providing those leads with that amounting to mass surveillance.

Civil rights group Liberty, which is challenging the legality of bulk collection in the European Court of Human Rights criticizes the "Report of the bulk powers review" by David Anderson QC for failing to answer whether information gathered via bulk powers was the "critical factor in preventing or detecting serious crime, and whether that information could have been obtained from smart, targeted surveillance instead".

Other
Lord Paddick comments the 2016 Investigatory Powers Act, saying "as with any legislation, there is a significant risk that authorities will use powers in a way that parliament never intended" and called for proper oversight to ensure any surveillance is targeted and proportionate. Privacy campaigners say the bill clearly lays out the mass surveillance powers that would be at the disposal of the security services, and want it be amended so that the surveillance is targeted and based on suspicion. They argue that the powers are so sweeping, and the bill's language so general, that not just the security services but also government bodies will be able to analyze the records of millions of people even if they are not under suspicion.

Troy Wolverton notes that the documents leaked by Snowden revealed widespread abuses, both at home and abroad. He says that "instead of targeted surveillance of particular threats, the NSA had a motto and mentality of 'collect it all' on everybody, the privacy of anyone involved be damned".

Jo Glanville, editor of Index on Censorship and a member of the Ministry of Justice working party on libel reform, asserts that keeping the country safe does not entitle the government or the intelligence services to act without regards to our human rights and that "it is possible to conduct targeted surveillance with effective oversight while according respect to all our rights".

Software
Computer scientists at the University of Pennsylvania have developed an algorithmic framework for conducting targeted surveillance of individuals within social networks while protecting the privacy of "untargeted" digital bystanders that "outputs a list of confirmed targeted individuals discovered in the network, for whom any subsequent action (e.g., publication in a most-wanted list, further surveillance, or arrest in the case of terrorism; medical treatment or quarantine in the case of epidemics) will not compromise the privacy of the protected".

In January 2017 it was reported that German federal agencies are using a new program called "Radar", developed by the BKA and the University of Zürich, that aims to help evaluate the risk posed by persons. It includes a catalog of questions such as about the person's relationship to violence and access to weapons and takes into account data on past terrorists.

The crypto and security communities can make the Internet more secure by making population-wide surveillance technically or economically infeasible, understanding that modest amounts of targeted surveillance will always be technically and economically feasible.

Edward Snowden notes that "we're thwarting mass surveillance when we use encryption. We're not stopping targeted surveillance. Because even, again, if you have the most well-encrypted device in the world, if the government spends a million dollars to pay a hacker to exploit your phone personally, they will very likely succeed".

Attempts to legalize mass surveillance as targeted surveillance
The Electronic Frontier Foundation claims that the NSA and its defenders are trying to pass off their mass surveillance as being authorized under Section 702 of the FISA Amendments Act as "targeted surveillance" even though it includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more which according to them fits the definition "mass surveillance" under Section 702.

Furthermore, the organization asks how the US government justified the Yahoo email scanning under FISA, asking whether the Foreign Intelligence Surveillance Court has interpreted FISA – which authorizes targeted surveillance of certain foreigners' (such as spies or terrorists) communications – to mean that the government can conscript Yahoo into mass surveillance of all of its users' emails.

According to documents obtained from Edward Snowden and published by Glenn Greenwald, the NSA and GCHQ have been automating targeted operations, allowing for "industrial scale exploitation" that can potentially infect "millions" of machines with malware.