ABOUT THE SPEAKER
Christopher Soghoian - Privacy researcher and activist
Christopher Soghoian researches and exposes the high-tech surveillance tools that governments use to spy on their own citizens, and he is a champion of digital privacy rights.

Why you should listen

TED Fellow Christopher Soghoian is a champion of digital privacy rights, with a focus on the role that third-party service providers play in enabling governments to monitor citizens. As the principal technologist at the American Civil Liberties Union, he explores the intersection of federal surveillance and citizen's rights.

Before joining the ACLU, he was the first-ever technologist for the Federal Trade Commision's Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace and Netflix. Soghoian is also the creator of Do Not Track, an anti-tracking device that all major web browsers now use, and his work has been cited in court.

More profile about the speaker
Christopher Soghoian | Speaker | TED.com
TED Fellows Retreat 2013

Christopher Soghoian: Government surveillance — this is just the beginning

Filmed:
893,397 views

Privacy researcher Christopher Soghoian sees the landscape of government surveillance shifting beneath our feet, as an industry grows to support monitoring programs. Through private companies, he says, governments are buying technology with the capacity to break into computers, steal documents and monitor activity — without detection. This TED Fellow gives an unsettling look at what's to come.
- Privacy researcher and activist
Christopher Soghoian researches and exposes the high-tech surveillance tools that governments use to spy on their own citizens, and he is a champion of digital privacy rights. Full bio

Double-click the English transcript below to play the video.

00:12
The 2011 Arab Spring
0
811
1965
00:14
captured the attention of the world.
1
2776
1803
00:16
It also captured the attention
2
4579
1649
00:18
of authoritarian governments in other countries,
3
6228
2377
00:20
who were worried that revolution would spread.
4
8605
2963
00:23
To respond, they ramped up surveillance
5
11568
2077
00:25
of activists, journalists and dissidents
6
13645
3096
00:28
who they feared would inspire revolution
7
16741
1954
00:30
in their own countries.
8
18695
1835
00:32
One prominent Bahraini activist,
9
20530
2045
00:34
who was arrested and tortured by his government,
10
22575
2110
00:36
has said that the interrogators showed him
11
24685
1725
00:38
transcripts of his telephone calls
12
26410
1870
00:40
and text messages.
13
28280
1808
00:42
Of course, it's no secret
14
30088
1656
00:43
that governments are able to intercept
telephone calls and text messages.
15
31744
3196
00:46
It's for that reason that many activists
16
34940
2372
00:49
specifically avoid using the telephone.
17
37312
1926
00:51
Instead, they use tools like Skype,
18
39238
2348
00:53
which they think are immune to interception.
19
41586
2520
00:56
They're wrong.
20
44106
1772
00:57
There have now been over the last few years
21
45878
2726
01:00
an industry of companies
22
48604
1646
01:02
who provide surveillance technology to governments,
23
50250
3254
01:05
specifically technology that
allows those governments
24
53504
2361
01:07
to hack into the computers
25
55865
1653
01:09
of surveillance targets.
26
57518
1595
01:11
Rather than intercepting the communications
as they go over the wire,
27
59113
2840
01:13
instead they now hack into your computer,
28
61953
2267
01:16
enable your webcam, enable your microphone,
29
64220
2002
01:18
and steal documents from your computer.
30
66222
2457
01:20
When the government of Egypt fell in 2011,
31
68679
2833
01:23
activists raided the office of the secret police,
32
71512
3401
01:26
and among the many documents they found
33
74913
1988
01:28
was this document by the Gamma Corporation,
34
76901
2317
01:31
by Gamma International.
35
79218
1801
01:33
Gamma is a German company
36
81019
1657
01:34
that manufactures surveillance software
37
82676
1484
01:36
and sells it only to governments.
38
84160
2157
01:38
It's important to note that most governments
39
86317
2007
01:40
don't really have the in-house capabilities
40
88324
2066
01:42
to develop this software.
41
90390
1465
01:43
Smaller ones don't have the resources
42
91855
1619
01:45
or the expertise,
43
93474
1776
01:47
and so there's this market of Western companies
44
95250
3307
01:50
who are happy to supply them with the tools
45
98557
1967
01:52
and techniques for a price.
46
100524
1718
01:54
Gamma is just one of these companies.
47
102242
2606
01:56
I should note also that Gamma never actually sold
48
104848
2908
01:59
their software to the Egyptian government.
49
107756
1897
02:01
They'd sent them an invoice for a sale,
50
109653
2597
02:04
but the Egyptians never bought it.
51
112250
1642
02:05
Instead, apparently, the Egyptian government
52
113892
1724
02:07
used a free demo version of Gamma's software.
53
115616
2633
02:10
(Laughter)
54
118249
2775
02:13
So this screenshot is from a sales video
55
121024
3498
02:16
that Gamma produced.
56
124522
1565
02:18
Really, they're just emphasizing
57
126087
1983
02:20
in a relatively slick presentation
58
128070
1651
02:21
the fact that the police can sort of sit
59
129721
2193
02:23
in an air-conditioned office
60
131914
1450
02:25
and remotely monitor someone
61
133364
1411
02:26
without them having any idea that it's going on.
62
134775
2175
02:28
You know, your webcam light won't turn on.
63
136950
2035
02:30
There's nothing to indicate that
the microphone is enabled.
64
138985
3354
02:34
This is the managing director
of Gamma International.
65
142339
3335
02:37
His name is Martin Muench.
66
145674
1861
02:39
There are many photos of Mr. Muench that exist.
67
147535
2931
02:42
This is perhaps my favorite.
68
150466
1852
02:44
I'm just going to zoom in a little bit onto his webcam.
69
152318
2144
02:46
You can see there's a little sticker
70
154462
1668
02:48
that's placed over his camera.
71
156130
1893
02:50
He knows what kind of surveillance is possible,
72
158023
2533
02:52
and so clearly he doesn't want it to be used
73
160556
1806
02:54
against him.
74
162362
1602
02:55
Muench has said that he intends
75
163964
1924
02:57
for his software to be used
76
165888
1664
02:59
to capture terrorists and locate pedophiles.
77
167552
2983
03:02
Of course, he's also acknowledged that once
78
170535
1796
03:04
the software has been sold to governments,
79
172331
2155
03:06
he has no way of knowing how it can be used.
80
174486
3825
03:10
Gamma's software has been located on servers
81
178311
1850
03:12
in countries around the world,
82
180161
1656
03:13
many with really atrocious track records
83
181817
2391
03:16
and human rights violations.
84
184208
1561
03:17
They really are selling their
software around the world.
85
185769
3395
03:21
Gamma is not the only company in the business.
86
189164
2301
03:23
As I said, it's a $5 billion industry.
87
191465
2751
03:26
One of the other big guys in the industry
88
194216
2839
03:29
is an Italian company called Hacking Team.
89
197055
2395
03:31
Now, Hacking Team has what is probably
90
199450
1725
03:33
the slickest presentation.
91
201175
1970
03:35
The video they've produced is very sexy,
92
203145
3028
03:38
and so I'm going to play you a clip
93
206173
1648
03:39
just so you can get a feel
94
207821
1314
03:41
both for the capabilities of the software
95
209135
1831
03:42
but also how it's marketed
96
210966
1906
03:44
to their government clients.
97
212872
1768
03:46
(Video) Narrator: You want to look
through your target's eyes.
98
214640
3516
03:50
(Music)
99
218179
1884
03:52
You have to hack your target.
100
220063
3002
03:55
["While your target is browsing the web, exchanging documents, receiving SMS, crossing the borders"]
101
223065
6316
04:01
You have to hit many different platforms.
102
229381
2923
04:04
["Windows, OS X, iOS, Android,
Blackberry, Symbian, Linux"]
103
232304
3880
04:08
You have to overcome encryption
104
236184
2468
04:10
and capture relevant data.
105
238652
2897
04:13
[Skype & encrypted calls, target location,
messaging, relationships,
106
241549
4559
04:18
web browsing, audio & video"]
107
246108
3172
04:21
Being stealth and untraceable.
108
249280
4160
04:25
["Immune to any protection system
Hidden collection infrastructure"]
109
253440
3274
04:28
Deployed all over your country.
110
256714
4105
04:32
["Up to hundreds of thousands of targets
Managed from a single spot"]
111
260819
4534
04:37
Exactly what we do.
112
265353
3322
04:40
Christopher Soghoian: So, it
would be funny if it wasn't true,
113
268675
2263
04:42
but, in fact, Hacking Team's software
114
270938
1788
04:44
is being sold to governments around the world.
115
272726
2948
04:47
Last year we learned, for example,
116
275674
1752
04:49
that it's been used to target Moroccan
journalists by the Moroccan government.
117
277426
4048
04:53
Many, many countries it's been found in.
118
281474
2544
04:56
So, Hacking Team has also been actively courting
119
284018
3124
04:59
the U.S. law enforcement market.
120
287142
2343
05:01
In the last year or so, the company
121
289485
2283
05:03
has opened a sales office in Maryland.
122
291768
4776
05:08
The company has also hired a spokesperson.
123
296544
2114
05:10
They've been attending
124
298658
1537
05:12
surveillance industry conferences
125
300195
1597
05:13
where law enforcement officials show up.
126
301792
2015
05:15
They've spoken at the conferences.
127
303807
1834
05:17
What I thought was most fascinating was
128
305641
1588
05:19
they've actually paid for the coffee break
129
307229
2101
05:21
at one of the law enforcement conferences
130
309330
1940
05:23
earlier this year.
131
311270
1493
05:24
I can't tell you for sure that Hacking Team
132
312763
2099
05:26
has sold their technology in the United States,
133
314862
2725
05:29
but what I can tell you that if they haven't sold it,
134
317587
1971
05:31
it isn't because they haven't been trying hard.
135
319558
3175
05:34
So as I said before,
136
322733
2042
05:36
governments that don't really have the resources
137
324775
1920
05:38
to build their own tools will buy
138
326695
1596
05:40
off-the-shelf surveillance software,
139
328291
1410
05:41
and so for that reason,
140
329701
1388
05:43
you see that the government of, say, Tunisia,
141
331089
2716
05:45
might use the same software
as the government of Germany.
142
333805
2188
05:47
They're all buying off-the-shelf stuff.
143
335993
2272
05:50
The Federal Bureau of
Investigation in the United States
144
338265
2199
05:52
does have the budget to build
their own surveillance technology,
145
340464
2762
05:55
and so for several years, I've been trying
146
343226
1781
05:57
to figure out if and how the FBI
147
345007
2391
05:59
is hacking into the computers of surveillance targets.
148
347398
2898
06:02
My friends at an organization called
the Electronic Frontier Foundation --
149
350296
3153
06:05
they're a civil society group —
150
353449
2312
06:07
obtained hundreds of documents from the FBI
151
355761
2492
06:10
detailing their next generation
of surveillance technologies.
152
358253
2848
06:13
Most of these documents were heavily redacted,
153
361101
2634
06:15
but what you can see from the slides,
154
363735
2816
06:18
if I zoom in, is this term:
155
366551
1962
06:20
Remote Operations Unit.
156
368513
1820
06:22
Now, when I first looked into this,
157
370333
2234
06:24
I'd never heard of this unit before.
158
372567
2070
06:26
I've been studying surveillance
for more than six years.
159
374637
2302
06:28
I'd never heard of it.
160
376939
1285
06:30
And so I went online and I did some research,
161
378224
1963
06:32
and ultimately I hit the mother lode
162
380187
2125
06:34
when I went to LinkedIn,
163
382312
1634
06:35
the social networking site for job seekers.
164
383946
2569
06:38
There were lots of former
U.S. government contractors
165
386515
2913
06:41
who had at one point worked
166
389428
1387
06:42
for the Remote Operating Unit,
167
390815
1309
06:44
and were describing in surprising detail on their CVs
168
392124
3414
06:47
what they had done in their former job.
169
395538
2031
06:49
(Laughter)
170
397569
2222
06:51
So I took this information
171
399791
1987
06:53
and I gave it to a journalist that I know
and trust at the Wall Street Journal,
172
401778
3744
06:57
and she was able to contact several other
173
405522
1801
06:59
former law enforcement officials
174
407323
1754
07:01
who spoke on background and confirmed
175
409077
1806
07:02
that yes, in fact, the FBI has a dedicated team
176
410883
3359
07:06
that does nothing but hack into the computers
177
414242
2136
07:08
of surveillance targets.
178
416378
1526
07:09
Like Gamma and Hacking Team,
179
417904
1888
07:11
the FBI also has the capability
180
419792
2117
07:13
to remotely activate webcams, microphones,
181
421909
3394
07:17
steal documents, get web browsing information,
182
425303
2202
07:19
the works.
183
427505
1684
07:21
There's sort of a big problem
184
429189
1822
07:23
with governments going into hacking,
185
431011
1600
07:24
and that's that terrorists, pedophiles,
186
432611
2519
07:27
drug dealers, journalists and human rights activists
187
435130
2911
07:30
all use the same kinds of computers.
188
438041
2271
07:32
There's no drug dealer phone
189
440312
2047
07:34
and there's no journalist laptop.
190
442359
1966
07:36
We all use the same technology,
191
444325
2234
07:38
and what that means then is that for governments
192
446559
1894
07:40
to have the capability to hack into the computers
193
448453
2117
07:42
of the real bad guys,
194
450570
1699
07:44
they also have to have the capability
195
452269
1976
07:46
to hack into our devices too.
196
454245
2185
07:48
So governments around the world
197
456430
1752
07:50
have been embracing this technology.
198
458182
1461
07:51
They've been embracing hacking
199
459643
1605
07:53
as a law enforcement technique,
200
461248
1820
07:55
but without any real debate.
201
463068
1950
07:57
In the United States, where I live,
202
465018
1819
07:58
there have been no congressional hearings.
203
466837
1825
08:00
There's no law that's been passed
204
468662
1961
08:02
specifically authorizing this technique,
205
470623
2073
08:04
and because of its power and potential for abuse,
206
472696
2669
08:07
it's vital that we have an informed public debate.
207
475365
2947
08:10
Thank you very much.
208
478312
1946
08:12
(Applause)
209
480258
1556

▲Back to top

ABOUT THE SPEAKER
Christopher Soghoian - Privacy researcher and activist
Christopher Soghoian researches and exposes the high-tech surveillance tools that governments use to spy on their own citizens, and he is a champion of digital privacy rights.

Why you should listen

TED Fellow Christopher Soghoian is a champion of digital privacy rights, with a focus on the role that third-party service providers play in enabling governments to monitor citizens. As the principal technologist at the American Civil Liberties Union, he explores the intersection of federal surveillance and citizen's rights.

Before joining the ACLU, he was the first-ever technologist for the Federal Trade Commision's Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace and Netflix. Soghoian is also the creator of Do Not Track, an anti-tracking device that all major web browsers now use, and his work has been cited in court.

More profile about the speaker
Christopher Soghoian | Speaker | TED.com