Some activists in Bahrain and elsewhere, for example, have been
targeted through phishing emails, sent by regimes, which pack a software that allows access to emails, online chats, and any documents saved on the
computer when an email attachment is opened.
Of course, that's far more invasive than what the NSA is doing. According to news reports, the agency used a section of the Patriot Act in order to compel
Verizon to
provide daily information
about "all call detail records ... created by Verizon for communications between the United States and abroad; or wholly within the United States,
including local telephone calls."
With that, the NSA can only know who you called, for how long, and possibly where your cell phone was at the time of the call. (Which, of course, is already plenty
jarring.) But countless other Western nations engage in similar types of low-level spying, the UN found. The NSA's style of "mandatory data retention" is a
major way in which states are increasingly keeping track of online and phone conversations, including by forcing third-party private sector companies to
store information they wouldn't normally collect.
"Today's news shows that massive surveillance can no longer be said to be the realm of authoritarian regimes, and is part of an alarming trend worldwide," wrote the group Privacy International, a
group that supports limits on surveillance, on their blog today.
To name just one example, Google receives thousands of requests each year from governments seeking everything from "names and IPs used to create accounts, to time stamps for when Gmail accounts were logged in and out of."
These types of inquiries have doubled over the course of three years, from 12,539 in 2009 to 21,389 in 2012. In the UK, government authorities can "self-authorize"
their own information requests, so there are 500,000 of these kinds of probes each year, the UN report notes. The world's five biggest
Internet companies recently wrote to Britain's home secretary
to oppose the so-called "snooper's charter," which would require foreign companies to monitor web communications there.
Some countries are even more aggressive, authorizing spying on the computers or the destruction of data in cases of suspected wrongdoing. In October 2012,
the Dutch Ministry of Justice and Security proposed legislation that would allow the police to break into computers and mobile phones both within the
Netherlands and abroad in order to install spyware and search and destroy data.
"There is spy technology that we see on James Bond movies that we know have been bought by Germany, the Netherlands, and elsewhere, and we know that it's
being used," said Carly Nyst, head of international advocacy at Privacy International.
Many governments (including our own) make the argument that information, such as the call times and numbers gathered through Verizon, constitute just
"metadata," rather than substantive details from the caller's conversation. But the UN argues that this type of data can create a vivid profile of the
caller when it's aggregated and analyzed as a whole:
Communications data are storable, accessible and searchable, and their disclosure to and use by State authorities are largely unregulated. Analysis of
this data can be both highly revelatory and invasive, particularly when data is combined and aggregated. As such, States are increasingly drawing on
communications data to support law enforcement or national security investigations.
The part that angers privacy activists most is that many surveillance programs were set up with vague, outdated laws in mind -- from the pre-Facebook and
pre-smartphone eras -- but they haven't later been updated or checked by courts. Governments can gather seemingly endless information, but they aren't
always told when to stop.