2014 Annenberg-Oxford alumnus Maria Xynou examines India’s surveillance industry and technologies.
Ever wondered how governments and intelligence agencies can monitor the communications of millions of people around the world? The simple answer is that technology capable of doing so exists, and law enforcement agencies know exactly where to purchase it. The Intelligence Systems Support (ISS) world trade show, otherwise known as “the Wiretappers’ Ball”, takes place annually in cities around the world, and is a venue where companies exhibit their latest spy gear. Not only do Indian law enforcement agencies appear to be regular customers, Indian companies also appear to be selling sophisticated surveillance technologies at these trade shows. These companies include Paladion Networks, ClearTrail Technologies and Kommlabs Dezign.
These Indian technology companies provide a variety of different solutions to law enforcement and intelligence agencies, as well as communication service providers globally. ClearTrail Technologies, for example, sells spyware that can be remotely deployed into a target’s computer to law enforcement agencies around the world. Its QuickTrail device is designed not only to monitor Gmail, Yahoo and all other https-based communications, but also to reconstruct webmails, chats, VoIP calls, news groups and social networks. The ComTrail device is equipped to handle millions of communications per day – including Hotmail, BlackBerry and GSM voice calls – and correlates identities across multiple networks. The XTrail solution can intercept and filter data based on a “pure keyword”—a URL, an IP address, a mobile number or even a user identity, such as an email ID, chat ID or VoIP ID. Astra is a remote monitoring and infection solution designed for the centralised management of thousands of targets. It can “follow a target, beat encryption and capture keystrokes and screen shots”.
Similarly, Kommlab’s VerbaCentre solution can detect cognitive and emotional stress in calls, and can flag such calls for interception. The VerbaCentre solution is supplemented with speech recognition software and GIS location tracking software, which displays the location of targets in real time. ReveaLinx is a data mining tool that looks at ‘real-world’ relationships through, for example, targets’ bank accounts, phone numbers and email addresses and aims to expose hidden links and networks. VerbaNet employs Deep Packet Inspection (DPI) technology, which provides intelligence agencies with the ‘big picture’ of all communications traffic by capturing and storing the content of all POP3, SMTP, IMAP, Webmail, IM, Chat and VoIP sessions. VerbaNet pre-filters IP traffic in real timebased on IP addresses, email IDs and keywords among other indicators.
Paladion’s Internet Monitoring System can concurrently monitor up to ten thousand targets by monitoring internet protocols and filtering them based on granular criteria. Paladion’s cyber café monitoring system is capable of decoding and reconstructing internet traffic, such as SMTP, Gmail, Yahoo mail, Hotmail, Google Talk, IRC, Windows Live Messenger and URLs, in real time. The cyber café monitoring system can also decrypt SSL traffic if installed in MITM configuration. Paladion’s analysis tool can remotely monitor desktops and laptops by gathering data from computers, searching for files and emails with the use of keywords, and gaining access to all keystrokes, VoIP communications and chats. Other solutions enable law enforcement agencies to block webpages, as well as to intercept GSM and 3G networks. Paladion’s customers include India’s Ministry of IT, the U.S. Department of Justice, as well as various communications service providers. While Paladion has stated that its customers include telecom service providers in Saudi Arabia, Qatar and the UAE, it remains unclear if they are being equipped with the above interception solutions.
Today law enforcement agencies, tasked with ensuring the security of their nations, make up some of the technology and surveillance companies’ highest paying customers. Modern technologies enable the flow of massive volumes of data, through which law enforcement agencies hope to detect terrorists, criminals and anyone else who potentially poses a threat to “national security”. In other words, it makes sense for companies such as ClearTrail, Paladion, and Kommlabs to design the aforementioned interception solutions in order to meet the demand of their highest paying customers.
Surveillance technologies may aid intelligence agencies in tackling crime and terrorism, but there is inadequate evidence suggesting that such tools have been effective so far. Additionally, surveillance technologies have an immensely high potential for abuse since they pose major challenges to the fundamental human rights of privacy, freedom of expression, and freedom of association. It all comes down to a cost-benefit analysis. While the security benefit to citizens of India and the world remains largely debateable, it is evident that systems which are designed to capture the content of private emails, private photos and other private data pose a major cost: fundamental liberty. Those in power are interested in preserving their power, and it holds that controlling societies might be an effective way of doing so. It should be citizens’ responsibility to ensure that law enforcement agencies do not exceed their power – especially when their power challenges the fundamental human rights to autonomy and freedom from suspicion.
India has clearly joined the “Wiretappers’ Ball,” not only because its law enforcement agencies and companies literally attend ISS trade shows, but because it is yet another democratic state which is integrating surveillance in its society. Intrusive spyware and network surveillance systems should not remain unregulated, and the companies producing these systems should refrain from selling them to oppressive regimes. India should explicitly regulate the use of various types of surveillance technologies and prohibit their export to regimes which lack democratic safeguards. This would be the first step toward preventing the potential abuse of surveillance technologies.
The real danger is not necessarily surveillance technology per se, but rather that those using it are granted unlimited, over-exceeding and unprecedented power that makes Orwell’s “1984” look like a comedy.