You are here

Internet Monitoring

Internet monitoring is the act of capturing data as it travels across the internet towards its intended destination. The units being monitored or captured are often referred to as ‘packets’. Packets are the broken up parts of the data sent (messages, emails, images, web pages, files) over Internet Protocol which computers break into small chunks, rout through a network of computers and then reassemble at their destination to become the message, web page, image or file presented to you on your screen. The infrastructure that supports the internet involves physical infrastructure and electronic systems to connect the world. Internet monitoring can take place across any point of the infrastructure, depending on what information is trying to be collected.

The physical infrastructure of the internet—of communications generally— relies on the transmission of data between countries. This eventually leads to information leaving countries borders and in some cases travelling across oceans. This information is transported by a series of undersea cables that provide the backbone to the world’s communications infrastructure. The rate and amount of information being transported is astonishing. Yet technology is available to be bought that would capture information at the point where a huge amount of information is travelling in the smallest space.

As the communications infrastructure splits to different networks and internet data and phone data begin to separate into their respective networks, surveillance also separates and begins to focus on its target networks. Internet monitoring focuses on the interception of packets of information transmitted across the Open Systems Interconnection (OSI) Model which displays the seven layers which packets travel through to get to their destination. The Application and Presentation layers represent the web as we understand it: when we are opening an email, commenting on a webpage or chatting through an web application like MSN Messenger or Jabber we are operating on the Application and Presentation layers.

The diagram shows the points of information that can be removed at each level in an interception framework. HI3 refers to content of the communication that is travelling through the system as packets. The point that content can be most effectively gathered exists on the Application and Presentation layers.

HI2 refers to Intercept Related Information, or metadata as it is more commonly known. The interesting point here is that such metadata can be gathered at close to every point in the OSI Model. Content can even be gathered too providing the intercepter of the information is willing to extract and reassemble the communication, although that would require real-time packet reconstruction, not a trivial process. Each layer from Data Link to Session provides different kinds of information as our packets travel through the network.

The final layer of the OSI Model is physical. Interception at this layer requires a return to the crocodile clips approach where substantial hardware needs to be in place to gather information that way and requires a greater degree of reconstruction of the packets than if the interception was taking place closer to the Application and Presentation level.

A distinction is made when discussing technology that monitors the internet: is it targeted or massive? Targeted communications surveillance is the process of seeking specific IP addresses or unique signatures of a target, ignoring all traffic that doesn’t meet those criteria. It can also involve the enticing of signals towards the point of interception. When the target is discovered the traffic is copied, intercepted, and stored. In some cases targeted communications surveillance is used to identify an individual’s traffic and inject a trojan into the packet travelling to their system, placing the trojan on their machine.

Massive communications surveillance casts a much wider net. A number of surveillance companies advertise their technology as providing passive interception, which can lead to massive communications surveillance. It can mean two things which lead to massive communications surveillance: one, the collection of all the traffic passing through selected service providers, depending on where the system is placed. The further up a countrys communication network, towards national Internet Service Providers or undersea cable landing stations, the greater the level of information that will be caught up in the technologies net. It could also involve surveillance of all the traffic throughout a country if the system is suitably capable. The second meaning of passive interception is its non-intrusiveness on the network. Technologies providing passive interception are designed to be invisible, which means that it could be installed on a network and the operator would have no knowledge of it being in operation.

These two aspects of passive interception can exist together or separately. The first meaning defines massive communications surveillance, the second can help facilitate massive surveillance with its non-intrusiveness and inability for a network operator to detect.

In many cases the interception of emails over the internet for sought-after content and metadata of the communication needs to take place at the email server for the sender of the message. Otherwise the message may use a relay server— a point between the sender and the recipient— that would then mean that the identity of the sender could be hidden.

The information gathered from the sent mail includes both the content of the email and the various pieces of metadata that come with it including sender, recipient list, message ID, server addresses, status, and total recipients of the message. This myriad of metadata which is generally less protected legally than content and thus accessed easier and stored for longer can now provide a greater deal of insight than merely the From and the To.

The interception of voice over internet (VoIP) is also a focus of many different surveillance technologies. The interception takes place over network operator services where the metadata and the content are separated by the VoIP terminal itself. Metadata includes "Events" on the phone, which can include the beginning, release and attempted termination of a call, and sometimes the provision of contact information and the street address of the target. Ultimately this metadata and the content of the call end in the same place: collected by a single source.

Once the data or information we have sent has arrived at its intended destination it doesn’t just disappear. When we communicate with our service provides like Google, Facebook or Skype or our email providers the servers operating the service retain and store the information, cataloguing it and tagging it. By retaining this information they can better target advertisements at us: which is where many of these providers make their money. Another effect of this retention is the release of information to law enforcement or intelligence agencies.

Agencies are now able to request information on that email that we sent six months ago, the chat session we had last month, even the browsing we did last year if the information is retained for that long. We trust that our service providers push back but it isn’t always the case and it is important to make the providers aware that we expect them to not only promise but also to actively protect our right to privacy in their operations.

The monitoring of public websites such as government ministries, news, and even social networks, also known as open source intelligence (OSINT), is a growing power in surveillance technology. This operates in the same way that Google maps the internet. ‘Crawlers’ are sent out to gather information on what information is held where and return it. The point where Google search and OSINT diverge is that OSINT will gather information posted across social networks and monitor who is speaking to whom and the relationship between people. This then creates a broad picture of a person’s friendship network. What begins as interest in one individual quickly spirals into interest with all their contacts.