The issues surrounding the collection of public data have been at the forefront of political debate ever since the revelations concerning surveillance in the United States and around the world emerged from the whistle-blower Edward Snowden.
More recently, and not reported widely by the international media, a new report published by security company Kaspersky Lab provided a rare glimpse of the extensive ways in which law enforcement and intelligence agencies surreptitiously record and steal data from mobile phones. This is done through newly uncovered components within a digital surveillance tool used by more than 60 governments worldwide; these are Remote Control System (RCS) Trojans that work on both Android and iOS.
According to the findings, RCS has been operating since 2001, and has been created by an organisation called Hacking Team. It offers clients the ability to take control of their targets and monitor them regardless of encryption and mobility, managing them remotely, and all from a single screen.
Once this malware has hijacked a phone, it has limitless ability to access and activate all of the following: Wi-Fi, GPS, GPRS, voice recording, e-mail, SMS, MMS, listing files, cookies, visited URLs, address book, call history, notes, calendar, clipboard, list of apps, SIM change, live microphone, camera shots, support chats, WhatsApp, Skype, and Viber.
This is the first time RCS malware has been clearly linked with mobile phones and it creates more privacy concerns for everyday mobile phone users.
This news may not be a huge revelation to many. It has long been known that law enforcement and intelligence agencies worldwide use Hacking Team’s tools to spy on computer and mobile phone users. However, the critical point to note here is that these tools have also been used in some countries to spy on political dissidents, journalists and human rights advocates.
Hacking Team has been adamant that its products are used for lawful governmental interception only and that repressive regimes do not use its tools for unlawful and immoral purposes. But its spy suite reportedly has been utilised to spy on the citizen journalist group Mamfakinch in Morocco and seems to have been used against a woman in the United States by forces connected to Turkey’s Gülen movement. Citizen Lab also said it appeared that government malware could be employed to hack into Saudi Arabia’s Shiite minority members’ computers, who have been greatly marginalised politically over the last few years.
What this illustrates is that this method can be used by governments to target ordinary citizens from their own state, which is a worrying trend for political activists.
Perhaps most astonishing of all the revelations from the Kaspersky Lab report are the findings on which countries use this spying tool most regularly. Kaspersky has tracked more than 350 command-and-control servers in more than 40 states. While they found only one or two servers in most of these countries, 64 were found in the United States—by far the most. The United Kingdom had 32, more than beyond the average. With the United States and the United Kingdom occupying two of the top four questions, the promises of the western liberal agenda are again brought into sharp relief.
In the language of Rousseau’s The Social Contract: “to renounce liberty is to renounce being a man, to surrender the rights of humanity and even its duties. Such a renunciation is incompatible with man's nature; to remove all liberty from his will is to remove all morality from his acts.” That was in 1762, but it seems more relevant to our time than ever. New technology that allows governments to spy on its own citizens foregrounds the social contract between man and state. The question of whether citizens have given full permission to their respective governments to use surveillance has so far been left unanswered.
Universal silence has been taken to imply the consent of the people. But some level of transparency on surveillance is essential in order to properly return a verdict on whether this part of the social contract is satisfactory.
The public may well reach a conclusion that the current practises employed by the government are legitimate. But citizens must be able to see the small print of the social contract. This entails governments being more open about their data gathering practises and the use of technology to spy on their own people. Without this, citizens are signing a contract without being fully aware of what rights they are giving up.