Relevance: GS-3: Challenges to Internal Security through Communication Networks, Role of Media and Social Networking Sites in Internal Security Challenges, Basics of Cyber Security; Money-Laundering and its prevention.

Key Phrases: Surveillance industry, National security, Hacker-for-hire products, Internet of Things, NATO, Irresponsible proliferators, Authoritarian governments.

Why in News?

• The increasing overlap between the world’s arms trade and the secretive surveillance industry risks damaging national security and will create the potential for even more abuse unless more accountability is introduced, according to a new study.
• The research, from the American think tank the Atlantic Council, offers one of the most thorough accountings ever assembled of a booming, cross-continental surveillance industry that makes billions of dollars and yet mostly manages to stay out of the limelight.
• After years of rising demand for hacker-for-hire products and an increase in reported abuses by companies like NSO Group, countries around the world are now trying to deal with this largely hidden industry.

What is cyber-surveillance?

Cyber-surveillance is when a person uses “smart” or “connected” devices that communicate through a data network to monitor people or places. This type of connected technology has also been called the “Internet of Things” (IoT).

• Devices used for cyber-surveillance are generally connected to each other and to a device or app that can control them. For example, cyber-surveillance allows connected devices to play a role in how people and places are monitored.
• An abuser could use his/her computer to hack into your devices. Then, an abuser may misuse these devices and the systems that control them to monitor, harass, threaten, or harm you.

Proliferation of cyber-surveillance:

The report is based on 20 years of data collected from the cyber surveillance trade show ISS World and arms fairs like France’s Milipol, where hacking is the fastest-growing business segment alongside more traditional wares like guns and tanks.

• Irresponsible proliferators: Numerous companies that market internationally, especially to adversaries of NATO, are “irresponsible proliferators” and deserve more attention from policymakers.
• These companies include Israel’s Cellebrite, which develops phone hacking and forensics tools, and which sells around the world to countries including the US, Russia, and China.
  • The company has already faced significant blowback because of, for example, its role during China’s crackdown in Hong Kong and the discovery that its technology was being used by a Bangladeshi “death squad”.
• Cross-continental trade of cyber-surveillance: The trade is increasingly global, according to the report, with 75% of companies selling cyber surveillance and intrusion products outside their own home continent.

What's being done:

Governments have recently made moves toward some forms of control.

• The EU adopted stricter rules on surveillance tech last year, with the goal of increasing industry transparency.
• The US has enacted stricter new licensing rules for selling intrusion tools. The notorious Israeli spyware company NSO Group was one of several companies added to a US blacklist.
  • Because of allegations that spyware it supplied to foreign governments was then used to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.
• UN warning: United Nations human rights experts recently raised alarms about what they called “growing use of mercenaries in cyberspace”.
  • The United Nations working called on international lawmakers to more effectively regulate the industry in order to protect “the right to life, economic social rights, freedom of expression, privacy, and the right to self-determination.”

Challenges with Cyber-surveillance:

• Issue in identifying: The cyber surveillance industry is rife with obfuscation: shell companies and resellers are common, and both sellers and buyers use a host of tools to hide their interactions.
• Lack of knowledge and awareness: There is not enough knowledge about the industry in the public, where you can delineate the irresponsible firms from the responsible.
• Misuse by states itself: For example, the hacking tools and expertise developed by US agencies were then used by the UAE to spy on hundreds of targets, including Americans.

The researchers have some suggestions for how governments might learn to understand and control this growing ecosystem.

Suggestions:

• Increased transparency: They recommend enacting stronger “know your customer” requirements for the industry, so that every seller will better understand how potential customers might use—or abuse—a hacking tool.
• Put restraint on irresponsible vendors: The researchers argue that NATO countries, which host many prominent cyber surveillance trade events, should limit the attendance of irresponsible vendors at arms fairs.
• Strengthening cooperation on tax laws: It encourages more international cooperation to rid export laws of loopholes that allow vendors to evade controls and sell to authoritarian regimes.
• Use of Nudge theory: to bring behavioural change among buyers, they encourage naming and shaming irresponsible sellers and buyers.

Conclusion:

• Without such actions, it warns, the world faces a “grim outlook”: “a growing number of private corporations who see few consequences to bolstering the cyber arsenals of major Western adversaries, only profit.”

Sources: Economic Times

Mains Question:

Q. What is cybersurveillance. Discuss the reasons for global proliferation for cyber-surveillance and how it can impact India. [250 words].