Domestic spying is in the news this month in the Western Hemisphere. A subject that is often not discussed in formal settings has made its way to the front pages of at least a dozen countries in Latin America and the Caribbean over the past few weeks.
The news includes phone taps, hacked
emails, covert video surveillance and legislative debates over privacy online
and offline. A confluence of events around the region and the globe as well as
improved spying technology has pushed this trend into the open and could change
how the spy vs spy, police vs crime and government vs opposition scenarios play
out in several countries.
Certainly, there have been phone taps and secret
recordings for decades in Latin America. Perhaps the most famous examples were
the “Vlad-videos” in Peru under the administration of President Fujimori and
National Intelligence Service chief Montesinos. What makes 2011 different is
the surge in surveillance by governments across the political spectrum and the
media providing increased coverage of the situation.
The technology and techniques are a mixture of old and
new. Phone taps and illegal recordings are old technologies that have become
more sophisticated while data mining of social networks is a new field that all
governments around the globe are just beginning to understand. Private hacking
gangs appear to have surpassed the capabilities of government intelligence
agencies in terms of the ability to hack email and computers, creating a new
black market for information trafficking.
It’s worth noting that the technology to encrypt data has
also become cheaper and easier to use, but has not yet caught on in much of
Latin America. However, the increased public nature of government and private
sector surveillance should push an increased demand for privacy technologies in
the coming year, both by criminal groups and civilians who want greater privacy
from the government.
Some examples from recent weeks follow:
A New York Times article described enhanced intelligence
cooperation between the US and Mexico that includes phone tapping technologies.
The US has assisted in the creation of intelligence fusion cells in Mexico and
is providing information to a vetted group of Mexican authorities so that they
can conduct operations against criminal organizations.
In Honduras, an investigation revealed that the email
servers at the presidential palace had been hacked, giving one or multiple
organizations access to email, the presidents schedule and budget documents.
Foreign government involvement does appear likely at this point. An Israeli
firm has been hired by the government to provide increased cybersecurity protection.
Even as officials from the government of former President
Uribe are being investigated for phone taps and domestic spying on judges and
political opponents, the Colombian government showed off some new surveillance
capabilities. Police utilized new online forensic capabilities and arrested a
hacker who broke into the account of a journalist. The government, under attack
by a local branch of the hacking group Anonymous, has announced they plan to
have a new CERT agency online before the end of the year that can counter and
investigate attacks.
In Venezuela, phone calls by opposition candidates have
been recorded and played on state television as a way of embarrassing those
politicians. It appears state intelligence is behind the tapping of the phones.
This news comes just months after other sources indicated that Venezuela’s
intelligence services, with the assistance of Cuban intelligence and private
hacking groups inside Venezuela and Colombia, have hacked into the private
email accounts of journalists and politicians and have stolen their messages
for at least the past five years.
In Bolivia, the government tapped the phones of
indigenous protesters and US embassy officials. President Morales then revealed
phone calls made between the two groups as a way of showing a plot against his
government. In the process, he showed that his government is tapping the phones
of political opponents and foreigners living in the country.
In Argentina, a number of private emails by Kirchner
government officials recently appeared on a website “Leakymails.” There are
three aspects to this scandal worth considering. First, the content of the
emails contains personal information about key political officials. Though most
of the emails released are rather boring, one set of emails does appear to link
a government-backed candidate to organized crime. Second, the question of how
the emails were obtained may point to the state intelligence service or former
officials within the intelligence service committing domestic espionage. There
are indications outside non-state groups hacking into government officials’
email account. Third, an Argentine judge ordered local ISPs to block the
Leakymails websites. This opens a new chapter in web censorship in Argentina
and the region and places the question of how private ISPs filter Internet
content directly onto the policy agenda.
The government of Brazil fined Google for failing to
reveal identifying information about an Internet user. According to Google,
Brazil is the top country in the world for making requests to obtain user
information or to block search results through legal actions. Part of this is
due to Brazil’s speech laws that give public officials broad sway on any issue
that could be considered libel or slander.
Similarly, the government of Ecuador is considering
passing a law that would require Facebook and Twitter to provide information
about anonymous postings based out of that country. Though President Correa has
backtracked on his initial request, draft versions of the law suggest an
expanded government authority to track the identity of users online.
The governments of Chile and Brazil have said they are
starting to monitor social media sites as a way of detecting criminal activity
as well as potential social unrest. For Brazil, this operation has included a
military unit dedicated to cyberwarfare and cyberdefense. This unit is also
receiving training from Israeli and US firms in offensive operations in the
cyber-domain, the first Latin American government to admit that publicly. For
Chile, the monitoring of social media has made the government a target for the international
hacking group Anonymous, which is also attacking government websites as a way
of supporting recent protests by student groups. Chile’s domestic cybersecurity
units, particularly those within the police, are now forced to increase their
capacity to handle the incidents.
The issues reported only hint at some of the issues that
remain hidden from public view. Police and intelligence organizations across
the region have expanded their capacity for surveillance in recent years and a
number of foreign firms from the US, Europe and Israel are assisting them in
that effort. Meanwhile, criminal groups have banded together with hackers from
Eastern Europe and Russia to enhance their technological capabilities to steal
government and corporate information.
Back at the regional level, Latin American intelligence
agencies are running into the same problem as their developed world
counterparts: how do they analyze all the data they collect? The ability to
collect and store data is moving more quickly than the ability to process,
analyze and utilize it. For Presidents Chavez and Morales, who have very
specific political targets for their intelligence collection campaigns, this
has not been much of a problem. However, for Mexico, Brazil and Colombia, whose
intelligence efforts do focus on organized crime (in spite of some high profile
scandals in which they don’t), they cannot keep up with the data in a timely
fashion. All three countries are known to have missed arrest opportunities in
which they had data about a relevant target but did not filter it out of their
mounds of data quickly enough to operationalize it.
Lurking among all of these government-related
surveillance and privacy issues is an increase in private sector and corporate
espionage in the region. Much less reported, companies have had gigabytes of
data stolen by local private hacking groups and foreign governments from
Eastern Europe and East Asia. In various surveys, over half of corporations in
the region report being victim of cyberattacks and theft of data. These
corporations, when they manage to detect the problem, generally do not report
the problems to the governments. While it is apparent from the above examples
that governments have plenty of surveillance issues on their plate, this private
sector surveillance challenge cannot be ignored. The threat that some
corporations and criminal groups may surpass local police and intelligence
agencies in their surveillance and spying capabilities can be a problem for the
future security of these states and the civil rights of their populations.