Prompted by recent revelations about mass surveillance by the NSA, we wrote a brand new awareness module covering the information security issues relating to surveillance from two distinct perspectives:
- Surveillance conducted by the organization on its employees and others;
- Surveillance conducted on the organization by the authorities and others.
We interpret 'surveillance' liberally to include activities such as monitoring employees' use of email, the networks, applications and the phones. Surveillance is generally a side effect, not usually the main purpose of ICT monitoring, but nevertheless myriad system and network managers and security professionals have the data and the tools to analyze what users are up to and often where they are.
CCTV is an everyday example of surveillance, and again the security pros watching those TV screens inevitably see lots of ordinary people quietly going about their lives, not just criminals, intruders, vandals, shoplifters and so on. Cutting-edge image analysis and pattern recognition software, along with ongoing improvements in the cameras, is fast taking surveillance to new levels with facial recognition and tracking of individuals purely from CCTV coverage being realistic possibilities for ordinary commercial organizations, not just the security services and police.
Privacy is a key concern with surveillance. Those conducting surveillance are expected to comply with applicable laws and regulations. At the same time, the subjects of surveillance have rights and expectations concerning their privacy, at times placing significant trust in the watchers. In social terms, society is making tradeoffs between the costs and benefits of surveillance, while in some places ever more intrusive and comprehensive surveillance raises the spectre of Big Brother.