Digital surveillance programs in other countries trigger controversy

Details about surveillance programs in the UK, Germany and India are sketchy, but the US is not alone in electronic data collection

Last week's disclosure of massive data collection efforts at the U.S. National Security Agency has generated heated debate in the U.S. and across the world about privacy. The NSA is collecting metadata on U.S. residents' phone calls made on Verizon's network and Internet records from nine Web companies, including Facebook, Google and Microsoft, according to reports in the Guardian and The Washington Post newspapers.

But intelligence agencies in other countries have similar goals, according to reports, and in some cases there are few details about what data these governments are collecting.


Leaks about the NSA program by former contractor Edward Snowden have led to questions in the U.K. about the data that intelligence agency Government Communications Headquarters (GCHQ) is collecting. Facing questions about GCHQ's access to Internet data collected through the NSA's Prism program, Prime Minister David Cameron defended U.K. intelligence services and said they comply with the law.

"Let us be clear," Cameron said in a Guardian article. "We cannot give a running commentary on the intelligence services. I am satisfied that the intelligence services, who do a fantastically important job to keep us safe, operate within the law and within a legal framework and they also operate within a proper framework of scrutiny by the intelligence and security committee."

Cameron provided few details but mentioned the role intelligence gathering plays in security efforts. "We do live in a dangerous world and live in a world of terror and terrorism," he said. "I do think it is right we have well-funded and well-organized intelligence services to keep us safe."


The Germans, too, have a secret program called Strategic Communications Intelligence (Strategische Fernmeldeaufklärung), supervised by the Federal Intelligence Service (BND), according to a government response to an inquiry about the program published in 2012.

The program is used to sift trough digital communication using search terms. However, details of the technical capabilities of the BND were not published because they are secret, the document said.

The aim of the program, similar to Prism, is to examine global telecommunications, and German domestic situations aren't covered, reported Germany's Computerwoche.

The BND does not possess the means and knowledge of its U.S. counterparts, reported German national newspaper Die Zeit on Thursday. German intelligence authorities are envious of the U.S. capabilities, interior minister Hans-Peter Friedrich said, according to Die Zeit.

The Netherlands

The Dutch General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst or AIVD), has access to Prism data, Dutch national newspaper De Telegraaf reported on Tuesday, citing an anonymous AIVD agent.

There are more Prism-like programs active in the Netherlands, the source told the newspaper.

If the AIVD classifies one U.S. email address as suspicious, the service is able to learn everything about the related person, the source told the paper. The AIVD gets full cooperation from the U.S. through liaisons, the source said. All big commercial Internet services are forced to provide an application allowing secret services unlimited browsing, the source told the paper.

"The Dutch government never provides information about how intelligence services work," said Ivo Opstelten, the minister of security and justice, in a debate in the Dutch Lower House on Tuesday about how the U.S. government can access Dutch citizens' data using Prism. "And we never provide information about cooperation with foreign services."

Opstelten avoided answering a question from Member of Parliament Gerard Schouw, who asked the minister if the U.S. has unlimited access to Dutch citizen data via Prism.

On Tuesday, Dutch digital rights organization Bits of Freedom (BoF) called on Dutch intelligence services and the government "to put an end to this eavesdropping scandal as soon as possible." The group called Opstelten's appearance in the Lower House a "disappointing farce."


In India, residents are grappling with privacy issues as the country plans to roll out its Central Monitoring System (CMS) to track communications on its networks.

The Indian government has said it needs a surveillance system to monitor suspected terrorists. Asking telephone carriers to intercept calls presented its own security risks, officials have said.

Milind Deora, India's minister of state for communications and IT, confirmed earlier this month that CMS was being rolled out. Politicians and bureaucrats and even the officer in charge of the CMS, who will take orders from law enforcement agencies to intercept conversations, will not have access to the surveillance information, Deora said during a live session on Google+ Hangouts.

Critics have said that CMS -- which aims to collect metadata and other information in real time -- will compromise privacy."It is not covered under any law, nor is it evidently prohibited under any specific law in the country," said Pranesh Prakash, policy director at The Center for Internet and Society, a research organization in Bangalore focused on privacy and digital rights.

The country has rules under various laws including the Indian Telegraph Act and the Information Technology Act that govern the interception and monitoring of certain communications. The rules require law enforcement to specify the objective of its surveillance, and does not allow broad surveillance of large numbers of users.

"They can make it a little broader than interception of the communications of a particular person, but they can't specify something as broad as, say, all telephone calls between two cities over a particular period," Prakash said.

The Indian government announced it was rolling out CMS in November 2009. Officials described it to the upper house of Parliament as "a centralized system to monitor communications on mobile phones, landlines and the Internet in the country."

(With reporting from Loek Essers, John Ribeiro and Grant Gross.)

Join the CSO newsletter!

Error: Please check your email address.

Tags Gerard SchouwHans-Peter FriedrichGovernment Communications HeadquartersU.S. National Security AgencyDavid CameronprivacyGerman Federal Intelligence ServiceMilind DeorasecurityEdward SnowdenBits of FreedomPranesh PrakashThe Center for Internet and SocietyDutch General Intelligence and Security ServicegovernmentIvo Opstelten

More about CMSFacebookGCHQGoogleMicrosoftNational Security AgencyNSAPrismStrategic CommunicationsTechnologyVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by IDG News Service staff

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts