Mass Interception

Every day, billions of emails and phone calls flow through communications networks in countries across the world. Now, one American company has built technology capable of spying on them all — and business is booming.

Verint, a leading manufacturer of surveillance technologies, is headquartered in Melville, New York, in a small cluster of nondescript buildings that also includes the office of a multinational cosmetics supplier and some electronics companies.

Among Verint’s products are unremarkable security cameras and systems that enable call center managers to monitor their workers. But it also sells some of the world’s most sophisticated eavesdropping equipment, creating a line of spy tools designed to help governments and intelligence agencies snoop on communications across an entire country.

Verint sells what it calls “monitoring centers” that “enable the interception, monitoring, and analysis of target and mass communications over virtually any network.” These systems are designed to be integrated within a country’s communications infrastructure and, according to Verint’s website, are currently used in more than 75 nations.

The technology Verint designs doesn’t just target specific criminal groups or terrorists. It can be tailored to intercept the phone calls and emails of millions of everyday citizens and store them on vast databases for later analysis.

Verint boasts in its marketing materials that its “Vantage” monitoring center enables “nationwide mass interception” and “efficiently collects, analyzes, and exposes threats from billions of communications.” And if that’s not enough to satisfy spy agencies’ thirst for intelligence, Verint has more to offer. The company says it can also help governments automatically identify people from the sound of their voice using speech identification software, intercept the cellular and satellite mobile phone communications of “mass populations over a wide area” using a covert portable device, and provide data-mining tools to build detailed profiles about criminals and other “negative influencers” in real time.

The National Security Agency in the United States has reportedly purchased Verint snooping equipment, as have authorities in Mexico. However, the use of such technology in the US is a legally contentious issue. Mass monitoring of solely domestic calls and emails would be prohibited under the Fourth Amendment, which protects against unwarranted searches and seizures. But a controversial clause in a 2008 amendment to the Foreign Intelligence and Surveillance Act means mining communications as they pass between the United States and countries of interest like Pakistan and Yemen can be deemed technically permissible.

(Other countries have few regulations in this area, if any at all. Libyan dictator Muammar Gaddafi was able to get his hands on French mass surveillance gear in 2006, which was subsequently used domestically to indiscriminately track dissidents and other regime opponents.)

With revenues of more than an estimated $840 million in 2012 according to public accounts, Verint has at least 16 offices in countries including Japan, China, Russia, Israel, Australia, Canada, Germany, France, the United Kingdom, and the Philippines.

The company’s accounts reveal that its communications intelligence solutions have generated a significant proportion of revenue and have been selling better than ever in recent years. Between 2006 and 2011, for instance, Verint’s annual communications intelligence sales rocketed by almost 70 percent from $108 million to $182 million. And 2012 looks to be another good year, with a projected increase of about 13 percent looking likely based on the figures published for the first three quarters. Most of the company’s communications surveillance sales in 2012 were made in the Americas (53 percent). EMEA (Europe, the Middle East, and Africa) comprise approximately a 27 percent of its sales, and APAC (Asia-Pacific region) a further 20 percent.

I contacted Verint to seek more information about its advanced eavesdropping tools. In particular, I wanted to know whether it follows the U.S. government’s "Know Your Customer" guidelines, which are designed to help businesses avoid selling goods to countries or customers where they might have an “inappropriate end-use.” But Verint declined to answer a series of detailed questions for this story and turned down an interview request. A public relations representative acting on behalf of the company told me that “due to the sensitive nature of these solutions, they [Verint] tend not to seek deeper coverage of this area of the business.”

Governments across the world are using Verint’s technology to sift through masses of intercepted communications — that much is certain. The rest, at least for now, remains a tight-lipped secret.

Surveillance Proof

As government agencies in the United States, the United Kingdom, Canada, and Australia push for increased surveillance powers, one pioneering American is pushing back.

New York-based entrepreneur Nicholas Merrill is making progress on a project he revealed in April: an encryption-based telecommunications provider designed to be “untappable.” After crowd-funding almost $70,000 in donations, Merrill says that he has held talks with a host of interested venture capitalists and a few “really big companies” apparently interested in partnering up or helping with financial support. Now the “surveillance-proof” software is in development, and he is on track to begin operating a limited service by the end of the year.

Merrill’s ultimate aim is to create a telecommunications infrastructure that inhibits mass surveillance. First, he is building an Internet provider that will use end-to-end encryption for Web browsing and email. Then he plans to roll out a mobile phone service that will enable users to encrypt calls, making them difficult to intercept. The key to decrypt the communications would be held by each individual customer, not Merrill’s company. Because the telecom firm would be unable to access the communications, law enforcement agencies that want to read or listen to communications would be forced to serve warrants or court orders on individuals directly. “This would make it impossible to do blanket, dragnet surveillance of all the customers of a telecommunications carrier,” Merrill says.

The idea for the project is not to help bad guys evade detection, though undoubtedly that’s how some critics will see it. Rather, Merrill is particularly keen to develop the technology to help journalists and human rights organizations—groups, he says, “whose right to confidentiality is more or less accepted under the law.”

Merrill has a strong record of defending user privacy. In 2004, he became the first ISP executive to successfully challenge a secret FBI “national security letter” demanding he hand over customer information. His willingness to question the constitutionality of the secret letter at the time put him at odds with most major telecoms providers, which have a poor track record when it comes to protecting customer privacy. In 2005 and 2006, a number of companies were revealed to have handed over troves of customer data and opened up wiretaps to the National Security Agency, sometimes without a warrant.

Today, Merrill admits prospective funders of his latest project have expressed concerns that it could lead to a confrontation with powerful actors (“It’s challenging to go up against some of the forces that are trying to open up all communications to wiretapping,” he says). But he is trying to address this by showing that government and law enforcement agencies could themselves benefit from his technology. Cybersecurity and privacy are part of the same problem but framed differently, he believes. Both could be addressed at once by ubiquitous encryption of communications and data transfer—protecting user privacy while also helping prevent malicious hackers from stealing information.

Some establishment figures have already been won over by Merrill’s argument. The advisory board of his nonprofit research institute, Calyx, which is developing the technology, includes a former NSA technical director and a former federal prosecutor who is also ex-CIA. Whether he can get the backing of current members of the U.S. law enforcement community, though, is another matter altogether. Merrill’s technology could be seen as creating extra barriers for law enforcement and the authorities would likely oppose it for that reason. Existing U.S. wiretapping law, called CALEA, states that telecom providers "shall not be responsible for decrypting" communications if they don't possess "the information necessary to decrypt.” But that may change under reforms proposed by the FBI, which is actively seeking more surveillance powers.

As governments increasingly move toward expanding their power to conduct electronic surveillance, it is inevitable that innovative technologists, software developers, and cryptographers will work to help people protect the privacy of their personal communications. Earlier this week the NSA’s chief tried to quell concerns over allegations that it is building a huge domestic surveillance center in Utah, dismissing whistle-blowers’ claims as “baloney.” Given the NSA’s recent history, however, it is likely many Americans will remain skeptical about the spy agency’s reassurances—and some will turn to encryption.

Merrill aims to launch his telecommunications firm first in the United States before tackling the international market, where there are also mounting concerns about government surveillance schemes. “We’re not trying to force people to use our service,” Merrill says. “What we’re trying to do is re-envision how the telecommunications industry could work if privacy and encryption technology was built in from the beginning.”

This article first appeared at Slate.com