Digital Surveillance
The Real Weak Point Isn’t Encryption. It’s Everything Around It.
A message can remain cryptographically secure while the phone, the backup, the network and the commercial data surrounding it expose much of the same life.
In March 2021, researchers at Citizen Lab examined an iPhone belonging to a Saudi activist who chose to remain anonymous. They found several files that appeared to be GIF images. The files had arrived through iMessage immediately before the phone was infected with Pegasus, the spyware sold by Israel’s NSO Group.
They were not GIFs. They were PDFs engineered to attack the software Apple used to process images. The owner had not opened an attachment or followed a link. The phone did the dangerous part on its own. Citizen Lab
Google’s Project Zero later studied the exploit, which became known as FORCEDENTRY. Its designers had used the logical operations available inside an image-compression format to construct what the researchers described as a kind of miniature computing architecture. Project Zero called it one of the most technically sophisticated exploits its researchers had encountered. Project Zero
The encryption protecting the activist’s conversations may have been working exactly as intended. The phone on which those conversations became readable was not.
You do not have to crack an encrypted message if you can read it before it is encrypted—or after it is decrypted.
A secure channel can coexist with an exposed phone, cloud backup, account session, location history or provider-controlled key.
A readable message has to exist somewhere before encryption and somewhere after decryption. It may also survive in notifications, backups, linked computers and cloud accounts. A compromised phone can reveal contacts, photographs, location records, account credentials, microphones and cameras—not simply the contents of one conversation.
There is no public evidence that intelligence agencies possess a universal mathematical method for silently reading every properly implemented end-to-end encrypted service. There is extensive evidence of attempts to reach the systems surrounding the cipher: the device, the implementation, the keys, the backup or the company that can already return readable data.
This does not make encryption pointless. It makes the difference between a secure channel and a secure digital life impossible to ignore.
When Copying the Internet Meant Reading It
Fifteen years before Citizen Lab found FORCEDENTRY, a retired AT&T technician named Mark Klein described another way into digital communications.
Klein had worked at an AT&T facility at 611 Folsom Street in San Francisco. His documents described optical splitters installed on selected live backbone circuits, with copied traffic routed toward a secure area known as Room 641A. One internal engineering document set out the procedure explicitly: technicians were to insert optical splitters into selected common-backbone links. Documents
The mechanism was ordinary telecommunications engineering. Internet traffic moved through fiber as light. A splitter created a second optical path, allowing one stream to continue toward its destination while a copy traveled toward monitoring and analysis equipment.
Room 641A became an enduring symbol of internet surveillance because it showed that traffic crossing major network links could be duplicated without approaching each user, website or sender individually.
Its significance today needs a qualification.
When Klein’s disclosures became public in 2006, much more internet activity traveled without the protections now associated with HTTPS and modern transport encryption. Copying backbone traffic could therefore expose a considerable amount of readable content.
Today, HTTPS, TLS and end-to-end encryption protect far more web, application and messaging traffic. A modern optical splitter would still produce packets, but much more of their content would appear as ciphertext.
The copy can still reveal useful information. Depending on the protocol and the user’s privacy tools, an observer may see source and destination addresses, timing, packet sizes, traffic volume and the services being contacted. VPNs, encrypted proxies and newer protocol protections can conceal or alter portions of that view.
Room 641A’s lasting lesson is narrower than the idea that someone can simply read the entire internet. It demonstrated physical access to the stream. The value of that access changed as encryption spread.
The law encounters the network
Government disclosures and oversight documents later confirmed that the National Security Agency conducted “upstream” collection from internet-backbone infrastructure under Section 702 of the Foreign Intelligence Surveillance Act.
Section 702 authorizes the targeting of non-U.S. persons reasonably believed to be abroad for foreign-intelligence purposes. But permission to collect communications associated with an approved target did not answer the engineering question that followed: how do you locate those communications inside a torrent of unrelated traffic without acquiring additional material?
A 2011 Foreign Intelligence Surveillance Court opinion showed that the distinction was often imperfect. Some internet transactions contained multiple communications, and the NSA’s equipment could not always determine before acquisition how many messages were bundled inside or identify every person whose information they contained.
The collection system could copy a transaction before fully understanding its boundaries.
The difficulty was not only gaining access to the cable. The traffic had to be reconstructed, filtered, searched and interpreted. A legal selector might identify what investigators were permitted to seek, while the structure of the network determined how cleanly that material could be isolated.
Widespread encryption has made the content obtained at that vantage point less readable than it once was. Backbone observations may still be useful when targeted, analyzed as metadata or combined with information from elsewhere.
Some of that other access is deliberately built into telecommunications networks. The Communications Assistance for Law Enforcement Act requires covered U.S. carriers to maintain the capability to isolate a targeted subscriber’s communications and identifying information under lawful authority.
The machinery creates a security problem independent of any particular wiretap. A system designed to redirect a subscriber’s communications becomes valuable to anyone who can compromise it. An intruder may not need to invent an interception system if the carrier already operates one.
The provider may know more than the network
Encryption in transit can prevent a backbone observer from reading a file while doing little to prevent the company storing it from doing so.
Cloud providers routinely encrypt customer data. The important question is who can invoke the key.
In a conventional cloud service, the provider encrypts data before storage and decrypts it when an authorized customer requests it. That protects against stolen hardware and many forms of unauthorized access. But a provider that can return readable files to its customer may also be technically capable of producing them under valid legal process.
The result is different when a customer encrypts the information before it reaches the provider and retains the only usable key. The provider may then hold ciphertext without possessing a practical means of turning it back into plaintext.
“Customer-managed encryption” can describe several arrangements. A customer may control permissions while the provider still operates the key service, or the key may remain entirely outside the provider’s systems. The architecture determines what the company can actually produce.
“Encrypted” can describe three very different arrangements
Provider encryption
The provider stores the data and operates the key system used to decrypt it.
Likely response: plaintext may be technically available.
Provider controls key pathCustomer-managed key
The customer controls permissions, but the provider may still operate the key-management infrastructure.
Likely response: depends on the actual architecture.
Control variesClient-side encryption
Data is encrypted before it reaches the provider, and the provider does not hold the key.
Likely response: ciphertext may be all the provider possesses.
Customer holds keyA legal order cannot manufacture a key the company never possessed. Account records, logs and metadata may still remain available.
The government can buy what it did not collect
The most striking modern surveillance infrastructure may be the one that was never built for government surveillance at all.
Phones and applications generate advertising identifiers, location signals, browsing behavior and records of commercial activity. Data brokers collect information from private companies, public records and other sources, then combine those fragments into more detailed profiles.
The Office of the Director of National Intelligence has acknowledged that the intelligence community acquires commercially available information. Its declassified assessment noted that brokers can combine isolated details into a composite account of a person’s life, often without that person knowing the collection is occurring. ODNI report
Government surveillance, in other words, does not always begin with a government sensor.
It may begin with a weather application, an advertising library or a location service transmitting data into a chain of commercial intermediaries.
The Federal Trade Commission’s case against Gravy Analytics and its subsidiary Venntel showed how revealing that market could become. The FTC alleged that the companies collected and sold sensitive location data capable of tracing visits to medical facilities, places of worship and other sensitive locations.
In January 2025, the commission finalized an order restricting their sale, disclosure and use of sensitive location data, with limited exceptions involving law enforcement and national security. FTC order
This commercial route collides with constitutional doctrine developed around government compulsion.
In Carpenter v. United States, the Supreme Court held that the government’s acquisition of extensive historical cell-site records was a Fourth Amendment search. Investigators had obtained 127 days of records without first securing a warrant supported by probable cause. Opinion
Commercially available location data introduces a different transaction. An application collects the signal, brokers and contractors process it, and an agency later purchases access as a customer.
The government does not need to build every surveillance system when another industry has already built one for advertising.
The information may also be less reliable than its apparent precision suggests. A mobile advertising identifier is not a person. Linking it to a person may require assumptions based on where the device sleeps, where it travels and which other datasets contain matching signals.
The person being analyzed may never know the government purchased the data. A judge may never review the original commercial collection. The broker selling it may be several contracts removed from the application that first observed the device.
Collection used to outrun analysis
For much of surveillance history, the ability to gather information exceeded the ability to examine it.
An agency could possess enormous archives of calls, photographs, documents or network records without being able to find every useful connection inside them. Collection was one power. Searchability was another.
Facial recognition provides a concrete example. In 2019, the Government Accountability Office reported that the FBI’s facial-recognition office could support searches across databases containing more than 641 million images, including photographs available through 21 state databases. GAO report
The software did not create those photographs. It made it possible to compare an unfamiliar face against archives assembled for other purposes.
The same principle now extends beyond images. Language systems can search and classify text that would take human analysts years to read. Graph tools can compare phone numbers, accounts, devices and locations. A location history from one dataset can be tested against transactions, photographs or records from another.
Old information can acquire new value when the means of searching it improve.
Joining many incomplete records can also hide the weakness of each one. A stale broker record, a mistaken facial match and an ambiguous network observation may appear more persuasive once assembled into a single profile. The person reviewing the finished result may not see every uncertain assumption beneath it.
What encryption still protects
None of this means people should abandon encryption.
End-to-end encryption removes a major avenue of access. It can prevent carriers, backbone observers and service providers from reading message content in transit. Weakening it would expose ordinary users, businesses, journalists and governments to criminals and foreign intelligence services along with domestic investigators.
But encryption secures a channel. It does not automatically secure the phone, the backup, the cloud account, the advertising identifier or the records held by other companies.
Device makers have to continue hardening the software that processes untrusted messages. Cloud services should explain who controls encryption keys rather than relying on the word “encrypted.” Governments must address whether purchasing sensitive commercial data should evade safeguards that would apply if the same information were compelled from a carrier. Retention rules matter because data that is difficult to use today may become searchable later.
For individuals, the practical measures remain worthwhile: use end-to-end encrypted services, keep devices updated, review cloud backups and linked sessions, restrict unnecessary location permissions and remove applications that collect more than they need.
Those measures close real routes. They do not close every route.
The anonymous Saudi activist’s phone captures the central problem. The secure message was not the only valuable thing on the device. By reaching the endpoint, an operator could potentially reach the wider environment in which the message was written, received and understood.
Room 641A showed that traffic crossing the physical internet could be copied. The spread of encryption made much of that traffic harder to read directly. Commercial data markets provide information the government did not have to collect itself. Modern analytical systems make it easier to connect records that were once too dispersed to use together.
No single source has to contain the entire story.
The message may remain encrypted from one phone to another. The larger record—who communicated, where the devices traveled, which accounts were connected and what the endpoints later revealed—may still exist elsewhere. The future reach of surveillance will depend less on whether any one system can see everything than on how easily many systems that each see a little can be joined.
Selected sources
- Citizen Lab, “FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild.”
- Google Project Zero, “A Deep Dive into an NSO Zero-Click iMessage Exploit.”
- Electronic Frontier Foundation, Mark Klein declaration and AT&T technical exhibits.
- Privacy and Civil Liberties Oversight Board, Report on the surveillance program operated pursuant to Section 702.
- Cornell Legal Information Institute, 47 U.S.C. § 1002.
- Office of the Director of National Intelligence, Declassified report on commercially available information.
- Federal Trade Commission, Final order involving Gravy Analytics and Venntel.
- Supreme Court of the United States, Carpenter v. United States.
- U.S. Government Accountability Office, Facial recognition technology and federal database access.