Mass-Surveillance History & Trivia

Timeline

VENONA (USA/UK/AUS) [1943–1980]

SIGINT program decrypting Soviet communications; Not domestic surveillance per se but foundational to Cold War signals intelligence.

Project SHAMROCK (USA) [1945–1975]

NSA predecessor harvested copies of most international telegraphs entering/leaving the U.S.; Ended after the Church Committee.

UKUSA Agreement (from which Five Eyes derives) [1946]

Signals intelligence alliance formalized publicly later; Underpins many joint programs.

NSA founded (USA) [1952]

Creation of the National Security Agency institutionalized large-scale SIGINT capabilities.

COINTELPRO (USA) [1956–1971]

FBI’s domestic counterintelligence program targeting civil rights groups, anti-war activists, and others; Involved infiltration and surveillance.

Project MINARET (USA) [1967–1973]

NSA watch-list program surveilling U.S. citizens (including MLK Jr.) without warrants; Exposed in 1975–76.

ECHELON (Five Eyes) [Late 1960s onward]

Global signals interception network (NSA, GCHQ, ASD, CSE, GCSB) monitoring satellite/microwave communications.

Church & Pike Committees (USA) [1975–1976]

Congressional inquiries exposing illegal domestic surveillance; Led to FISA (1978) and the FISC court.

FISA & FISC (USA) [1978]

Legal framework for foreign intelligence surveillance with secret court orders.

BLARNEY / FAIRVIEW / STORMBREW / OAKSTAR (USA) [1978 onward]

NSA “corporate partner” upstream collection families at backbone chokepoints.

Clipper Chip & Skipjack (USA) [1993–1996]

Government-proposed key-escrow encryption standard; Abandoned after public backlash and cryptanalytic concerns.

SORM launched (Russia) [1995]

“System for Operative Investigative Activities” requiring ISPs to install FSB access; Later expanded to SORM-2 (internet) and SORM-3 (deep metadata).

Carnivore / DCS1000 (USA) [1997–2001]

FBI packet-sniffing system for ISP-side interception.

NSAKEY (USA) [1999 (alleged)]

Reported Microsoft Windows cryptographic key controversy; Raised concerns about possible NSA backdoor.

Onyx interception system (Switzerland) [2000]

Satellite communications interception sites at Zimmerwald, Heimenschwand, Leuk; First publicized mid-2000s.

Interception Modernisation Programme (UK) [2000–2006] (via RIPA)

Ambitious plan to expand traffic data retention and interception; Later morphed into follow-on initiatives.

STELLAR WIND (USA) [2001–2007]

Post-9/11 warrantless surveillance (content + metadata); Aspects later routed into FISA processes.

Data Retention beginnings (EU) [2001]

Post-9/11 debates culminated in the 2006 EU Data Retention Directive mandating telco retention (later invalidated in 2014, see below).

SITEL lawful interception system (Spain) [2001]

National police interception platform for phone/internet data.

Total Information Awareness (USA) [2002–2003]

DARPA’s Information Awareness Office sought vast data-integration for pattern analysis; Defunded amid civil-liberties outcry.

ThinThread (USA) [2002–2008] (later Trailblazer)

Competing NSA programs; ThinThread emphasized privacy protections; Trailblazer pursued broader data analysis, ultimately cancelled after overruns/criticism.

AT&T Room 641A (USA) [2003 (installed) / 2006 (revealed)]

Fiber-optic splitter room in San Francisco (Narus gear) enabling backbone interception under NSA partnerships.

Operation EIKONAL (Germany/NSA) [2004–2005]

BND with NSA tapped Deutsche Telekom Frankfurt switch; Filters proved leaky; Later parliamentary inquiry.

Golden Shield (China) [2006] (subsystem Great Firewall)

“Golden Shield Project” integrates policing with internet control; Surveillance and filtering co-develop.

EU Data Retention Directive (EU) [2006]

Mandated retention of telecom metadata across member states (up to 24 months); Struck down by CJEU in 2014.

Hemisphere Project (USA) [2007]

AT&T call-records database queried by law enforcement with parallel-construction concerns; Data reaches back decades.

BULLRUN / EDGEHILL (USA/UK) [2007]

Efforts to defeat encryption standards and implementations via covert influence and exploits.

PRISM (USA) [2007 (begins) / 2013 (revealed)]

NSA program collecting data from U.S. internet companies under FISA §702 orders.

FRA-lagen (Sweden) [2008]

Law enabling the National Defence Radio Establishment (FRA) to intercept cross-border cable communications; Amended for more oversight (2009).

XKEYSCORE [2008]

Distributed search/analysis system for captured internet data; Used by NSA, GCHQ, and partners including BND under agreements.

Optic Nerve (UK) [2008]

GCHQ bulk-captured Yahoo webcam images (including non-targets) for facial-recognition research.

Karma Police (UK) [2008]

GCHQ project building web-browsing profiles tied to IP addresses for “behavioural detection.”

Tempora build-out (UK) [2008–2011]

GCHQ buffer-records fiber traffic at landing stations; Integrated with Five Eyes analytics.

GCSB law changes (New Zealand) [2009]

Legal reforms later enabled broader assistance to domestic agencies; Subsequent controversies and oversight changes.

Mastering the Internet & Global Telecoms Exploitation (UK) [2009]

GCHQ capstone initiatives to scale cable tapping and data analytics.

MYSTIC (USA) [2009–2014]

NSA voice interception of entire countries’ phone calls; Sub-program SOMALGET stored full audio in places like the Bahamas.

Royal Concierge (UK) [2010]

GCHQ monitoring of hotel booking systems to track diplomats for potential ops.

Boundless Informant (USA) [2013]

NSA global metadata visualization tool tallying collection by country/source.

MUSCULAR (USA/UK) [2013]

NSA & GCHQ tapped private Google/Yahoo data-center links overseas; Exploited unencrypted inter-DC traffic (later encrypted by companies).

2010s Global Surveillance Disclosures (worldwide) [2013]

Wave of revelations across Five Eyes and partners prompting legislative reforms.

CJEU invalidates EU Data Retention Directive (EU) [2014]

Digital Rights Ireland decision strikes blanket retention; Many national laws revised or challenged.

Project SPEARGUN allegations (New Zealand) [2014]

Reports that GCSB sought to tap a trans-Pacific cable and enable bulk metadata flows to NSA.

Intelligence Act (France) [2015]

Legalized wide surveillance powers (including algorithmic “black boxes” at ISPs) after terror attacks; Provisions for international communications interception.

Data Retention Law (Australia) [2015]

Mandatory ISP retention of metadata (2 years) for law-enforcement access.

China’s Sky Net expansion & early “Sharp Eyes” pilots (China) [2015]

Nationwide CCTV with facial recognition, integrating public and private cameras; “Sharp Eyes” pushes village-level coverage.

Investigatory Powers Act a.k.a. “Snoopers’ Charter” (UK) [2016]

Consolidated surveillance authorities (bulk powers, equipment interference), data retention & ISP logging (“internet connection records”).

Yarovaya Law (Russia) [2016]

Counter-terrorism package mandating retention and decryption assistance by telecoms/online services; Strengthens SORM ecosystem.

German BND law reform (Germany) [2016]

Legalizes/stipulates foreign-to-foreign cable tapping, introduces oversight changes following EIKONAL fallout.

Investigatory Powers Act comes into force (UK) [2016]

Bulk powers framework operational with codes of practice.

Wiv 2017 (“Sleepwet”) & 2018 referendum (Netherlands) [2017]

Intelligence and Security Services Act expanded bulk interception; A 2018 advisory referendum rejected it, prompting tweaks before implementation.

China’s Intelligence Law [2017]

Compels organizations and citizens to support state intelligence work; Implications for tech firms and data.

Assistance and Access Act (Australia) [2018]

Technical capability notices and voluntary/compulsory assistance powers targeting encrypted services and devices.

Five Eyes Plus [2018]

Five Eyes agreements with France, Germany, and Japan to introduce an information-sharing framework to counter China and Russia.

CSE Act (Canada) via Bill C-59 [2019]

Statutory basis for CSE’s active cyber operations and foreign intelligence, with new oversight/review mechanisms.

IJOP & surveillance in Xinjiang (China) [2020s]

Integrated Joint Operations Platform aggregates data (checkpoints, apps, biometrics) for risk scoring of Uyghurs and others.

SORM-3 (Russia) [Ongoing]

Deeper DPI, social media, and traffic metadata capture with localization requirements for providers.

Five Eyes / Nine Eyes / Fourteen Eyes / SSEUR bulk collection [Ongoing]

Continued §702 reauthorizations (USA) and partner bulk-powers regimes (UK, others) with periodic court/oversight modifications.

Chat Control (Europe) [Ongoing]

Proposal aimed to combat CSAM by allowing law enforcement to scan private messages, photos, and files, even when content is end-to-end-encrypted; Automatic scanning without consent or suspicion, imposed on all 450 million citizens of the European Union.

Domain Awareness System (USA/NYC): Largest digital surveillance system in the world, part of the Lower Manhattan Security Initiative in partnership between the New York Police Department and Microsoft to monitor New York City.

IMSI catchers / Stingrays: Portable cell-site simulators widely A device used by police and intel services for location/metadata capture.

Mail Isolation Control and Tracking (MICT) (USA): USPS photographs exterior of all mail for investigative use.

Jingwang Weishi (China/Xinjiang): Mandatory phone-scanning app developed by Shanghai Landasoft Data Technology Inc. reported to extract/report content/signatures.

GhostNet (origin linked to China): Operation exposed in 2009 compromising targets in 100+ countries; Espionage network notable in surveillance context.

Quick Reference

• NSAKEY (USA): alleged Windows crypto key controversy
• Clipper Chip / Skipjack (USA): key escrow
• ECHELON (Five Eyes): global SIGINT network
• Carnivore / DCS1000 (USA): FBI internet interception
• STELLAR WIND (USA): warrantless program
• ThinThread / Trailblazer (USA): NSA data analysis projects
• Room 641A (USA): AT&T splitter room
• PRISM (USA): §702 platform
• UPSTREAM (USA): backbone collection family (BLARNEY/FAIRVIEW/STORMBREW/OAKSTAR)
• BULLRUN (USA) / EDGEHILL (UK): anti-encryption efforts
• XKEYSCORE (Five Eyes): distributed analysis/search
• BOUNDLESS INFORMANT (USA): collection metrics
• MYSTIC / SOMALGET (USA): country-scale voice capture
• MUSCULAR (USA/UK): inter-data-center taps
• TEMPORA (UK): cable buffering/collection
• Mastering the Internet / GTE (UK): GCHQ scale-out
• Karma Police / Optic Nerve / Royal Concierge (UK): GCHQ datasets/ops
• Onyx (Switzerland): satellite interception
• SORM (Russia): lawful intercept/DPI framework
• Yarovaya package (Russia): retention/decryption mandates
• Golden Shield / Skynet / Sharp Eyes / IJOP (China): policing + surveillance integration
• CMS / NETRA / NATGRID (India): central monitoring & analytics
• FRA-lagen (Sweden): cross-border cable interception
• EIKONAL (Germany): BND/NSA fiber tap
• Intelligence Act 2015 (France): broad powers incl. “black boxes”
• IPA 2016 (UK): consolidated bulk powers
• Wiv 2017 + referendum (Netherlands): expanded bulk tapping
• Assistance and Access Act (Australia): technical assistance and capabilities
• CSE Act 2019 (Canada): explicit cyber ops authorities
• SITEL (Spain): national interception system
• Hemisphere Project (USA): AT&T call records database

Trivia

• The ten most surveilled places in the world are:
  • China (494.25 cameras / 1000 people)
  • Hyderabad, India (79.38 cameras / 1000 people)
  • Indore, India (72.21 cameras / 1000 people)
  • Bangalore, India (40.66 cameras / 1000 people)
  • Lahore, Pakistan (27.67 cameras / 1000 people)
  • Seoul, South Korea (24.28 cameras / 1000 people)
  • Moscow, Russia (19.63 cameras / 1000 people)
  • Kabul, Afghanistan (18.45 cameras / 1000 people)
  • Singapore (18.35 cameras / 1000 people)
  • St. Petersburg, Russia (18.22 cameras / 1000 people)
• The first modern CCTV system was developed by German scientists to monitor the launch of V-2 rockets in 1942.
• Minaret’s watch list included civil-rights leaders and Vietnam War
• Google’s Street View cars once accidentally collected personal data like emails and passwords from unsecured Wi-Fi networks while taking pictures of streets.
• Clipper’s “Law Enforcement Access Field” became a rallying cry against key escrow; The episode still shapes modern encryption debates.
• The first color CCTV system was launched by RCA in 1956.
• MUSCULAR’s hand-drawn smiley face on a leaked NSA slide mocked Google’s (then) unencrypted inter-data-center links, prompting Google to encrypt those links quickly.
• Spy Satellites can see your car from space; A report in 2020 showed that some satellites can detect cars from space and track their movements.
• Boundless Informant’s heat map briefly appeared publicly on NSA internal pages, revealing country-level collection tallies that contradicted external assurances.
• The first outdoor CCTV system with pan, tilt, and zoom was installed in Bournemouth, England, in 1985 to monitor crowds at a football match.
• Everyday objects like paperclips and bananas could be used to track your phone via their magnetic fields, according to a 2019 demo by researches.
• ONIX leak (Switzerland) is an intercepted fax suggesting CIA “black sites” in Eastern Europe, which sparked a national scandal when a paper published details.
• FRA-lagen protests in Sweden (2008–09) were a major digital-rights moment in Scandinavia, leading to privacy-strengthening amendments.
• Edward Snowden, who in 2013 revealed the National Security Agency (NSA) was unconstitutionally seizing the private records of billions of individuals, previously scored above 145 on two separate IQ tests and attempted to join the Special forces of the U.S. army reserve, but was discharged after breaking both legs in a training accident.
• Netherlands 2018 referendum on the “Sleepwet” (dragnet law) produced a narrow “No,” forcing revisions before roll-out.
• SOSUS was the original name for a submarine detection system based on passive sonar developed by the U.S. Navy to track Soviet submarines; Iceland was made a strategic staging ground for the American system.