Unencrypted data
- Collect the information passing through copper wires (voice, internet).
- Combine the individual packets of information to reconstruct the original messages.
- Install beam-splitters at main internet junctions of fibre-optic cables, send the data to local/remote storage for analysis.
- If there is no land-based junction, fit a submarine with equipment for accessing undersea junctions/cables.
- In a data warehouse, query for specific information; use network analysis to identify population/individual behaviour; run pattern-detection algorithms.
Encrypted data
- Ask companies for a copy of their private key + passphrase, so that data can be unencrypted.
- Try to decrypt the encrypted communication stream, using brute force or partial knowledge of the message contents.
- If the encryption key is known/discovered, decrypt the stored historical data (unless the service has been using "forward secret" encryption keys).
- Obtain a "valid" (i.e. verified by a trusted certificate authority) certificate for each domain, and insert your server between the two endpoints (man-in-the-middle attack).
- Ask companies to provide a live feed of data as it reaches their servers, after being decrypted.
Historical data
- Ask companies to provide a snapshot of data matching a query.
- Add a real-time update stream to this query.
- Automate the process of querying for this data.
- Prevent logs being stored, so that the content of the requests remains secret.
- Send someone to a company to run queries on their data.
- Ask Amazon for access to the servers/databases where the company stores their data.
- Insert software that allows querying of data stored by a company without them knowing.