Technology
The hardware, software, and technical methodologies that intelligence and law-enforcement services use to conduct interception, intrusion, surveillance, forensic extraction, and side-channel collection. The capability layer underneath the operations the rest of the site documents — what the agencies actually use, where it came from, who built it, and where the institutional record on its deployment sits.
Interception
Carnivore (DCS-1000)
The Federal Bureau of Investigation's 1997-2005 packet-capture system for the interception of email and other internet communications under court-ordered electronic-surveillance authority. Operationally deployed at internet service providers' infrastructure under court orders compelling provider cooperation; retired in approximately 2005 in favour of commercial-off-the-shelf packet-capture replacements. The principal pre-Snowden documented case of US law-enforcement internet-traffic-interception capability.
Securus
The prison-telephone-system platform operated by Securus Technologies (now a subsidiary of Aventiv Technologies, rebranded 2019), comprising both the prison-phone-recording-and-monitoring infrastructure deployed across approximately 3,400 US correctional facilities and the disclosed 2018 location-tracking-aggregator scheme through which the company offered real-time mobile-phone location lookups to law-enforcement clients without verification of lawful authority. The 10 May 2018 *New York Times* disclosure by Jennifer Valentino-DeVries established the institutional record on the location-aggregator scheme and triggered the subsequent congressional, FCC, and carrier response. The disclosed case involved former Mississippi County, Missouri sheriff Cory Hutcheson.
SIM Swapping
A category of social-engineering and insider-corruption attack against mobile carrier account-management infrastructure to transfer a victim's phone number from the victim's SIM card to a SIM card controlled by the attacker. Once the transfer completes, the attacker receives the victim's incoming SMS messages, voice calls, and SMS-delivered second-factor authentication codes — producing the operational compromise of any account the victim has secured with SMS-based two-factor authentication. Distinct from SS7 exploitation, which intercepts traffic without requiring any account-control compromise.
SS7 Exploitation
The exploitation of Signaling System No. 7 (SS7) — the global telecom signaling protocol developed by AT&T in 1975 and standardised by the CCITT (predecessor of the ITU-T) in 1980 that interconnects mobile and landline carriers worldwide — to intercept SMS messages, voice calls, and subscriber-location data without requiring any compromise at the target device. The defining operational characteristic is that SS7 access requires either licensed-carrier status or grey-market purchased access; the operational consequence is that SS7 exploitation is largely the exclusive operational domain of state actors and well-funded commercial actors.
Stingray (IMSI Catcher)
A category of cellular-network interception device that mimics a legitimate cellular base station to compel mobile devices within physical proximity to register against the device, producing the disclosure of the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) of registered devices and, in some operational modes, the interception of voice and SMS traffic. The principal commercial-vendor line is the Harris Corporation Stingray product family from which the colloquial designation derives; alternative-vendor product lines include the Digital Receiver Technology (DRT) Box series (a Boeing subsidiary, deployed on US Marshals surveillance aircraft), the Septier Communications IMSI Catcher, and Septier Guardian product families.
XKEYSCORE
The NSA's principal SIGINT search-and-analysis software platform — the institutional system that indexes the collection product from PRISM, Upstream, Tempora, and adjacent SIGINT collection programmes and allows analysts to search across it. Deployed across approximately 700 servers at 150-plus NSA, GCHQ, BND, ASD, GCSB, and adjacent partner-service field sites worldwide. Disclosed in July 2013 *Guardian* reporting and subsequent disclosures.
Implants
Pegasus
A commercial mobile-spyware platform developed by the Israeli firm NSO Group from approximately 2011 onward, sold under regulated-export licence to government clients for installation on iOS and Android target devices via zero-click and one-click delivery vectors. Documented through Citizen Lab and Amnesty International technical research as deployed against journalists, dissidents, attorneys, and political-opposition figures across more than fifty countries.
TAO ANT Catalogue
The 2008-vintage product catalogue of hardware, firmware, and software implants developed by the NSA's Advanced Network Technology (ANT) division within the Tailored Access Operations directorate, leaked December 2013 and published by *Der Spiegel*. Documented approximately fifty implant products covering BIOS persistence, USB-cable beaconing, motherboard-level access, RF-emanation hardware, and adjacent technical-implant categories. The principal documentary basis for the public-record reconstruction of NSA hardware-implant capability.
Surveillance platforms
Emanation / side-channel
What goes here, and what doesn't
The Technology section documents the capability layer — the specific tools, platforms, and technical methodologies that intelligence and law-enforcement services use to conduct collection. It is structurally distinct from the dossier section (which documents operations and named programmes), the agency section (which documents institutional bodies), and the lexicon (which defines vocabulary). A technology entry covers a specific artifact or technique — its origins, its operational characteristics, the institutional record on its deployment, and the legal-and-oversight framework within which it operates.
Entries are categorised by primary function: interception (passive collection of in-transit communications and data), implant (active intrusion that establishes ongoing access), forensic (post-seizure device extraction and analysis), surveillance (continuous-monitoring platforms), and emanation (passive side-channel and electromagnetic-leakage collection). The categorisation is operational rather than rigid: a single artifact may sit at the boundary of two categories, and the entries flag boundary cases where the categorisation is contested.
The same editorial standards apply as elsewhere on the site: every claim cites a primary source, status badges distinguish documented from alleged, prose hedges where the public record is contested. The substantial portion of what is in this section is documented through the post-2013 declassified institutional record (the Snowden disclosures, the Citizen Lab and Amnesty International technical reporting on commercial spyware, the documented court records on lawful-intercept methodologies, and the extensive academic-and-policy literature). Where deployment is alleged but not documented, the entry says so explicitly.
