The NSA is sitting quietly along the road data takes between apps on your phone and the advertising companies or the servers hosting your pictures and personal information.
A new report published by a partnership between ProPublica, The New York Times, and The Guardian reveals that the NSA's digital spying system — which we already knew monitored internet backbone connections between continents — also stakes out smaller data connections, offering what one NSA slide calls the "Golden Nugget" of data.
President Obama has frequently downplayed NSA data collection by contrasting it with the information gathered by private companies for marketing purposes. Well, he should know, since the NSA (and its British counterpart, GCHQ) actually tracks that marketing data, too. According to documents leaked by Edward Snowden, the mobile ad platform Millennial Media, for example, which partnered with popular games like "Angry Birds," transmitted "particularly rich information" (in the reporters' words) between phones and the advertisers' servers. To think: when you were watching those birds fly at towers of pigs, the pigs were watching you back.
Or take a photo-sharing site. If your picture is uploaded with your current location — something that generally happens by default on modern phones — even if that data is stripped off the photo once it gets to the app's servers, the NSA could see the image, know where it was taken, and the comments you left about it.
Or take maps search:
A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.
So successful was this effort that one 2008 document noted that "[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
The likely solution will be to add encryption as data travels over the internet — a potentially costly development aspect to iPhone applications. That's what companies like Google and Yahoo pledged to do when the backbone-monitoring was first reported.
The NSA also targets individuals' phones for surveillance as well. It has developed a suite of plugins that can be placed on iPhones or Android phones — named after real and fictional Smurfs characters.
The standard warning about the NSA's tools applies: it can only be used against "non-U.S. persons" — people outside the United States who are not citizens. If you're reading this in Canada on a browser or an app like Readability, the NSA very well may know that you're doing so. Please feel free to leave a comment for them below.
UPDATE: As it turns out, British spies were also able to directly monitor activity on several popular social networking sites, without the permission of the companies running them. NBC News reported on the program called — for real — "Squeaky Dolphin," later on Monday. The report is also based on documents obtained by Edward Snowden.
The British spy agency detailed their social network listening capabilities to the NSA in a 2012 presentation. Here is a real slide from that presentation:
In it, the agency emphasized that the program was intended to show "broad trends," rather than information on individual users. NBC explains:
The presentation showed that analysts could determine which videos were popular among residents of specific cities, but did not provide information on individual social media users. The presenters gave an example of their real-time monitoring capability, showing the Americans how they pulled trend information from YouTube, Facebook and blog posts on Feb. 13, 2012, in advance of an anti-government protest in Bahrain the following day.
But security experts told NBC that the agency would be able to extract some identifying user data from that monitoring, too. Facebook and Twitter now encrypt all of their data, which would complicate the collection of the information detailed above. But according to NBC, Google hasn't done that yet for YouTube or Blogger.