"This is the militarization of the Internet," Appelbaum told the Chaos Computer Congress in Hamburg. "This strategy is undermining the Internet in a direct attempt to keep it insecure. We are under a kind of martial law."
Harvesting your Data
Among the Snowden documents was a 20-page 2012 report from the Government Communications Headquarters -- the British equivalent of the NSA -- that listed a Baltimore-based ad company, Millennial Media. According to the spy agency, it can provide "intrusive" profiles of users of smartphone applications and games. The New York Times has noted that the company offers data like whether individuals are single, married, divorced, engaged, or "swinger," as well as their sexual orientation ("straight, gay, bisexuall, and "not sure'").
How does Millennial Media get this data? Simple. It happens to gather data from some of the most popular video game manufacturers in the world. That includes Activision in California which makes Call of Duty, a military war game that has sold over 100 million copies; Rovio of Finland, which has given away 1.7 billion copies of a game called Angry Birds that allows users to fire birds from a catapult at laughing pigs; and Zynga -- also from California -- which makes Farmville, a farming game with 240 million active monthly users.
In other words, we're talking about what is undoubtedly a significant percentage of the connected world unknowingly handing over personal data, including their location and search interests, when they download "free" apps after clicking on a licensing agreement that legally allows the manufacturer to capture and resell their personal information. Few bother to read the fine print or think twice about the actual purpose of the agreement.
The apps pay for themselves via a new business model called "real-time bidding" in which advertisers like Target and Walmart send you coupons and special offers for whatever branch of their store is closest to you. They do this by analyzing the personal data sent to them by the "free" apps to discover both where you are and what you might be in the market for.
When, for instance, you walk into a mall, your phone broadcasts your location and within a millisecond a data broker sets up a virtual auction to sell your data to the highest bidder. This rich and detailed data stream allows advertisers to tailor their ads to each individual customer. As a result, based on their personal histories, two people walking hand in hand down a street might get very different advertisements, even if they live in the same house.
This also has immense value to any organization that can match up the data from a device with an actual name and identity -- such as the federal government. Indeed, the Guardian has highlighted an NSA document from 2010 in which the agency boasts that it can "collect almost every key detail of a user's life: including home country, current location (through geolocation), age, gender, zip code, marital status" income, ethnicity, sexual orientation, education level, and number of children."
In Denial
It's increasingly clear that the online world is, for both government surveillance types and corporate sellers, a new Wild West where anything goes. This is especially true when it comes to spying on you and gathering every imaginable version of your "data."
Software companies, for their part, have denied helping the NSA and reacted with anger to the Snowden disclosures. "Our fans' trust is the most important thing for us and we take privacy extremely seriously," commented Mikael Hed, CEO of Rovio Entertainment, in a public statement. "We do not collaborate, collude, or share data with spy agencies anywhere in the world."
RSA has tried to deny that there are any flaws in its products. "We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential "backdoors' into our products for anyone's use," the company said in a statement on its website. "We categorically deny this allegation." (Nonetheless RSA has recently started advising clients to stop using the Dual Elliptical Curve.)
Other vendors like Endgame and Millennial Media have maintained a stoic silence. Vupen is one of the few that boasts about its ability to uncover software vulnerabilities.
And the NSA has issued a Pravda-like statement that neither confirms nor denies the revelations. "The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," an NSA spokeswoman told the Guardian. "Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true."
The NSA has not, however, denied the existence of its Office of Tailored Access Operations (TAO), which Der Spiegel describes as "a squad of [high-tech] plumbers that can be called in when normal access to a target is blocked."
The Snowden documents indicate that TAO has a sophisticated set of tools at its disposal -- that the NSA calls "Quantum Theory" -- made up of backdoors and bugs that allow its software engineers to plant spy software on a target computer. One powerful and hard to detect example of this is TAO's ability to be notified when a target's computer visits certain websites like LinkedIn and to redirect it to an NSA server named "Foxacid" where the agency can upload spy software in a fraction of a second.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
