Digital Tracking

  • Surveillance: A Taxonomy of Known Knowns and Known Unknowns

    June 11, 2013

    In the wake of the avalanche of revelations about the scope of domestic surveillance, several people have asked me to help them understand what is going on. So I put together this handy cheat sheet that hopefully explains the key issues.

    This is a shorthand version of an explainer I presented last week at the Privacy Law Scholars Conference in Berkeley. With apologies to Donald Rumsfeld, I’ve broken it down into “Known Knowns” and “Known Unknowns.”

    Patriot Act Surveillance

    Known Knowns:

    Who: Verizon, AT&T, and SprintNextel, according to reporting by Glenn Greenwald at The Guardian and the The Wall Street Journal.

    What: Records of every single domestic and international telephone call, including the location from which the call was placed, the serial number of the phone, the number dialed and the duration of the call, according to the court order obtained by the Guardian.

    Where: Turned over to the National Security Agency daily, according to the court order obtained by the Guardian.

    When: Ongoing for the past seven years, according to Senator Dianne Feinstein (D-CA)

    Why: To “make connections related to terrorist activities over time,” according to the Office of the Director of National Intelligence.

    How: Foreign Intelligence Surveillance Court authorizes record collections with a court order every three months, according to Sen. Feinstein. Analysts are required to have “reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization” before querying the database of call records, according to the Office of the Director of National Intelligence.

    Legal authority: Section 215 of the Patriot Act allows the FBI to order any person or entity to turn over “any tangible things” for “for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.”

    Known Unknowns:

    Is it legal? Senators including Ron Wyden and Mark Udall have accused the government of secretly reinterpreting the law.

    What happens to innocent people’s data? It’s not clear.

    Are some telecom companies refusing to participate? It’s not clear.

    Does it prevent terrorism? Officials have pointed to two terrorist attacks that were flagged by this program: a New York city subway bombing plot that was foiled, and the Mumbai terror attacks, which were successful.

    Have intelligence officials lied about the existence of the program? Maybe. Sen. Wyden has asked Director of National Intelligence James Clapper to explain his previous denials to Congress.  Last year, National Security Agency Director Keith Alexander told Congress “we don’t have technical insights in the United States.”

     

    PRISM Surveillance:

    Known Knowns:

    Who: Microsoft, Google, Yahoo, Facebook, YouTube, Skype, AOL, Apple, PalTalk, according to slides obtained by The Guardian and The Washington Post.

    What: Content of Internet communications including e-mail, chats, instant messages, according to the slides.

    Where: The government can only use this capability to target persons “reasonably believed to be outside the United States” even though the electronic communications may travel through United States computer services, under the Foreign Intelligence Surveillance Act of 2008.

    When: Since 2007, tech companies have worked to build systems that let the government collect this data, according to the slides.

    Why:  The government says it needs this capability to investigate terrorism, hostile cyber activities and nuclear proliferation.  

    How: The government must obtain a search warrant from the Foreign Intelligence Surveillance Court.

    Legal Authority: Section 702 of the Foreign Intelligence Surveillance Act of 2008 authorizes the “targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.”

    Known Unknowns:

    Is this blanket surveillance? It’s not clear. Before the 2008 law was passed, the government had to identify the target of surveillance. The 2008 law allowed the government to issue “programmatic warrants” that are not based on the identity of an individual, but rather on broader criteria.

    How is the data technically handed over? We don’t yet know all the technical details of how data is turned over to government. Companies have said they don’t provide “direct access” but that doesn’t preclude other ways of sharing bulk data. Google told Wired on Tuesday that it either provides information by hand or secure FTP.

    What happens to innocent people’s data? The law requires the government to minimize the use of data about U.S. persons.

     

    In Summary: The Patriot Act surveillance program is potentially illegal, officials may have lied about it to Congress and it collects information about nearly every single person in the United States. The Prism program is legal, is likely less broad and has some safeguards to protect innocent U.S. residents.

    There’s a reason that former Department of Justice attorney Mark Eckenwiler, who specialized in electronic surveillance law, has suggested calling the Patriot Act surveillance program “Hoover.”

     

     

  • U.S. Terrorism Agency to Tap a Vast Database of Citizens

    December 13, 2012

    By JULIA ANGWIN

    Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime.

    Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens-even people suspected of no crime.

    Not everyone was on board. “This is a sea change in the way that the government interacts with the general public,” Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, argued in the meeting, according to people familiar with the discussions.

    A week later, the attorney general signed the changes into effect.

    Through Freedom of Information Act requests and interviews with officials at numerous agencies, The Wall Street Journal has reconstructed the clash over the counterterrorism program within the administration of President Barack Obama. The debate was a confrontation between some who viewed it as a matter of efficiency—how long to keep data, for instance, or where it should be stored—and others who saw it as granting authority for unprecedented government surveillance of U.S. citizens.

    Read more at The Wall Street Journal and see the full privacy series.

  • New Tracking Frontier: Your License Plates

    September 29, 2012

    For more than two years, the police in San Leandro, Calif., photographed Mike Katz-Lacabe’s Toyota Tercel almost weekly. They have shots of it cruising along Estudillo Avenue near the library, parked at his friend’s house and near a coffee shop he likes. In one case, they snapped a photo of him and his two daughters getting out of a car in his driveway.

    Mr. Katz-Lacabe isn’t charged with, or suspected of, any crime. Local police are tracking his vehicle automatically, using cameras mounted on a patrol car that record every nearby vehicle—license plate, time and location.

    “Why are they keeping all this data?” says Mr. Katz-Lacabe, who obtained the photos of his car through a public-records request. “I’ve done nothing wrong.”

    Until recently it was far too expensive for police to track the locations of innocent people such as Mr. Katz-Lacabe. But as surveillance technologies decline in cost and grow in sophistication, police are rapidly adopting them. Private companies are joining, too. At least two start-up companies, both founded by “repo men”—specialists in repossessing cars or property from deadbeats—are currently deploying camera-equipped cars nationwide to photograph people’s license plates, hoping to profit from the data they collect.

    The rise of license-plate tracking is a case study in how storing and studying people’s everyday activities, even the seemingly mundane, has become the default rather than the exception. Cellphone-location data, online searches, credit-card purchases, social-network comments and more are gathered, mixed-and-matched, and stored in vast databases.

    Read more at The Wall Street Journal and see the full What The Know series online.


  • Selling You on Facebook

    April 7, 2012

    Many popular Facebook apps are obtaining sensitive information about users—and users’ friends—so don’t be surprised if details about your religious, political and even sexual preferences start popping up in unexpected places.

    A Wall Street Journal examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends

    The Wall Street Journal, Page W1

    Not so long ago, there was a familiar product called software. It was sold in stores, in shrink-wrapped boxes. When you bought it, all that you gave away was your credit card number or a stack of bills.

    Now there are “apps”—stylish, discrete chunks of software that live online or in your smartphone. To “buy” an app, all you have to do is click a button. Sometimes they cost a few dollars, but many apps are free, at least in monetary terms. You often pay in another way. Apps are gateways, and when you buy an app, there is a strong chance that you are supplying its developers with one of the most coveted commodities in today’s economy: personal data.

    Continue reading at The Wall Street Journal and see the full What They Know series online.


  • Google’s iPhone Tracking

    February 17, 2012

    Web Giant, Others Bypassed Apple Browser Settings for Guarding Privacy

    The Wall Street Journal, Page One

    Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.

    Read more at The Wall Street Journal and read the full What They Know series online.


  • Stewart Baker: Why Privacy Will Become a Luxury

    November 14, 2011

    Stewart Baker, the former assistant secretary for Homeland Security, talks with Julia Angwin about the need for balancing privacy rights with security concerns. In The Big Interview, Mr. Baker explains why privacy may one day be a luxury available only to the privileged and the rich.


  • Judges Weigh Phone Tracking

    November 9, 2011

     

    The Wall Street Journal, Page One

    State and federal authorities follow the movements of thousands of Americans each year by secretly monitoring the location of their cellphones, often with little judicial oversight, in a practice facing legal challenges.

    Electronic tracking, used by police to investigate such crimes as drug dealing and murder, has become as routine as “looking for fingerprint evidence or DNA evidence,” said Gregg Rossman, a prosecutor in Broward County, Fla.

    The use of cellphone tracking by authorities is among the most common types of electronic surveillance, exceeding wiretaps and the use of GPS tracking, according to a survey of local, state and federal authorities by The Wall Street Journal.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Secret Orders Target Email

    October 10, 2011

    WikiLeaks’ Backer’s Information Sought

    The Wall Street Journal, Page One

    The U.S. government has obtained a controversial type of secret court order to force Google Inc. and small Internet provider Sonic.net Inc. to turn over information from the email accounts of WikiLeaks volunteer Jacob Appelbaum, according to documents reviewed by The Wall Street Journal.

    Read more at The Wall Street Journal and see the full What They Know series online.

    Plus, more on Sonic.net, the little ISP that stood up to the government.


  • Latest in Web Tracking: Stealthy ‘Supercookies’

    August 19, 2011

    The Wall Street Journal, Page One

    Major websites such as MSN.com and Hulu.com have been tracking people’s online activities using powerful new methods that are almost impossible for computer users to detect, new research shows.

    The new techniques, which are legal, reach beyond the traditional “cookie,” a small file that websites routinely install on users’ computers to help track their activities online. Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies, according to researchers at Stanford University and University of California at Berkeley.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Device Raises Fear of Facial Profiling

    August 16, 2011

    The Wall Street Journal, Page One

    With this device, made by BI2 Technologies, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away.

    Dozens of law-enforcement agencies from Massachusetts to Arizona are preparing to outfit their forces with controversial hand-held facial-recognition devices as soon as September, raising significant questions about privacy and civil liberties.

    With the device, which attaches to an iPhone, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away, and do an immediate search to see if there is a match with a database of people with criminal records. The gadget also collects fingerprints.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Web’s Hot New Commodity: Privacy

    February 27, 2011

    The Wall Street Journal, Page One

    As the surreptitious tracking of Internet users becomes more aggressive and widespread, tiny start-ups and technology giants alike are pushing a new product: privacy.

    Companies including Microsoft Corp., McAfee Inc.—and even some online-tracking companies themselves—are rolling out new ways to protect users from having their movements monitored online. Some are going further and starting to pay people a commission every time their personal details are used by marketing companies.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Race Is On to ‘Fingerprint’ Phones, PCs

    November 30, 2010

    The Wall Street Journal, Page One

    BlueCava CEO David Norris plans to fingerprint billions of devices. Tracking cookies ‘are a joke,’ he says.

    IRVINE, Calif.—David Norris wants to collect the digital equivalent of fingerprints from every computer, cellphone and TV set-top box in the world.

    He’s off to a good start. So far, Mr. Norris’s start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices.

    Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • ‘Scrapers’ Dig Deep for Data on Web

    October 11, 2010

    The Wall Street Journal, Page One

    At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves.

    It was a break-in. A new member of the site, using sophisticated software, was “scraping,” or copying, every single message off PatientsLikeMe’s private online forums.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • On the Web’s Cutting Edge, Anonymity in Name Only

    August 3, 2010

    The Wall Street Journal, Page One

    You may not know a company called [x+1] Inc., but it may well know a lot about you.

    From a single click on a web site, [x+1] correctly identified Carrie Isaac as a young Colorado Springs parent who lives on about $50,000 a year, shops at Wal-Mart and rents kids’ videos. The company deduced that Paul Boulifard, a Nashville architect, is childless, likes to travel and buys used cars. And [x+1] determined that Thomas Burney, a Colorado building contractor, is a skier with a college degree and looks like he has good credit.

    The company didn’t get every detail correct. But its ability to make snap assessments of individuals is accurate enough that Capital One Financial Corp. uses [x+1]’s calculations to instantly decide which credit cards to show first-time visitors to its website.

    Read more at The Wall Street Journal and see the full What They Know series online.


  • Sites Feed Personal Details to New Tracking Industry

    July 30, 2010

     

    The Wall Street Journal, Page A1

    The largest U.S. websites are installing new and intrusive consumer-tracking technologies on the computers of people visiting their sites—in some cases, more than 100 tracking tools at a time—a Wall Street Journal investigation has found.

    The tracking files represent the leading edge of a lightly regulated, emerging industry of data-gatherers who are in effect establishing a new business model for the Internet: one based on intensive surveillance of people to sell data about, and predictions of, their interests and activities, in real time.

    Read more at The Wall Street Journal. See the interactive database accompanying the article and see the full What They Know series online.


  • The Web’s New Gold Mine: Your Secrets

    July 30, 2010

    A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series.

    The Wall Street Journal, Page W1

    Brian McCord for the Wall Street Journal

    Ashley Hayes-Beaty

    Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.

    The file consists of a single code— 4c812db292272995-e5416a323e79bd37—that secretly identifies her as a 26-year-old female in Nashville, Tenn. The code knows that her favorite movies include “The Princess Bride,” “50 First Dates” and “10 Things I Hate About You.” It knows she enjoys the “Sex and the City” series. It knows she browses entertainment news and likes to take quizzes.

    Read more at The Wall Street Journal and see the full What They Know series online.


Julia’s Work

Julia Angwin specializes in investigative and technology journalism.

Her current primary area of interest is digital tracking and the way in which the digital revolution has enabled surveillance of all kinds. Ms. Angwin pioneered coverage of this area in the What They Know series for The Wall Street Journal.

Ms. Angwin's most recent book, Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance, discusses the impact of surveillance on our society.

In addition to her work on privacy, Ms. Angwin has long written about the technology industry as a whole and provided advice to everyday users in her Decoder column. Her last book, Stealing MySpace, chronicled the rise of online social networks.