Portfolio

  • NSA Spying Relies on AT&T’s ‘Extreme Willingness to Help’

    August 15, 2015

    This article was published jointly by The New York Times and ProPublica. See all of Julia’s privacy coverage at ProPublica.

    by Julia Angwin and Jeff Larson, ProPublica; Charlie Savage and James Risen, The New York Times; and Henrik Moltke and Laura Poitras, special to ProPublica

    THE NATIONAL SECURITY AGENCY’S ability to spy on vast quantities of Internet traffic passing through the United States has relied on its extraordinary, decades-long partnership with a single company: the telecom giant AT&T.

    While it has been long known that American telecommunications companies worked closely with the spy agency, newly disclosed NSA documents show that the relationship with AT&T has been considered unique and especially productive. One document described it as “highly collaborative,” while another lauded the company’s “extreme willingness to help.”

    AT&T’s cooperation has involved a broad range of classified activities, according to the documents, which date from 2003 to 2013. AT&T has given the NSA access, through several methods covered under different legal rules, to billions of emails as they have flowed across its domestic networks. It provided technical assistance in carrying out a secret court order permitting the wiretapping of all Internet communications at the United Nations headquarters, a customer of AT&T.

    The NSA’s top-secret budget in 2013 for the AT&T partnership was more than twice that of the next-largest such program, according to the documents. The company installed surveillance equipment in at least 17 of its Internet hubs on American soil, far more than its similarly sized competitor, Verizon. And its engineers were the first to try out new surveillance technologies invented by the eavesdropping agency.

    One document reminds NSA officials to be polite when visiting AT&T facilities, noting: “This is a partnership, not a contractual relationship.”

    The documents, provided by the former agency contractor Edward Snowden, were jointly reviewed by The New York Times and ProPublica. The NSA, AT&T and Verizon declined to discuss the findings from the files. “We don’t comment on matters of national security,” an AT&T spokesman said.

    It is not clear if the programs still operate in the same way today. Since the Snowden revelations set off a global debate over surveillance two years ago, some Silicon Valley technology companies have expressed anger at what they characterize as NSA intrusions and have rolled out new encryption to thwart them. The telecommunications companies have been quieter, though Verizon unsuccessfully challenged a court order for bulk phone records in 2014.

    At the same time, the government has been fighting in court to keep the identities of its telecom partners hidden. In a recent case, a group of AT&T customers claimed that the NSA’s tapping of the Internet violated the Fourth Amendment protection against unreasonable searches. This year, a federal judge dismissed key portions of the lawsuit after the Obama administration argued that public discussion of its telecom surveillance efforts would reveal state secrets, damaging national security.

    The Secretariat building at the United Nations headquarters in New York City. (David Sleight/ProPublica)

    The NSA documents do not identify AT&T or other companies by name. Instead, they refer to corporate partnerships run by the agency’s Special Source Operations division using code names. The division is responsible for more than 80 percent of the information the NSA collects, one document states.

    Fairview is one of its oldest programs. It began in 1985, the year after antitrust regulators broke up the Ma Bell telephone monopoly and its long-distance division became AT&T Communications. An analysis of the Fairview documents by the Times and ProPublica reveals a constellation of evidence that points to AT&T as that program’s partner. Several former intelligence officials confirmed that finding.

    A Fairview fiber-optic cable, damaged in the 2011 earthquake in Japan, was repaired on the same date as a Japanese-American cable operated by AT&T. Fairview documents use technical jargon specific to AT&T. And in 2012, the Fairview program carried out the court order for surveillance on the Internet line, which AT&T provides, serving the United Nations headquarters. (NSA spying on United Nations diplomats has previously beenreported, but not the court order or AT&T’s involvement. In October 2013, the United States told the United Nations that it would not monitor its communications.)

    The documents also show that another program, code-named Stormbrew, has included Verizon and the former MCI, which Verizon purchased in 2006. One describes a Stormbrew cable landing that is identifiable as one that Verizon operates. Another names a contact person whose LinkedIn profile says he is a longtime Verizon employee with a top-secret clearance.

    AT&T’s cable station in Point Arena, California. NSA collection at this site was temporarily disrupted after the 2011 Japanese earthquake damaged the undersea cable. (Henrik Moltke for ProPublica)

    After the terrorist attacks of Sept. 11, 2001, AT&T and MCI were instrumental in the Bush administration’s warrantless wiretapping programs, according to a draft report by the NSA’s inspector general. The report, disclosed by Snowden and previously published by The Guardian, does not identify the companies by name but describes their market share in numbers that correspond to those two businesses, according to Federal Communications Commission reports.

    AT&T began turning over emails and phone calls “within days” after the warrantless surveillance began in October 2001, the report indicated. By contrast, the other company did not start until February 2002, the draft report said.

    In September 2003, according to the previously undisclosed NSA documents, AT&T was the first partner to turn on a new collection capability that the NSA said amounted to a “‘live’ presence on the global net.” In one of its first months of operation, the Fairview program forwarded to the agency 400 billion Internet metadata records — which include who contacted whom and other details, but not what they said — and was “forwarding more than one million emails a day to the keyword selection system” at the agency headquarters in Fort Meade, Maryland. Stormbrew was still gearing up to use the new technology, which appeared to process foreign-to-foreign traffic separate from the post-9/11 program..

    In 2011, AT&T began handing over 1.1 billion domestic cellphone calling records a day to the NSA after “a push to get this flow operational prior to the tenth anniversary of 9/11,” according to an internal agency newsletter. This revelation is striking because after Snowden disclosed the program of collecting the records of Americans’ phone calls, intelligence officials told reporters that, for technical reasons, it consisted mostly of landline phone records.

    That year, one slide presentation shows, the NSA spent $188.9 million on the Fairview program, twice the amount spent on Stormbrew, its second-largest corporate program.

    After the Times disclosed the Bush administration’s warrantless wiretapping program in December 2005, plaintiffs began trying to sue AT&T and the NSA In a 2006 lawsuit, a retired AT&T technician named Mark Klein claimed that three years earlier he had seen a secret room in a company building in San Francisco where the NSA had installed equipment.

    Klein claimed that AT&T was providing the NSA with access to Internet traffic that AT&T transmits for other telecom companies. Such cooperative arrangements, known in the industry as “peering,” mean that communications from customers of other companies could end up on AT&T’s network.

    After Congress passed a 2008 law legalizing the Bush program and immunizing the telecom companies for their cooperation with it, that lawsuit was thrown out. But the newly disclosed documents show that AT&T has provided access to peering traffic from other companies’ networks.

    AT&T’s “corporate relationships provide unique accesses to other telecoms and I.S.P.s,” or Internet service providers, one 2013 NSA document states.

    Because of the way the Internet works, intercepting a targeted person’s email requires copying pieces of many other people’s emails, too, and sifting through those pieces. Plaintiffs have been trying without success to get courts to address whether copying and sifting pieces of all those emails violates the Fourth Amendment.

    Many privacy advocates have suspected that AT&T was giving the NSA a copy of all Internet data to sift for itself. But one 2012 presentation says the spy agency does not “typically” have “direct access” to telecoms’ hubs. Instead, the telecoms have done the sifting and forwarded messages the government believes it may legally collect.

    “Corporate sites are often controlled by the partner, who filters the communications before sending to NSA,” according to the presentation. This system sometimes leads to “delays” when the government sends new instructions, it added.

    The companies’ sorting of data has allowed the NSA to bring different surveillance powers to bear. Targeting someone on American soil requires a court order under the Foreign Intelligence Surveillance Act. When a foreigner abroad is communicating with an American, that law permits the government to target that foreigner without a warrant. And when foreigners are messaging other foreigners, that law does not apply and the government can collect such emails in bulk without targeting anyone.

    AT&T’s provision of foreign-to-foreign traffic has been particularly important to the NSA because large amounts of the world’s Internet communications travel across American cables. AT&T provided access to the contents of transiting email traffic for years before Verizon began doing so in March 2013, the documents show. They say AT&T gave the NSA access to “massive amounts of data,” and by 2013 the program was processing 60 million foreign-to-foreign emails a day.

    Because domestic wiretapping laws do not cover foreign-to-foreign emails, the companies have provided them voluntarily, not in response to court orders, intelligence officials said. But it is not clear whether that remains the case after the post-Snowden upheavals.

    “We do not voluntarily provide information to any investigating authorities other than if a person’s life is in danger and time is of the essence,” Brad Burns, an AT&T spokesman, said. He declined to elaborate.

    Continue reading →
  • New Snowden Documents Reveal Secret Memos Expanding Spying

    June 4, 2015

    This article was published jointly by The New York Times and ProPublica. See all of Julia’s privacy coverage at ProPublica

    by Julia Angwin and Jeff Larson, ProPublica, Charlie Savage, the New York Times, and Henrik Moltke, special to ProPublica, June 4, 2015, 11 a.m.

    Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents.

    In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad 2014 including traffic that flows to suspicious Internet addresses or contains malware, the documents show.

    The Justice Department allowed the agency to monitor only addresses and “cybersignatures” 2014 patterns associated with computer intrusions 2014 that it could tie to foreign governments. But the documents also note that the NSA sought permission to target hackers even when it could not establish any links to foreign powers.

    The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance.

    While the Senate passed legislation this week limiting some of the NSA’s authority, it involved provisions in the U.S.A. Patriot Act and did not apply to the warrantless wiretapping program.

    Government officials defended the NSA’s monitoring of suspected hackers as necessary to shield Americans from the increasingly aggressive activities of foreign governments. But critics say it raises difficult trade-offs that should be subject to public debate.

    The NSA’s activities run “smack into law enforcement land,” said Jonathan Mayer, a cybersecurity scholar at Stanford Law School who has researched privacy issues and who reviewed several of the documents. “That’s a major policy decision about how to structure cybersecurity in the U.S. and not a conversation that has been had in public.”

    It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion 2014 a foreign government or a criminal gang 2014 and the NSA is supposed to focus on foreign intelligence, not law enforcement.

    The government can also gather significant volumes of Americans’ information 2014 anything from private emails to trade secrets and business dealings 2014 through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it.

    One internal NSA document notes that agency surveillance activities through “hacker signatures pull in a lot.” Brian Hale, the spokesman for the Office of the Director of National Intelligence, said, “It should come as no surprise that the U.S. government gathers intelligence on foreign powers that attempt to penetrate U.S. networks and steal the private information of U.S. citizens and companies.” He added that “targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose.”

    The effort is the latest known expansion of the NSA’s warrantless surveillance program, which allows the government to intercept Americans’ cross-border communications if the target is a foreigner abroad. While the NSA has long searched for specific email addresses and phone numbers of foreign intelligence targets, the Obama administration three years ago started allowing the agency to search its communications streams for less-identifying Internet protocol addresses or strings of harmful computer code.

    The surveillance activity traces to changes that began after the Sept. 11 terrorist attacks. The government tore down a so-called wall that prevented intelligence and criminal investigators from sharing information about suspected spies and terrorists. The barrier had been erected to protect Americans’ rights because intelligence investigations use lower legal standards than criminal inquiries, but policy makers decided it was too much of an obstacle to terrorism investigations.

    The NSA also started the warrantless wiretapping program, which caused an outcry when it was disclosed in 2005. In 2008, under the FISA Amendments Act, Congress legalized the surveillance program so long as the agency targeted only noncitizens abroad. A year later, the new Obama administration began crafting a new cybersecurity policy 2014 including weighing whether the Internet had made the distinction between a spy and a criminal obsolete.

    “Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical,” the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA’s internal files.

    About that time, the documents show, the NSA 2014 whose mission includes protecting military and intelligence networks against intruders 2014 proposed using the warrantless surveillance program for cybersecurity purposes. The agency received “guidance on targeting using the signatures” from the Foreign Intelligence Surveillance Court, according to an internal newsletter.

    In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments.

    That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a “huge collection gap against cyberthreats to the nation” because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location or pretend to be someone else.

    So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any “malicious cyberactivity,” even if it did not yet know who was behind the attack.

    The newsletter described the further expansion as one of “highest priorities” of the NSA director, Gen. Keith B. Alexander. However, a former senior intelligence official said that the government never asked the court to grant that authority.

    Meanwhile, the FBI in 2011 had obtained a new kind of wiretap order from the secret surveillance court for cybersecurity investigations, permitting it to target Internet data flowing to or from specific Internet addresses linked to certain governments.

    To carry out the orders, the FBI negotiated in 2012 to use the NSA’s system for monitoring Internet traffic crossing “chokepoints operated by U.S. providers through which international communications enter and leave the United States,” according to a 2012 NSA document. The NSA would send the intercepted traffic to the bureau’s “cyberdata repository” in Quantico, Virginia.

    The disclosure that the NSA and the FBI have expanded their cybersurveillance adds a dimension to a recurring debate over the post-Sept. 11 expansion of government spying powers: Information about Americans sometimes gets swept up incidentally when foreigners are targeted, and prosecutors can use that information in criminal cases.

    Citing the potential for a copy of data “exfiltrated” by a hacker to contain “so much” information about Americans, one NSA lawyer suggested keeping the stolen data out of the agency’s regular repository for information collected by surveillance so that analysts working on unrelated issues could not query it, a 2010 training document showed. But it is not clear whether the agency or the FBI has imposed any additional limits on the data of hacking victims.

    In a response to questions for this article, the FBI pointed to its existing procedures for protecting victims’ data acquired during investigations, but also said it continually reviewed its policies “to adapt to these changing threats while protecting civil liberties and the interests of victims of cybercrimes.”

    None of these actions or proposals had been disclosed to the public. As recently as February, when President Obama spoke about cybersecurity at an event at Stanford University, he lauded the importance of transparency but did not mention this change.

    “The technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it,” Obama said.

    Laura Poitras contributed reporting.

     

     

     

    Continue reading →
  • New York Times Op-Ed: Has Privacy Become a Luxury Good?

    March 4, 2014

    The following article appeared in the Opinion pages of the  New York Times on March 3, 2014.

    LAST year, I spent more than $2,200 and countless hours trying to protect my privacy.

    Some of the items I bought — a $230 service that encrypted my data in the Internet cloud; a $35 privacy filter to shield my laptop screen from coffee-shop voyeurs; and a $420 subscription to a portable Internet service to bypass untrusted connections — protect me from criminals and hackers. Other products, like a $5-a-month service that provides me with disposable email addresses and phone numbers, protect me against the legal (but, to me, unfair) mining and sale of my personal data.

    In our data-saturated economy, privacy is becoming a luxury good. After all, as the saying goes, if you aren’t paying for the product, you are the product. And currently, we aren’t paying for very much of our technology.

    Not long ago, we would have bought services as important to us as mail and news. Now, however, we get all those services for free — and we pay with our personal data, which is spliced and diced and bought and sold.

    Consider Google, which scans what you write in Gmail to offer advertisers a chance to promote their items based on your missives. Or a visit to an online news site where your data is secretly auctioned and sold before the page loads. Or Facebook, which allows marketers to turn your status updates into ads for their products.

    Continue reading at nytimes.com.

    Privacy ToolsPurposeCost
    Total$2,467.53
    hard drivebackup data storage$119.99
    MiFiportable Internet connection$419.88
    1Passwordpassword management software$69.99
    shreddershred documents$61.98
    flash drivestransfer files securely$30
    MaskMe disposable identity service$30
    walkie-talkiesunmonitored short-range communications $57.94
    Riseupe-mail service (donation)$100
    Postboxe-mail software$9.95
    Silent Circleencryption phone software$124.80
    Virgin Mobileprepaid phone charges$440
    Samsungcellphone$200
    Off Pocketcellphone Faraday cage$85
    Delete Medata broker opt-out service$209
    MailStop Shielddata broker opt-out service$35
    Acxiom info-request fee (Acxiom required me to send in $5 to obtain my data)$5
    laptop privacy filterprevent snoopers$34.05
    SpiderOakencrypted cloud storage$232
    Access Denied RFID shielded wallet
    $52.95
    Continue reading →
  • My Q&A with Laura Poitras about Bill Binney

    December 26, 2013

    In the course of reporting my Wall Street Journal article about NSA whistleblower Bill Binney, I interviewed filmmaker Laura Poitras about her relationship with Binney and how it led to her meeting Edward Snowden. Here is a transcript of our exchange:

    Q: What sparked your first interest in Bill Binney?

    A: I first learned about Bill in 2011 from Jane Mayer’s New Yorker story on NSA whistleblower Thomas Drake.  The article focused on the government’s effort to prosecute Tom under the Espionage Act.  In the article, Bill went on the record for the first time in order to defend Tom.  He said something that really struck me – he wanted to apologize to the American people for helping build tools now being used to spy on them.

    I got Bill’s phone number after reading the article, but it took me a few days to call him. I knew I couldn’t call a former top level NSA crypto-mathematician turned whistleblower without flipping a switch. When I finally called, Bill said something like:  “Yes, I’ll speak to you.  I’m sick and tired of my government breaking the law and harassing me.”

    I imagine that conversation is sitting in a data repository somewhere.

    Q: At the time that you reached out to Bill, it was difficult to substantiate the allegations he was making. What made him credible to you?

    A: There was no question about Bill’s position in the NSA.  By all accounts, he was a legendary mathematician.  His eyewitness account of what happened after 9/11 is very compelling and supported by other reports.

    I met Bill on the eve of Tom’s trial in 2011. Bill was eager to testify in Tom’s defense because he wanted to be placed under oath and tell the court what he knew about STELLARWIND – NSA’s post 9/11 domestic spying program.  Bill didn’t get the opportunity to testify because the government reduced the charges against Tom from espionage (and 35 years in prison), to a misdemeanor.

    I think Bill is still hoping to testify under oath someday.

    Q:  You published your op-doc about Binney “The Program” on August 22, 2012. What prompted you to break off the piece about Binney and publish it prior to your film being completed?

    A: I decided to make “The Program” for a couple reasons:  First, Bill’s health was bad and I didn’t know how long he’d be with us.  He had taken so many risks to speak out that I felt an urgency to make public his warnings.  Second, the FISA Amendments Acts (FAA), was up for renewal in December 2012, and there was little public debate or interest about the bill and its renewal.  For these two reasons, I felt the story couldn’t wait for me to finish the longer film, so I approached the NYT to make the short op-doc.

    Q:  Is it correct that Edward Snowden reached out to you because of the Binney documentary?

    A: I can’t speak for Snowden’s decision-making process, but he did tell me he learned of my interest in NSA surveillance from the op-doc I made about Bill.

    Continue reading →
  • My Q&A with Edward Snowden about Binney and Big Data

    December 26, 2013

    While reporting my Wall Street Journal article about NSA whistleblower Bill Binney, I posed some questions to Edward Snowden. Here is our exchange, which was fielded by his legal counsel, Ben Wizner at the ACLU:

    Q: In a June Q&A with the Guardian, you were asked about the treatment of Binney and Drake, and you replied “these draconian responses simply build better whistleblowers.” Can you elaborate on what you learned from the treatment of Binney and how it has informed your actions?

    Snowden: I have tremendous respect for Binney, who did everything he could according to the rules. We all owe him a debt of gratitude for highlighting how the Intelligence Community punishes reporting abuses within the system. If you stay quiet and keep your eyes forward, you’ll be taken care of, even if you lie to Congress. If you buck the system, you find armed agents in your bathroom.

    Q: One of the points that Binney makes is that not only is dragnet surveillance harmful to civil liberties, but it also overwhelms the NSA analysts who have to sift through it, weakening our intelligence apparatus. Do you agree with that argument?

    Snowden: I do. Mass surveillance causes us to miss events like the Boston Bombings because analysts are distracted by low-effort analysis of endless and unfocused chatter rather than the focused, targeted investigation of things like tipoffs from partners. When your working process every morning starts with poking around a haystack of 7 billion innocent lives, you’re going to miss things like that. We’re blinding our people with data we don’t need and it puts us at risk.

    Continue reading →
  • NSA Struggles to Make Sense of Flood of Surveillance Data

    December 26, 2013

    Binney photo

    By Julia Angwin

    LAUSANNE, Switzerland— William Binney, creator of some of the computer code used by the National Security Agency to snoop on Internet traffic around the world, delivered an unusual message here in September to an audience worried that the spy agency knows too much.

    It knows so much, he said, that it can’t understand what it has.

    “What they are doing is making themselves dysfunctional by taking all this data,” Mr. Binney said at a privacy conference here.

    The agency is drowning in useless data, which harms its ability to conduct legitimate surveillance, claims Mr. Binney, who rose to the civilian equivalent of a general during more than 30 years at the NSA before retiring in 2001. Analysts are swamped with so much information that they can’t do their jobs effectively, and the enormous stockpile is an irresistible temptation for misuse.

    Mr. Binney’s warning has gotten far less attention than legal questions raised by leaks from former NSA contractor Edward Snowden about the agency’s mass collection of information around the world. Those revelations unleashed a re-examination of the spy agency’s aggressive tactics.

    Read more at The Wall Street Journal and see the full privacy series.

    Continue reading →
  • U.S. Terrorism Agency to Tap a Vast Database of Citizens

    December 13, 2012

    By JULIA ANGWIN

    Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime.

    Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens-even people suspected of no crime.

    Not everyone was on board. “This is a sea change in the way that the government interacts with the general public,” Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, argued in the meeting, according to people familiar with the discussions.

    A week later, the attorney general signed the changes into effect.

    Through Freedom of Information Act requests and interviews with officials at numerous agencies, The Wall Street Journal has reconstructed the clash over the counterterrorism program within the administration of President Barack Obama. The debate was a confrontation between some who viewed it as a matter of efficiency—how long to keep data, for instance, or where it should be stored—and others who saw it as granting authority for unprecedented government surveillance of U.S. citizens.

    Read more at The Wall Street Journal and see the full privacy series.

    Continue reading →
  • New Tracking Frontier: Your License Plates

    September 29, 2012

    For more than two years, the police in San Leandro, Calif., photographed Mike Katz-Lacabe’s Toyota Tercel almost weekly. They have shots of it cruising along Estudillo Avenue near the library, parked at his friend’s house and near a coffee shop he likes. In one case, they snapped a photo of him and his two daughters getting out of a car in his driveway.

    Mr. Katz-Lacabe isn’t charged with, or suspected of, any crime. Local police are tracking his vehicle automatically, using cameras mounted on a patrol car that record every nearby vehicle—license plate, time and location.

    “Why are they keeping all this data?” says Mr. Katz-Lacabe, who obtained the photos of his car through a public-records request. “I’ve done nothing wrong.”

    Until recently it was far too expensive for police to track the locations of innocent people such as Mr. Katz-Lacabe. But as surveillance technologies decline in cost and grow in sophistication, police are rapidly adopting them. Private companies are joining, too. At least two start-up companies, both founded by “repo men”—specialists in repossessing cars or property from deadbeats—are currently deploying camera-equipped cars nationwide to photograph people’s license plates, hoping to profit from the data they collect.

    The rise of license-plate tracking is a case study in how storing and studying people’s everyday activities, even the seemingly mundane, has become the default rather than the exception. Cellphone-location data, online searches, credit-card purchases, social-network comments and more are gathered, mixed-and-matched, and stored in vast databases.

    Read more at The Wall Street Journal and see the full What The Know series online.


    Continue reading →
  • How Grabby Are Your Facebook Apps?

    April 7, 2012

     

    The Wall Street Journal analyzed 100 of the most used applications that connect to Facebook’s social-networking platform to see what data they sought from people. The Journal also tested its own Facebook app, WSJ Social. See the apps tested by the Journal, along with the permissions they ask users to grant them.

    Read more at The Wall Street Journal and see the full What The Know series online.


    Continue reading →
  • Selling You on Facebook

    April 7, 2012

    Many popular Facebook apps are obtaining sensitive information about users—and users’ friends—so don’t be surprised if details about your religious, political and even sexual preferences start popping up in unexpected places.

    A Wall Street Journal examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends

    The Wall Street Journal, Page W1

    Not so long ago, there was a familiar product called software. It was sold in stores, in shrink-wrapped boxes. When you bought it, all that you gave away was your credit card number or a stack of bills.

    Now there are “apps”—stylish, discrete chunks of software that live online or in your smartphone. To “buy” an app, all you have to do is click a button. Sometimes they cost a few dollars, but many apps are free, at least in monetary terms. You often pay in another way. Apps are gateways, and when you buy an app, there is a strong chance that you are supplying its developers with one of the most coveted commodities in today’s economy: personal data.

    Continue reading at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Google’s iPhone Tracking

    February 17, 2012

    Web Giant, Others Bypassed Apple Browser Settings for Guarding Privacy

    The Wall Street Journal, Page One

    Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.

    Read more at The Wall Street Journal and read the full What They Know series online.


    Continue reading →
  • The Surveillance Catalog

    November 19, 2011

    The Surveillance Catalog allows readers to peruse secret marketing materials published by companies that make tracking equipment.

    Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.

    The techniques described in the trove of 200-plus marketing documents include hacking tools that enable governments to break into people’s computers and cellphones, and “massive intercept” gear that can gather all Internet communications in a country.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Stewart Baker: Why Privacy Will Become a Luxury

    November 14, 2011

    Stewart Baker, the former assistant secretary for Homeland Security, talks with Julia Angwin about the need for balancing privacy rights with security concerns. In The Big Interview, Mr. Baker explains why privacy may one day be a luxury available only to the privileged and the rich.


    Continue reading →
  • Judges Weigh Phone Tracking

    November 9, 2011

     

    The Wall Street Journal, Page One

    State and federal authorities follow the movements of thousands of Americans each year by secretly monitoring the location of their cellphones, often with little judicial oversight, in a practice facing legal challenges.

    Electronic tracking, used by police to investigate such crimes as drug dealing and murder, has become as routine as “looking for fingerprint evidence or DNA evidence,” said Gregg Rossman, a prosecutor in Broward County, Fla.

    The use of cellphone tracking by authorities is among the most common types of electronic surveillance, exceeding wiretaps and the use of GPS tracking, according to a survey of local, state and federal authorities by The Wall Street Journal.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Secret Orders Target Email

    October 10, 2011

    WikiLeaks’ Backer’s Information Sought

    The Wall Street Journal, Page One

    The U.S. government has obtained a controversial type of secret court order to force Google Inc. and small Internet provider Sonic.net Inc. to turn over information from the email accounts of WikiLeaks volunteer Jacob Appelbaum, according to documents reviewed by The Wall Street Journal.

    Read more at The Wall Street Journal and see the full What They Know series online.

    Plus, more on Sonic.net, the little ISP that stood up to the government.


    Continue reading →
  • Latest in Web Tracking: Stealthy ‘Supercookies’

    August 19, 2011

    The Wall Street Journal, Page One

    Major websites such as MSN.com and Hulu.com have been tracking people’s online activities using powerful new methods that are almost impossible for computer users to detect, new research shows.

    The new techniques, which are legal, reach beyond the traditional “cookie,” a small file that websites routinely install on users’ computers to help track their activities online. Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies, according to researchers at Stanford University and University of California at Berkeley.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Device Raises Fear of Facial Profiling

    August 16, 2011

    The Wall Street Journal, Page One

    With this device, made by BI2 Technologies, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away.

    Dozens of law-enforcement agencies from Massachusetts to Arizona are preparing to outfit their forces with controversial hand-held facial-recognition devices as soon as September, raising significant questions about privacy and civil liberties.

    With the device, which attaches to an iPhone, an officer can snap a picture of a face from up to five feet away, or scan a person’s irises from up to six inches away, and do an immediate search to see if there is a match with a database of people with criminal records. The gadget also collects fingerprints.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Web’s Hot New Commodity: Privacy

    February 27, 2011

    The Wall Street Journal, Page One

    As the surreptitious tracking of Internet users becomes more aggressive and widespread, tiny start-ups and technology giants alike are pushing a new product: privacy.

    Companies including Microsoft Corp., McAfee Inc.—and even some online-tracking companies themselves—are rolling out new ways to protect users from having their movements monitored online. Some are going further and starting to pay people a commission every time their personal details are used by marketing companies.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Your Digital Fingerprint

    November 30, 2010

    Companies are developing digital fingerprint technology to identify how we use our computers, mobile devices and TV set-top boxes. WSJ’s Simon Constable talks to Julia Angwin about the next generation of tracking tools.


    Continue reading →
  • Race Is On to ‘Fingerprint’ Phones, PCs

    November 30, 2010

    The Wall Street Journal, Page One

    BlueCava CEO David Norris plans to fingerprint billions of devices. Tracking cookies ‘are a joke,’ he says.

    IRVINE, Calif.—David Norris wants to collect the digital equivalent of fingerprints from every computer, cellphone and TV set-top box in the world.

    He’s off to a good start. So far, Mr. Norris’s start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices.

    Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • ‘Scrapers’ Dig Deep for Data on Web

    October 11, 2010

    The Wall Street Journal, Page One

    At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves.

    It was a break-in. A new member of the site, using sophisticated software, was “scraping,” or copying, every single message off PatientsLikeMe’s private online forums.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • One Smart Cookie

    August 4, 2010

     

    New York ad company [x+1] made predictions about users based on just one click on a website. This interactive shows the company’s assumptions about users and how they affected what credit cards were shown.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • On the Web’s Cutting Edge, Anonymity in Name Only

    August 3, 2010

    The Wall Street Journal, Page One

    You may not know a company called [x+1] Inc., but it may well know a lot about you.

    From a single click on a web site, [x+1] correctly identified Carrie Isaac as a young Colorado Springs parent who lives on about $50,000 a year, shops at Wal-Mart and rents kids’ videos. The company deduced that Paul Boulifard, a Nashville architect, is childless, likes to travel and buys used cars. And [x+1] determined that Thomas Burney, a Colorado building contractor, is a skier with a college degree and looks like he has good credit.

    The company didn’t get every detail correct. But its ability to make snap assessments of individuals is accurate enough that Capital One Financial Corp. uses [x+1]’s calculations to instantly decide which credit cards to show first-time visitors to its website.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Sites Feed Personal Details to New Tracking Industry

    July 30, 2010

     

    The Wall Street Journal, Page A1

    The largest U.S. websites are installing new and intrusive consumer-tracking technologies on the computers of people visiting their sites—in some cases, more than 100 tracking tools at a time—a Wall Street Journal investigation has found.

    The tracking files represent the leading edge of a lightly regulated, emerging industry of data-gatherers who are in effect establishing a new business model for the Internet: one based on intensive surveillance of people to sell data about, and predictions of, their interests and activities, in real time.

    Read more at The Wall Street Journal. See the interactive database accompanying the article and see the full What They Know series online.


    Continue reading →
  • The Web’s New Gold Mine: Your Secrets

    July 30, 2010

    A Journal investigation finds that one of the fastest-growing businesses on the Internet is the business of spying on consumers. First in a series.

    The Wall Street Journal, Page W1

    Brian McCord for the Wall Street Journal

    Ashley Hayes-Beaty

    Hidden inside Ashley Hayes-Beaty’s computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny.

    The file consists of a single code— 4c812db292272995-e5416a323e79bd37—that secretly identifies her as a 26-year-old female in Nashville, Tenn. The code knows that her favorite movies include “The Princess Bride,” “50 First Dates” and “10 Things I Hate About You.” It knows she enjoys the “Sex and the City” series. It knows she browses entertainment news and likes to take quizzes.

    Read more at The Wall Street Journal and see the full What They Know series online.


    Continue reading →
  • Who Owns Your Name on Twitter?

    May 19, 2009

    The Wall Street Journal, The Decoder column

    Social networks can be friendly places, but they are not democracies. Nor are they free markets. They are authoritarian regimes with whimsical and arbitrary rules.

    Read more at The Wall Street Journal.


    Continue reading →
  • Facebook: Can It Be Tamed?

    April 21, 2009

    The Wall Street Journal, The Decoder column

    My Facebook account is becoming unmanageable. It’s filled with updates, notifications, messages, wall postings, pokes, notes, friend requests and group requests (and that’s just a small sampling of it all). My Facebook correspondents range from professional contacts, to friends and family, to people I don’t really know at all.

    Read more at The Wall Street Journal.


    Continue reading →
  • Recipe for a Successful Viral Video Campaign

    February 17, 2009

    The Wall Street Journal, The Decoder column

    When Judson Laipply posted his six-minute “Evolution of Dance” video to YouTube in April of 2006, he didn’t advertise it at all. One month later, someone noticed his frenzied moves and e-mailed it to a friend. That friend e-mailed to other friends and more than 100 million views later, the rest is history. “It was all just pure luck” Mr. Laipply says.

    Read more at The Wall Street Journal.


    Continue reading →
  • A Problem for Hot Web Outfits: Keeping Pages Free From Porn

    May 16, 2006

    To Help MySpace Sell Ads, Photo Site Hires Checkers And Tests Software Filters

    The Wall Street Journal, Page One

    DENVER — Working quickly, Photobucket.com employee Jeff Gers can look at nearly 150,000 images on his computer screen during an eight-hour shift, or about 300 a minute. His job is to find and destroy anything that might cause offense, a task that’s getting harder all the time.

    Read more at The Wall Street Journal.


    Continue reading →
  • Elusive Spammer Sends EarthLink on Long Chase

    May 7, 2003

    Web Service Uses Lawyers, Private Eyes To Track Buffalo Sender of Junk E-Mails

    The Wall Street Journal, Page One

    ATLANTA — For more than a year, Mary Youngblood has been chasing the “Buffalo Spammer.”

    The 34-year-old Ms. Youngblood, who sports a picture of Darth Vader on her company ID badge, works at the headquarters of EarthLink Inc., a bigInternet-access provider. She leads a team of more than a dozen investigators whose job it is to find spammers, hackers and other “bad guys” who haunt the company’s network.

    Read more at The Wall Street Journal.


    Continue reading →
Julia’s Work

Julia Angwin specializes in investigative and technology journalism.

Her current primary area of interest is digital tracking and the way in which the digital revolution has enabled surveillance of all kinds. Ms. Angwin pioneered coverage of this area in the What They Know series for The Wall Street Journal.

Ms. Angwin's most recent book, Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance, discusses the impact of surveillance on our society.

In addition to her work on privacy, Ms. Angwin has long written about the technology industry as a whole and provided advice to everyday users in her Decoder column. Her last book, Stealing MySpace, chronicled the rise of online social networks.