Beijing has added yet another brick to its Great Firewall, tightening access to Google’s email service in the latest phase of a censorship campaign that has left Chinese citizens unable to access huge swaths of the Internet.
Other Google (GOOG) products, including Search, Sites and Picasa, have been similarly targeted by Chinese government agencies that govern Internet and social media content.
With Gmail access now severely restricted, Google’s suite of services are largely blacked out in China.
Some Gmail users in China reported on Twitter Tuesday that service had been restored. But Google’s own data still shows that fewer than 20% of people in China can access their Gmail.
The outcry over the latest blockage was swift and angry. Business travelers complained they will no longer be able to access email while in China without jumping through hoops. Their Chinese counterparts complained that it will now be more difficult to conduct business internationally.
Access to Twitter (TWTR, Tech30), Facebook (FB, Tech30) and YouTube is blocked in China. During recent pro-democracy protests in Hong Kong, the Facebook-owned photo sharing app Instagram was blacked out on the Mainland.
Taken together, the restrictions constitute the world’s largest — and most effective — state-sponsored censorship program. The effort, officially called “Golden Shield,” is more than a decade old.
The program allows Beijing to restrict content it deems sensitive (on democracy, Tibet or the Uighur ethnic group, for example). Thousands of websites are blocked outright, and Chinese citizens that offend authorities can face judicial consequences.
The effort has left Chinese Internet users with a World Wide Web that bears little resemblance to the uncensored Internet.
Instead of using Google to perform searches, most Chinese use a homegrown alternative called Baidu (BIDU, Tech30). Instead of posting messages on Facebook or Twitter, Chinese users are pushed to Weibo.
And these domestic services are in turn heavily censored.
Offensive content — even a joke about the Communist Party — will quickly be removed from circulation. Censors monitor activity 24/7, forcing Chinese users to deploy homophones and puns in an effort to mask their intent. Among the most popular of these is “Grass Mud Horse,” a homophone for an obscenity involving one’s mother that doubles as an anti-censorship meme.
For U.S. companies hoping to do business in the world’s second largest economy, Beijing’s approach presents a series of tough choices.
Companies that resist Beijing’s censorship — as Google has done — are often punished as a result. Of major U.S. social media platforms, only LinkedIn (LNKD, Tech30) has been allowed to operate in China — and only after it agreed to block content. For example, it took down posts earlier this year related to the 1989 Tiananmen Square crackdown.
China is unlikely to ease its restrictions in the near-term. Beijing often describes what is known colloquially as the “Great Firewall” as a critical national security tool.
“I can choose who will be a guest in my home,” China’s top Internet regulator Lu Wei said earlier this year.
The nationalist-leaning Global Times offered the security justification in an editorial published Tuesday.
“If the China side indeed blocked Gmail, the decision must have been prompted by newly emerged security reasons,” the paper said. “If that is the case, Gmail users need to accept the reality of Gmail being suspended in China.”
The website has been blocked since the summer. However, it was still possible to access email easily via third-party apps used on smartphones and tablets. Those workarounds now also appear to have been shut down, although some users were reporting they could reach their email on Tuesday.
Why was the website blocked?
The block occurred in the lead-up to this year’s 25th anniversary of the Tiananmen Square massacre on June 4, which saw unparalleled levels of harassment and paranoia by the security services
Many are so used to government interference in their web habits that circumnavigating these censorship efforts, through methods like proxy software, has become a part of everyday life. Because the block only affected the main website, and accessing emails was still unaffected on hardware like iPhones, the disruption was minimised.
Why does the Chinese government dislike Gmail?
The Party claims its economy is open to all companies, but demands terms that some companies find unethical. Google publicly pulled out of China in 2010, citing censorship and hacking issues, and relations immediately cooled. The Gmail block extends to all Google services. YouTube was blocked in 2008 for hosting footage of the Tibet riots.
Who does the block effect?
Millions of people. Almost every Chinese web user has a “QQ” messaging account with email, but many also use Gmail. Plenty of international and domestic businesses also use Gmail, as well as individuals, particularly those who spend time abroad. Some noted that the block coincided with applications for overseas universities – which would be particularly bothersome to the families of government officials, for example.
By Abid Rahman, The Hollywood Reporter | November 19, 2014
The Chinese government is blocking access to thousands of sites and cloud services in the lead up to tech industry conference, reported the South China Morning Post on Tuesday.
Already trigger happy when it came to blocking websites it didn’t agree with, the state Internet censor has blocked sites and cloud services as disparate as Sony Mobile, retail bank HSBC and The Atlantic. No reasons were given why these sites had fallen foul of the Internet censor and have been pushed outside of the notorious “Great Firewall of China,” although the HSBC website is said to give users a backdoor access to banned site Youtube.
Media speculation suggests that the blackouts are, ironically, in preparation for the World Internet Conference in the small provincial city of Wuzhen. The first of it’s kind to be held in China, the conference will be held from Wednesday to Friday, and will focus on issues such as cyber security, international e-commerce and online anti-terrorism initiatives.
Chinese state media said that up to 1000 people from around the world will attend. Bloomberg is reporting that leaders from local Internet giants, including Alibaba and Tencent, will be in attendance along with executives from LinkedIn, SoftBank and other global tech companies.
Although the rest of China will suffer Internet blackouts to various sites and services, conference attendees will have unfettered access for three days to banned websites like Facebook, Instagram and Twitter.
Tech companies, civil liberties groups and human rights organizations are calling on the Senate to re-introduce a more comprehensive version of a once-promising NSA reform bill. The USA Freedom Act, which was passed by Congress on May 22, lost the backing of privacy advocates after the House took out several provisions to garner bipartisan support.
Reform Government Surveillance — a coalition comprised of Facebook, Google, Microsoft, Apple, Twitter, Dropbox, LinkedIn, Yahoo, and AOL — called on Senators to fix the bill, citing the need to inspire more confidence in the Internet around the world.
Google servers in Douglas County, Ga. The company is encrypting more data as it moves between servers.Credit Connie Zhou/Google
“Unfortunately, the version that just passed the House of Representatives could permit bulk collection of Internet “metadata” (e.g. who you email and who emails you), something that the Administration and Congress said they intended to end. Moreover, while the House bill permits some transparency, it is critical to our customers that the bill allow companies to provide even greater detail about the number and type of government requests they receive for customer information,” the coalition said in a press release.
A coalition comprised of Facebook, Google, Microsoft, Apple, Twitter, Dropbox, LinkedIn, Yahoo, and AOL called on Senators to fix the bill.
Civil liberties and human rights organizations echoed the group’s sentiments, saying that the current version of the legislation may give authorities enough leeway for abuse. In a letter addressed to Senate leaders, a coalition led by the American Civil Liberties Union, the Electronic Frontier Foundation, Amnesty International and Human Rights Watch stated that it is “very concerned” about the changes introduced to the bill.
“All of the undersigned organizations believed the original version of the USA Freedom Act introduced in both the House and the Senate was an important step towards comprehensive reform. However, we are very concerned about the changes made to the bill in the House and the breadth of the surveillance that the bill could abusively be read to authorize,” the group said in a press release.
“Before passage by the House, both the Judiciary and Intelligence Committees marked up the bill and reported out identical language. However, the final bill passed by the House markedly differs from both the original bill and the bill reported out of the committees … We respectfully submit that careful, public and deliberate consideration of this legislation by the Senate, beginning with full process in the Senate Judiciary and Intelligence Committees, is now necessary to ensure that the legislation truly achieves its unambiguously defined objectives.”
The world’s second largest cellular carrier Britain’s Vodafone says many countries have unfettered access to private communications. Rupak De Chowdhuri/Reuters
While one of the bill’s authors, Rep. Jim Sensenbrenner (R-Wi), admits that the legislation is weaker than its original version, he still insists that it can still prevent the NSA from collecting phone metadata.
The EFF disagrees. In an earlier press release, the organization withdrew its support of the bill, saying: “The Electronic Frontier Foundation cannot support a bill that doesn’t achieve the goal of ending mass spying.”
The most contentious part of the bill is its new definition of “specific selection term,” which outlines who or what the NSA can monitor. The original definition of specific selection term was information “uniquely describes a person, entity, or account.” In the new version of the bill, it was expanded to “person, entity, account, address, or device.”
“The new version not only adds the undefined words “address” and “device,” but makes the list of potential selection terms open-ended by using the term “such as.” Congress has been clear that it wishes to end bulk collection, but given the government’s history of twisted legal interpretations, this language can’t be relied on to protect our freedoms,” the EFF said.
Sen. Patrick Leahy (D-Vt.), who is credited as a co-author of the bill, said that the legislation will be taken up in the Judiciary Committee this month. While he expressed dismay over the version of the bill that passed Congress, he indicated that he is looking to bring back the tougher version of the bill.
“I hope we can add back in some of the reforms they had to take out of the House, reforms that both Congressman Sensenbrenner and I strongly support,” he said.
Companies based outside the European Union must meet Europe’s data protection rules, ministers agreed on Friday, although governments remain divided over how to enforce them on companies operating across the bloc.
The agreement to force Internet companies such as Google and Facebook to abide by EU-wide rules is a first step in a wider reform package to tighten privacy laws – an issue that has gained prominence following revelations of U.S. spying in Europe.
Vodafone’s disclosure on Friday of the extent of telephone call surveillance in European countries showed the practice is not limited to the United States. The world’s second-largest mobile phone company, Vodafone is headquartered in the United Kingdom.
“All companies operating on European soil have to apply the rules,” EU Justice Commissioner Viviane Reding told reporters at a meeting in Luxembourg where ministers agreed on a position also been backed by the Court of Justice of the European Union (ECJ).
Non-European companies with operations in Europe currently comply with data protection laws in the country in which they are based, which some say leads to “jurisdiction shopping” whereby businesses set up shop in countries with a more relaxed attitude to privacy.
But under the new rules all EU countries will have the same data protection laws, meaning companies will no longer be able to challenge which laws apply to them in court.
Earlier this year a German court ruled that Facebook was subject to German data protection law even if its European headquarters are located in Ireland.
Facebook declined to comment on Friday’s agreement.
Germany and the European Commission, the EU executive, have been highly critical of the way the United States accesses data since former U.S. National Security Agency contractor Edward Snowden last year revealed U.S. surveillance programmes.
Disclosures that the United States carried out large-scale electronic espionage in Germany, including bugging Chancellor Angela Merkel’s mobile phone, provoked indignation in Europe.
“Now is the day for European ministers to give a positive answer to Edward Snowden’s wake-up call,” Reding said.
Commenting on Vodafone’s disclosure, she said: “All these kind of things show how important it is to have data protection clearly established.”
The reform package, which was approved by the European Parliament in March, has divided EU governments and still needs work to become law despite Friday’s progress.
While ministers also agreed on provisions allowing companies to transfer data to countries outside the European Union, there was no decision on how to help companies avoid having to deal separately with the bloc’s 28 different data protection authorities.
That issue was thrown into stark relief by a ruling from Europe’s top court requiring Google to remove links to a 16-year-old newspaper article about a Spanish man’s bankruptcy.
The search engine has since received tens of thousands of requests across Europe, and under current rules has to deal with each national authority.
A “one-stop-shop” arrangement would allow companies to deal exclusively with the data protection authority in the country where it has its main establishment. But governments are concerned about a foreign data protection authority making binding decisions that they would then have to enforce.
For example, if a complaint originated in Denmark against a company based in Ireland, the Danish authorities would have to implement a decision by the Irish data protection body, something that is both legally and politically difficult.
US and UK spy agencies piggyback on commercial data
Details can include age, location and sexual orientation
Documents also reveal targeted tools against individual phones
By James Ball
GCHQ documents use Angry Birds – reportedly downloaded more than 1.7bn times – as a case study for app data collection.
The National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of “leaky” smartphone apps, such as the wildly popular Angry Birds game, that transmit users’ private information across the internet, according to top secret documents.
The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users’ most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.
Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect.
Dozens of classified documents, provided to the Guardian by whistleblower Edward Snowden and reported in partnership with the New York Times and ProPublica, detail the NSA and GCHQ efforts to piggyback on this commercial data collection for their own purposes.
Scooping up information the apps are sending about their users allows the agencies to collect large quantities of mobile phone data from their existing mass surveillance tools – such as cable taps, or from international mobile networks – rather than solely from hacking into individual mobile handsets.
Exploiting phone information and location is a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities, for example by using phones as triggering devices in conflict zones. The NSA has cumulatively spent more than $1bn in its phone targeting efforts.
The disclosures also reveal how much the shift towards smartphone browsing could benefit spy agencies’ collection efforts.
One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled “Golden Nugget!” – sets out the agency’s “perfect scenario”: “Target uploading photo to a social media site taken with a mobile device. What can we get?”
The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a “possible image”, email selector, phone, buddy lists, and “a host of other social working data as well as location”.
In practice, most major social media sites, such as Facebook and Twitter, strip photos of identifying location metadata (known as EXIF data) before publication. However, depending on when this is done during upload, such data may still, briefly, be available for collection by the agencies as it travels across the networks.
Depending on what profile information a user had supplied, the documents suggested, the agency would be able to collect almost every key detail of a user’s life: including home country, current location (through geolocation), age, gender, zip code, martial status – options included “single”, “married”, “divorced”, “swinger” and more – income, ethnicity, sexual orientation, education level, and number of children.
The agencies also made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps. One basic effort by GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world – meaning that just by taking tower ID from a handset, location information could be gleaned.
A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.
So successful was this effort that one 2008 document noted that “[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system.”
The information generated by each app is chosen by its developers, or by the company that delivers an app’s adverts. The documents do not detail whether the agencies actually collect the potentially sensitive details some apps are capable of storing or transmitting, but any such information would likely qualify as content, rather than metadata.
Data collected from smartphone apps is subject to the same laws and minimisation procedures as all other NSA activity – procedures that the US president, Barack Obama, suggested may be subject to reform in a speech 10 days ago. But the president focused largely on the NSA’s collection of the metadata from US phone calls and made no mention in his address of the large amounts of data the agency collects from smartphone apps.
The latest disclosures could also add to mounting public concern about how the technology sector collects and uses information, especially for those outside the US, who enjoy fewer privacy protections than Americans. A January poll for the Washington Post showed 69% of US adults were already concerned about how tech companies such as Google used and stored their information.
The documents do not make it clear how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected. The NSA says it does not target Americans and its capabilities are deployed only against “valid foreign intelligence targets”.
The documents do set out in great detail exactly how much information can be collected from widely popular apps. One document held on GCHQ’s internal Wikipedia-style guide for staff details what can be collected from different apps. Though it uses Android apps for most of its examples, it suggests much of the same data could be taken from equivalent apps on iPhone or other platforms.
The GCHQ documents set out examples of what information can be extracted from different ad platforms, using perhaps the most popular mobile phone game of all time, Angry Birds – which has reportedly been downloaded more than 1.7bn times – as a case study.
From some app platforms, relatively limited, but identifying, information such as exact handset model, the unique ID of the handset, software version, and similar details are all that are transmitted.
Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media’s website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.
Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programs looking to extract data from its apps users.
“Rovio doesn’t have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks,” said Saara Bergström, Rovio’s VP of marketing and communications. “Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ].”
Millennial Media did not respond to a request for comment.
In December, the Washington Post reported on how the NSA could make use of advertising tracking files generated through normal internet browsing – known as cookies – from Google and others to get information on potential targets.
However, the richer personal data available to many apps, coupled with real-time geolocation, and the uniquely identifying handset information many apps transmit give the agencies a far richer data source than conventional web-tracking cookies.
“They are gathered in bulk, and are currently our single largest type of events,” the document stated.
The ability to obtain targeted intelligence by hacking individual handsets has been well documented, both through several years of hacker conferences and previous NSA disclosures in Der Spiegel, and both the NSA and GCHQ have extensive tools ready to deploy against iPhone, Android and other phone platforms.
GCHQ’s targeted tools against individual smartphones are named after characters in the TV series The Smurfs. An ability to make the phone’s microphone ‘hot’, to listen in to conversations, is named “Nosey Smurf”. High-precision geolocation is called “Tracker Smurf”, power management – an ability to stealthily activate an a phone that is apparently turned off – is “Dreamy Smurf”, while the spyware’s self-hiding capabilities are codenamed “Paranoid Smurf”.
Those capability names are set out in a much broader 2010 presentation that sheds light on spy agencies’ aspirations for mobile phone interception, and that less-documented mass-collection abilities.
The cover sheet of the document sets out the team’s aspirations:
Another slide details weak spots in where data flows from mobile phone network providers to the wider internet, where the agency attempts to intercept communications. These are locations either within a particular network, or international roaming exchanges (known as GRXs), where data from travellers roaming outside their home country is routed.
These are particularly useful to the agency as data is often only weakly encrypted on such networks, and includes extra information such as handset ID or mobile number – much stronger target identifiers than usual IP addresses or similar information left behind when PCs and laptops browse the internet.
The NSA said its phone interception techniques are only used against valid targets, and are subject to stringent legal safeguards.
“The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency,” said a spokeswoman in a statement.
“Any implication that NSA’s foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true. Moreover, NSA does not profile everyday Americans as it carries out its foreign intelligence mission. We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets.
“Because some data of US persons may at times be incidentally collected in NSA’s lawful foreign intelligence mission, privacy protections for US persons exist across the entire process concerning the use, handling, retention, and dissemination of data. In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process.
“Continuous and selective publication of specific techniques and tools lawfully used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies – and places at risk those we are sworn to protect.”
The NSA declined to respond to a series of queries on how routinely capabilities against apps were deployed, or on the specific minimisation procedures used to prevent US citizens’ information being stored through such measures.
GCHQ declined to comment on any of its specific programs, but stressed all of its activities were proportional and complied with UK law.
“It is a longstanding policy that we do not comment on intelligence matters,” said a spokesman.
“Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework that ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.”
• A separate disclosure on Wednesday, published by Glenn Greenwald and NBC News, gave examples of how GCHQ was making use of its cable-tapping capabilities to monitor YouTube and social media traffic in real-time.
GCHQ’s cable-tapping and internet buffering capabilities , codenamed Tempora, were disclosed by the Guardian in June, but the new documents published by NBC from a GCHQ presentation titled “Psychology: A New Kind of SIGDEV” set out a program codenamed Squeaky Dolphin which gave the British spies “broad real-time monitoring” of “YouTube Video Views”, “URLs ‘Liked’ on Facebook” and “Blogspot/Blogger Visits”.
A further slide noted that “passive” – a term for large-scale surveillance through cable intercepts – give the agency “scalability”.
The means of interception mean GCHQ and NSA could obtain data without any knowledge or co-operation from the technology companies. Spokespeople for the NSA and GCHQ told NBC all programs were carried out in accordance with US and UK law.
When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spies may be lurking in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.
In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.
According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.
The N.S.A. and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services.
The eavesdroppers’ pursuit of mobile networks has been outlined in earlier reports, but the secret documents, shared by The New York Times, The Guardian and ProPublica, offer far more details of their ambitions for smartphones and the apps that run on them. The efforts were part of an initiative called “the mobile surge,” according to a 2011 British document, an analogy to the troop surges in Iraq and Afghanistan. One N.S.A. analyst’s enthusiasm was evident in the breathless title — “Golden Nugget!” — given to one slide for a top-secret 2010 talk describing iPhones and Android phones as rich resources, one document notes.
The scale and the specifics of the data haul are not clear. The documents show that the N.S.A. and the British agency routinely obtain information from certain apps, particularly some of those introduced earliest to cellphones. With some newer apps, including Angry Birds, the agencies have a similar capability, the documents show, but they do not make explicit whether the spies have put that into practice. Some personal data, developed in profiles by advertising companies, could be particularly sensitive: A secret 2012 British intelligence document says that spies can scrub smartphone apps that contain details like a user’s “political alignment” and sexual orientation.
President Obama announced new restrictions this month to better protect the privacy of ordinary Americans and foreigners from government surveillance, including limits on how the N.S.A. can view “metadata” of Americans’ phone calls — the routing information, time stamps and other data associated with calls. But he did not address the avalanche of information that the intelligence agencies get from leaky apps and other smartphone functions.
And while he expressed concern about advertising companies that collect information on people to send tailored ads to their mobile phones, he offered no hint that American spies routinely seize that data. Nothing in the secret reports indicates that the companies cooperate with the spy agencies to share the information; the topic is not addressed.
The agencies have long been intercepting earlier generations of cellphone traffic like text messages and metadata from nearly every segment of the mobile network — and, more recently, computer traffic running on Internet pipelines. Because those same networks carry the rush of data from leaky apps, the agencies have a ready-made way to collect and store this new resource. The documents do not address how many users might be affected, whether they include Americans, or how often, with so much information collected automatically, analysts would see personal data.
“N.S.A. does not profile everyday Americans as it carries out its foreign intelligence mission,” the agency said in a written response to questions about the program. “Because some data of U.S. persons may at times be incidentally collected in N.S.A.’s lawful foreign intelligence mission, privacy protections for U.S. persons exist across the entire process.” Similar protections, the agency said, are in place for “innocent foreign citizens.”
The British spy agency declined to comment on any specific program, but said all its activities complied with British law.
Two top-secret flow charts produced by the British agency in 2012 show incoming streams of information skimmed from smartphone traffic by the Americans and the British. The streams are divided into “traditional telephony” — metadata — and others marked “social apps,” “geo apps,” “http linking,” webmail, MMS and traffic associated with mobile ads, among others. (MMS refers to the mobile system for sending pictures and other multimedia, and http is the protocol for linking to websites.)
In charts showing how information flows from smartphones into the agency’s computers, analysts included questions to be answered by the data, including “Where was my target when they did this?” and “Where is my target going?”
As the program accelerated, the N.S.A. nearly quadrupled its budget in a single year, to $767 million in 2007 from $204 million, according to a top-secret Canadian analysis written around the same time.
Even sophisticated users are often unaware of how smartphones offer a unique opportunity for one-stop shopping for information about them. “By having these devices in our pockets and using them more and more,” said Philippe Langlois, who has studied the vulnerabilities of mobile phone networks and is the founder of the Paris-based company Priority One Security, “you’re somehow becoming a sensor for the world intelligence community.”
Smartphones almost seem to make things too easy. Functioning as phones — making calls and sending texts — and as computers — surfing the web and sending emails — they generate and also rely on data. One secret report shows that just by updating Android software, a user sent more than 500 lines of data about the phone’s history and use onto the network.
Such information helps mobile ad companies, for example, create detailed profiles of people based on how they use their mobile device, where they travel, what apps and websites they open, and other factors. Advertising firms might triangulate web shopping data and browsing history to guess whether someone is wealthy or has children, for example.
The N.S.A. and the British agency busily scoop up this data, mining it for new information and comparing it with their lists of intelligence targets.
One secret 2010 British document suggests that the agencies collect such a huge volume of “cookies” — the digital traces left on a mobile device or a computer when a target visits a website — that classified computers were having trouble storing it all.
“They are gathered in bulk, and are currently our single largest type of events,” the document says.
The two agencies displayed a particular interest in Google Maps, which is accurate to within a few yards or better in some locations. Intelligence agencies collect so much data from the app that “you’ll be able to clone Google’s database” of global searches for directions, according to a top-secret N.S.A. report from 2007.
“It effectively means that anyone using Google Maps on a smartphone is working in support of a G.C.H.Q. system,” a secret 2008 report by the British agency says.
(In December, The Washington Post, citing the Snowden documents, reported that the N.S.A. was using metadata to track cellphone locations outside the United States and was using ad cookies to connect Internet addresses with physical locations.)
In another example, a secret 20-page British report dated 2012 includes the computer code needed for plucking the profiles generated when Android users play Angry Birds. The app was created by Rovio Entertainment, of Finland, and has been downloaded more than a billion times, the company has said.
Rovio drew public criticism in 2012 when researchers claimed that the app was tracking users’ locations and gathering other data and passing it to mobile ad companies. In a statement on its website, Rovio says that it may collect its users’ personal data, but that it abides by some restrictions. For example, the statement says, “Rovio does not knowingly collect personal information from children under 13 years of age.”
The secret report noted that the profiles vary depending on which of the ad companies — which include Burstly and Google’s ad services, two of the largest online advertising businesses — compiles them. Most profiles contain a string of characters that identifies the phone, along with basic data on the user like age, sex and location. One profile notes whether the user is currently listening to music or making a call, and another has an entry for household income.
Google declined to comment for this article, and Burstly did not respond to multiple requests for comment. Saara Bergstrom, a Rovio spokeswoman, said that the company had no knowledge of the intelligence programs. “Nor do we have any involvement with the organizations you mentioned,” Ms. Bergstrom said, referring to the N.S.A. and the British spy agency.
Another ad company creates far more intrusive profiles that the agencies can retrieve, the report says. The apps that generate those profiles are not identified, but the company is named as Millennial Media, which has its headquarters in Baltimore.
In securities filings, Millennial documented how it began working with Rovio in 2011 to embed ad services in Angry Birds apps running on iPhones, Android phones and other devices.
According to the report, the Millennial profiles contain much of the same information as the others, but several categories listed as “optional,” including ethnicity, marital status and sexual orientation, suggest that much wider sweeps of personal data may take place.
Millennial Media declined to comment for this article.
Possible categories for marital status, the secret report says, include single, married, divorced, engaged and “swinger”; those for sexual orientation are straight, gay, bisexual and “not sure.” It is unclear whether the “not sure” category exists because so many phone apps are used by children, or because insufficient data may be available.
There is no explanation of precisely how the ad company defined the categories, whether users volunteered the information, or whether the company inferred it by other means. Nor is there any discussion of why all that information would be useful for marketing — or intelligence.
The agencies have had occasional success — at least by their own reckoning — when they start with something closer to a traditional investigative tip or lead. The spies say that tracking smartphone traffic helped break up a bomb plot by Al Qaeda in Germany in 2007, and the N.S.A. bragged that to crack the plot, it wove together mobile data with emails, log-ins and web traffic. Similarly, mining smartphone data helped lead to arrests of members of a drug cartel hit squad for the 2010 murder of an employee of an American Consulate in Mexico.
But the data, whose volume is soaring as mobile devices have begun to dominate the technological landscape, is a crushing amount of information for the spies to sift through. As smartphone data builds up in N.S.A. and British databases, the agencies sometimes seem a bit at a loss on what to do with it all, the documents show. A few isolated experiments provide hints as to how unwieldy it can be.
In 2009, the American and British spy agencies each undertook a brute-force analysis of a tiny sliver of their cellphone databases. Crunching just one month of N.S.A. cellphone data, a secret report said, required 120 computers and turned up 8,615,650 “actors” — apparently callers of interest. A similar run using three months of British data came up with 24,760,289 actors.
“Not necessarily straightforward,” the report said of the analysis. The agencies’ extensive computer operations had trouble sorting through the slice of data. Analysts were “dealing with immaturity,” the report said, encountering computer memory and processing problems. The report made no mention of anything suspicious in the enormous lumps of data.
Here are 16 social media stats that stood out to me as particularly insightful for Catholics and our Church:
1)“By 2010 Gen Y will outnumber Baby Boomers…96% of them have joined a social network.” Are we meeting them where they’re at?
2)“Social Media has overtaken porn as the #1 activity on the Web.”
3)“1 out of 8 couples married in the U.S. last year met via social media.”
4)“If Facebook were a country it would be the world’s 4th largest.” Do we need an “Archdiocese of Facebook”? :-)
By Matthew Warner
5)“On average, online students out perform those receiving face-to-face instruction.” Is the Church teaching online as much as we could?
6)“80% of companies use LinkedIn as a primary tool to find employees.” Still looking for a job anyone? How about is your parish using LinkedIn to find the most qualified and passionate employees?
7)“What happens in Vegas stays on YouTube, Flickr, Twitter, Facebook, etc.” Thank goodness for the confessional.
8)“Wikipedia has over 13 million articles…some studies show it’s more accurate than Encyclopedia Britannica.” Have Catholics been writing these articles? Contributing to them? Making sure they are correct?
9)“There are over 200,000,000 Blogs.” How many of them are Catholic?
10)“Facebook USERS translated the site from English to Spanish via a Wiki in less than 4 weeks and cost Facebook $0.” How can the Catholic Church or the parish accomplish such feats on limited budgets?
11)“78% of consumers trust peer recommendations.” How many peers are recommending the Catholic Church on social media?
12)“25% of Americans in the past month said they watched a short video…on their phone.” Is the Church doing enough to create these videos? And to create them well?
13)“35% of book sales on Amazon are for the Kindle when available.” How many of our great Catholic treasures (books) have been digitized and made available on the Kindle and other electronic formats?
14)“24 of the 25 largest newspapers are experiencing record declines in circulation because we no longer search for the news, the news finds us.” Are we as a Church going out and finding people? Or are we just waiting for people to find us?
15)“More than 1.5 million pieces of content (web links, news stories, blog posts, notes, photos, etc.) are shared on Facebook…daily.” How many of them reflect the Gospel? How many share the fullness of Truth?
16)“Successful companies in social media act more like Dale Carnegie and less like David Ogilvy – listening first, selling second.” Is the Catholic Church present enough in social media to be listening? And are we listening first?
For the next generation, the social web is defining sex, marriage and family. The Church must be a force there. The social web is on the cutting edge of education and communication. The Church must be on that edge. The social web is developing the language that future generations will speak. The Church must speak it fluently. Social media is changing the world. The Church must be fully present there to help guide that change.
Matthew Warner is a lover of God, his wife, his kids, his life, cookies, hot-buttered bread, snoozin’ & awkward (as well as not awkward) silence. He is the founder and CEO of Flocknote, the creator of Tweet Catholic, a contributing author to The Church and New Media book, and the purveyor of his popular blog, Fallible Blogma. Matt has a B.S. in Electrical Engineering from Texas A&M and an M.B.A. in Entrepreneurship. He and his family hang their hats in Texas.