updated 01:59 pm EST, Wed December 11, 2013
Surfing habits, location tracking claimed performed by security agencies
The National Security Agency (NSA) may have been using cookies from web advertisements in order to track individuals, according to a report. A PREF cookie, a unique identifier typically used in Google's advertising system, has apparently been used by the NSA alongside location data, in order to locate individuals of interest to the agency.
Though they only supply a unique numerical identifier rather than personal information about the user, internal presentation slides sent to the Washington Post by Edward Snowden show the NSA and the British equivalent, GCHQ, as using the PREFIDs to distinguish a tracked individual's web traffic from that of other users. It is suggested that these techniques are also employed for "offensive hacking operations."
Excerpt from the latest leaked NSA slides (Washington Post)
The same documents also appear to show the NSA as using data gathered from smartphone apps, under another section apparently named "Happyfoot." The location data stemming from a smartphone app is considerably more useful for the security agencies, due to the higher positional accuracy when compared to far broader cellular mast-based tracking, potentially allowing for agencies to track the movements of suspects without the need for any intrusive techniques.
The revelations will give privacy advocates more ammunition against the data collection activities performed by Internet advertisers. Chris Hoonagle, a lecturer in residence at UC Berkeley Law, told the report "On a macro level, 'we need to track everyone everywhere for advertising' translates into 'the government being able to track everyone everywhere.' It's hard to avoid."
The cookie-based tracking is the latest in a long line of surveillance issues that have plagued security agencies such as the NSA and GCHQ since Snowden's initial leaks. In recent months, the European Commission has called for the US to change the way it collects data in order to "restore trust." Tech companies, hit hard from the spying scandal, have called for the US government to change its policies with regards to surveillance, asking for more oversight and accountability, transparency, and for data collection on specific individuals rather than collecting it in bulk.