The latest round of stories on runaway surveillance programs, based on secret documents leaked by the former US National Security Agency contractor Edward Snowden, made many people sit up and take notice again.
The reports published in the New York Times, the Guardian and Pro-Publica show that the NSA and its British counterpart, Government Communications Headquarters or GCHQ, had the capacity as early as 2007 to lift confidential private information about smartphone users from so-called leaky apps, such as the massively popular game Angry Birds.
“Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, telephone logs and the geographic data embedded in photographs when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other Internet services,” the Times reported.
Rovio, the developer of Angry Birds, promptly issued a denial. “Rovio Entertainment Ltd., which is headquartered in Finland, does not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world.”
But the same press release went on to say:
“The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no Internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps.”
No Internet-enabled device is immune: That is the crux of the problem. Rovio said it had nothing to do with any surveillance and would never allow it; at the same time, it passed the buck to third-party advertising networks, through which “the alleged surveillance may be conducted.” But this only raises three related questions. First: If the spying took place through the third-party company, does that relieve a company like Rovio of any liability? Second: If apps like Angry Birds are truly leaky, that is, vulnerable to hacking, are other governments also targeting them? And third: Since advertising remains very much a part of the business model driving developments in smartphone apps, is it in fact true that no smartphone “is immune to such surveillance”?
We cannot expect definitive answers anytime soon, but these questions make one thing clear. It isn’t only the government—whether in the United States, the United Kingdom, or elsewhere—that acts or is tempted by national security or economic imperative to act as Big Brother. Large commercial enterprises may be driven by industry competition or corporate ambition to spy, in all but name, on their customers, too.
It starts innocently enough: Generating a database of customers’ full names, telephone numbers and residential addresses is necessary, the better to serve the customers. Some establishments collect information about their customers’ birthdays, or their educational background, or their place of origin, again in a necessary attempt to offer better customer service.
But the sheer computer power available in smartphones, and the many uses we make of them, allows information-hungry companies to generate extraordinary kinds of customer data.
According to one secret report disclosed by Snowden, for example, an advertising company based in Baltimore, Maryland, and called Millennial Media was able to create “far more intrusive profiles,” the Times said. “According to the report, the profiles created by Millennial contain much of the same information as others, but several categories that are listed as ‘optional,’ including ethnicity, marital status and sexual orientation, suggest that much wider sweeps of personal data may take place.”
Other profiles generated from the way ordinary people use their smartphones or play their mobile games or post pictures online can help locate the user, or determine household income, or even define political affiliation.
The continuing Snowden revelations should help stoke debate about the rapid digitalization of society, and the corresponding loss in privacy.