While cookies — the virtual kind — are the bread and butter for advertisers to deliver tailored marketing based on an individual’s Web movements, a new report reveals the National Security Agency is using them to decide if a target should be hacked for further surveillance.
The Washington Post reported this latest information from admitted whistleblower Edward Snowden’s massive leak about the spy agency’s practices.
The Post reported, based on NSA presentation slides from Snowden, that the NSA used cookies, specifically a Google one, to look at already suspicious targets.
Here’s how the Post explained it:
According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or “cookies” that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don’t contain personal information, such as someone’s name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person’s browser.
The slides say the cookies are used to “enable remote exploitation,” although the specific attacks used by the NSA against targets are not addressed in these documents.
A missing piece of information is just how the NSA obtains the cookies’ information, but the Post reported it is likely done with a Foreign Intelligence Surveillance Act order.
“This shows a link between the sort of tracking that’s done by websites for analytics and advertising and NSA exploitation activities,” Princeton University computer scientist Ed Felten told the Post. “By allowing themselves to be tracked for analytic or advertising at least some users are making themselves more vulnerable to exploitation.”
The NSA, declining to comment specifically on this practice, maintained that it lawfully conducts its surveillance activities, according to the Post.
Just this week, major tech companies put the pressure on pressure on President Barack Obama to curb the U.S. government surveillance programs.
Twitter, LinkedIn and AOL joined Google, Apple, Yahoo, Facebook and Microsoft in the push for tighter controls over electronic espionage. The group is immersed in the lives of just about everyone who uses the Internet or a computing device.
Silicon Valley has been fighting back in the courts and in Congress as they seek reforms that would allow them to disclose more information about secret court orders. Several of the companies are also introducing more encryption technology to shield their users’ data from government spies and other prying eyes.
On Monday, these companies issued an open letter and launched a website dedicated to reforming government surveillance.
“The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution,” the letter stated. “This undermines the freedoms we all cherish. It’s time for a change.”
The Associated Press contributed to this report.