There was a time when the idea that the U.S. government might spy on your web activity might have seemed like a far-fetched conspiracy theory.
But that was before Edward Snowden. Back in 2013, Snowden, a former employee of a defense contractor for the National Security Agency, shocked the world by revealing the extent to which U.S. intelligence was able to conduct surveillance on the internet and electronic communications. Snowden's revelations, published in the U.K. newspaper the Guardian and other outlets, included the existence of a previously undisclosed NSA program called PRISM. The latter gave NSA direct access to the servers of various big U.S. internet companies, and enabled officials to collect information that included users' search histories, the content of their emails, file transfers and even live chats [sources: Greenwald and MacAskill,Gellman and Poitras].
Snowden's documents and information also revealed that the NSA had secretly broken into the communications links between data centers across the world, allowing it to download data on internet communication — more than 180 million records in one month alone — and store it at the agency's headquarters in Fort Meade, Maryland [source: Gelman and Soltani]. The "upstream" surveillance program, as it was called, enables NSA to search the international online activity of Americans. The program gave NSA the ability to scrutinize anyone who sends emails abroad or browses a website hosted outside the U.S. [source: Gorski and Toomey].
Though the two online surveillance programs are authorized through a federal law that is designed to allow U.S. intelligence agencies to conduct surveillance upon foreigners, information about the activities of Americans are gathered up in the process as well. The revelations raised an outcry, but nevertheless, both programs were reauthorized by Congress in January 2018 [source: Hautala].
But though the NSA gathers vast amounts of data about online activity, that doesn't necessarily mean that it's spying upon vast numbers of ordinary Americans, which would be illegal. As this Q&A from the Director of National Intelligence explains, before the trove of data can be searched for a foreign intelligence target's online activity it requires an order from a special secret court that hears such requests. There also are procedures in place that require intelligence agencies to redact any communications from Americans that were captured accidentally in the surveillance.
But having your search history scooped up by NSA's surveillance programs isn't the only way that the U.S. government might gain access to what you do on the web. We'll get into that in the next two sections.
The National Security Agency isn't the only federal agency that conducts surveillance on the internet. For decades, the FBI has been doing it as well.
As this 2016 Wired article details, the FBI initially started conducting online surveillance back in 1998, using a tool called Carnivore, which it installed on internet network backbones with the permission of service providers. The tool enabled agents to monitor the online communications of a person who was an investigative target, filtering and copying metadata and the content of messages that they sent and received. The Carnivore program's existence was exposed in 2000 when an internet provider refused to install it. As it turned out, the bureau had only used the tool 25 times up to that point, which indicates that it engaged in widespread spying. In 2005, the FBI replaced Carnivore with commercially available filtering software [source: Zetter].
Additionally, the FBI has other ways to tell what a person is doing on his or her computer. It can break into the machine, either remotely or by breaking into someone's office, and install key logger software, which enables agents to monitor what a person types on the keyboard. That trick makes it possible to circumvent software encryption tools that are designed to protect emails and other messages from being intercepted [source: Zetter].
The FBI has other tricks for unmasking people who visit child pornography websites and other places where bad stuff happens. The bureau's own hackers can gain control of servers and embed spyware on pages on a site, which in turn infects the computers of people who access those pages [source: Zetter].
Those capabilities might seem scary, but they're probably not something that most law-abiding citizens will ever encounter, let alone have to worry about. In the next section, we'll look at a type of tracking that you're more likely to encounter.
Keeping Track of Web Activity
There was a time, quaint as it might seem today, when Americans were worried about the government implanting cookies, the identifier files that websites place on your computer in order to recognize you. These days, though, we acquiesce to having Google, Facebook and other private-sector internet companies collect vast amounts of information on us [source: Curran]. So the threat of the government cookies may not seem like as big of a deal.
But if you want to know what information government might be collecting about you as a result of your visits to its websites, an article about privacy and security policies on USA.gov, the federal portal for government services, gives a detailed rundown. When you visit the site, it records your internet protocol address, the numerical code that identifies the router and device you're using. In addition, it records the website from which you linked to the USA.gov, the time and date of your visit, what searches you did and links that you clicked. It also even documents whether you use Chrome or Firefox, and what operating system is on your computer [source: USA.gov].
The government website also implants cookies on your computer that identify you, though not by name. "We use web metrics services to track activity on USA.gov," the website explains. "Government agencies only ever receive traffic statistics anonymously and, in the aggregate, officials can track trends in the website's usage." The site also explains how you can disable these so-called persistent cookies, in case you don't want to be tracked [source: USA.gov].
More Great Links
- Curran, Dylan. "Are you ready? Here is all the data Facebook and Google have on you." Guardian. March 30, 2018. (May 5, 2019) http://bit.ly/2PPX48L
- Director of National Intelligence. "The FISA Amendments Act: Q&A." Dni.gov. April 18, 2017. (May 5, 2019) https://www.dni.gov/files/icotr/FISA%20Amendments%20Act%20QA%20for%20Publication.pdf
- Gay, Lance. "White House drug office tracks computer visitors." Scripps Howard News Service. June 20, 2000. http://shns.scripps.com/shns/story.cfm?pk=COOKIES-06-20-00&cat=AN
- Gellman, Barton and Soltani, Ashkan. "NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say." Washington Post. Oct. 30, 2013]. https://wapo.st/2PM8cU5
- Gellman, Barton and Poitras, Laura. "U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program." Washington Post. June 7, 2013. (May 5, 2019) https://wapo.st/2POg1sc
- "Government Cookies Show Up Even When Prohibited." Tech Law Prof Blog. January 6, 2006. http://lawprofessors.typepad.com/tech_law_prof/2006/01/government_cook.html
- Govtrack.us. "S. 436 (111th): Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2009." Govtrack.us. (May 5, 2019)
- Greenwald, Glenn and MacAskill, Ewen. "NSA Prism program taps in to user data of Apple, Google and others." Guardian. June 7, 2013. (May 5, 2019) http://bit.ly/2PLZsxk
- Hautala, Laura. "NSA surveillance programs renewed by Senate." Cnet.com. Jan. 18, 2018. (May 5, 2019) https://cnet.co/2PM24eC
- "H.R. 837: Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act (SAFETY) of 2007." GovTrack.us. Updated January 26, 2008. http://www.govtrack.us/congress/bill.xpd?bill=h110-837
- McCullagh, Declan and Broache, Anne. "Government Web sites are keeping an eye on you." CNET News. January 5, 2006. http://www.news.com/2100-1028_3-6018702.html
- Olsen, Stefanie. "Nearly undetectable tracking device raises concern." CNET News. July 12, 2000. http://www.news.com/Nearly-undetectable-tracking-device-raises-concern/2100-1017_3-243077.html?tag=st.nl
- Pew Research Center. "How Americans have viewed government surveillance and privacy since Snowden leaks. " Pewresearch.org. June 14, 2018. (May 5, 2019) https://pewrsr.ch/2PPxD73
- Singel, Ryan. "Are TSA's Tracking Cookies Legal?" Wired. February 14, 2007. http://blog.wired.com/27bstroke6/2007/02/are_tsas_tracki.html
- "Spy Agency Removes Illegal Tracking Files." New York Times. December 29, 2005. http://www.nytimes.com/2005/12/29/national/29cookies.html?_r=1&adxnnl=1&oref=slogin&adxnnlx=1203374103-RXeNedoeBrDHiVw/w2avjQ
- Zetter, Kim. "Everything We Know About How the FBI Hacks People." Wired. May 15, 2016. (May 5, 2019) http://bit.ly/2PM6uSN