The US National Security Agency has quietly subverted the tools used by online advertising companies in order to track surveillance targets and improve its monitoring ability, according to a report based on documents obtained by Edward Snowden.
Presentation slides passed from the NSA whistleblower to the Washington Post reveal that the tracking method used by websites and advertisers, known as ‘cookies,’ also serves government snoops by identifying potential targets to hack.
The NSA and its British counterpart, GCHQ, have specifically found a way to analyze a Google-specific cookie known as the “PREF” cookie. While PREF data does not usually include a user’s personal information, it does carry codes that allow websites and intelligence analysts to determine an individual visitor.
The slides indicate that the data extracted from the cookies “enable remote exploitation.” This method does not require the NSA to sort through the massive stockpile of metadata it harvests every day; instead it allows analysts to target a single user – a technique which the Post compared to a sniper aiming at a target with a laser pointer.
Also, an iPhone or Android user who leaves a browser application open on their device may be unwittingly transmitting their specific location to the NSA without being given a warning from their carrier.
“On a macro level, ‘we need to track everyone everywhere for advertising’ translates into ‘the government being able to track everyone everywhere,’” said Chris Hoofnagle, a lecturer at UC Berkley Law. “It’s hard to avoid.”
Such revelations that have continued to surface since June do not exist in a bubble, as technology companies have begun to find out. Daniel Castro, a senior analyst at the Washington-based Information Technology and Innovation Foundation think-tank, wrote in a new study that America’s “entire tech industry has been implicated and is now facing a global backlash.”
California’s Silicon Valley – which became one of the dominant global industries thanks to the popularity of Apple, Google, Facebook, and others – is now poised to lose $35 billion in revenue as international users seek alternative options to avoid the NSA’s grasp.
Cloud companies are expected to take the hit over the next three years as trust in the US technology sector is hit by the surveillance leaks, although the report’s authors warn that the effect will largely depend on the extent of still-secret surveillance techniques employed by other governments.
“The impact of PRISM on US companies may be particularly acute because cloud computing is a rapidly growing industry,” Castro wrote. “This means that cloud computing vendors not only have to retain existing customers, they must actively recruit new customers to retain market share…If US companies lose market share in the short term, this will have long-term implications on their competitive advantage in this new industry.”