According to The Guardian and New York Times show some of the world's most popular mapping, social network and gaming apps feed America's NSA and Britain's GCHQ with a "golden nugget" of users' personal data.US and British intelligence easily get regular access to data generated by apps such as the popular Angry Birds game or Google Maps.
The huge amounts of personal data can include details such as a user's location, sexual orientation and even political affiliation.
Intelligence agencies' interest in mobile phones and the networks they run on has been documented in several of Snowden's leaks before, but the focus on apps shows how everyday, harmless-looking pieces of software can be used as tools of espionage.
Angry Birds, the addictive birds-versus-pigs game, which has been downloaded more than 1.7 billion times worldwide, was one of the most interesting and surprising examples.
The idea that cyberspies can access data held by organisations without having to formally ask them to hand it over through the "front door". This allows the bodies involved to be kept in the dark about the subject matter and amount of information being taken.
Initial reports following the early Prism revelations sparked speculation that the firms involved had provided agents with direct backdoor access to their servers - something they strongly denied.
The NSA and the UK intelligence agency, GCHQ, were instead intercepting and copying data from the companies without their knowledge via a project codenamed Muscular.
The phrase back door has also been used to refer to allegations that the spy agencies had inserted secret vulnerabilities into encryption software.
If true, this would mean spies could overcome steps taken by service providers and their users to ensure that only the sender and receiver of a communication should be able to read it.
A Belgian telecoms provider whose customers include several EU institutions. The firm revealed in September 2013 that its systems had been hacked since at least 2011.
Leaked documents refer to four types of NSA data collection with regard to US persons (a citizen of the country or someone located within its borders):
- Intentional - the deliberate targeting of an individual or group. NSA agents are forbidden from the intentional collection of data about US persons unless they are given special authority to do so.
- Inadvertent - information gathered about a person whom the agent believed to be foreign, but later learned to be a US person.
- Incidental - data gathered as a by-product of an inquiry into a legitimate foreign target, which might reveal information about a US person. An alleged memo, dated March 2013, says this does not constitute a violation and does not have to be reported for inclusion in reports to Congress.
- Reverse - the targeting of a foreign subject to intentionally gather information about a US person they are in contact with. NSA agents are banned from doing this and told to notify a supervisor if it occurs.
According to an investigation by Foreign Policy magazine, the operation is based at Marine Corps Base Quantico in Virginia, and acts as "the primary liaison" between the NSA and companies including Google, Facebook and Apple.
The report says the unit maintains equipment that takes the desired information from the firms, and makes sure that any encryption processes used by them do not prevent the businesses from handing over data they have a legal responsibility to share.
The British spy agency also shares this information with their American NSA friends, with a previous Snowden document describing a joint program called MUSCULAR where the two agencies shared their entire data flow that had been taken from Yahoo and Google.
"We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links," Google said in a statement."We do not provide any government, including the U.K. government, with access to our systems. These allegations underscore the urgent need for reform of government surveillance practices."
No comments:
Post a Comment