NSA and law enforcement should buy the data they need

There's no need for secret courts and wiretaps when there's a large commercial market selling detailed information on hundreds of millions of individual Internet users.
Written by Tom Foremski, Contributor
Restore The Fourth rally in San Francisco
"Restore the Fourth" rally in San Francisco protesting NSA surveillance of US citizens.


Declan McCullagh, the Chief Political correspondent for CNET, reports that the NSA can force tech firms to comply with demands for real-time data on their users because the Foreign Intelligence Surveillance Act provides them with legal rights to install their own gear inside their data centers.

How the U.S. is forcing Internet firms' hands on surveillance | Politics and Law - CNET News

Those devices, the companies fear, could disrupt operations, introduce security vulnerabilities, or intercept more than is legally permitted.

"Nobody wants it on-premises," said a representative of a large Internet company who has negotiated surveillance requests with government officials. "Nobody wants a box in their network... [Companies often] find ways to give tools to minimize disclosures, to protect users, to keep the government off the premises, and to come to some reasonable compromise on the capabilities."

It's tough to fight such demands because there are several legal precedents, such as when Earthlink lost a legal battle to stop the FBI from installing its "Carnivore" surveillance system within its networks. 

Foremski's Take: 

US tech giants have been surveilling their users for years. That's what they mean by "Big Data" and it feeds a huge industry where that data is sold and used in real-time. That's how ad networks know what ads to serve in the milliseconds it takes to load a page.

It's commonly known as "contextual advertising."  But the "context" isn't what's on the page, the context is who is looking at that page.

I'm sure you've noticed those sticky ads, the ones that follow you around the Internet. For example, I was seeing adverts for Tai Chi DVDs and books on numerous web sites for weeks because I had visited a Tai Chi site and clicked around for a bit. 

Advertising networks detect when and where you are online and your physical location. In the instant it takes to load a page they analyze all the data they have about you and serve up an appropriate ad. They log the event and update their personalized dossier with any additional information. 

In that regard, spy agencies and advertisers are essentially the same. They are both interested in real-time data about a specific person. It doesn't matter that one is trying to sell you a watch, while the other one just wants to watch -- the process is the same. 

Imagine if the NSA built an advertising network as a cover and bought access to the same real-time data that advertising networks use. It would be able to collect a lot of valuable data without needing to argue its case in secret courts.

It would have real-time login and other information, it could also drop a super-cookie or key-logger onto a target's computer.

It could even serve up contextual adverts: where to find hard-to-get combustible materials; or difficult to source equipment such as high-speed centrifuges. It would be perfect for sting operations.

But the government agencies should buy the data instead of demanding the right to take it. It's not that expensive and the data brokers will sort it and package it – saving them from having to filter and process the firehose of data from their own equipment installed on-site. 

Editorial standards