Posted on Leave a comment

How the U.S. government used our search engines to spy on its citizens.

ARSAT datacenter

Don’t ask why. It’s child pornography!

Of the vast amount of information available on the Internet, which subset is most hated by practically everyone? Child pornography. This deplorable form of pornography is so widely frowned upon in our society; persons who are convicted and serve time in prison are considered the lowest man on the totem pole and suffer unheard of humiliations including sexual abuse and severe beatings. Censorship advocates will use it as leverage by pointing out that persons seeking to ensure free speech often end up protecting these sexual deviants. Even the United States government has used it to justify unquestioned cooperation from about everyone.

The government requests personal information to fight pornography – we need a list of all websites on the Internet!

In August 2005, under the guise of fighting child pornography, the federal government issued a subpoena to MSN, AOL, Yahoo, and Google. This subpoena requested a list of all web sites catalogued by each of the respective search engines. This list would need to include the web site name, the URL, and the IP address of each site. In addition, the government demanded a complete list of search strings and search results over a two-month period. Later, the government reduced its requested requirements and demanded only a one-week sample of search results. Either way, since most Internet users access the Internet at least once per week, this list would practically cover every Internet user on the planet.

The government’s pretext that the information would be used to battle child pornography was most certainly fictitious. Similar legal battles occur at the local government level quite frequently and their successes in prosecuting these deviants are not carried out by requesting such a wide-ranging variety of private information. Specific search terms or categorical web site lists could have been requested to narrow down the information. Much more effective would have been sting operations where porn related sites or chat rooms are set up and offenders lured into revealing sufficient personal information to pursue prosecution. But it wasn’t’.

There’s no argument that the information requested by the federal government could be used to fight child pornography but there’s also no argument that the requested information was obviously much too broad to serve such a narrow purpose – and it most certainly would be cultivated and used for much more.

Using private information to seed the “Carnivore” engine

The United States government’s alleged “carnivore” engine can purportedly read an Internet data stream at key points (routing points) along the way and systematically catalog the data stream information (it’s rumored to be stored in a data center in Utah). Combined with a data mining process that lets the information collected be manipulated and “sliced and diced”, and you have an exceptionally powerful system for tracking Internet users’ actions and behaviors.

The actual operation of the “Carnivore” system is top secret, and its very existence is still arguable – the system could conceivably work though. As information travels through the Internet, it moves through several key points along the way. At these points, a device, either hardware or software based, can be installed to filter and store all information that passes through that particular point. All information that travels through the Internet will at some point move through one of these key points and is susceptible to being captured and saved.

In addition, even if the data is encrypted it can still be useful. The government sets strict limits on the strength of encryption algorithms making it possible for the government’s most powerful computers to decrypt anything it desires. Once the data is encrypted, it can be parsed or examined by software systems, to glean important information regarding its contents.

Not only the data collected itself but items such as the unique identifying address of the sender and the recipient (the IP address), unique browser identifying strings, and private “cookie” strings, can be used to specifically target and pinpoint any computer on the planet. Once this data is catalogued and correlated with historically collected information, an astounding amount of detail is revealed. What is missing is a complete listing of all Internet sites, or endpoints that may be reached along the way. Can you guess how the government got that list?

Other ways private search engine information could be used to spy

Even if a “carnivore” system did not exist, a catalog of all Internet sites would be very desirable to governmental spying efforts. Search engine companies, especially Google, have the most advanced search algorithms on the planet. A complete list of all Internet endpoints or web pages and related items, is only owned by a handful of companies and Google has the largest database of all. Even with the most sophisticated technology available, the list of endpoints would take years to duplicate. If a complete list could be obtained, it would be easy for the government to continue adding to the list and maintaining a separate catalog of sites. A complete list of search criteria (or search terms used) and search results would then allow them the means to reverse engineer the search algorithm which would allow creation of their own customized engine. If this were received from all the major search engines, a “combined” algorithm could be created which incorporated the best technologies from each of the respective engines.

Which search engine companies complied and why

It is not certain which version of the subpoena request the search engine companies complied with (government’s 2005 request and subsequent modified version of the request). Some of the search engine companies complied early so it’s obvious that they complied with the initial governmental request.

MSN, owned and operated by Microsoft, willingly complied right off the bat. A Microsoft representative was quoted as saying “MSN works closely with law enforcement officials worldwide to assist them when requested… It is our policy to respond to legal requests in a very responsive and timely manner.” In addition, AOL (America Online) also willingly complied with the government’s request without question.

Yahoo complies just a little bit

Yahoo also willingly complied but apparently not to the degree that the government initially demanded. Yahoo declined to provide details on their compliance bringing up the question of whether the government’s request involved national security or if a gag order of some sort was issued. What is known is that Yahoo provided some of the information requested but not all of it. Mary Osako, a Yahoo spokeswoman, told reporters “We are vigorous defenders of our user’s privacy. We did not provide any personal information in response to the Justice Department’s subpoena.”

You can deduce several things from Yahoo’s response. The fact that Yahoo indicated they had not revealed private information (but had released some other form of information) and the fact that the government was not pleased with Yahoo’s response, makes is clear that the federal government requested private information in their subpoena, most likely IP addresses, cookie values (strings of private data stored on each user’s personal computer), and/or complete log files which would contain all of the above.

Google smashes the man (but still comes up slightly short)

The lone opposition to this subpoena request was Google – and they are now on their way to court. Google stated publicly that the government’s request violated privacy rights and revealed company trade secrets. Google specifically stated that the subpoena request was “overbroad, unduly burdensome, vague, and intended to harass.” Bush’s lawyers have asked a federal judge to order Google to turn over the information, an outcome that would have disastrous effects on American’s privacy.

Google’s refusal to provide the requested information is indeed admiral, but many point out that if Google did not collect and retain this personal information in the first place, this would not even be an issue.

Image Credits

In-Article Image Credits

ARSAT datacenter via Wikimedia Commons with usage type - Creative Commons License. November 15, 2014

Featured Image Credit

ARSAT datacenter via Wikimedia Commons with usage type - Creative Commons License. November 15, 2014

 

Geeks talk back