GCHQ and NSA ‘track Google cookies’
The latest Snowden leak suggests US and UK cyberspies are taking advantage of Google’s proprietary cookie technology in an effort to track suspects.
Documents published by the Washington Post refer to the NSA and GCHQ’s use of “GooglePrefIDs” – files containing a numeric code placed on computers to help the search firm remember users.
The paper said the US and UK spy agencies piggybacked the files to “home in” on targets already under suspicion.
Google has not commented.
Google’s chairman Eric Schmidt said last week that the company had considered moving its servers outside of the US following the publication of earlier leaks, before deciding it was impractical.
“Google’s position is we are outraged on this,” he said in reference to claims that the NSA and GCHQ had taken data from communication links used by his firm.
“It’s government overreach, is the best way to explain it.”
The cookie surveillance technique is the latest in a series of alleged spy agency activities described by papers released to journalists by the whistleblower Edward Snowden, a former NSA contractor now living in Russia.
Google says it uses “preferences” cookies to enhance people’s use of the internet.
“These cookies allow our websites to remember information that changes the way the site behaves or looks, such as your preferred language or the region you are in,” it explains on its site.
“The Pref cookie may store your preferences and other information, in particular your preferred language (eg English), how many search results you wish to have shown per page (eg 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on.”
The file – which contains a randomly-generated numeric code, rather than the name of the user – is also used by the firm to personalise the adverts shown to people who are not signed into its service.
Since many other firms make use of Google’s technologies to place ads, a user may have PrefIDs on their computer even if they have never visited the search firm’s own services.
There are tools on the internet with which users can reset the cookie’s numeric code to make themselves anonymous. One expert said the company would be concerned if the leaks encouraged more people to use them.
“The last thing that Google wants is for people to tamper with or otherwise mess with its tools, disabling its ability to track them,” said Chris Green, a tech analyst at the consultancy Davies Murphy Group.
“Cookies are a very valuable part of its business.”
A document published by the Washington Post suggests the spy agencies also track other types of cookies, but does not specify which.
It is not clear how the authorities would have obtained the information, although the paper notes that it is among the data the NSA can demand through a Foreign Intelligence Surveillance Act (Fisa) court order.
A spokesman for GCHQ said he could neither confirm nor deny the agency’s involvement in the alleged activity.
“All GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that its activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee,” he said.
The NSA added that it was “within its lawful mission to collect foreign intelligence to protect the United States, use intelligence tools to understand the intent of foreign adversaries and prevent them from bringing harm to innocent Americans”.
Big Read |