US and British spy agencies ‘tap’ data streaming from phone apps

US and British spy agencies ‘tap’ data streaming from phone apps

WASHINGTON

Angry Birds, an addictive birds-versus-pigs game which has been downloaded more than 1.7 billion times worldwide, was one of the most eye-catching examples. REUTERS Photo

Documents leaked by former National Security Agency (NSA) contactor Edward Snowden suggest that spy agencies have a powerful ally in Angry Birds and a host of other applications installed on smartphones across the globe.

The documents, published by The New York Times, the Guardian, and ProPublica, suggest that the mapping, gaming, and social networking apps which are a common feature of the world’s estimated 1 billion smartphones can feed America’s NSA and Britain’s GCHQ with huge amounts of personal data, including location information and details such as political affiliation or sexual orientation.

Size, scope unknown

The size and scope of the program aren’t publicly known, but the reports suggest that U.S. and British intelligence easily get routine access to data generated by apps such as the Angry Birds game franchise or the Google Maps navigation service.

The joint spying program “effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system,” one 2008 document from the British eavesdropping agency is quoted as saying.

Another document, a hand-drawn picture of a smirking fairy conjuring up a tottering pile of papers over a table marked “LEAVE TRAFFIC HERE” — suggests that gathering the data doesn’t take much effort.

The NSA did not directly comment on the reports but said in a statement that the communications of those who were not “valid foreign intelligence targets” were not of interest to the spy agency.

“Any implication that NSA’s foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true,” the statement said. “We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes — regardless of the technical means used by the targets.”

GCHQ said it did not comment on intelligence matters, but insisted that all of its activity was
“authorized, necessary and proportionate.”

Intelligence agencies’ interest in mobile phones and the networks they run on has been documented in several of Snowden’s previous disclosures, but the focus on apps shows how everyday, innocuous-looking pieces of software can be turned into instruments of espionage.

Angry Birds, an addictive birds-versus-pigs game which has been downloaded more than 1.7 billion times worldwide, was one of the most eye-catching examples. The Times and ProPublica said a 2012 British intelligence report laid out how to extract Angry Bird users’ information from phones running the Android operating system.

Another document, a 14-page-long NSA slideshow published to the Web, listed a host of other mobile apps, including those made by social networking giant Facebook, photo sharing site Flickr, and the film-oriented Flixster.

It wasn’t clear precisely what information can be extracted from which apps, but one of the slides gave the example of a user who uploaded a photo using a social media app.

Under the words, “Golden Nugget!” it said that the data generated by the app could be examined to determine a phone’s settings, where it connected to, which websites it had visited, which documents it had downloaded, and who its users’ friends were. One of the documents said that apps could even be mined for information about users’ political alignment or sexual orientation. Google Inc. and Rovio Entertainment Ltd., the maker of Angry Birds, did not immediately return messages seeking comment on the reports.

Agreement with tech firms

The disclosures came as the United States agreed to give technology firms the ability to publish broad details of how their customer data has been targeted by spy agencies.

Facing a legal challenge and a furious public debate, Attorney General Eric Holder and Director of National Intelligence James Clapper said the companies would now be allowed to disclose figures on consumer accounts requested.

“The administration is acting to allow more detailed disclosures about the number of national security orders and requests issued to communications providers,” the officials said in a joint statement.

In a letter to tech giants Facebook, Google, LinkedIn, Microsoft and Yahoo, the Justice Department freed them to release the approximate number of customer accounts targeted.

President Barack Obama’s administration has faced pressure from the tech sector following leaked documents outlining vast surveillance of online and phone communications. The companies have said the reports have already begun to affect their business.

Facebook, Google, LinkedIn, Microsoft and Yahoo, which sued for the right to publish more data, said in a joint statement they were pleased with the settlement.

“We filed our lawsuits because we believe that the public has a right to know about the volume and types of national security requests we receive,” the companies said. They will have an option to reveal within bands of 1,000 the numbers of “national security letters” and specific court orders. Another option will be to disclose, in bands of 250, all the national security requests, lumped together.