Spy agencies in the US and the UK have developed ways to gather data from smartphone apps and use these techniques routinely, but they are struggling to make sense of their vast haul of data.
According to a report published jointly on Monday by The Guardian, The New York Times, and ProPublica, based on previously undisclosed documents leaked by Edward Snowden, the US National Security Agency and Britain's Government Communications Headquarters have been working together to access mobile app data at least since 2007.
"Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services," the report says.
The report describes secret British intelligence documents from 2012 that detail the computer code necessary to collect Angry Birds player and advertising profiles from Android devices. Such advertising profiles might contain data about users' location, marital status, sexual orientation, political affiliation, or other demographic data relevant to advertisers. That's in addition to all the other personal information available on a smartphone.
[Is US surveillance hurting the economy? Read NSA Fallout: Why Foreign Firms Won’t Buy American Tech.]
The report amplifies revelations late last year that the NSA relies on commercial ad tracking data, such as Google cookies, to identify targets for government hacking and to augment broader surveillance data.
Google did not immediately respond to a request for comment.
The report is likely to put further pressure on app makers to minimize data collection and on mobile platform overseers such as Apple, Google, and Microsoft to tighten privacy rules.
Nonetheless, if advertising tracking has become indistinguishable from intelligence tracking, online ad providers might see a backlash in the form of accelerated adoption of ad blocking and cookie blocking technology.
Ten days ago, President Obama announced several changes to the way the US handles intelligence collection. The reforms largely fell short of what privacy advocates have sought and didn't address the collection of data from smartphones and mobile apps.
In a statement about its smartphone intelligence collection program included in the report, the NSA insisted that it "does not profile everyday Americans" in the course of its foreign intelligence mission and that privacy protections for US residents and "innocent foreign persons" exist throughout the process. Independent verification of such assertions is all but impossible given that the programs in question are classified and are not subject to direct public oversight.
The spy agencies claim that smartphone traffic intelligence contributed to the prevention of an Al Qaeda bomb plot in Germany in 2007 and the arrest of members of a drug cartel hit squad that had killed a US consulate employee in Mexico in 2010.
However, the vast trove of smartphone information also represents a storage and analysis challenge. According to the report, processing just one month of smartphone data collected by the NSA required 120 computers and led to as many as 8,615,650 "actors," a term that presumably means persons of potential interest. The processing of three months of British data pointed the finger at 24,760,289 "actors." Although these "actors" might not all be inside the UK, they represent a number that's too large to be useful from an investigative standpoint, considering that the total population of the UK is about 63 million.
Thomas Claburn is editor-at-large for InformationWeek. He has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television. He's the author of a science fiction novel, Reflecting Fires, and his mobile game Blocfall Free is available for iOS, Android, and Kindle Fire.
InformationWeek Conference is an exclusive two-day event taking place at Interop where you will join fellow technology leaders and CIOs for a packed schedule with learning, information sharing, professional networking, and celebration. Come learn from each other and honor the nation's leading digital businesses at our InformationWeek Elite 100 Awards Ceremony and Gala. You can find out more information and register here. In Las Vegas, March 31 to April 1, 2014.