GCHQ and NSA 'track Google cookies'

Eric Schmidt Google chairman Eric Schmidt has been critical of the NSA and GCHQ's activities

Related Stories

The latest Snowden leak suggests US and UK cyberspies are taking advantage of Google's proprietary cookie technology in an effort to track suspects.

Documents published by the Washington Post refer to the NSA and GCHQ's use of "GooglePrefIDs" - files containing a numeric code placed on computers to help the search firm remember users.

The paper said the US and UK spy agencies piggybacked the files to "home in" on targets already under suspicion.

Google has not commented.

However, the news may add to existing tensions between the firm and the authorities.

Google's chairman Eric Schmidt said last week that the company had considered moving its servers outside of the US following the publication of earlier leaks, before deciding it was impractical.

"Google's position is we are outraged on this," he said in reference to claims that the NSA and GCHQ had taken data from communication links used by his firm.

"It's government overreach, is the best way to explain it."

The cookie surveillance technique is the latest in a series of alleged spy agency activities described by papers released to journalists by the whistleblower Edward Snowden, a former NSA contractor now living in Russia.

Ad trackers

Google says it uses "preferences" cookies to enhance people's use of the internet.

"These cookies allow our websites to remember information that changes the way the site behaves or looks, such as your preferred language or the region you are in," it explains on its site.

"The Pref cookie may store your preferences and other information, in particular your preferred language (eg English), how many search results you wish to have shown per page (eg 10 or 20), and whether or not you wish to have Google's SafeSearch filter turned on."

Cookie flavours

Cookies are small files that allow a website to recognise and track users. The Information Commissioner's Office divides them into three overlapping groups:

Session cookies

Files that allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long-term and are considered "less privacy intrusive" than persistent cookies.

Persistent cookies

These remain on the user's device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password during each visit.

First- and third-party cookies

A cookie is classed as being first-party if it is set by the site being visited. It might be used to study how people navigate a site.

It is classed as third-party if it is issued by a different server from that of the domain being visited. It could be used to trigger a banner advert based on the visitor's viewing habits.

The file - which contains a randomly-generated numeric code, rather than the name of the user - is also used by the firm to personalise the adverts shown to people who are not signed into its service.

Since many other firms make use of Google's technologies to place ads, a user may have PrefIDs on their computer even if they have never visited the search firm's own services.

There are tools on the internet with which users can reset the cookie's numeric code to make themselves anonymous. One expert said the company would be concerned if the leaks encouraged more people to use them.

"The last thing that Google wants is for people to tamper with or otherwise mess with its tools, disabling its ability to track them," said Chris Green, a tech analyst at the consultancy Davies Murphy Group.

"Cookies are a very valuable part of its business."

A document published by the Washington Post suggests the spy agencies also track other types of cookies, but does not specify which.

It is not clear how the authorities would have obtained the information, although the paper notes that it is among the data the NSA can demand through a Foreign Intelligence Surveillance Act (Fisa) court order.

A spokesman for GCHQ said he could neither confirm nor deny the agency's involvement in the alleged activity.

"All GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that its activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee," he said.

The NSA added that it was "within its lawful mission to collect foreign intelligence to protect the United States, use intelligence tools to understand the intent of foreign adversaries and prevent them from bringing harm to innocent Americans".

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(SID)

Road designs that trick our minds

Subconscious signs used for safer driving Read more...

Programmes

  • A motorised skateboadThe Travel Show Watch

    The motorised skateboard which can reach speeds of 17mph (27 km/h) and other travel technology

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.