'Gaming' the system: NSA sucking data from apps like 'Angry Birds'

There once was a hew and cry over privacy because online ad firm DoubleClick was going to buy a junk mail company. The National Security Agency is making those worries look like the quaint old days of the horse and buggy.

Back in 1999, DoubleClick thought it would turn advertising on its head, combining the cookie and location tracking information it had with the mailing addresses, telephone numbers, and other information owned by Abacus, a company that filled trash bins nationwide with junk mail. Braying by consumer advocates elicited a promise not to combine the information, which seems silly now in a world of mashups that combine your favorite bands with where your children go to school.

The latest revelation is that the NSA has been spying on smartphone apps, especially popular and invasive apps like Angry Birds. Such time-killers typically collect a slew of personal information, including where you are, what Web sites you've recently visited, and the names of your friends. Recently leaked documents from former NSA contract worker Edward Snowden to The New York Times and The Guardian show that the NSA has a particular proclivity to tap into popular apps that collect information and share it with third parties -- like advertising firms.

According the documents, the NSA is especially keen on monitoring apps like Google Maps. Now that Google owns the traffic and navigation app Wave, it means the NSA could tap into what could potentially be the greatest surveillance tool of all time with nearly 50 million drivers worldwide being monitored. Indeed, Waze makes it easy to do. You can go to an active user page and see where drivers are stuck on the road--although you won't know exactly who those drivers are (only the NSA could figure that out).

So why aren't we angry at Angry Birds and Google and not just the NSA?

More On This...

Most of these companies have demonstrated time and again that they are collecting vast amounts of personal information with at best questionable returns to you, the consumer. The excuse is that they need it for advertising purposes, but weren't we all getting ads before just fine? And are they really doing a better job targeting ads? I'm still getting ads for refrigerators even though I'm probably not going to buy another for 20 years. And multitudinous licensing agreements should not give tech companies absolution either.

Compounding the spying problem, companies do a staggeringly poor job securing our information. Witness the multiple retail break ins at Target, Nieman Marcus, and Michael's stores, not to mention the numerous times you're warned to change your password because another Web site has been hacked. Many apps, ranging from financial tools to Starbucks own coffee klatch app, have also been caught with their virtual pants down holding personal information, including passwords, in plain text, a digital invitation to steal. ("I'll have a Carmel Flan Latte and here's my password, too.")

Naturally, the government denies that the NSA has any interest in spying on "ordinary Americans." But there's not much stopping them from doing so. Even though the agency's mandate is to stymie foreign threats, it comes with a loophole big enough to fly a Silicon Valley billionaire's private jet through: The three-degrees of Kevin Bacon rule. Essentially, it allows NSA analysts, for example, to examine a U.S. citizen's phone records even if the person is three links removed from a foreign target's communications. In other words, if you ever had any contact with someone from a foreign country--say, your grandparents--then you are fair game for NSA spies.

The other major problem for this type of NSA tracking and hacking is that it's probably illegal. Although there have been conflicting court rulings recently, last week the congressionally created Privacy and Civil Liberties Oversight Board released a report stating that the NSA's scooping up of all phone data across the U.S. was illegal and should be terminated. And that judgment is based on the fact that it violates the First and Fourth amendments (those having to do with free speech and against unreasonable search).

Looked at another way, we don't need to wait for a case of abuse similar to the one that happened in the Ukraine recently, when the government there sent protesters ominous texts reportedly reading, "Dear subscriber, you are registered as a participant in a mass riot."

The abuse here in the land of the free is the surveillance itself.

For its part, the tech companies have been fast and furious with the hand wringing, complaining about the government doing what the tech companies themselves do on a daily basis. Rovio, the Finnish company behind the game, posted a statement that it does not share data directly with the NSA, for example, but it also acknowledged that third-party advertising sites could be leaking the information.

And that brings us full circle back to 15 years ago and the original worries about DoubleClick's tracking. Today, the company is owned by Google, and those birds look like they are coming home to roost.

Follow John R. Quain on Twitter @jqontech or find more tech coverage at J-Q.com.