Shining a Light on Farook's Activity

By Nicholas Weaver
Wednesday, February 24, 2016, 5:13 PM

As the FBI diligently set about following every lead in the San Bernardino shooting case, did it ever stop and take a look at what marketing companies collect? I’m currently participating in a research group examining the implications of the data these companies hold and aggregate, and the potential value to law enforcement investigations immediately came to mind. Private data marketing companies would make even the Stasi blush at the detailed dossiers they now attempt to collect on every American.

If they haven’t already, the FBI should give all known email addresses, home IP address history, and any phone IDs belonging to both Syed Farook and Tashfeen Malik to marketing companies such as LiveRamp and Facebook to build a target history.

LiveRamp in provides a particularly valuable service to marketers by tying devices to people. Whenever you log into any one of hundreds of apps, that app tells LiveRamp which can now associate your email address your phone's supposedly "anonymous" (really pseudonymous) advertising tracker, this mapping a person to device. Undoubtedly, Facebook’s application can do the same.

Thanks to the third-party doctrine, the FBI likely would not ever require a warrant in order to obtain this data from LiveRamp and Facebook, and could probably access it with only a subpoena. The tactic should wield both a large amount of Internet activity and, critically, the advertising-IDs associated with the targets. And it would not constitute a burden to these companies—LiveRamp charges less than a penny per person. For under one cent, marketers—and law enforcement—can take advantage of these troves of data.

Once they are associated with the San Bernardino shooters ad-IDs, the now-destroyed phones become an index to a world of Internet metadata. Many phone-based advertising companies collect location data, application data, and a host of other information linked to these advertising identifiers. Some of companies claim to protect privacy by hashing the advertising identifier, but in reality that provides no actual protection. Hashing prevents someone from taking the hash and discovering the ad-identifier, it does not prevent someone from taking the ad-identifier and getting all data associated with the hash of the identifier.

Untold reams of data are on Farook and Malik Sayed is there for the taking from a list of major companies; and the FBI needs is the advertising IDs. The bureau should be able to reconstruct vast amounts of page views, movements, and other details going back years. And while they are it, the might as well request detailed offline profiles from companies like V12group or Connexity, not to mention purchasing history from Cardlytics.

I’d posit that this is further evidence that, as many security experts believe, we are not going dark but rather in a golden age for investigations. And while I find myself troubled—creeped out, really—by the amount of tracking which occurs, if the data is there, in the clear, and designed for access, why shouldn't investigators take advantage?