Yet Another Highly Misleading GCHQ/NSA Article From the Intercept
Here we go again. Another hyperbolic fear-mongering headline that is not supported by the actual article: Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters. It’s an ongoing pattern of seemingly deliberate misrepresentations.
The premise of this latest breaking news bombshell by Glenn Greenwald and Ryan Gallagher is that GCHQ has been “spying” on people who visit the Wikileaks website, by collecting statistics with the open source Piwik analytics program. But if you read down to paragraph 20, you discover:
It is unclear from the PowerPoint presentation whether GCHQ monitored the WikiLeaks site as part of a pilot program designed to demonstrate its capability, using only a small set of covertly collected data, or whether the agency continues to actively deploy its surveillance system to monitor visitors to WikiLeaks.
That’s right — they do not know from these stolen documents whether this program was ever actually deployed in the real world. Yet the entire rest of the article does its best to give you the impression that it was, with subheadings like “GCHQ Spies on WikiLeaks Visitors.” Once again, this Greenwald piece deceptively conflates the ability to do something with actually doing it.
But even more than that, the article contains these drastically incorrect technical statements about IP addresses…
The IP addresses collected by GCHQ are used to identify individual computers that connect to the Internet, and can be traced back to specific people if the IP address has not been masked using an anonymity service.
Wow. Folks, these claims are simply wrong in every sense.
First, Internet Protocol addresses do not “identify individual computers that connect to the Internet.” An IP address is a unique number assigned to an Internet connection, not to the device using that connection. I have seven devices connected to the same IP address in my office.
Second, IP addresses cannot be “traced back to specific people.” That’s nonsense. An IP address can be part of a proxy system, for example, in which case there could be hundreds or thousands of people using the same address. Or it could be dynamic, in which case it could be different every time a person connects to the Internet. There is simply no way to get an individual’s identity using only an IP address, as this article claims, whether not it is “masked.”
The only way an IP address can be traced to an individual account holder is by going to the ISP with a court order to get their records. And note that even doing this will not determine for certain whether the account holder was actually the one using that IP address. By itself, an IP address is useless for identifying individual people.
When I tried to point out these things to one of the authors of the piece this morning on Twitter, here’s the response:
That answer is completely non-responsive; to be honest it seems like deliberate BS. Whether the IP is dynamic or static has absolutely nothing to do with whether it identifies an individual computer; it doesn’t. Again, an IP address identifies a connection, not a device. Gallagher seems highly confused about this distinction.
But if you read the article, that is not what it says. The part I quoted above says very clearly that the IP can be traced to individuals, not that it can be used in conjunction with other information.
Why wasn’t this made clear in the article? Draw your own conclusions; to me, it looks like a deliberate attempt to sow fear with misleading claims.
One more tweet, from Micah Lee, The Intercept’s technologist:
Yes, that’s right — he’s actually comparing an IP address to a driver’s license or a photo of a face. And the thing is, he’s got to be technically aware enough to know that this is simply not even close to being a reasonable comparison. When I pointed this out, here’s how he answered:
At that point, he stopped responding.