For many in the IT industry, 2013 will be remembered as the year we found out the National Security Agency is watching us. So far in 2014, President Barack Obama has announced limits to the NSA's data gathering practices, especially regarding phone records. But some are disappointed in NSA surveillance reform, noting it mentions nothing about encryption or monitoring Internet communication.
But what exactly is the agency watching? According to companies such as Facebook, Google and Yahoo, we know NSA is peeking at emails and social networking activity. CIO.com asked security professionals to tell us what else NSA might be watching. Some of their ideas might seem far-fetched. But then again …
Your Physical Location
There's little doubt the NSA can track your whereabouts, especially if you have opted in to applications on your phone that share your location already. Jonathan Weber, an app developer and security consultant with Marathon Studios, says the GPS chip in a smartphone could reveal, among other things, when someone meets with a terror suspect or attends an event sponsored by an insurgent group.
[ Commentary: Think Twice Before Letting That Mobile App Track Your Location ]
Household Wi-Fi Devices
Could the NSA know about your Nest thermostat? Anthony Di Bello, a director at the cybersecurity firm Guidance Software, thinks it's possible. Anything that connects to Wi-Fi and then to the Internet is susceptible to surveillance, he says. The Wi-Fi monitoring might be used to track a suspect's location — knowing when the temperature rises on a Nest, or when there's a spike in Netflix activity, especially at certain times of the day, can give authorities a clue that someone is home.
Does the government really care that you just rented The Long Ranger on Redbox? And is there really a way the agency could even know your rental history? Alok Bhardwaj, the founder of Epic Privacy Browser, says the NSA can likely track credit card transactions. We also know the data from movie purchases and rentals is sold to advertisers and other third parties. It's conceivable, he says, that the NSA can flag someone who keeps renting movies about government insurgencies.
Images on Flickr, Other Photo-sharing Sites
Billions of images are floating around the Web. Most of them are innocuous, and it seems unlikely that the NSA could track them on individual sites such as Flickr or Twitter. However, if the NSA gained access, it could take an algorithm and image-recognition software to spot someone who's posting images of bomb-making equipment or maps of a government facility. The problem, Di Bello says, is how the surveillance impacts our freedom when the agency finds a false positive. Some people might just have an interest — or an actual job — related to bomb disposal techniques.
Porn Site Visits
The Huffington Post spelled out another surveillance technique: The NSA can track visits to porn sites, presumably as a way to discredit an insurgent, according to the report. By monitoring this activity, the NSA can track terrorists who are looking for new recruits and then discredit them by revealing their embarrassing activity on adult sites as a way of showing that they are less "radicalized" than they say.
A recent New York Times article claims the NSA can track your online game usage. Documents released by Edward Snowden, the CIA computer specialist turned whistleblower, suggest that the NSA monitors online video games such as World of Warcraft and Second Life to look for suspicious online chats or even virtual exchanges of massive amounts of money — potentially as a way to convert the currency into U.S. dollars or to sell virtual goods on eBay.
Closed-circuit Security Feeds
The experts also note that the NSA probably monitors closed-circuit security feeds — à la the television show Person of Interest and the widely known surveillance networks in cities such as Chicago. Similar to the algorithms used to track credit card purchases and scan for Flickr uploads, the CCTV monitoring likely looks for trigger events such as testing explosives. These days, agents don't sit at a terminal watching the feeds; software can detect suspicious activity and flag it.
John Brandon is a former IT manager at a Fortune 100 company who now writes about technology. He has written more than 2,500 articles in the past 10 years. You can follow him on Twitter @jmbrandonbb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.