Someone is spying on your Google searches — but it’s not who you think

It’s been one hell of a week in national security and personal insecurity. Here are some of the highlights.

• Late last week, the House narrowly defeated legislation that would have defunded the NSA’s domestic data collection. The 205-to-217 vote was the closest thing we’ve seen to actual bipartisanship since Congress approved all of this spy stuff following 9/11.

[ Who stacks up as high-tech’s heroes and zeros so far this year? Cringely can name a few. ]

• The Guardian’s Glenn Greenwald released news of yet another, even more sinister and comprehensive, NSA spying program. Called XKeyscore, it “allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals,” per Greenwald.

• The Senate Judiciary Committee publicly spanked the spooks for spying on innocent Americans and threatened to send NSA Deputy Director John C. Inglis to bed without his dinner. Now even the NSA’s staunchest defenders in Congress are starting to do DC’s oldest dance: the backpedal two-step.

• Ed Snowden was finally allowed to leave the Moscow airport and received a year’s asylum in the land of ballet and borscht. My recommendation to the Snowman: Keep your head low and your lips sealed. Journalists and whistleblowers have a funny way of disappearing in Vladimir Putin’s Russia.

Predictive search, unforeseen consequences

Still, all of that pales to what happened yesterday — or at least, what we thought happened yesterday. Freelance journalist Michele Catalano published a piece in Medium about a visit her husband received from members of a joint terrorism task force at their home on Wednesday. Six plainclothes officers with badges and guns pulled up in black SUVs at their home in East Meadow, N.Y., and proceeded to search their house and ask detailed questions about their Google habits. She wrote:

They asked if they could search the house, though it turned out to be just a cursory search. They walked around the living room, studied the books on the shelf (nope, no bomb making books, no Anarchist Cookbook), looked at all our pictures, glanced into our bedroom, pet our dogs. They asked if they could go in my son’s bedroom but when my husband said my son was sleeping in there, they let it be.

Meanwhile, they were peppering my husband with questions. Where is he from? Where are his parents from? They asked about me, where was I, where do I work, where do my parents live. Do you have any bombs, they asked. Do you own a pressure cooker? My husband said no, but we have a rice cooker. Can you make a bomb with that? My husband said no, my wife uses it to make quinoa. What the hell is quinoa, they asked….

Have you ever looked up how to make a pressure cooker bomb? My husband, ever the oppositional kind, asked them if they themselves weren’t curious as to how a pressure cooker bomb works, if they ever looked it up. Two of them admitted they did.

It seemed to confirm all our our most paranoid fears about NSA domestic spying — that an innocent Google search could lead to a physical search and possibly worse.

The reaction across the Internet was predictable. Twitter exploded. Some accused Catalano of making up the story because she had presented no proof. (How one proves such a thing happened afterward, short of having set up a hidden camera before the cops arrived, they never bothered to explain.) Some suggested that perhaps it was not Google searches but a Facebook photo of high-end firecrackers Catalano had posted on July 4 that may have tipped the spooks (as if that’s a whole lot better). Others suggested it was more likely nosy or spiteful neighbors who called in the authorities. (That was the theory I liked best.)

Workplace Googling: Don’t do it

It took several hours for the real story to emerge. The men in plainclothes were not feds; they were local Suffolk County investigators, who had been tipped to Google searches for “pressure cooker bombs” and “backpacks” by the husband’s former employer back in April. The county released a statement to the media explaining what happened.

Suffolk County Criminal Intelligence Detectives received a tip from a Bay Shore-based computer company regarding suspicious computer searches conducted by a recently released employee. The former employee’s computer searches took place on this employee’s workplace computer. On that computer, the employee searched the terms “pressure cooker bombs” and “backpacks.”

So, yes, Google searches did indeed lead to physical searches. But it wasn’t Ed Snowden’s former friends on the other end of the Catalano’s Google connection, it was a Long Island tech company — most likely Speco Technologies — that was examining the search histories of a recently released employee, a not uncommon practice. Given the timing, so close to the Boston bombings, you can understand why their first instinct after seeing searches for pressure cooker bombs was to call the cops.

The ironic part: Speco makes video surveillance gear. Catalano’s husband could have easily have hidden cameras to record the whole event, leaving little doubt as to the veracity of the story.

The lessons here? In the post-Snowden era it is easy to jump to conclusions, whether you’re a blogger working with limited information, a reporter trying to pin down the facts, or a tech company trying to glean a former employee’s intent.

If the spooks come to your door, be sure and ask them for their business cards (yes, really) so you know who is really is asking you those nosy questions. And don’t let them in without a warrant.

Finally, you have virtually no privacy rights at work — and yes, your employer is logging everything. If you want to Google topics of interest, better to do it on your own time and from your own machines.

Remember: Even if the NSA isn’t watching you, somebody else may be.