Watch CBSN Live

Here's what the feds have on you: Everything

(MoneyWatch) The reaction to reports of widespread government telephone surveillance and Internet tracking has been swift and angry, whether on the part of consumers who see an Orwellian Big Brother looking over their shoulders or of officials angry that the activity was leaked.

But what most consumers, and a good many in the media trying to explain the fallout, don't understand is how much can be deduced about any one person, given the types of data available. They also don't realize how long such practices have been under way, whether on the part of government or private corporations, allowing for the use of commercially available data.

Q. What data has the government accessed?

A. It is impossible to know for sure because the activities are covert and classified. Director of National Intelligence James Clapper has admitted to collecting telephone data and acknowledged the PRISM Internet program, although he claims the latter could not intentionally target any Americans, adding that data on individuals could be accidentally collected. Reports suggest that PRISM "culls metadata from Microsoft, Yahoo!, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple and will soon include Dropbox." These Internet companies have largely claimed that the government does not have direct access to their data, but that doesn't mean they don't hand it over, possibly under court order. Such orders generally forbid the companies from informing anyone of the requests.

Q. Could the government get more information?

A. According to a retired FBI agent, the answer is yes, a lot more. Tim Clemente, identified by CNN as a former FBI counterterrorism agent, said that "no digital communication is secure." Digital communications could include telephone, fax, e-mail, texting, instant messaging and any activity on the Internet. He said: "There are lots of assets at our disposal throughout the intelligence community, and also not just domestically, but overseas. Those assets allow us to gain information intelligence on things that we can't use ordinarily in a criminal investigation, but are used for major terrorism investigations or counterintelligence investigations." There are also reports that the National Security Agency follows credit card transactions to some degree.

Q. Is that all the information the government collects?

A. Not even close. As Jim Edwards shows on Business Insider, Google alone receives tens of thousands of requests for information a year from a combination of the police, the FBI, state and federal executive branches, and the courts. National security is one of the smaller categories of requests. The feds' "government criticism" category is still larger. And "defamation" and "privacy and security" far outstrip government criticism.

Q. What is metadata?

A. Metadata is information collected about data. There are two types: One describes the structure of data collection. For example, a contact record might include such information as name, address, phone number, nickname, birthdate, date of last contact and date of next appointment. This type of metadata refers to the types of information available and how they are structured. The second type applies to the description of a particular entity. For a person, that might include address, birthdate, height, weight, hair color and eye color. The difference between the two is that the second type refers to an actual birthdate, address and name. The first type refers to the existence of that information, not the information itself.

Q. How much can metadata reveal about people?

A. An enormous amount. Years ago a researcher at Harvard discovered that 80 percent of people in the U.S. could be uniquely identified if an entity were given a birthdate, zip code and gender. Metadata, like website visits, is used extensively by online companies to target consumers with ads, which is why you might find advertising relevant to you appears everywhere you go on the Web. Credit card data, which lets companies profile consumers by what and when they buy, is enormously revealing. Frequent buyer cards enable companies to record everything you buy in a store in trade for discounts. Commercial data services profile people by spending habits, estimated income, cultural background and more and then sell that data to corporations so their marketing efforts are more effective. Telephone metadata can be used to determine a person's social network and provide details of his or her activities. Consider what your Facebook posts alone might say about you if they were made available. And they may be. Telephone companies are now more actively selling their extensive data collections.

Q. How long have these practices been in place?

A. For the federal government, at least 7 years. The Foreign Intelligence Surveillance Act, which authorized the gathering of communications data, went into effect at that time. But, as the Electronic Frontier Foundation points out, the NSA received permission to undertake surveillance in the U.S. under a secret executive order that President George W. Bush signed in October 2001, which would mean personal data has been available for 12 years. And for decades, corporations have bought and used consumer data, including credit and telephone data, for marketing purposes.

View CBS News In