Watchbirds

I was reminded of watchbirds this summer while on vacation in England. England does a remarkable amount of routine surveillance of its citizens and visitors. Orwell would surely have been surprised at the number of closed-circuit TV cameras on streets, in buildings, at landmarks and, for all I know, in private homes. Indeed, “CCTV in use” was one of the most common signs.

Most of the cameras are meant to discourage theft, vandalism and other anti-social behaviors. Sometimes, however, an outsider may not know what’s illegal. As George Bernard Shaw once said, England and America are two countries separated by a common language. I’m still uncertain about a large sign in a parking lot in York that said “No fly-tipping.” Right beside it was a CCTV camera; if I had inadvertently tipped a fly, it would have been recorded.

There are thousands of speed cameras on English highways as well, to encourage drivers to stick to the speed limit. The locations of most are not only well known, but published; my AA map listed thousands, and my GPS warned of them all the time, with a muted but irritating ding whenever one was coming up. I was never caught speeding, but a newspaper story claimed that 20 percent of all drivers had received an automated ticket in the previous year, a stunning number if true.

Cameras are at least familiar. There’s another kind of pervasive surveillance that goes on all the time, and not just in England. The Internet has become a worldwide system for watching what we do online, quietly recording pretty much everything. Kinnari Shah ’14 and Matt Dolan ’13 wrote about this in articles in September; let me add my two cents’ worth here.

The basic Internet tracking mechanism is the cookie, a bit of text that is deposited on your computer when you browse to a website. The next time you return to that site, the cookie is sent back to the site where it originated. This gives the site a way to recognize you as a return visitor, and thus to know that you are already logged in and perhaps have some items in a shopping cart.

That sounds benign, but cookies are used extensively for tracking because what you might think of as a single site often includes components like images from other sites, each of which gets to deposit and retrieve cookies too. Aggregating that information makes it possible to build up a very detailed picture of the sites you’ve visited.

But wait — there’s more. Most sites today also include trackers based on Javascript, the programming language that browsers use to provide dynamic effects. Javascript trackers can track your return visits, but they can also do more invasive monitoring, including reporting every mouse click and even where your mouse moves as you poke around a page.

Javascript tracking seems to be on the increase. A browser add-on called Ghostery blocks trackers, using a long list of known offenders; that list had more than 1,100 trackers a few days ago and continues to grow. One of Ghostery’s services, besides the vital one of eliminating the trackers before they can do anything, is to report on what it found. It used to be that a typical page might have four or five trackers, and the most I had encountered as of two years ago was 12. Today a dozen trackers per page is common, and I’ve seen as many as 18. (If you see more, let me know; this contest has no real upper limit on the score.)

Many Internet companies make their money by learning as much as they can about us and selling that information to others. That’s the quid pro quo: We get valuable services like search and social networks for free; advertising revenue pays for them. The downside is that we’re being watched all the time. It’s possible to reduce tracking by turning off cookies and using blockers like Ghostery, but it requires continuous vigilance, and if everyone did it, the free services would eventually go away, a high-tech version of the tragedy of the commons.

At the moment the surveillance is for commercial purposes, but it’s not a giant leap to imagine governmental scrutiny as well. That certainly happens in other countries, and there have been plenty of attempts here by various agencies to obtain information about individual users from companies like Google, Facebook and Twitter.

That brings us back to watchbirds. What are the limits on tracking and monitoring? How do we know when we’re being watched and for what purposes? This is not a new question: 1900 years ago, Juvenal asked, “Quis custodiet ipsos custodes?” It’s even more important today when we’re all connected all the time. Who is watching the watchbirds?

Brian Kernighan GS ’69 is a computer science professor and a Forbes faculty adviser. He can be reached at bwk@cs.princeton.edu.