But that was before Edward Snowden. Back in 2013, Snowden, a former employee of a defense contractor for the National Security Agency, shocked the world by revealing the extent to which U.S. intelligence was able to conduct surveillance on the internet and electronic communications. Snowden's revelations, published in the U.K. newspaper the Guardian and other outlets, included the existence of a previously undisclosed NSA program called PRISM. The latter gave NSA direct access to the servers of various big U.S. internet companies, and enabled officials to collect information that included users' search histories, the content of their emails, file transfers and even live chats [sources: Greenwald and MacAskill,Gellman and Poitras].
Snowden's documents and information also revealed that the NSA had secretly broken into the communications links between data centers across the world, allowing it to download data on internet communication — more than 180 million records in one month alone — and store it at the agency's headquarters in Fort Meade, Maryland [source: Gelman and Soltani]. The "upstream" surveillance program, as it was called, enables NSA to search the international online activity of Americans. The program gave NSA the ability to scrutinize anyone who sends emails abroad or browses a website hosted outside the U.S. [source: Gorski and Toomey].
Though the two online surveillance programs are authorized through a federal law that is designed to allow U.S. intelligence agencies to conduct surveillance upon foreigners, information about the activities of Americans are gathered up in the process as well. The revelations raised an outcry, but nevertheless, both programs were reauthorized by Congress in January 2018 [source: Hautala].
But though the NSA gathers vast amounts of data about online activity, that doesn't necessarily mean that it's spying upon vast numbers of ordinary Americans, which would be illegal. As this Q&A from the Director of National Intelligence explains, before the trove of data can be searched for a foreign intelligence target's online activity it requires an order from a special secret court that hears such requests. There also are procedures in place that require intelligence agencies to redact any communications from Americans that were captured accidentally in the surveillance.
But having your search history scooped up by NSA's surveillance programs isn't the only way that the U.S. government might gain access to what you do on the web. We'll get into that in the next two sections.
FBI Surveillance
The National Security Agency isn't the only federal agency that conducts surveillance on the internet. For decades, the FBI has been doing it as well.
As this 2016 Wired article details, the FBI initially started conducting online surveillance back in 1998, using a tool called Carnivore, which it installed on internet network backbones with the permission of service providers. The tool enabled agents to monitor the online communications of a person who was an investigative target, filtering and copying metadata and the content of messages that they sent and received. The Carnivore program's existence was exposed in 2000 when an internet provider refused to install it. As it turned out, the bureau had only used the tool 25 times up to that point, which indicates that it engaged in widespread spying. In 2005, the FBI replaced Carnivore with commercially available filtering software [source: Zetter].
Additionally, the FBI has other ways to tell what a person is doing on his or her computer. It can break into the machine, either remotely or by breaking into someone's office, and install key logger software, which enables agents to monitor what a person types on the keyboard. That trick makes it possible to circumvent software encryption tools that are designed to protect emails and other messages from being intercepted [source: Zetter].
The FBI has other tricks for unmasking people who visit child pornography websites and other places where bad stuff happens. The bureau's own hackers can gain control of servers and embed spyware on pages on a site, which in turn infects the computers of people who access those pages [source: Zetter].
Those capabilities might seem scary, but they're probably not something that most law-abiding citizens will ever encounter, let alone have to worry about. In the next section, we'll look at a type of tracking that you're more likely to encounter.
Keeping Track of Web Activity
There was a time, quaint as it might seem today, when Americans were worried about the government implanting cookies, the identifier files that websites place on your computer in order to recognize you. These days, though, we acquiesce to having Google, Facebook and other private-sector internet companies collect vast amounts of information on us [source: Curran]. So the threat of the government cookies may not seem like as big of a deal.