Data Collection and Sharing with Third Parties
Fig. 1[1] shows how the DOJ website collects visitors’ private with the aid of at least multiple private companies, including entirely foreign entities. This collaboration comprises allowing those companies to access the visitors’ computers [2] and to collect private data from them. Among the collaborators are multiple Google divisions. DoubleClick collects, collates, and exploits users’ private data from almost all the web and uses it for advertising. YouTube does the same and captures every mouse movement over its video rectangle and precise moments when users start, pause, or stop videos. GoogleTagManager collects user data for the DOJ website but retains and utilizes its copy. A foreign-based SiteImproveAnalytics operates similarly to GoogleTagManager (Google Analytics) and adds little or no value.
Scope of Data Collection
The DOJ website sends private data to these third parties, including the visited page and precise timestamp, the visitor’s IP address (sufficient for Google to identify visitors), and information from users’ devices, including languages and some installed applications.[3]
Embedded YouTube videos are of a Trojan horse. All user interactions with them, even moving a mouse over, are meticulously logged.[4] Hypothetically, if a user pauses during a statement by Attorney General Merrick Garland or replays a specific segment, this behavior is recorded and potentially analyzed. Such granular data could be used to infer user attitudes or intentions.
Google incorporates this data into its vast troves of user information, applies machine learning to analyze it, and builds detailed profiles of users. These profiles are just a warrant away from the DOJ and a subpoena away from third parties with an axe to grind.
Difference from Private Businesses
Private businesses routinely collect and analyze visitors’ data, but
- The IV Amendment and the Privacy Act of 1974 do not bind most private businesses but do bind the DOJ.
- Private businesses do that to evaluate and increase their marketing campaigns’ effectiveness and maximize sales. The DOJ has neither of these reasons. The only explanation (except for incompetence and/or corruption) is that the DOJ does that for surveillance.
- There are legitimate reasons for web traffic analysis on government websites. They can implement it internally by purchasing analytic software from private companies and installing it on their websites.
Q1: Why does the DOJ spy on Americans visiting its website?
Q2: Why does the DOJ receive and give aid to foreign entities in spying on Americans?
Many government websites collect visitors’ data and compromise privacy by entwinement with Google. The DOJ website also stands out in its collaboration with foreign entities.[5]
Questionable Use of CDNs
The DOJ website is intended solely for the American audience. Because of the high bandwidth and low delays in the North American networks, it does not need to use a Content Delivery Network (CDN).[6] Yet, it uses at least two CDNs, including the foreign-based and somewhat shady jsdelivr[.]net.
These networks receive much of the same user data as justice[.]gov and further expose visitors’ privacy and national security to unnecessary risks.
Q3: Why does the DOJ so generously share data with foreign entities?
Footnotes
[1] The screenshot was made on Dec 27, 2024, using Microsoft Edge with default settings. To reproduce, go to Settings >> More Tools >> Developer Tools, then select Source on the top.
[2] This is how it works. When a user visits a website, the web server returns a page containing some text and instructions for the user’s browser to request additional elements, such as pictures and frames. The browser executes these instructions. Unknown to the visitors, the DOJ web pages contain requests designed solely to send information from the visitor’s computer or mobile phone to third parties, such as Google Analytics.
There are also requests to download elements from data-collecting sites, such as doubleclick[.]net and cdn[.]jsdelivr[.]net. Each request includes private data.
[3] You can check what information your browser sends in the HTTP header.
[4] The Network screen under the Developer Tools shows traffic between the browser and the servers, including calls to Google (YouTube and other data collectors) and other data collection sites.
[5] It also shows an almost comic lack of self-awareness: Justice Department Issues Final Rule Addressing Threat Posed by Foreign Adversaries’ Access to Americans’ Sensitive Personal Data. December 27, 2024.
[6] Within the North America, RTT < 90ms, even including the last mile delivery. CDN does not help with the last mile. Some gaming or near real-time websites would benefit from a small decrease in the delay (like 40ms instead of 60ms) provided by a CDN, but that does not matter for justice[.]gov.