NSA collects e-mail address lists: Can users be protected? (+video)
The NSA snags contact information as it flows through telecommunications servers and other systems overseas, according to a Washington Post report. Not surprisingly, civil libertarians are unhappy with the new revelations.
Each day the National Security Agency scoops up half a million “buddy list” and in-box e-mail address lists from instant chat and Web-based e-mail services worldwide, according to internal agency documents released Monday by The Washington Post.Skip to next paragraph
In Pictures Keeping watch: security or privacy invasion?
Subscribe Today to the Monitor
Using computerized electronic filters, the NSA snags the buddy lists and address books as they flow through telecommunications servers and other systems overseas, where US laws do not restrict wholesale data gathering, the Post reported, citing conversations with unnamed senior US intelligence officials.
Collection happens most often when computers and smart phones allow their users to “sync” their contact lists to services such as Yahoo, Facebook, and Google. At the same time, Web-based e-mail services often produce detailed lists of recipients on the fly, as e-mails are sent and received.
On one typical day, the NSA collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers, one of two documents shows. Both documents were leaked to the Post by former NSA contractor Edward Snowden.
At this rate, the take is about 250 million such lists each year.
Such lists are “metadata rich,” one of the documents notes. Besides e-mail addresses, they often include phone numbers, names, and sometimes the subject line and even first lines of an e-mail. Suspected terrorists and their contacts can be compared to such lists to find new leads.
“You need the haystack to find the needle,” said Gen. Keith Alexander, NSA director, defending the agency’s collection programs at the Aspen Security Forum in July.
But the just-revealed approach also inevitably captures tens of millions of names and other information belonging to Americans, the officials told the Post. It would be illegal if collected in the United States, they said, but the information was collected overseas under authority of presidential Executive Order 12333, which outlines requirements of US intelligence agencies operating overseas.
Although controversial, bulk collection of Americans’ telephone metadata has so far been deemed legal under the Patriot Act by the Foreign Intelligence Surveillance Court. Also, online records collected from US Internet companies under an NSA program known as PRISM have been justified under the FISA Amendments Act of 2008.
The NSA “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers, and drug smugglers,” a spokesman for the Office of the Director of National Intelligence told the Post. “We are not interested in personal information about ordinary Americans.”