NSA collects e-mail address lists: Can users be protected?

The NSA snags contact information as it flows through telecommunications servers and other systems overseas, according to a Washington Post report. Not surprisingly, civil libertarians are unhappy with the new revelations.

Pawel Kopczynski/Reuters/File
A photographer captured this projection of a text on a woman's face in Berlin, June 12. The NSA grabs contact information as it flows through servers and other systems overseas, the Washington Post reports.

Each day the National Security Agency scoops up half a million “buddy list” and in-box e-mail address lists from instant chat and Web-based e-mail services worldwide, according to internal agency documents released Monday by The Washington Post.

Using computerized electronic filters, the NSA snags the buddy lists and address books as they flow through telecommunications servers and other systems overseas, where US laws do not restrict wholesale data gathering, the Post reported, citing conversations with unnamed senior US intelligence officials.

Collection happens most often when computers and smart phones allow their users to “sync” their contact lists to services such as Yahoo, Facebook, and Google. At the same time, Web-based e-mail services often produce detailed lists of recipients on the fly, as e-mails are sent and received.

On one typical day, the NSA collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers, one of two documents shows. Both documents were leaked to the Post by former NSA contractor Edward Snowden.

At this rate, the take is about 250 million such lists each year.

Such lists are “metadata rich,” one of the documents notes. Besides e-mail addresses, they often include phone numbers, names, and sometimes the subject line and even first lines of an e-mail. Suspected terrorists and their contacts can be compared to such lists to find new leads.

“You need the haystack to find the needle,” said Gen. Keith Alexander, NSA director, defending the agency’s collection programs at the Aspen Security Forum in July.

But the just-revealed approach also inevitably captures tens of millions of names and other information belonging to Americans, the officials told the Post. It would be illegal if collected in the United States, they said, but the information was collected overseas under authority of presidential Executive Order 12333, which outlines requirements of US intelligence agencies operating overseas.

Although controversial, bulk collection of Americans’ telephone metadata has so far been deemed legal under the Patriot Act by the Foreign Intelligence Surveillance Court. Also, online records collected from US Internet companies under an NSA program known as PRISM have been justified under the FISA Amendments Act of 2008.

The NSA “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers, and drug smugglers,” a spokesman for the Office of the Director of National Intelligence told the Post. “We are not interested in personal information about ordinary Americans.”

The NSA follows rules laid out by the US attorney general that require the agency to “minimize the acquisition, use, and dissemination” of information about a US citizen or permanent resident of the US, the spokesman said.

But that’s not particularly reassuring to civil libertarians, who say the emerging picture is increasingly one in which a sprawling intelligence agency use many sophisticated programs to collect vast amounts of information on Americans – one way or another.

“E-mail address books, especially when combined with other information the NSA already collects, tell the government the story of your private life,” writes Faiza Patel, co-director of the Liberty and National Security Program at the Brennan Center for Justice, in an e-mail interview.

“By plumbing this information, the NSA can figure out your political and religious beliefs, your intimate relationships, your medical issues, even your financial concerns,” she writes. “The fact that the information is collected abroad doesn't make a difference for privacy concerns. The government itself concedes that the number of law-abiding Americans whose details are swept up in this program numbers in the millions or even tens of millions.”

Others say it is becoming obvious that NSA operations have outpaced day-to-day oversight of the agency by congressional committees.

“What we’re seeing is that the government collection programs are many-headed,” says Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, a San Francisco Internet free-speech and privacy group. “We’re also seeing emerging efforts to reform this machine. But how do you do that when you don’t know what all the parts of the machine are collecting?”

With Internet data streams merged into fiber-optic cables and flowing through nodes and data centers run by global companies like Google in many countries, “the scope of the collection” under the FISA law needs to be analyzed in relation to traditional espionage collection efforts to ensure that Americans’ privacy is protected, Mr. Tien says.

Until then, he says, encryption appears to be the best way to try to maintain privacy. Spokesmen for Facebook, Google, Microsoft, and Yahoo all told the Post they were not aware of the buddy list and e-mail in-box list collection. Yahoo said it would begin encrypting its communications traffic in January.

“We have neither knowledge of nor participation in this mass collection of Web-mail addresses or chat lists by the government,” Google spokeswoman Niki Fenwick told the Post. A Microsoft spokeswoman said her company “does not provide any government with direct or unfettered access to our customers’ data.”

“We would have significant concerns if these allegations about government actions are true,” she added.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to NSA collects e-mail address lists: Can users be protected?
Read this article in
QR Code to Subscription page
Start your subscription today