Does the NSA know who 'friended' you on social media?

The latest leak about the NSA alleges that the US government uses foreign technology companies to collect hundreds of millions of digital contacts worldwide, including those of Americans.

Jeff Chiu/AP/File
A Facebook employee walks past a sign at Facebook headquarters in Menlo Park, Calif., March 15, 2013.

– A daily summary of global reports on security issues.

The US government is using foreign technology companies and intelligence agencies to collect hundreds of millions of address books and friend lists around the world, including those of millions of Americans, in an end run around US privacy laws, according to a Washington Post report.

The Post article, published Monday and based on documents leaked by former National Security Agency contractor Edward Snowden, says the NSA uses a collection program to intercept contact lists from email and instant messaging services – including major companies like Yahoo, Google, Facebook, and Microsoft – as they are transmitted through international servers. The aggregated lists, which the Post calls "a sizable fraction of the world’s e-mail and instant messaging accounts," is then analyzed by the NSA to map relationships and search for connections with specific foreign intelligence targets.

The program relies on intercepting the data as it is transmitted across borders, taking advantage of the fact that many major service providers operate servers abroad in order to balance their workload. And rather than accessing corporate servers directly, the program instead grabs data as it is synced between the servers and clients – a procedure that happens whenever users log in or compose a message. That data is nominally a list of names of contacts, but can also include real world information such as street addresses, phone numbers, family and business information, and the first few lines of messages.

Because of the way it culls data, the program in theory does not run afoul of restrictions set by the Foreign Intelligence Surveillance Act, or FISA, which governs such data collection in the US and on American targets. Instead, the program is subject only to executive branch oversight and presidential authority.

However, the Post notes that the program is not "technically able to restrict its intake to contact lists belonging to specified foreign intelligence targets," according to an anonymous US official.

When information passes through “the overseas collection apparatus,” the official added, “the assumption is you’re not a U.S. person.”

In practice, data from Americans is collected in large volumes — in part because they live and work overseas, but also because data crosses international boundaries even when its American owners stay at home. Large technology companies, including Google and Facebook, maintain data centers around the world to balance loads on their servers and work around outages.

A senior U.S. intelligence official said the privacy of Americans is protected, despite mass collection, because “we have checks and balances built into our tools.”

NSA analysts, he said, may not search within the contacts database or distribute information from it unless they can “make the case that something in there is a valid foreign intelligence target in and of itself.”

British technology news site The Register reports that in a speech Mr. Snowden gave last week, but was only published Monday by Democracy Now, he criticizes the volume of data that the US is collecting, and appears to be citing, at least in part, the program revealed by the Post report.

"These [surveillance] programs don’t make us more safe. They hurt our economy. They hurt our country. They limit our ability to speak and think and to live and be creative, to have relationships, to associate freely," said Snowden, who has been accused of aiding terrorists and America's enemies....

Snowden said: "There's a far cry between legal programs, legitimate spying, legitimate law enforcement, where it's targeted, it's based on reasonable suspicion and individualized suspicion and warranted action, and sort of dragnet mass surveillance that puts entire populations under sort of an eye that sees everything, even when it's not needed."

And Alex Wilhelm asks in a story for IT news and commentary site TechCrunch, "if the NSA is willing to accept data from foreign intelligence agencies that it is not able to collect [under FISA restrictions], why not in other cases as well?"

If the NSA won’t respect the constraints that are put in place on its actions for a reason, and will instead shirk its responsibilities and find a way to get all the data it could ever desire, then we have even less reason to trust its constant petitions that it follows the law, and is the only thing keeping the United States safe from conflagration.

The Post includes comments from Microsoft, Google, Facebook, and Yahoo, all of which deny knowledge of and voluntary participation in the US program. The Post notes that according to the documents provided by Snowden, Yahoo sees a disproportionate share of the data the US collects, perhaps due to the fact that it has yet to encrypt all its users' communications. (In contrast, Google was the first to encrypt all its user messages, starting in 2010.) A Yahoo spokesperson told the Post that the company would begin encrypting all email communications in January.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.