The National Security Agency is logging hundreds of millions of email and instant messaging contacts belonging to Americans and others around the world, according to a report based on documents provided by NSA whistleblower Edward Snowden.
The data harvesting program, first reported by The Washington Post Monday, collects address books from email and instant messaging service in an apparent attempt to map social circles across the globe. Online communication services frequently expose an individual’s contact list when that person signs onto their account, sends a message, or connects a remote device - such as a cell phone - to a computer.
An internal NSA PowerPoint presentation indicated that the NSA’s Special Source Operations collected 444,743 email lists from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and another 22,881 from other services. The documents note that those numbers show what the NSA collects in one day, meaning the intelligence agency could collect more than 250 million lists each year.
The NSA is capable of collecting approximately 500,000 so-called buddy lists from live-chat services and the “in-box” displays from web-based email services, according to the Post.
Two NSA sources told the Post the intelligence agency uses the data to identify international connections and then find smaller, more nefarious connections between suspected criminals. The collection relies on secret deals with foreign telecommunication companies, with NSA agents monitoring internet traffic outside the US.
The sources refused to estimate how many Americans are snared in the dragnet but did admit it could number in the tens of millions. An unnamed official was careful to mention the collection comes from “all over the world,” and “None of those are on US territory.”
Shawn Turner, a spokesman for the Office of the Director of National Intelligence, said the NSA “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers and drug smugglers. We are not interested in personal information about ordinary Americans.”
While the earlier revelation that the NSA indiscriminately collected millions of American phone records ignited outrage, email address books could provide much more detail about a person’s life. Address books often include home and work addresses, as well as business and family information.
The potential for abuse could also be much higher, with intelligence agents able to look at a close diagram of someone’s life, including political and religious organizations. False impressions could also be created if someone neglects to delete entries belonging to friends they are no longer associated with.
Because the collection takes place overseas, the NSA does not require nor did it receive permission from Congress or the secret intelligence court that authorizes such collection. One US official said “the assumption is you’re not a US person” when the communication passes through “the overseas collection apparatus.”
Still, despite common past reports indicating otherwise, an official said the privacy of US citizens is safeguarded by “checks and balances built into our tools.”
The US companies involved in the data program deny that were consulted or informed about the NSA’s policy. This is possible, the Post noted, because address books are recorded “on the fly” when a user crosses an internet switch, not from servers at rest.
“We have neither knowledge nor participation in any mass collection of webmail addresses or chat lists by the government,” said a Google spokesman.
Microsoft and Facebook offered similar denials, with the Post speculating that Yahoo lists were intercepted more often because the email service automatically leaves connections between users unencrypted, although a company representative said that policy is expected to change in January 2014.
NSA documents prove that the intelligence agency collects so much information that its vast data facilities are nearly overwhelmed and the intake has been suddenly stopped by “emergency detasking” orders. While the agency has sought to delete information it deems no use for, at least three documents report on efforts to build an “across-the-board technology throttle for truly heinous data.”