Wednesday, October 16, 2013

The NSA collects millions of email and chat contact lists

More information about the NSA's domestic spying program (via Edward Snowden) was released by the Washington Post on Monday. The spy agency is reportedly gathering contact lists from instant messaging and emails services in large numbers, and is doing so globally.

The harvesting apparently includes information on U.S. citizens. Back in June (embedded video), U.S. President Barack Obama said that U.S. citizens were not subject to mass email collection, only collection done with an individualized court order.

The data is snagged when when Internet services transmit the data to or from a user, which generally happens when users log in, compose a message, or sync devices, the Post said. The NSA then analyzes the data to identify "hidden connections" which include foreign intelligence targets.

According to an internal NSA PowerPoint presentation provided by Snowden, which the Washington Post reviewed, the agency collects an estimated 500,000 contact lists from chat services and Web-based e-mail daily.

On one particularly productive 2012 day, the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers.

The collection takes place overseas, using secret arrangements with foreign telecommunications companies or allied intelligence services. Despite being done overseas, two senior U.S. intelligence officials confirmed that the program collects the contacts of many Americans; the officials did not dispute an assertion that the number of contacts thus obtained is likely to be in the millions or tens of millions.

Since the data is obtained while the data is being transmitted along the Internet, the agency is not required to notify Internet service providers -- or ask for their assistance. Thus, Google and Yahoo both denied any knowledge of the program. Microsoft went further, issuing concerns.
Microsoft does not provide any government with direct or unfettered access to our customer's data. We would have significant concerns if these allegations about government actions are true.
Select pages from an NSA briefing, published by the Post, said that the agency was inundated with data, much of it low value. Because of this, the agency has sometimes been forced to halt its collection with “emergency detasking” orders.

Somewhat ironically, due to the agency's reliance on email collection from those detection on contact lists, the NSA has discovered what the rest of the public has: that spam is a big problem. One NSA document confirmed that the majority of all e-mails “are SPAM from 'fake' addresses and never 'delivered' to targets.”

No comments: