Monday, March 10, 2014
By Barton Gellman And Ashkan Soltani
The Washington Post
WASHINGTON — The National Security Agency is harvesting hundreds of millions of contact lists from personal email and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top secret documents provided by former NSA contractor Edward Snowden.
National Security Agency Director Gen. Keith Alexander oversees an agency that collects hundreds of thousands of email address books on a daily basis from top U.S. services like Gmail and Yahoo.
The Associated Press
The collection program, which has not been disclosed before, intercepts email address books and “buddy lists” from instant messaging services as they move across global data links. Online services often transmit those contacts when a user logs on, composes a message, or synchronizes a computer or mobile device with information stored on remote servers.
Rather than targeting individual users, the NSA is gathering contact lists in large numbers that amount to a sizable fraction of the world’s email and instant messaging accounts. Analysis of that data enables the agency to search for hidden connections and map relationships within a much smaller universe of foreign intelligence targets.
During a single day last year, the NSA’s Special Source Operations branch collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, according to an internal NSA PowerPoint presentation. Those figures, described as a typical daily intake in the document, correspond to a rate of more than 250 million per year.
Each day, the presentation said, the NSA collects contacts from an estimated 500,000 buddy lists on live-chat services as well as from the “in-box” displays of Web-based email accounts.
The collection depends on secret arrangements with foreign telecommunications companies or allied intelligence services in control of facilities that direct traffic along the Internet’s main data routes.
Although the collection takes place overseas, two senior U.S. intelligence officials acknowledged that it sweeps in the contacts of many Americans. They declined to offer an estimate but did not dispute that the number is likely to be in the millions or tens of millions.
A spokesman for the Office of the Director of National Intelligence, which oversees the NSA, said the agency “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers and drug smugglers. We are not interested in personal information about ordinary Americans.”
The spokesman, Shawn Turner, added that rules approved by the attorney general require the NSA to “minimize the acquisition, use, and dissemination” of information that identifies a U.S. citizen or permanent resident.
The NSA’s collection of nearly all U.S. call records, under a separate program, has generated significant controversy since it was revealed in June. The NSA’s director, Gen. Keith Alexander, has defended “bulk” collection as an essential counterterrorism and foreign intelligence tool, saying “you need the haystack to find the needle.”
Contact lists stored online provide the NSA with far richer sources of data than call records alone. Address books commonly include not only names and email addresses but also telephone numbers, street addresses, and business and family information. In-box listings of email accounts stored in the “cloud” sometimes contain content such as the first few lines of a message.
Taken together, the data would enable the NSA, if permitted, to draw detailed maps of a person’s life, as told by personal, professional, political and religious connections. The picture can also be misleading, creating false “associations” with ex-spouses or people with whom an account holder has had no contact in many years.
The NSA has not been authorized by Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk, and senior intelligence officials said it would be illegal to do so from facilities in the United States. The agency avoids the restrictions in the Foreign Intelligence Surveillance Act by intercepting contact lists from access points “all over the world,” one official said, speaking on the condition of anonymity to discuss a classified program. “None of those are on U.S. territory.”
(Continued on page 2)