WASHINGTON D.C. – The National Security Agency collects contact lists of email and instant message services from users worldwide, and Americans are among those whose data is being harvested.
The revelations, from senior intelligence officials and documents provided by NSA leaker Edward Snowden, were reported by The Washington Post on Monday.
The program feeds off email address books and buddy lists transmitted by various online services when users sign on, write a message, or sync their computers or mobile devices to one another, The Post reported. Instead of targeting individual users, the lists are described as being collected en masse, in hopes of letting the spy agency map out and discover relationships between various players.
A similar NSA program mapping social ties and relationships of Americans was reported by The New York Times last month. According to a summary provided by The Post, the harvested “contact lists” are the online address books that allow users of Gmail, Yahoo mail, Hotmail, Facebook and other online services to keep track of their friends, family and business associates.
Address books contain the email addresses of people whom users are in contact with via email or chat. In some services, including Google Contacts and Facebook, they can also include full names, addresses and phone numbers.
Many smartphones and computers allow you to “sync” your contacts to services such as Google and Facebook. Leading web-based email services generate contact lists automatically as a result of sending, and sometimes receiving, emails. These lists allow users to compose emails more quickly via an “auto-complete” feature.
A document supplied to The Post by Snowden indicates that in a typical day, the NSA collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers.
Those figures correspond to a rate of more than 250â€‰million per year, The Post reported. Although the collection takes place overseas, two senior U.S. intelligence officials told The Post that it sweeps in the contacts of many Americans. The number is likely to be in the millions or tens of millions, The Post reported.
A spokesman for the Office of the Director of National Intelligence, which oversees the NSA, told The Post the agency “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers and drug smugglers. We are not interested in personal information about ordinary Americans.”
Their spokesman, Shawn Turner, said rules approved by the attorney general require the NSA to â€œminimize the acquisition, use, and disseminationâ€ of information that identifies a U.S. citizen or permanent resident. The NSAâ€™s collection of nearly all U.S. call records under a separate program has generated a storm of controversy since it was revealed June, but has been upheld by the Foreign Intelligence Surveillance Court.
The data snooping was defended Monday by California Democratic Sen. Dianne Feinstein.
The NSA has not been authorized by Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk. Senior intelligence officials told The Post it would be illegal to do so from facilities in the United States, but another official said the NSA avoids the restrictions in the Foreign Intelligence Surveillance Act by intercepting contact lists from access points “all over the world.”
“None of those are on U.S. territory,” that official told The Post.
An unnamed intelligence official told The Post that the privacy of Americans is protected despite mass collection, because “we have checks and balances built into our tools.”
Google spokesman Niki Fenwick told The Post: â€œWe have neither knowledge nor participation in any mass collection of webmail addresses or chat lists by the government.”
At Microsoft, spokesman Nicole Miller said the company “does not provide any government with direct or unfettered access to our customersâ€™ data,” adding that “we would have significant concerns if these allegations about government actions are true.”
Facebook spokesman Jodi Seth told the newspaper “we did not know and did not assist” in the NSAâ€™s interception of contact lists.
Suzanne Philion, a Yahoo spokesman, said Monday in response to an inquiry from The Post that beginning in January Yahoo would start encrypting all its email connections.