Cybersecurity

NSA Helps Itself to Americans’ Online Address Books

The latest revelations by former United States intelligence contractor Edward Snowden show the National Security Agency is spying on Americans, despite repeated statements by the agency and presidential assurances that it does not do so.

The agency reportedly is collecting hundreds of millions of electronic address books and contact lists from people worldwide.

Though it is collecting the data overseas, some of it comes from Americans. The agency has argued that it is not legally required or technically able to restrict its intake to contact lists belonging to foreign intelligence targets.

When information passes through overseas collection points, the NSA assumes people whose email is being spied upon are not U.S. people, an unnamed official told The Washington Post.

“The NSA’s mass collection of address book information is a significant intrusion on associational rights, and it will chill free expression all over the world,” Gregory Nojeim, senior counsel at the Center for Democracy & Technology, told TechNewsWorld.

“These are not merely threshold intrusions on privacy — they are thorough intrusions,” remarked Katherine Stern, senior counsel at The Constitution Project.

The Latest Shenanigans

The NSA is collecting online contact lists in bulk from at least 18 Internet access points controlled by foreign telecommunications companies and allied intelligence services, according to the Post.

One day’s take was almost 445,000 email address books from Yahoo; about 105,000 from Hotmail; nearly 83,000 from Facebook; about 34,000 from Gmail; and almost 23,000 from other online service providers, a document Snowden supplied to the paper shows.

The data is collected abroad, but online service providers have data centers overseas, so communications between Americans living in the U.S. could flow overseas.

Communications of Americans who live or travel abroad also cross the NSA’s access points.

Security? What Security?

Some webmail providers, notably Google, have rolled out HTTPS encryption for their subscribers. Yahoo doesn’t, but plans to in 2014.

However, the NSA is reported to have suborned security protocols. Furthermore, some data may be transmitted in the clear between encrypted applications.

Knowledge Is Power

The NSA maps the social graph — associations between individuals whether or not they are currently active — from the address books it has collected.

“If the Snowden data is accurate, the NSA is trying to reverse-engineer a social network from the data side rather than the user side,” Charles King, principal analyst at Pund-IT, told TechNewsWorld.

“That’s the kind of thing companies like Facebook do on a day-to-day basis with the acquiescence of their users,” he noted.

Contact data and address books “are typically held in a common spreadsheet, so the NSA might not require unstructured Big Data tools like Hadoop,” King suggested. “They might simply be able to incorporate it into a regular relational database.”

For the Good of the Nation

The NSA’s home page lists its mission as collecting, processing and storing U.S. citizen data for the good of the nation. Its targets are U.S. citizens and permanent residents.

Whether or not this activity is legal remains open to question, but in a related issue, NSA director Keith Alexander admitted earlier this week that he had lied to Congress in June when he stated that bulk phone surveillance had helped thwart 54 terror plots.

“The Constitution Project has been urging Congress to clarify the statutory requirements for foreign intelligence gathering so as to limit NSA’s incidental collection of Americans’ data more effectively,” the project’s Stern told TechNewsWorld.

“We also need more strict limits on how and where Americans’ data can be used once it’s collected,” she continued.

The NSA maintains that it has checks and balances in place to prevent abuse, but “disclosures show that the NSA is unable to police itself,” the CDT’s Nojeim contended, “and it has misled those who are charged with oversight.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Cybersecurity

Technewsworld Channels