NSA Collects Email Contact Lists, Instant Messaging Chat Buddy Lists From Overseas With No Oversight At All
from the well,-there's-that dept
The Washington Post is out with the latest revelations from the Snowden leaks and it shows that the NSA relies on foreign telcos and "allied" intelligence agencies to scoop up data on email contact lists and instant messaging buddy lists to help build its giant database of connections. Remember a few weeks ago how it was reported that the NSA was basically building a secret shadow social network? It seems like this might be one of the ways it's able to tell who your friends are.There are a variety of important points here. First off, this information is not coming directly from the tech companies (which, again, suggests that earlier claims that the NSA had direct access to all their servers was mistaken). Rather they're picking this information up off the backbone connections in foreign countries. It also explains why they get so much data from Yahoo -- because, for no good reason at all, Yahoo hasn't forced encryption on its webmail users until... the news of this started to come out.
And here's the big problem: because all of this information is collected overseas, rather than at home, it's not subject to "oversight" (and I use that term loosely) by the FISA court or Congress. Those two only cover oversight for domestic intelligence. The fact that the NSA can scoop up all this data overseas is just a bonus.
Also, while the program is ostensibly targeted at "metadata" concerning connections between individuals, the fact that it collects "inboxes" and "buddy lists" appears to reveal content at times. With buddy lists, it can often collect content that was sent while one participant was offline (where a server holds the message until the recipient is back online), and with inboxes, they often display the beginning of messages, which the NSA collects.
In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”Because of this mess, the NSA has tried to stop collecting certain types of information, doing "emergency detasks" of certain collections. This, yet again, shows how ridiculous Keith Alexander's "collect it all" mantra is. When you collect it all, you get inundated with a ton of bogus data, and the information presented here seems to support that.
The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.
After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: buddy lists, chat, contacts, email, information, nsa, nsa spying, nsa surveillance, telcos
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
"Immunity from state scrutiny of petitioner's membership lists is here so related to the right of petitioner's members to pursue their lawful private interests privately and to associate freely with others in doing so as to come within the protection of the Fourteenth Amendment."
-- NAACP vs State of Alabama
[ link to this | view in thread ]
Apparently ranked by unpopularity:
Think it's clear that Yahoo followed by Microsoft are the most unpopular / most despised. SO what I surmise is that this "new" factoid is sheerly PR to create the illusion of distance between the spying mega-corporations and NSA, putting the most unfavored at top of list. There's no other explanation given than similarly biased musing, so don't claim that you know...
Mike pounces on and plays up: "suggests that earlier claims that the NSA had direct access to all their servers was mistaken" -- when the only "evidence" here is another alleged Powerpoint slide. -- But there IS more evidence so publicly available that don't require proof: Google and the other mega-corps go on getting tens of billions every year, are effectively exempt from anti-trust, pay almost no taxes, billions kept offshore... The payoffs are indirect but can't be much clearer that the mega-corporations ARE willingly going along with NSA. Pro-corporate Mike just refuses to see the BILLIONS -- while clutches at one contrary Powerpoint slide.
[ link to this | view in thread ]
I may be reading this incorrectly...
[ link to this | view in thread ]
Re: Apparently ranked by unpopularity:
[ link to this | view in thread ]
Re: Apparently ranked by unpopularity:
Yahoo and Hotmail predate Gmail by 10 years! It stands to reason that they'd have significantly more accounts for the NSA to snoop into.
[ link to this | view in thread ]
Overseas surveillance: Obviously. Welcome to the 21st Century.
The problem is when the NSA destroys the 4th Amendment of the US Constitution. That's not acceptable. Bullying the FISA courts is not acceptable. Treating US citizens as default criminals is not acceptable. Collecting ANY citizen surveillance data without probable cause is not acceptable. It is in fact treasonous behavior punishable by the severest penalty of law.
For review, the 4th Amendment to the US Constitution:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
And directly quoting Benjamin Franklin:
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
And directly quoting Theodore Roosevelt:
"To announce that there must be no criticism of the president, or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public."
IOW: It's prosecution time, Bush, Obama, Republican, Democrat, off to prison and trial with you.
[ link to this | view in thread ]
NSA as a target
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
The hits just keep coming
[ link to this | view in thread ]
Re: Overseas surveillance: Obviously. Welcome to the 21st Century.
And surprise surprise, the '37000 selectors' the NSA runs on that data? Well it was doing other things with the data, like grabbing all the address books, buddy lists, passwords, any keys it can on British data.
All helped by traitors in GCHQ and MI5 and a few in the Cabinet.
Thank you Snowden. It's a pretty bleak world, and its clear we don't have a free democracy in the UK, but at least we know where we stand now.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: I may be reading this incorrectly...
[ link to this | view in thread ]
Re: I may be reading this incorrectly...
Like for example, send all the women on your contact lists spam email selling them erectile dysfunction and male penis enhancement spam.
And send all the men emails telling them to lose weight with some expensive weight loss medication so they can all fit into their bikinis by spring! (I've seen spam viruses actually do this one when hijacking accounts where almost all the contacts are men)
[ link to this | view in thread ]
[ link to this | view in thread ]
Greenwald says he has some major blockbusters coming. I can not help but believe that is one of them. So far there is little they haven't been into. I just can not see them leaving out the main purpose of sending an email if they are interested in who you talk to, for how long, where. Seems like stealing the bread and leaving the meat and that don't sound right.
[ link to this | view in thread ]
How long before real-time buddy lists?
I mean, they've admitted to so much stuff being collected here, (with absolutely no apologies, either) and we just take it.
They're lying-of course they're taking it from domestic services-and anything you say can and will be used against you in a court of law, too.
Too bad nobody will ever be prosecuted for this and other crimes against the Constitution. Guess the DOJ has better things to do.
[ link to this | view in thread ]
Re:
Don't do that, then. You can use an Android phone without syncing any data to Google's (or anyone else's) servers at all. I highly recommend that you just store everything on the phone itself, and back up the data onto your desktop machine.
[ link to this | view in thread ]
Why am I NOT surprised!
[ link to this | view in thread ]