Privacy Expert: NSA Intercepting Your Address Books, Buddy Lists

Snowden_Leak_Tip_of_the_Iceberg_of_NSA_Surveillance_Program__141492What makes a privacy expert nervous? Glimpsing the size of the iceberg under the surface. When National Security Agency contractor Edward Snowden became a whistle blower earlier this year, I think we all knew we were really just seeing the tip of the iceberg about exactly how much information the NSA was gathering on the average American citizen.  And it was a pretty large tip to start with.

Here’s a reminder of what started the whole thing.  Snowden provided reporters at The Guardian and The Washington Post with top-secret documents detailing two NSA surveillance programs being carried out by the U.S. Government, all without the average voter’s knowledge. One gathers hundreds of millions of U.S. phone records and the second allows the government to access nine U.S. Internet companies to gather all domestic Internet usage (so they are tapping pieces of your phone calls and emails, in other words). The intent of each program respectively is to use meta-data (information about the numbers being called, length of call, etc., but not the conversation itself, as far as we know) to detect links to known terrorist targets abroad and to detect suspicious behavior (by monitoring emails, texts, social media posts, instant messaging, chat rooms, etc.) that begins overseas. As a privacy expert, I understand the need to detect connections among terrorists; the troubling part is the scope of the information being gathered.

Later, in response to this revelation, Congress put forth an amendment that would restrict the NSA’s ability to collect data under the Patriot Act on people not connected to an ongoing investigation.  In the end, the amendment to a defense-spending bill was narrowly defeated by a vote of 217-205.

Now we learn that the NSA has been collecting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, including the accounts of many Americans.

Essentially, the government is able to intercept e-mail address books and “buddy lists” from instant messaging services as they move across global data links. Online services, such as Google or Yahoo, often transmit those contacts when a user logs on, composes a message or synchronizes a computer or mobile device with information stored on remote servers.

If this were happening in the United States, it would be illegal.  The NSA gets around this because the collection takes place overseas.  Nonetheless, two senior U.S. intelligence officials acknowledged that it does indeed harvest the contacts of many Americans.  They declined to offer an estimate but did not dispute that the number is likely to be in the millions or tens of millions.  According to an internal NSA PowerPoint presentation, during a single day last year, the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers.

A spokesman for the Office of the Director of National Intelligence, which oversees the NSA, said the agency, “is focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers and drug smugglers. We are not interested in personal information about ordinary Americans.” Which begs the question, why then do they continue to collect and retain such vast quantities of information on ordinary Americans? 

In fact, rather than targeting individual users, the NSA is gathering contact lists in large numbers that amount to a sizable fraction of the world’s e-mail and instant messaging accounts.  However, the information provides a much clearer picture of the individual than merely collecting their phone records, since it can reveal a person’s political, professional and religious affiliations as well.

Alex Abdo, a staff attorney with the American Civil Liberties Union, said in an emailed statement (emphasis mine): “This revelation further confirms that the NSA has relied on the pretense of ‘foreign intelligence gathering’ to sweep up an extraordinary amount of information about everyday Americans. The NSA’s indiscriminate collection of information about innocent people can’t be justified on security grounds, and it presents a serious threat to civil liberties.”

Until further notice, your only recourse is to assume that every email you send, every social media post you make, every call you place is tracked and analyzed in some way by your government. Uncomfortable with that? Call your Congressperson, as you don’t have the tools to stop them from prying.

John Sileo is a privacy expert and a sought after speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and the University of Massachusetts as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.