- Texas police officer fatally shoots Black woman in her own home Today 3:44 PM
- Milo Yiannopoulos’ website dangerous.com was sold Today 1:42 PM
- First YouTube comment to hit 1 million likes is on Billie Eilish’s ‘bad guy’ music video Today 12:36 PM
- Girl says she was fired over exposing how Panera makes its mac and cheese on TikTok Today 11:34 AM
- David Harbour teased fans about Hopper’s ‘Stranger Things’ fate on ‘SNL’ Today 10:24 AM
- Kacey Musgraves accused of cultural appropriation–and botching it Today 9:19 AM
- Rihanna defends Vogue writer who received backlash for ‘winging’ interview Today 8:36 AM
- Here are the best PC games to add to your list Today 8:20 AM
- How to stream ‘Power’ season 6, episode 8 Today 6:00 AM
- How to stream Steelers vs. Chargers on Sunday Night Football Saturday 7:20 PM
- Popular TikTok teens accused of pretending to be gay for clout Saturday 6:38 PM
- Scott Walker’s ‘$26 haircut’ dig at Alexandria Ocasio-Cortez backfires Saturday 4:46 PM
- Halle synagogue shooter allegedly posted manifesto on anime message board Saturday 4:06 PM
- How to stream Cowboys vs. Jets in NFL Week 6 Saturday 3:25 PM
- How to stream Rams vs. 49ers in NFL Week 6 action Saturday 3:05 PM
The NSA has your address book
Internal slides show the agency gets half a million address books a day on average.
The National Security Agency sucks up Internet users’ contact lists and address books on a massive scale, according to previously unseen documents published Monday by the Washington Post.
The documents shed light on the agency’s previously established practice of choosing new surveillance targets based on “contact-chaining”—looking not just at a person of interest but at the people within a few degrees of separation, too.
Previously leaked documents show that one method the NSA employs is to search for who’s “included in the ‘buddy list’ or address book” of an established target. It wasn’t explicitly clear at the time how the NSA gets that information.
One example of compiling contact lists, according to the slides, is that the agency can collect scores of contacts through an idle Yahoo messenger user. The agency engages in brief “sporadic collection” sessions, more than 30,000 to 60,000 times a day. It searches for email metadata—who a user emails with, and when. It doesn’t include the contents of those emails, and it’s unclear if it tracks users’ locations.
The practice reflects fits the U.S. intelligence community’s oft-repeated remark that “If you’re looking for the needle in a haystack, you have to have the haystack.” And the end result is mind-boggling in scale. According to one slide, “NSA collects, on a representative day, ~500,000 buddylists and inboxes.” In an single day in 2012, the agency acquired “444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from miscellaneous others
The U.N. estimates there are 2.7 billion Internet users in the world in 2013. Were that number to remain constant (it won’t), the NSA would be on pace to collect an address book per person in under 15 years. It’s unclear when this program started.
To give a sense of how broadly the agency can move from one person to another, the slides cite a single Yahoo email user, whose username the Post redacted, marked as a member of Iranian Army’s elite Quds Force. That soldier was hacked and the email address began sending out spam, providing the NSA with a host of new contacts.
But it was apparently system overload for that particular operation. According to the Post’s analysis, “the spam created so many false connections that the Yahoo account had to be ‘emergency detasked’ to prevent the collection system from overflowing.” According to the slide, “Inboxes where the recipient did not delete the spam message continued to be collected every time they were viewed.”
A representative at the office of James Clapper, the director of National Intelligence (ODNI), told the Post that the NSA is focused on gathering intelligence on terrorists and human traffickers, and it’s “not interested in personal information about ordinary Americans.” However, it’s not clear that Americans wouldn’t be swept up in such a mass collection.
The ODNI didn’t immediately respond to the Daily Dot’s request for clarification.
Illustration by Jason Reed
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.