- Cara Delevingne calls out Justin Bieber for ‘ranking’ wife Hailey’s friends Friday 9:07 PM
- Fans defend Jenna Marbles after some people claimed she mistreated her dogs in a recent video Friday 8:37 PM
- ‘Friends’ gets reunion special on HBO Max, fans go wild Friday 7:37 PM
- Why you should drop everything and start reading ‘Lore Olympus’ Friday 6:27 PM
- ‘Boogaloo’ memes are trying to organize a second civil war—and they’re spreading fast Friday 3:48 PM
- People are disturbed by these McDonald’s-scented candles Friday 3:47 PM
- Season 2 of ‘The Witcher’ is in production Friday 3:16 PM
- Here are some cringey billboards Bloomberg ran in Arizona Friday 2:51 PM
- PewDiePie returns to YouTube after 37-day hiatus Friday 2:01 PM
- Why was a Republican Party Facebook page co-managed by someone in Turkmenistan? Friday 1:26 PM
- The shorthand guide to ‘Star Wars: The Clone Wars’ Friday 1:07 PM
- Congress urges Tinder to screen for sex offenders Friday 1:03 PM
- Video shows 9-year-old threatening suicide after being bullied Friday 12:01 PM
- Ex-Goldman Sachs CEO says he might vote Trump because Sanders is too mean to him Friday 11:40 AM
- Twitch streamer says she was banned for body painting Friday 11:39 AM
The NSA has your address book
Internal slides show the agency gets half a million address books a day on average.
The National Security Agency sucks up Internet users’ contact lists and address books on a massive scale, according to previously unseen documents published Monday by the Washington Post.
The documents shed light on the agency’s previously established practice of choosing new surveillance targets based on “contact-chaining”—looking not just at a person of interest but at the people within a few degrees of separation, too.
Previously leaked documents show that one method the NSA employs is to search for who’s “included in the ‘buddy list’ or address book” of an established target. It wasn’t explicitly clear at the time how the NSA gets that information.
One example of compiling contact lists, according to the slides, is that the agency can collect scores of contacts through an idle Yahoo messenger user. The agency engages in brief “sporadic collection” sessions, more than 30,000 to 60,000 times a day. It searches for email metadata—who a user emails with, and when. It doesn’t include the contents of those emails, and it’s unclear if it tracks users’ locations.
The practice reflects fits the U.S. intelligence community’s oft-repeated remark that “If you’re looking for the needle in a haystack, you have to have the haystack.” And the end result is mind-boggling in scale. According to one slide, “NSA collects, on a representative day, ~500,000 buddylists and inboxes.” In an single day in 2012, the agency acquired “444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from miscellaneous others
The U.N. estimates there are 2.7 billion Internet users in the world in 2013. Were that number to remain constant (it won’t), the NSA would be on pace to collect an address book per person in under 15 years. It’s unclear when this program started.
To give a sense of how broadly the agency can move from one person to another, the slides cite a single Yahoo email user, whose username the Post redacted, marked as a member of Iranian Army’s elite Quds Force. That soldier was hacked and the email address began sending out spam, providing the NSA with a host of new contacts.
But it was apparently system overload for that particular operation. According to the Post’s analysis, “the spam created so many false connections that the Yahoo account had to be ‘emergency detasked’ to prevent the collection system from overflowing.” According to the slide, “Inboxes where the recipient did not delete the spam message continued to be collected every time they were viewed.”
A representative at the office of James Clapper, the director of National Intelligence (ODNI), told the Post that the NSA is focused on gathering intelligence on terrorists and human traffickers, and it’s “not interested in personal information about ordinary Americans.” However, it’s not clear that Americans wouldn’t be swept up in such a mass collection.
The ODNI didn’t immediately respond to the Daily Dot’s request for clarification.
Illustration by Jason Reed
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.