NSA Collects Email Contact Lists, Instant Messaging Chat Buddy Lists From Overseas With No Oversight At All

from the well,-there's-that dept

The Washington Post is out with the latest revelations from the Snowden leaks and it shows that the NSA relies on foreign telcos and “allied” intelligence agencies to scoop up data on email contact lists and instant messaging buddy lists to help build its giant database of connections. Remember a few weeks ago how it was reported that the NSA was basically building a secret shadow social network? It seems like this might be one of the ways it’s able to tell who your friends are.

There are a variety of important points here. First off, this information is not coming directly from the tech companies (which, again, suggests that earlier claims that the NSA had direct access to all their servers was mistaken). Rather they’re picking this information up off the backbone connections in foreign countries. It also explains why they get so much data from Yahoo — because, for no good reason at all, Yahoo hasn’t forced encryption on its webmail users until… the news of this started to come out.

And here’s the big problem: because all of this information is collected overseas, rather than at home, it’s not subject to “oversight” (and I use that term loosely) by the FISA court or Congress. Those two only cover oversight for domestic intelligence. The fact that the NSA can scoop up all this data overseas is just a bonus.

Also, while the program is ostensibly targeted at “metadata” concerning connections between individuals, the fact that it collects “inboxes” and “buddy lists” appears to reveal content at times. With buddy lists, it can often collect content that was sent while one participant was offline (where a server holds the message until the recipient is back online), and with inboxes, they often display the beginning of messages, which the NSA collects.

Separately, because this is allowing them to gather so much data, it apparently overwhelmed the NSA’s datacenters. At times, this is because they get inundated with… spam. For example, one of the documents revealed show that a target they had been following in Iran had his Yahoo email address hacked for spamming, and that presented a problem:

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

Because of this mess, the NSA has tried to stop collecting certain types of information, doing “emergency detasks” of certain collections. This, yet again, shows how ridiculous Keith Alexander’s “collect it all” mantra is. When you collect it all, you get inundated with a ton of bogus data, and the information presented here seems to support that.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Collects Email Contact Lists, Instant Messaging Chat Buddy Lists From Overseas With No Oversight At All”

Subscribe: RSS Leave a comment
Me says:

Wow. They’ve already violated the 1st, 2nd, 4th, 5th, 6th, 8th, 9th and 10th amendments already so they may as well start in on the rest…

“Immunity from state scrutiny of petitioner’s membership lists is here so related to the right of petitioner’s members to pursue their lawful private interests privately and to associate freely with others in doing so as to come within the protection of the Fourteenth Amendment.”

— NAACP vs State of Alabama

out_of_the_blue says:

Apparently ranked by unpopularity:

“444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers,”

Think it’s clear that Yahoo followed by Microsoft are the most unpopular / most despised. SO what I surmise is that this “new” factoid is sheerly PR to create the illusion of distance between the spying mega-corporations and NSA, putting the most unfavored at top of list. There’s no other explanation given than similarly biased musing, so don’t claim that you know…

Mike pounces on and plays up: “suggests that earlier claims that the NSA had direct access to all their servers was mistaken” — when the only “evidence” here is another alleged Powerpoint slide. — But there IS more evidence so publicly available that don’t require proof: Google and the other mega-corps go on getting tens of billions every year, are effectively exempt from anti-trust, pay almost no taxes, billions kept offshore… The payoffs are indirect but can’t be much clearer that the mega-corporations ARE willingly going along with NSA. Pro-corporate Mike just refuses to see the BILLIONS — while clutches at one contrary Powerpoint slide.

Anonymous Coward says:

Re: I may be reading this incorrectly...

Or you could have some fun sending spam to tons of people, in ways met to be as hilarious as possible.

Like for example, send all the women on your contact lists spam email selling them erectile dysfunction and male penis enhancement spam.

And send all the men emails telling them to lose weight with some expensive weight loss medication so they can all fit into their bikinis by spring! (I’ve seen spam viruses actually do this one when hijacking accounts where almost all the contacts are men)

DerekCurrie (profile) says:

Overseas surveillance: Obviously. Welcome to the 21st Century.

FUD or valid, there are endless incentives for every country on the planet to surveil every other country. That’s an ancient human problem. Humans don’t trust each other. We constantly have trust issues. So obviously the NSA is going to surveil everything it can lay its hands on, and have time to analyze, from outside the USA. Utter DUH Factor.

The problem is when the NSA destroys the 4th Amendment of the US Constitution. That’s not acceptable. Bullying the FISA courts is not acceptable. Treating US citizens as default criminals is not acceptable. Collecting ANY citizen surveillance data without probable cause is not acceptable. It is in fact treasonous behavior punishable by the severest penalty of law.

For review, the 4th Amendment to the US Constitution:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

And directly quoting Benjamin Franklin:

“They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”

And directly quoting Theodore Roosevelt:

“To announce that there must be no criticism of the president, or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public.”

IOW: It’s prosecution time, Bush, Obama, Republican, Democrat, off to prison and trial with you.

Anonymous Coward says:

Re: Overseas surveillance: Obviously. Welcome to the 21st Century.

All servers are ‘overseas’ for us Brits. So all those taps GCHQ does for their NSA masters, are on Brits.

And surprise surprise, the ‘37000 selectors’ the NSA runs on that data? Well it was doing other things with the data, like grabbing all the address books, buddy lists, passwords, any keys it can on British data.

All helped by traitors in GCHQ and MI5 and a few in the Cabinet.

Thank you Snowden. It’s a pretty bleak world, and its clear we don’t have a free democracy in the UK, but at least we know where we stand now.

Anonymous Coward says:

and regardless of what changes are made, if any, the NSA and all other security agencies will continue doing exactly what they have been doing up to now. if anyone was serious in sorting this mess out, they would have actually done something by now but not a single change has been made. the one thing that would have made a difference was stopped by a few totally uneducated and unconcerned Congress people. that was the one and only chance and it’s gone!

Anonymous Coward says:

So how long before we find out that it’s not just metadata, not just your buddy list nor contact list but also the contents of every email.

Greenwald says he has some major blockbusters coming. I can not help but believe that is one of them. So far there is little they haven’t been into. I just can not see them leaving out the main purpose of sending an email if they are interested in who you talk to, for how long, where. Seems like stealing the bread and leaving the meat and that don’t sound right.

FM HIlton (profile) says:

How long before real-time buddy lists?

Ok, so they can get this stuff from overseas, supposedly. Do you really want to believe this?

I mean, they’ve admitted to so much stuff being collected here, (with absolutely no apologies, either) and we just take it.

They’re lying-of course they’re taking it from domestic services-and anything you say can and will be used against you in a court of law, too.

Too bad nobody will ever be prosecuted for this and other crimes against the Constitution. Guess the DOJ has better things to do.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...