A document leaked by whistleblower Edward Snowden says the National Security Agency collects up to 250 million online address books each year. The collection of contact lists from both foreign and US email and instant message accounts is outlined in a document leaked to the Washington Post. http://www.bbc.co.uk/news/technology-24533693
Scrutinising such lists allows the NSA to find hidden connections between people of interest to them, it says.
The web firms involved said that they did not give direct access to the NSA.
During a single day last year, the NSA collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook and 33,697 from Gmail, according to the alleged internal NSA Powerpoint presentation.
Another 22,881 address books were harvested from unspecified providers, according to the Washington Post.
In response to earlier allegations, Yahoo said that it would begin to encrypt email connections from next year. Meanwhile Facebook called for greater government transparency about data collection and Microsoft said the revelations raised “significant concerns”.
According to the leaked document, the information is collected at at least 18 key access points controlled by telecommunication companies based outside the US.
Because American web communications can flow outside of the country, the contact lists of US citizens also cross the international collection points, known as Sigads (Signals Intelligence Activity Designators).
This is particularly significant because President Obama has previously said that US citizens were not targeted by the surveillance.
Address books include names and email addresses but can also include telephone numbers, home addresses, and business and family information.
Many web-based email services generate contact lists automatically once an email has been sent. These lists allow users to write emails more quickly by providing an auto-complete suggestion.
Prof Alan Woodward, who is from the University of Surrey’s department of computing and has been an adviser to GCHQ (UK Government Communications Headquarters) is not surprised by the latest allegations.
“One of the problems of putting any data in the cloud or with other forms of online service provider is that you no longer have complete control over it,” he told the BBC.
“Many of the online service providers are themselves reaching into your machine and pulling your contact list from your PC to their service to ‘assist’ you in finding other users of the service that you might know and wish to contact or connect with.”
For an intelligence analyst, access to such data would allows them to reconstruct a network of who knows whom.
Previous Snowden allegations have suggested large-scale NSA spying and attempts to weaken internet encryption.
The NSA has always maintained it has no interest in the personal information of ordinary Americans.