Millions of users from around the world have had their contact lists from their personal email and instant messaging accounts harvested by the National Security Agency, according to a report from The Washington Post’s Barton Gellman and Ashkan Soltani.
The collection “sweeps in the contacts of many Americans,” as two unnamed “senior US intelligence officials” confirmed. That number could be “in the millions or tens of millions.”
The previously undisclosed program is detailed in documents obtained from former NSA contractor Edward Snowden. Congress or the Foreign Intelligence Surveillance Court has not authorized the collection of “contact lists in bulk.” It would be illegal to do this kind of collection at facilities in the United States, however, the agency is able to avoid these legal restrictions by “intercepting contact lists from access points ‘all over the world.'” Since none of these points are on US territory, there are no limits to what can be collected and stored.
The agency does not have to restrict its intake to “contact lists belonging to specified foreign intelligence targets.” Anything passing through is assumed to not be from US persons.
In practice, data from Americans is collected in large volumes — in part because they live and work overseas, but also because data crosses international boundaries even when its American owners stay at home. Large technology companies, including Google and Facebook, maintain data centers around the world to balance loads on their servers and work around outages.
The only check against abuse by officials in the NSA appears to be that they will not search the database containing all of this data unless a case can be made that there is information on a “valid foreign intelligence target.” However, there is no outside review of the NSA’s decision to conduct a search of this data. It can abuse its authority, stretch what is permissible under “minimization rules,” and not face any legal challenge or other consequences.
An internal PowerPoint presentation slide indicates that on a single day in 2012 the Special Source Operations branch collected the following number of email address books: 444,743 from Yahoo!, 105,068 from Hotmail, 33,697 from Gmail, 82,857 from Facebook and 22,881 from other providers. [cont’d.]