NSA "Assumes" Americans Are Foreigners, Seizes Millions of Email Contacts Lists
October 15, 2013 3:16 PM
comment(s) - last by
NSA says it's acting legally in seizing IM contacts lists, email address books, and even some email text
A new piece in
The Washington Post
reveals that the
U.S. National Security Agency
(NSA) seized the email and IM contacts lists of 700,000+ accounts daily in 2012, including Americans who
paid for this surveillance
. Legally the NSA is explicitly verboten from spying against Americans, an activity which is supposedly antithetical to its nationalist mission statement. But by creatively redefining its own rules, the NSA does not consider what it is doing illegal.
I. "The Assumption [on Foreign Networks] is You're Not an American"
The NSA is supposed to
only spy on foreign citizens
Hence the issue begins with the issue of who is an American. If a person is an American, it is explicitly illegal to monitor them within the U.S., as that's forbidden under the laws that govern the NSA. However, if you're an American overseas you enter a
grey area of the law
. Technically it still seems against the spirit of the agency and similar to the explicitly forbidden spying within the U.S.; but overseas spying on American citizens isn't explicitly forbidden either.
The NSA has already made it clear that
"accidentally" breaking the law
thousands of times a year, by
illegally spying on Americans
who it has the data to know are within the U.S.
Now these fresh disclosures show what could be
a mere tip of the iceberg
Replace "80%" with "99%" and this graphic starts to describe the NSA's efforts to illegal spy on Americans. [Image Source: Autonomy]
Ideally, if Congress hasn't granted the power in such grey areas -- but also hasn't explicitly forbidden it -- the agency is left to weigh how critical such an effort is, versus potential ethical and Constitutional issues.
When it comes to overseas surveillance, the NSA is playing a clever game, conveniently saying that it can seizing much more data from Americans by simply claiming that it assumes you're a foreigner.
The Washington Post
says that an official acknowledges that the NSA maintains a variety of overseas digital collection points, and asserts that if your data is intercepted there that "the assumption is you're not a U.S. person.”
II. Technically Flawed Argument Boosts Illegal Objectives
At this point you might think "okay, well that only applies to international travellers, and I mostly stay in the country, so my data is safe."
you would be wrong
. You see, the NSA not only applies it's guesswork logic to instances where a person is physically in a foreign country and utilizing digital infrastructure there (say a cell phone tower), they also apply it even if you're in the U.S. and merely communicating with foreign servers.
The NSA assumes if your data passes through foreign servers, that you're a foreigner and it can feast on it. [Image Source: KnowYourMeme]
The NSA is essentially claiming that Congress
tell it to collect data in this way, as it assumes any data in a foreign country is from foreigners. The central premise here is that for the most part no foreign data exists on a nation's domestic network.
Many companies like Google Inc. (
) mirror your domestic data on their secure global servers in order to provide consistent service. In other words, you may be in a U.S. and you may be using a widely used U.S. service, but because of how that service is
, the NSA in its warped logic assumes you're not a citizen.
Yahoo! proved the most vulnerable to spying, due to its large user base and historic lack of SSL encryption. [Image Source: Inquirer]
If the NSA can make the case that by mining a nation's networks it is monitoring "a valid foreign intelligence target in and of itself", it considers that enough to start interception. Of the 700,000+ email contacts lists grabbed last year, Yahoo! Inc. (
) accounted for the biggest share (444,743), with Facebook, Inc. (
) (82,857), and Google's Gmail (33,697) somewhat farther back.
In addition to email contacts lists, for web clients like Gmail and Yahoo! Mail it can also
collect the first few lines of email
in some case, along with the email header which includes who sent and received the message. And it collects 500,000+ IM contact lists, on average per day.
In total the documents indicate the NSA collects hundreds of millions of email contacts list, inbox scrapes, and IM lists. This makes it highly probably that the NSA uses its "not an American" assumption to seize the personal information of a large percentage of Americans, particularly when you consider that some of the most popular services in regions like China and Europe aren't even mentioned in the report.
In fact, in a perhaps telling sign, the NSA's seizures primarily have targeted not foreigners, but the services that are most popular domestically (e.g. Gmail, Yahoo!).
III. NSA Accidentally Spams Itself
For beleaguered U.S. citizens, there may be silver lining to this part of the NSA's cloud spying scheme; spam email -- normally an annoyance-- may actually be welcome countermeasure against the NSA reading through your emails.
Because the NSA grabs the such a significant chunk of text from Americans' and foreigners' unencrypted emails records the NSA is being smacked with storage shortfalls, as it can keep up with all the spam email that it's accidentally seized. The volume of spam has forced the NSA to reportedly institute "emergency detasking" orders, where it wipes some of its data stockpile to allow more new data to come in.
The NSA has been accidentally seizing your spam. [Image Source: MSNBC]
Yahoo's higher interception rate
is speculated to be possibly due to its late implementation of SSL, an encryption mechanism that makes it harder for the NSA to break into your email. The NSA and criminals who engage in online theft bear certain similarities; for starters they both hate encryption. The NSA has
spent $250M USD
reportedly in U.S. taxpayer money to try to weaken international encryption, which leaves you more vulnerable to identity theft and other forms of hacking, but makes it easier to spy on you.
The Gmail address books are particularly interesting as it's been widely publicized that Google mirrors your data, while it's less clear whether Yahoo! and Facebook are engaging in such activities.
Notably the NSA does not have to notify companies like Yahoo!, Facebook, or Google that it's seizing their data, nor does it have to get a warrant, court order, or other official legal mechanism, aside from its blanket self-authorization. By seizing the data at a lower level (likely at regional data routing hubs) the NSA can feast on a buffet of data without ever having to pay a notice to the companies whose users are being targeted.
The NSA directly scrapes data off cable hubs. [Image Source: AP]
This obviously makes data seizure much easier, as companies are unable to fight against what they don't know. Many companies like Google have successfully fought similar seizure attempts on Americans' data in either secret or public courts.
The NSA cleverly realized that citizens and companies can't fight being spied upon if they don't know about it. Unfortunately for it, they now know about it. [Image Source: NYPost]
As with past leaks, this leak came courtesy of Edward Snowden, the former NSA contractor who now faces criminal charges for revealing to Americans the extent they're being spied upon. Despite these charges, Mr. Snowden has garnered a great deal of support, even
winning an award from former CIA operatives
His latest publication follows information published earlier this month, which revealed that the NSA was building databases to track the real world identities of Americans' friends along with their locations, this specialist system was estimated in internal documents to seize 20 billion metadata records a day, giving the NSA the power to know who your wife, girlfriend, mistress, etc. are.
The Washington Post
NSA via Intellipedia/The Washington Post
This article is over a month old, voting and posting comments is disabled
10/15/2013 8:56:58 PM
Maybe they already do?
10/16/2013 6:54:00 PM
Too in-efficient. But nice diversion instead of answering the hypotheticals.
Tacit approval ?
"If you mod me down, I will become more insightful than you can possibly imagine." -- Slashdot
Report: CIA Dismissed Snowden After Suspecting Him of Internal Hacking
October 14, 2013, 5:39 PM
NSA Chief Built "Starship Enterprise Bridge", Sat in Captain's Chair
September 17, 2013, 8:09 AM
NSA Bypasses Internet Encryption, Spends $250M to Weaken International Encryption
September 6, 2013, 3:05 PM
Snowden Leak: An Intelligence Contractor Costs Ten Times as Much as a Bureaucrat
August 30, 2013, 8:22 AM
NSA Surveillance Programs Reach 75 Percent of U.S. Internet Communications
August 21, 2013, 11:51 AM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
CNN Resorts to Internet Censorship to Promote Clinton Over Senator Sanders
October 15, 2015, 2:47 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Mozilla and Facebook to Adobe: It's Time to Kill Flash
July 20, 2015, 6:30 PM
Most Popular Articles
Top 5 Smart Watches
July 21, 2016, 11:48 PM
Free Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information