海角大神

Each day the National Security Agency scoops up half a million 鈥渂uddy list鈥� and in-box e-mail address lists from instant chat and Web-based e-mail services worldwide, according to internal agency documents released Monday by The Washington Post.

Using computerized electronic filters, the NSA snags the buddy lists and address books as they flow through telecommunications servers and other systems overseas, where US laws do not restrict wholesale data gathering, the Post reported, citing conversations with unnamed senior US intelligence officials.

Collection happens most often when computers and smart phones allow their users to 鈥渟ync鈥� their contact lists to services such as Yahoo, Facebook, and Google. At the same time, Web-based e-mail services often produce detailed lists of recipients on the fly, as e-mails are sent and received.

On one typical day, the NSA collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers, one of two documents shows. Both documents were leaked to the Post by former NSA contractor Edward Snowden.

At this rate, the take is about 250 million such lists each year.

Such lists are 鈥渕etadata rich,鈥� one of the documents notes. Besides e-mail addresses, they often include phone numbers, names, and sometimes the subject line and even first lines of an e-mail. Suspected terrorists and their contacts can be compared to such lists to find new leads.

鈥淵ou need the haystack to find the needle,鈥� said Gen. Keith Alexander, NSA director, defending the agency鈥檚 collection programs at the Aspen Security Forum in July.

But the just-revealed approach also inevitably captures tens of millions of names and other information belonging to Americans, the officials told the Post. It would be illegal if collected in the United States, they said, but the information was collected overseas under authority of presidential Executive Order 12333, which outlines requirements of US intelligence agencies operating overseas.

Although controversial, bulk collection of Americans鈥� telephone metadata has so far been deemed legal under the Patriot Act by the Foreign Intelligence Surveillance Court. Also, online records collected from US Internet companies under an NSA program known as PRISM have been justified under the FISA Amendments Act of 2008.

The NSA 鈥渋s focused on discovering and developing intelligence about valid foreign intelligence targets like terrorists, human traffickers, and drug smugglers,鈥� a spokesman for the Office of the Director of National Intelligence told the Post. 鈥淲e are not interested in personal information about ordinary Americans.鈥�

The NSA follows rules laid out by the US attorney general that require the agency to 鈥渕inimize the acquisition, use, and dissemination鈥� of information about a US citizen or permanent resident of the US, the spokesman said.

But that鈥檚 not particularly reassuring to civil libertarians, who say the emerging picture is increasingly one in which a sprawling intelligence agency use many sophisticated programs to collect vast amounts of information on Americans 鈥� one way or another.

鈥淓-mail address books, especially when combined with other information the NSA already collects, tell the government the story of your private life,鈥� writes Faiza Patel, co-director of the Liberty and National Security Program at the Brennan Center for Justice, in an e-mail interview.

鈥淏y plumbing this information, the NSA can figure out your political and religious beliefs, your intimate relationships, your medical issues, even your financial concerns,鈥� she writes. 鈥淭he fact that the information is collected abroad doesn't make a difference for privacy concerns. The government itself concedes that the number of law-abiding Americans whose details are swept up in this program numbers in the millions or even tens of millions.鈥�

Others say it is becoming obvious that NSA operations have outpaced day-to-day oversight of the agency by congressional committees.

鈥淲hat we鈥檙e seeing is that the government collection programs are many-headed,鈥� says Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, a San Francisco Internet free-speech and privacy group. 鈥淲e鈥檙e also seeing emerging efforts to reform this machine. But how do you do that when you don鈥檛 know what all the parts of the machine are collecting?鈥�

With Internet data streams merged into fiber-optic cables and flowing through nodes and data centers run by global companies like Google in many countries, 鈥渢he scope of the collection鈥� under the FISA law needs to be analyzed in relation to traditional espionage collection efforts to ensure that Americans鈥� privacy is protected, Mr. Tien says.

Until then, he says, encryption appears to be the best way to try to maintain privacy. Spokesmen for Facebook, Google, Microsoft, and Yahoo all told the Post they were not aware of the buddy list and e-mail in-box list collection. Yahoo said it would begin encrypting its communications traffic in January.

鈥淲e have neither knowledge of nor participation in this mass collection of Web-mail addresses or chat lists by the government,鈥� Google spokeswoman Niki Fenwick told the Post. A Microsoft spokeswoman said her company 鈥渄oes not provide any government with direct or unfettered access to our customers鈥� data.鈥�

鈥淲e would have significant concerns if these allegations about government actions are true,鈥� she added.