The NSA and its overseas intelligence partners are harvesting people’s Yahoo, Hotmail, Gmail and Facebook email address books and instant messaging buddy lists, according to the latest Edward Snowden revelation, coming this time through the Washington Post.
Yahoo address lists seem to be the biggest target, in all likelihood because the company does not yet encrypt its users’ connections. Yahoo said on Monday that it will start encrypting these connections using SSL technology in January, according to the Post.
It goes without saying that the company should have been doing this already, as should any provider of web communications — we know that the NSA has at least partially compromised SSL in some way, but the technology does clearly provide a stumbling block, as the prominence of Yahoo as a target shows.
As far as the NSA goes, this activity is not authorized by Congress or the U.S. special intelligence court, so collection apparently only takes place outside the U.S. – but it does include the contacts lists of probably millions of Americans as well as foreigners. That said, NSA analysts are allegedly barred from searching through or distributing this contacts information except in the case of valid foreign intelligence targets.
According to the Post piece, the information is harvested as it crosses “major internet switches,” so the exercise doesn’t require the cooperation or even knowledge of communications providers such as Google(s goog), Facebook(s fb), Microsoft(s msft)or Yahoo(s yhoo). The information is intercepted as users log into accounts, compose messages (all those contact suggestions as recipients are typed in) or sync their mobile devices with their providers’ servers.
The PowerPoint presentation that gave up this secret was largely concerned with complaining about the sheer volume of data that the program collects – particularly when people’s accounts get hacked and used to pump out spam.