The Washington Post broke news this afternoon that the National Security Agency (NSA) is collecting huge numbers of email address books and chat buddy lists for both foreign individuals and United States citizens.
It appears that the NSA lacks Congressional authority to collect buddy lists and address book information in the way that it currently does. As the Post rightly points out, address book data can include physical addresses, very personal information, and more.
To get around that lack of a mandate, the NSA has agreements with non-U.S. telcos and works with other, non-U.S. intelligence groups. So to get its hands on even more information, the NSA avoids the constraints of its provided oversight and legal boundaries, by going to alternative sources of the data that it wants.
That matters because the rules of other countries for tracking the communication of United States citizens are more lax. Recall that the NSA is in some ways slowed from collecting information on citizens of the United States, but not those of other countries.
So, if the NSA is willing to accept data from foreign intelligence agencies that it is not able to collect in this case, why not in other cases as well?
If the NSA won’t respect the constraints that are put in place on its actions for a reason, and will instead shirk its responsibilities and find a way to get all the data it could ever desire, then we have even less reason to trust its constant petitions that it follows the law, and is the only thing keeping the United States safe from conflagration.
The Post continues: “When information passes through ‘the overseas collection apparatus,’ [an intelligence office] added, ‘the assumption is you’re not a U.S. person.'” This means that when the NSA sweeps up contact data, buddy lists, and address sets from overseas, the same rules that keep it from collecting information on United States citizens aren’t likely in play. Minimization, it would seem, would be minimal.
The phone metadata program knows who you called, when, and for how long. PRISM can force your private information out of major Internet companies. XKeyscore can read your email, and tracks most of what you do online. And the above program circumvents Congressional oversight by collecting more data on U.S. citizens by merely executing that collection abroad.
How private are you feeling?
Facebook provided TechCrunch with the following statement:
“As we have said many times, we believe that while governments have an important responsibility to keep people safe, it is possible to do so while also being transparent. We strongly encourage all governments to provide greater transparency about their efforts aimed at keeping the public safe, and we will continue to be aggressive advocates for greater disclosure.”
Microsoft repeated to TechCrunch what it had told the Washington Post, that it “does not provide any government with direct or unfettered access to our customers’ data” and that if the above revelations are true, then the company would “have significant concerns.”