9 of 10 online accounts intercepted by NSA are not intended surveillance target

New Snowden leak shows how Americans' electronic communications are gobbled up by the NSA.

Although NSA officials were not sure about what all documents Edward Snowden took with him, they've changed their tune a few times after some new leak proves their previous proclamations to be false...like when former NSA Chief Keith Alexander admitted to lying about phone surveillance stopping 54 terror plots. Despite a year of NSA officials claiming that Edward Snowden had access to reports about NSA surveillance, but no access to actual surveillance intercepts, that ends up being lie too.

Snowden gave the Washington Post a sampling of actual intercepted communications; after months of reviewing about 160,000 intercepted emails and instant messages and 7,900 documents taken from over 11,000 online accounts, the Post said nine out of 10 account holders in the large cache of intercepted communications were not even surveillance targets. In fact, the collateral damage is astounding. The Post reported:

Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or "minimized," more than 65,000 such references to protect Americans' privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S. residents.

The intercepted communications were collected from 2009 to 2012, during President Obama's first term; under the President, formerly a "constitutional law professor," the Post noted that the NSA's domestic collection program underwent a "period of exponential growth." Interestingly, a research paper released last week explained how the government can exploit legal and technical loopholes in order to conduct warrantless surveillance on Americans. One way is through Executive Order 12333, which would allow Americans' communications to be sucked up when their network traffic is routed overseas or their data is stored abroad.

So what might put Americans in the NSA's collection crosshairs? People on the chat "buddy list" of a foreign national are considered foreigners as well as people who write emails in a foreign language. Then there's the use of a proxy, which might be an IP address from a different country.

If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply 'lurked,' reading passively what other people wrote.

One analyst reported wrote, "1 target, 38 others on there," but she collected data on them all. Others made notes that the surveillance was not relevant, yet the NSA sometimes designates as "its target the Internet protocol, or IP, address of a computer server used by hundreds of people."

The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers.

Of these 160,000 intercepted messages, only 10% were official targets. The Post added:

Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.

According to the Post:

If Snowden's sample is representative, the population under scrutiny in the PRISM and Upstream programs is far larger than the government has suggested. In a June 26 "transparency report," the Office of the Director of National Intelligence disclosed that 89,138 people were targets of last year's collection under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden's sample, the office's figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance.

These revelations come on the heels of news that NSA "deep packet inspection" rules target people who search for articles about Tails and those who use Tor. The agency also allegedly considers the Linux Journal to be an "extremist forum;" its readers get flagged for extra surveillance. The government's ever-changing "you might be a terrorist if" lists are part of the reason it's so dangerous to have our communications collected and stored. Something that is not "suspicious" or illegal today might well be flagged as such in the future.

Join the CSO newsletter!

Error: Please check your email address.

Tags Microsoft SubnetsecurityNSA spyingnsawashington postgovernment surveillance

More about ----LinuxLinux JournalNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ms. Smith

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts