A massive report from The Washington Post this weekend delves into tens of thousands of communications and documents collected by the NSA's wide-reaching surveillance programs. The first-of-its-kind report reveals that as many as nine out of ten web users caught in the NSA's surveillance efforts are not the persons targeted by the agency.
Private and personal emails, instant messages, photos, and documents from these digital bystanders — many of whom appear to be spuriously connected to the target — remain in the agency's servers long after they've been deemed irrelevant. According to the Post, a large portion are US citizens or residents, with almost half of all communications containing information that the NSA connected to Americans.
First-of-its-kind analysis of emails and IMs intercepted by PRISM
The latest revelations come from a months-long analysis by the Post of a store of communications and files, known as FISA documents, collected by the NSA from 2009 to 2012 under such programs as PRISM and Upstream. The intercepted communications were provided by security contractor Edward Snowden. The very fact that Snowden had access to the files has long been debated, with NSA officials repeatedly stating that he did not have access to these sorts of private communications.
This report is the first to look through a massive store of documents collected by the NSA's surveillance programs. The paper says it looked through roughly 160,000 email and instant message threads, as well as some 7,900 documents.
For the NSA's part, analysts did obscure — or "minimize" — information like email addresses that could be linked to US residents, as required by law. The Post found over 65,000 "minimized" identifiers, though nearly 900 pieces of information likely connected to Americans made it through censorship. More concerning is information on how security analysts deemed whether a person was a foreigner or an American. Often times, emails simply written in a foreign language were reason enough to believe that a person was not an American, opening them up to a degree of warrantless surveillance under US law. In some other examples, anyone on the IM "buddy list" of a foreigner or anyone using an international IP address was deemed not to be an American.
The privacy concerns raised by the report are very real, but the paper was also able to confirm specific instances in which these far-reaching surveillance efforts did directly lead to the capture of a number of suspected terrorists. Specific information on such findings hasn't been shared by the Post in order not to impede current investigations.