NSA collects millions of e-mail address books globally

I posted this quote from a Foreign Policy article [1] on another NSA related discussion two weeks ago. In short, this isn&#x27;t the first time Alexander has run a program that used large networking charts, and it also isn&#x27;t the first time the charts his program created charts that turned out to be worthless.<p>&quot;When he ran INSCOM and was horning in on the NSA&#x27;s turf, Alexander was fond of building charts that showed how a suspected terrorist was connected to a much broader network of people via his communications or the contacts in his phone or email account.<p>&quot;He had all these diagrams showing how this guy was connected to that guy and to that guy,&quot; says a former NSA official who heard Alexander give briefings on the floor of the Information Dominance Center. &quot;Some of my colleagues and I were skeptical. Later, we had a chance to review the information. It turns out that all [that] those guys were connected to were pizza shops.&quot;<p>A retired military officer who worked with Alexander also describes a &quot;massive network chart&quot; that was purportedly about al Qaeda and its connections in Afghanistan. Upon closer examination, the retired officer says, &quot;We found there was no data behind the links. No verifiable sources. We later found out that a quarter of the guys named on the chart had already been killed in Afghanistan.&quot;<p>Those network charts have become more massive now that Alexander is running the NSA.&quot;<p>[1] <a href="http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander?page=full" rel="nofollow">http:&#x2F;&#x2F;www.foreignpolicy.com&#x2F;articles&#x2F;2013&#x2F;09&#x2F;08&#x2F;the_cowboy_...</a>

Hey folks, just a quick plug: If this stuff pisses you off, help make the rally that EFF, Mozilla and dozens of other public advocacy groups are planning in DC a success.<p>Sign up to attend, share, donate, whatever floats your boat:<p>[1] <a href="https://rally.stopwatching.us/" rel="nofollow">https:&#x2F;&#x2F;rally.stopwatching.us&#x2F;</a><p>[2] <a href="http://www.indiegogo.com/projects/stop-watching-us-a-rally-against-nsa-surveillance-on-october-26th--2" rel="nofollow">http:&#x2F;&#x2F;www.indiegogo.com&#x2F;projects&#x2F;stop-watching-us-a-rally-a...</a>

I&#x27;m guessing the NSA intercepts all unencrypted SMTP traffic and uses the From: and To: addresses to build up your &#x27;address book&#x27;.<p>So here is what you do:<p>1. Set up two servers in two separate countries which you think the NSA will be intercepting traffic between.<p>2. Send random emails From: your@email.address and To: random@email.addresses between the servers - the receiving servers should not relay the messages, just drop the mail on the floor.<p>This should fill the NSA&#x27;s &#x27;address book&#x27; of your contacts with noise. They will have the valid data, but they will also have a bunch of garbage.<p>Just make sure you don&#x27;t send fake email between yourself and any known terrorists, communists or people who dress funny as the NSA may start paying more attention to you.<p>I&#x27;m sure others can think of other interesting variations on the theme.

The NSA&#x27;s indiscriminate collection of contact information is only possible because irresponsible companies can&#x27;t be bothered to encrypt their users&#x27; data as it passes over the network:<p><i>&quot;It is unclear why the NSA collects more than twice as many address books from Yahoo than the other big services combined. One possibility is that Yahoo, unlike other service providers, has left connections to its users unencrypted by default.&quot;</i>

A couple of observations:<p>1) It seems that the NSA is intent on cataloging every connection of everyone in the world. The best way for &quot;secure&quot; communications then would be to send encrypted messages to a few thousand random addresses, only one of which is the intended recipient with the private key necessary to decrypt it. Everyone else can write it off as spam.<p>2) I thought it funny that NSA took the time to write in the slides that they are annoyed by Android&#x27;s IMAP implementation (&quot;Android implementation in particular uses a lot of bandwidth&quot;).<p>3) Why release redacted versions of stolen documents whose release in any form is a violation of federal law anyway? This is like cleaning up your mess after robbing a bank. Might as well release the whole thing.

In other words, the NSA is no different from private Internet companies like Facebook and LinkedIn who think its perfectly fine to furtively copy their user&#x27;s email address books in order to mine them.<p>Remember Facebook&#x27;s &quot;Shadow Profiles&quot; created using data harvested from user&#x27;s address books? <a href="https://news.ycombinator.com/item?id=5926275" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=5926275</a><p>Remember LinkedIn&#x27;s non-apology when faced with a lawsuit from users who felt it was inappropriately accessing their email accounts? <a href="https://news.ycombinator.com/item?id=6425444" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=6425444</a>

What is so ironic is that time and time again when spies are caught they specifically make sure that they don&#x27;t have address books neither on them or stored somewhere. So this is essentially nothing more than all the innocent people in the world. The only way I can see this technical solution producing results is if all the people in the world were cataloged and then the remaining ones were spied upon using field operatives.

Was this recently revealed by Snowdon? If so, I&#x27;m loving his tactic of slowly leaking it all out and keeping it relevant. If it all came out in one go it&#x27;d have a lot less impact in my opinion. I hope the leaks continue for a long time.

Newsflash: Google, Facebook, Microsoft, most business and also some particularly conversant users also doing the same thing.

I see that NSA articles still have heavier weights attached to them.

I am not quite sure why this is news (or even worth mentioning for that matter) given the fact that the NSA has demonstrated a propensity to collect pretty much any data it can get it&#x27;s hands on. This revelation seems like a given fact. Should we also publish articles chronicling the NSA&#x27;s collection of family secret recipes?