In a major new report in the Washington Post based on documents leaked by Edward Snowden, the NSA has been shown to be collecting large amounts of data beyond the individuals and groups originally targeted in investigations. As many as 9 out of 10 users that the NSA had recorded the activities of were not the main subjects of an operation, but had been linked to a case through some kind of online behavior.
That behavior could include anything from lurking in a chat room at the same time as a target to sharing a server with the same IP address as a group under investigation. According to the Post, the private conversations, personal images and other collected data hoovered up in this way have been saved to the NSA’s servers for future reference.
In total, 160,000 emails and instant message conversations handed over by Snowden were used as the basis of the report, which took four months to complete. All of the data was collected by the NSA’s various interception methods, including Prism, between 2009 and 2012. Nearly half of the entries in the database were labelled as being from U.S. citizens, though many of these entries were masked or “minimized” by NSA analysts to protect the privacy of the individuals involved.
The Post found that while this wealth of collateral data had provided useful intelligence leads — and thwarted several terrorist plots — it invaded personal privacy in a way that the NSA has yet to fully admit to or address. The question remains of how wide a net the agency should be able to cast as it investigates online targets and people associated with those targets.
Edward Snowden told the Post that he believed the breadth of the data collected “crossed the line of proportionality” and should be reigned in. “Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders,” he said, “their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?”
The report represents another embarrassment for the National Security Agency, which had previously denied that Edward Snowden had access to this kind of material. The NSA has admitted in the past that it does not generally attempt to remove personal information from the content it collects as it may become relevant in the future or to a different analyst.