US National Security Agency

Ordinary internet users caught up in NSA surveillance web, probe reveals

Investigation shows information gathered by spy agency about random internet users far outweighs that obtained from intended targets

PUBLISHED : Monday, 07 July, 2014, 4:31am
UPDATED : Monday, 07 July, 2014, 6:07pm

Ordinary internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from US digital networks, according to a four-month investigation by The Washington Post.

Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.

Many of them were Americans. Nearly half of the surveillance files contained names, e-mail addresses or other details that the NSA marked as belonging to US citizens or residents.

NSA analysts masked more than 65,000 such references to protect Americans' privacy, but nearly 900 additional e-mail addresses - unmasked in the files - could be strongly linked to US citizens or US residents.

The surveillance files underline a policy dilemma. There are discoveries of considerable intelligence value in the messages - and collateral harm to privacy on a scale that the Obama administration has not been willing to address.

Among the most valuable contents are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into US computer networks.

Months of tracking communications across more than 50 alias accounts, the files show, led directly to the 2011 capture in Abbottabad of a Pakistan-based bomb builder, and Umar Patek, a suspect in the 2002 Bali bombings, in which 202 died, including 11 Hong Kong residents.

Many other files, described as useless by the analysts but still retained, have an intimate quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued nevertheless.

To allow time for analysis and outside reporting, neither Snowden nor The Washington Post has disclosed until now that he obtained and shared the content of intercepted communications. The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act.

FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden's reach.

The Washington Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations and 7,900 documents taken from more than 11,000 online accounts. The material spans US President Barack Obama's first term, from 2009 to 2012.

The files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required a warrant from a judge. One program, code named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other internet companies.

Among the data stored from people who have crossed a target's path are medical records sent from one family member to another, résumés from job hunters and academic transcripts of schoolchildren.

"None of the hits that were received were relevant," two Navy cryptologic technicians write in one of many summaries of nonproductive surveillance. "No additional information," writes a civilian analyst.

There are many ways to be swept up incidentally in surveillance aimed at a valid foreign target. Some of those in the Snowden archive were monitored because they interacted directly with a target, but others had more tenuous links.

If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply "lurked", reading passively what others wrote.

In other cases, the NSA designated as its target the internet protocol, or IP, address of a computer server used by hundreds of people.


German spy warns firms 'easy prey' to Chinese spies, as Merkel visits China

A German intelligence chief warned, as Chancellor Angela Merkel embarked on her latest visit to China, that some firms in Europe's biggest economy face a growing threat from industrial espionage by Chinese government agencies with huge resources.

"Many German Mittelstand companies are easy prey," Hans-Georg Maassen, head of the BfV domestic intelligence agency, told a Sunday newspaper, referring to the small and medium-sized family firms that are the backbone of the economy. "They often don't really know what their crown jewels are or what the other side is interested in."

"They are up against very powerful adversaries. The Chinese technical intelligence agency alone has more than 100,000 employees," Maassen said, in an excerpt of an interview published by Welt am Sonntag as Merkel began her seventh trip to China.

Beijing rejects US charges it uses cyberespionage to acquire technology to modernise its military.

Former US intelligence contractor Edward Snowden has leaked documents that purportedly show that the US National Security Agency has spied on Chinese companies such as Huawei Technologies.

Trade between Germany and China has been worth about €140 billion (HK$1.47 trillion) per year for the past three years, but in the first quarter of this year, German exports to China surged by 9.8 per cent, according to one German trade organisation, the GTAI.