The NSA may be all over your buddy list — whether or not you actually have any friends there.
According to a new report from The Washington Post, the NSA collects "contact lists" from millions of personal email and instant messaging accounts, including those belonging to Americans.
See also: Get Lost in These 19 Fascinating Maps
This is the latest in a series of revelations produced by documents leaked by former defense contractor Edward Snowden.
The leaked top-secret documents show that on an average day, the NSA collects about 500,000 contact lists from companies such as Yahoo, Hotmail, Gmail and Facebook.
On Jan. 10, 2012, per the document, the NSA gathered nearly 700,000 digital address books. More than 20,000 of the contact lists the NSA collected on this particular day were marked "Other" in the provider column. The NSA targeted Yahoo more than all other companies combined; more than half of the contact lists collected on Jan. 12 were from Yahoo.
This data collection takes place outside of the U.S. along main data transfer routes controlled by foreign telecommunications companies. Since companies based in America such as Facebook and Google use data centers around the world, the NSA commonly collects Americans' contact lists under this program.
Two senior U.S. intelligence officials did not deny that program sweeps up millions of Americans data. In The Washington Post's report, one of the officials said Americans should not be concerned over privacy because the agency has "checks and balances built into [its] tools,” and NSA analysts can only use data from foreign intelligence targets.
AOL and AIM are not specifically mentioned in the documents that reference to "buddy lists"; it presumably is referring to instant messaging lists in general. These lists are valuable to the NSA because it can access the content of "offline messages," those waiting to be sent until the recipient comes online.
Google, Facebook and Microsoft all denied knowing about this data collection to The Washington Post. Since the data collection is conducted at foreign Internet switches, the NSA can conduct the program without the email providers' knowledge.
Yahoo was likely targeted more than the other companies because, unlike most current webmail providers, it doesn't make use of HTTPS encryption by default. The company plans to begin encrypting all email connections in January, a Yahoo spokeswoman told The Washington Post.
The scope of the NSA's surveillance methods began to surface in June when The Guardian and The Washington Post first began reporting on leaked documents from Snowden. The Office of the Director of National Intelligence, which oversees the NSA, announced last week that it applied and was approved to continue with bulk collection of telephony metadata.
Have something to add to this story? Share it in the comments.
Image: Flickr, Mark Norman Francis