16 October 2013, 12:19

NSA snatching your contacts off the wire

компьютер монитор реальность очки буквы язык силуэт тень

Jim Killock, Executive Director of Open Rights Group - the UK’s leading voice defending privacy, innovation and consumer rights on the Internet, explains in an exclusive interview to the Voice of Russia what information exactly the NSA is collecting and how it gains access to contact lists from people’s personal emails.

What information is the NSA collecting precisely?

It seems that they are collecting the specific lists of people you’ve identified as contacts, which is essentially things like your contacts book or contact books on various online services, and they appear to be doing that through interception rather than going to the companies involved. So this is an interesting development. But one thing I would say, I don’t think you were right to state that this is more intrusive than phone records for instance, because they are effectively the real time contact list, if they are not who you’ve identified as contacts, they are also the people who you are contacting. What is interesting is that if you combine those informations, then that helps you understand more about people’s contact patterns. But they are all fairly similar kinds of information, they will help you identify whose somebody’s political relations are. I think we have to remember that even though they are saying this is about terrorism and serious crime, what we’ve gained from instances like the Petrobras instance and others and just looking at the powers they have on paper, it is much more than that. They are allowed broadly to do political surveillance on who they like as long as they’ve got a foreign policy interest and frankly that means me, and I am not a terrorist, I am not a criminal. It means anybody who objects anything the state does at any time.

How does the NSA gain access to contact lists from people’s personal emails?

I am assuming at this point that this is done through unencrypted content. So, I would hope it was increasingly difficult for instance to get this information from Gmail whereas particularly Yahoo has not been encrypting their contacts until relatively recently, and Facebook relatively recently started encrypting. So, I am assuming that at least some of this is happening because people are not encrypting the content when they are talking, and that is allowing various agencies to troll it off the wire, but I haven’t seen details of precisely how they are doing it, so I couldn’t really say precisely.

How does the NSA manage to overcome encryption?

This is something that we have to find out more about. What we know is that they’ve been trying to attack encryption but they’ve been doing it by undermining the performance of the software that governs the method of encryption if you like. So, it might be that they deliberately introduced witnesses into some of those methods and then they are able to dycrpipt the content.

    and share via