Skip to main content

New NSA report shows the huge number of non-targeted users caught in its net

spying is expensive nsa surveillance program may cost more than 35 billion seal
Image used with permission by copyright holder
In a major new report in the Washington Post based on documents leaked by Edward Snowden, the NSA has been shown to be collecting large amounts of data beyond the individuals and groups originally targeted in investigations. As many as 9 out of 10 users that the NSA had recorded the activities of were not the main subjects of an operation, but had been linked to a case through some kind of online behavior.

That behavior could include anything from lurking in a chat room at the same time as a target to sharing a server with the same IP address as a group under investigation. According to the Post, the private conversations, personal images and other collected data hoovered up in this way have been saved to the NSA’s servers for future reference.

In total, 160,000 emails and instant message conversations handed over by Snowden were used as the basis of the report, which took four months to complete. All of the data was collected by the NSA’s various interception methods, including Prism, between 2009 and 2012. Nearly half of the entries in the database were labelled as being from U.S. citizens, though many of these entries were masked or “minimized” by NSA analysts to protect the privacy of the individuals involved.

The Post found that while this wealth of collateral data had provided useful intelligence leads — and thwarted several terrorist plots — it invaded personal privacy in a way that the NSA has yet to fully admit to or address. The question remains of how wide a net the agency should be able to cast as it investigates online targets and people associated with those targets.

Edward Snowden told the Post that he believed the breadth of the data collected “crossed the line of proportionality” and should be reigned in. “Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders,” he said, “their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?”

The report represents another embarrassment for the National Security Agency, which had previously denied that Edward Snowden had access to this kind of material. The NSA has admitted in the past that it does not generally attempt to remove personal information from the content it collects as it may become relevant in the future or to a different analyst.

David Nield
Dave is a freelance journalist from Manchester in the north-west of England. He's been writing about technology since the…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more