The National Security Agency has been collecting contacts from people's personal email address books and instant messaging accounts in an effort to detect relationships that might be crucial to government security, the Washington Post is reporting.
The agency is collecting the data from overseas points and many of the contacts belong to Americans, the Post reports.
The Post bases its report on word from senior intelligence officials and top secret documents, including a Microsoft PowerPoint presentation, provided by former NSA contractor Edward Snowden..
The majority of the contacts harvested come from Yahoo and Hotmail accounts, but others also come from Facebook, Google and unspecified other providers, the Post reports. The contacts amount to a sizeable portion of the world's email and instant messaging accounts, according to the news organization.
"You need the haystack to find the needle," the Post quotes Gen. Keith B. Alexander, NSA director, as saying in defense of the bulk collection.
No one from public affairs was available to discuss the allegations at National Security Agency headquarters in Fort Meade, Md., Monday evening.
Senior intelligence officials say such collection would be illegal if done from facilities in the United States, according to the news organization. The NSA, however, has avoided that error by intercepting contact lists from points "all over the world," one anonymous official tells the Post.
Large technology companies use data centers around the world to ease the loads on their servers in the United States, the Post reports.
A Google spokesman told USA TODAY the Internet company had not heard of the email/instant messaging program.
"We have neither knowledge of nor participation in this mass collection of webmail addresses or chat lists by the government," the company said in a statement emailed to USA TODAY.
A Microsoft spokesman said the company does not provide the government with such data.
"Microsoft does not provide any government with direct or unfettered access to our customer's data," spokesman Dominic Carr said in an email. "We would have significant concerns if these allegations about government actions are true."
Yahoo's response was similar in an emailed statement. "We are not aware of nor have we participated in the alleged mass collection of user data by the government," the statement read.
A Facebook spokesman said the company did not know of or assist with the alleged collection of contacts.
The American Civil Liberties Union called the program a breach of Americans' rights.
"Today's revelation further confirms that the NSA has relied on the pretense of 'foreign intelligence gathering' to sweep up an extraordinary amount of information about everyday Americans," Alex Abdo, staff attorney with the ACLU National Security Project, said in an email to USA TODAY. "The NSA's indiscriminate collection of information about innocent people can't be justified on security grounds, and it presents a serious threat to civil liberties," he said.
The revelations may be adding to consumer resolve not to take online privacy so blithely. Antivirus companies ESET and AVG both said consumer interest in privacy tools have been on the rise since the Snowden disclosures began.
"People are being shocked into taking action," says Jim Brock, AVG's vice president of privacy products. "People are starting to realize that they do have some measure of control and they're staring to act on that."
Stephen Cobb, a security researcher at ESET, says many consumers now realize the personal disclosures shared on social media and web apps can get tapped by government snoops.
"I'm pretty sure consumers are adjusting their online behaviors as these round of disclosures roll on, particularly in the area of use of social media," Cobb says. "None of these revelations have had a positive impact on how people view the Internet and technology."
The silver lining may be more consumer support for online services that do a better job of respecting consumer privacy, akin to Europe's approach of giving consumers much more control over their online personas.
"People are starting to understand what this means to them, and that's good," says Brock. "It's time to move from shock and awe to taking more responsibility for our own data and doing a better job at being our own data stewards."
Contributing: Alistair Barr in San Francisco
Melanie Eversley & Byron Acohido, USA TODAY