What Your Email Metadata Told the NSA About You

The so-called StellarWind program described in the latest Edward Snowden leak is way more invasive than the phone-call metadata spying. For a sense of how NSA's email collection worked — and how much IP addresses can tell a spy about a person, even if he's not reading the contents of your email — we take a look at the guts of an everyday email.

This article is from the archive of our partner .

President Obama said "nobody is listening to your telephone calls," even though the National Security Agency could actually track you from cellphone metadata. Well, the latest from the Edward Snowden leaks shows that Obama eventually told the NSA to stop collecting your email communications in 2011, apparently because the so-called StellarWind program "was not yielding much value," even when collected in bulk. But how much could the NSA learn from all that email metadata, really? And was it more invasive than phone data collection? The agency is well beyond its one trillionth metadata record, after all, so they must have gotten pretty good at this.

To offer a basic sense of how StellarWind collection worked — and how much user names and IP addresses can tell a spy about a person, even if he's not reading the contents of your email — we took a look at the raw source code of an everyday email header. It's not the exact kind of information the NSA was pulling, of course, but it shows the type of information attached to every single one of your emails.

Below is what the metadata looks like as it travels around with an email — we've annotated the relevant parts, based on what The Guardian reported today as the legally allowed (and apparently expanded) powers of the NSA to read without your permission. After all, it's right there behind your words:

As you can see, at the bare minimum, your average email metadata offers location (through the IPs), plus names (or at least email addresses), and dates (down to the second). The Guardian's Glenn Greenwald and Spencer Ackerman report that Attorney General Michael Mukasey and Defense Secretary Bob Gates signed a document that OK'd the collection and mining of "the information appearing on the 'to,' 'from' or 'bcc' lines of a standard email or other electronic communication" from, well, you and your friends and maybe some terrorists.

But email metadata is more revealing than that — even more revealing than what the NSA could do with just the time of your last phone call and the nearest cell tower. For operation StellarWind, it must have been all about that IP, or Internet protocol, address. Hell, it'd be easy enough for your grandma to geolocate both parties from a couple of IPs: there are countless free services on Google that turn those numbers you give to the IT guy into your exact location. For example, using the two IP addresses in the email sent to me above, we can easily determine that it was sent from Victoria, Australia:

The IP address is like a homing pigeon, and that's why the revelations of email metadata being authorized under the Bush and Obama administrations amounts to a seriously revealing breach of personal security in the name of terror-hunting. "Seeing your IP logs — and especially feeding them through sophisticated analytic tools — is a way of getting inside your head that's in many ways on par with reading your diary," Julian Sanchez of the Cato Institute told The Guardian. Of course, the administration has another party line, telling the Los Angeles Times that operation StellarWind was discontinued because it wasn't adding up to enough good intelligence of "value." But with one of the many "sophisticated analytic tool" sets developed by the NSA over the last decade or so and leaked during the last month — like, say, EvilOlive, "a near-real-time metadata analyzer" described in yet another Guardian scoop today — America's intelligence operation certainly can zero in on exactly where Americans are. Even if you're just emailing your hip grandma.

This article is from the archive of our partner The Wire.