The Washington Post reports that the NSA harvests the email addresses and contact lists of millions of people globally, many of them Americans. They don't have permission from the email providers to do this, the agency just snatches the data as its transmitted across the world.
As a bonus, that means the NSA apparently isn't under government oversight for this operation. Even though it involves the data of Americans, the data is technically overseas when the NSA peeks at it.
The Post story comes with the hideously designed internal NSA slides we've come to love.
What's the takeaway here? Really it's a further expansion of what we knew, which is that the agency will grab bits of our data whenever technology or law don't stop them. One way to picture it is that the NSA has built its own Facebook, which you're signed up for whether you like it or not. This particular chunk of data helps show the NSA your friends list, the friends lists of your friends, etc. And they can steal a little more than that, too. They get the preview of your inbox you see when you sign in.
An interesting sidenote is that this is a ton of data, and in the powerpoint, you see the NSA struggling to decide what to hold on to and what to delete. At one point, an Iranian person the NSA is spying on gets a malware infection and starts spamming everyone he or she has ever emailed. The agency has a mini-crises as they realize they have to record all this data, even though it's junk.
So maybe that's the real takeaway. If you've got something very private that you don't want the government to know about, hide it in an email titled "FRINDS I LOST 30 POUNDS ON IPAAD DIET ASK ME HOW?"