AMERICA’S National Security Agency is gathering nearly five billion records a day on the whereabouts of cell phones around the world, according to top-secret documents and interviews with US intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyse that data have provided the intelligence community with what amounts to a mass surveillance tool.
The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally”, a legal term that connotes a foreseeable but not deliberate result.
One senior collection manager said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve US cell phones as well as foreign ones. Additionally, data is often collected from the tens of millions of Americans who travel abroad with their cell phones every year.
In scale, scope and potential impact on privacy, the efforts to collect and analyse location data may be unsurpassed among the NSA surveillance programmes that have been disclosed since June. Analysts can find cell phones anywhere in the world, retrace their movements and expose hidden relationships among individuals using them.
Officials said the programmes that collect and analyse location data are lawful and intended strictly to develop intelligence about foreign targets.
The NSA has no reason to suspect that the movements of the overwhelming majority of cellphone users would be relevant to national security. Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.
Still, location data, especially when aggregated over time, is widely regarded among privacy advocates as uniquely sensitive. Sophisticated mathematical techniques enable NSA analysts to map cell phone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. Cell phones broadcast their locations even when they are not being used to place a call or send a text.
CO-TRAVELER and related tools require the methodical collection and storage of location data on what amounts to a planetary scale. The government is tracking people from afar into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes and other traditionally protected spaces.
“One of the key components of location data, and why it’s so sensitive, is that the laws of physics don’t let you keep it private,” said Chris Soghoian, principal technologist at the American Civil Liberties Union. People who value their privacy can encrypt their emails and disguise their online identities, but “the only way to hide your location is to disconnect from our modern communication system and live in a cave”.
The NSA cannot know in advance which tiny fraction of one per cent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.
The location programmes have brought in such volumes of information, according to a May 2012 internal NSA briefing, that they are “outpacing our ability to ingest, process and store” data. In the ensuing year and a half, the NSA has been transitioning to a processing system that provided it with greater capacity.
The possibility that the intelligence community has been collecting location data, particularly of Americans, has long concerned privacy advocates and some lawmakers. Three Democratic senators — Ron Wyden, Mark Udall and Barbara Mikulski — have introduced an amendment to the defence spending bill that would require US intelligence agencies to say whether they have ever collected or made plans to collect location data for “a large number of United States persons with no known connection to suspicious activity”.
Keith Alexander, the NSA’s director, disclosed in Senate testimony in October that his organisation had run a pilot project in 2010 and 2011 to collect “samples” of US cellphone location data. The data collected were never available for intelligence analysis purposes, and the project was discontinued because it had no “operational value”, he said.
The number of Americans whose locations are tracked as part of the NSA’s collection of data overseas is impossible to determine from the Snowden documents alone, and senior intelligence officials declined to offer an estimate.
“It’s awkward for us to try to provide any specific numbers,” one intelligence official said in a telephone interview. An NSA spokeswoman who took part in the call cut in to say the agency has no way to calculate such a figure.
An intelligence lawyer, speaking with his agency’s permission, said location data are obtained by methods “tuned to be looking outside the United States”, a formulation he repeated three times. When US cell phone data are collected, he said, the data are not covered by the Fourth Amendment, which protects Americans against unreasonable searches and seizures.
VAST ACCESS: The agency’s access to carriers’ networks appears to be vast.
“Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This flat trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.”
Some documents in the Snowden archive suggest that acquisition of US location data is routine enough to be cited as an example in training materials. In an October 2012 white paper on analytic techniques, for example, the NSA’s counterterrorism analysis unit cites two US-based carriers to illustrate the challenge of correlating the travels of phone users on different mobile networks. Asked about that, a US intelligence official said the example was poorly chosen and did not represent the programme’s foreign focus.
The NSA’s capabilities to track location are staggering, based on the Snowden documents, and indicate that the agency is able to render most efforts at communications security effectively futile.
By arrangement with Washington Post-Bloomberg News Service