It turns out the National Security Agency's data
collection program isn't just about call metadata. The program is also
scooping up location data from smartphones, too.
The bulk phone records collection was one of the first revelations that came out of the internal NSA documents stolen by Edward Snowden. The massive program appeared to focus on call metadata, such as the time the call was made, the duration of the call, and the number called. The latest revelations from these documents show that the agency gathered "nearly five billion records a day on the whereabouts of cellphones around the world," the Washington Post reported yesterday.
The records are part of a vast database—27 terabytes in size, according to one figure obtained by the Post—and contain location data for "hundreds of millions of devices," the Post said. Analysts can pick a cellphone from anywhere in the world and go through the database to find all the places associated with that particular device. We've already seen how the NSA's astonishing XKEYSCORE system has overcome some of the issues associated with storing, retrieving, and investigating huge amounts of intercepted data.
Where is the Data Coming From?
The NSA is getting "location data from around the world by tapping into the cables that connect mobile networks globally," a senior collection manager told the Post. These networks serve U.S. cellphones as well as foreign ones, and since the NSA doesn't know beforehand which pieces of data it will need, it hoovers up all of them.
Location data is not as anonymous as we would like to think. With its treasure trove of data, the NSA can recreate a detailed itinerary of where the individual carrying the phone has ever been, or track their current travels, regardless of whether they are going to a friend's house, seeing a doctor, going to a meeting, or entering a house of worship. By retracing the movements, analysts can "expose hidden relationships among the people using them," the Washington Post said.
The NSA could also glean information from instances when location information is not available. "If everyone attending a sensitive meeting turns off their cell phones first, the NSA can look for that, and other suspicious patterns," Tweeted ACLU Principal Technologist and Senior Policy Analyst Christopher Soghoian.
It's not clear if the NSA is receiving the data directly from the carriers or if they are circumventing the carriers in this case. Carriers have access to several shared databases, giving them access to data about individuals who aren't their customers, so an intelligence agency "can get 'one-stop shopping' to an expansive range of subscriber data just by compromising a few carriers," Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania, told the Post.
Privacy Concerns
People concerned about privacy can encrypt their emails and text messages (though the NSA may be able to crack it),take care with the data they share online, and use anonymizers and other tools to obscure their activities. But phones transmit their location just by the virtue of being powered on. Even if you have your phone's GPS turned off, every time you make a call or receive a call, the phone connects to a cell tower and sends your location information.
Even keeping your phone tunred off until you make a call won't keep you hidden. The Post also noted that analysts paid special attention to disposable cellular phones and phones that were turned on for brief periods of time to make a call. For example, it is possible to "see when a new telephone connects to a cell tower soon after another nearby device is used for the last time," according to the Post.
"The paths that we travel every day can reveal an extraordinary amount about our political, professional, and intimate relationships," said Catherine Crump, staff attorney with the ACLU Speech, Privacy & Technology Project. "The dragnet surveillance of hundreds of millions of cell phones flouts our international obligation to respect the privacy of foreigners and Americans alike."
The Law
The latest disclosures come just as Congress is divided on how it will handle the NSA's broad powers. Senior officials have defended the program as being necessary. There are multiple bills circulating Congress about NSA's authority, but they disagree on the fundamental questions of what the NSA can and cannot do.
"It is staggering that a location-tracking program on this scale could be implemented without any public debate, particularly given the substantial number of Americans having their movements recorded by the government," Crump told SecurityWatch. "The government should be targeting its surveillance at those suspected of wrongdoing, not assembling massive associational databases that by their very nature record the movements of a huge number of innocent people."
The bulk phone records collection was one of the first revelations that came out of the internal NSA documents stolen by Edward Snowden. The massive program appeared to focus on call metadata, such as the time the call was made, the duration of the call, and the number called. The latest revelations from these documents show that the agency gathered "nearly five billion records a day on the whereabouts of cellphones around the world," the Washington Post reported yesterday.
The records are part of a vast database—27 terabytes in size, according to one figure obtained by the Post—and contain location data for "hundreds of millions of devices," the Post said. Analysts can pick a cellphone from anywhere in the world and go through the database to find all the places associated with that particular device. We've already seen how the NSA's astonishing XKEYSCORE system has overcome some of the issues associated with storing, retrieving, and investigating huge amounts of intercepted data.
Where is the Data Coming From?
The NSA is getting "location data from around the world by tapping into the cables that connect mobile networks globally," a senior collection manager told the Post. These networks serve U.S. cellphones as well as foreign ones, and since the NSA doesn't know beforehand which pieces of data it will need, it hoovers up all of them.
Location data is not as anonymous as we would like to think. With its treasure trove of data, the NSA can recreate a detailed itinerary of where the individual carrying the phone has ever been, or track their current travels, regardless of whether they are going to a friend's house, seeing a doctor, going to a meeting, or entering a house of worship. By retracing the movements, analysts can "expose hidden relationships among the people using them," the Washington Post said.
The NSA could also glean information from instances when location information is not available. "If everyone attending a sensitive meeting turns off their cell phones first, the NSA can look for that, and other suspicious patterns," Tweeted ACLU Principal Technologist and Senior Policy Analyst Christopher Soghoian.
It's not clear if the NSA is receiving the data directly from the carriers or if they are circumventing the carriers in this case. Carriers have access to several shared databases, giving them access to data about individuals who aren't their customers, so an intelligence agency "can get 'one-stop shopping' to an expansive range of subscriber data just by compromising a few carriers," Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania, told the Post.
Privacy Concerns
People concerned about privacy can encrypt their emails and text messages (though the NSA may be able to crack it),take care with the data they share online, and use anonymizers and other tools to obscure their activities. But phones transmit their location just by the virtue of being powered on. Even if you have your phone's GPS turned off, every time you make a call or receive a call, the phone connects to a cell tower and sends your location information.
Even keeping your phone tunred off until you make a call won't keep you hidden. The Post also noted that analysts paid special attention to disposable cellular phones and phones that were turned on for brief periods of time to make a call. For example, it is possible to "see when a new telephone connects to a cell tower soon after another nearby device is used for the last time," according to the Post.
"The paths that we travel every day can reveal an extraordinary amount about our political, professional, and intimate relationships," said Catherine Crump, staff attorney with the ACLU Speech, Privacy & Technology Project. "The dragnet surveillance of hundreds of millions of cell phones flouts our international obligation to respect the privacy of foreigners and Americans alike."
The Law
The latest disclosures come just as Congress is divided on how it will handle the NSA's broad powers. Senior officials have defended the program as being necessary. There are multiple bills circulating Congress about NSA's authority, but they disagree on the fundamental questions of what the NSA can and cannot do.
"It is staggering that a location-tracking program on this scale could be implemented without any public debate, particularly given the substantial number of Americans having their movements recorded by the government," Crump told SecurityWatch. "The government should be targeting its surveillance at those suspected of wrongdoing, not assembling massive associational databases that by their very nature record the movements of a huge number of innocent people."