New documents from former National Security Agency contractor and whistleblower Edward Snowden show the NSA is storing location data from “at least hundreds of millions of devices.”
The Washington Post’s Barton Gellman and Ashkan Koltani write, “The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world.” This enables the agency to track “movements of individuals—and map their relationships—in ways that would have been previously unimaginable.”
The agency is collecting data from “tens of millions of Americans who travel abroad with their cellphones every year.” As one “senior collection manager” authorized to speak anonymously told the Post, the NSA is getting “vast volumes” of location data simply by tapping into the cables connecting mobile networks globally.
Office of the Director of National Intelligence (ODNI) general counsel Robert Litt told the Post that, “There is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.”
Previously, in late September, Senator Ron Wyden asked NSA director Gen. Keith Alexander during a Senate hearing if the agency had ever made plans to collect Americans’ cell site location data. But, Alexander, after Wyden repeated his question, said the Foreign Intelligence Surveillance Court needed notice if the NSA wanted to collect cell site location records. He then said he did not want to put anything out that would be classified.
On October 2, during another Senate hearing, Alexander read the following statement and revealed that the agency had tested a pilot project to collect Americans’ “locational information”:
NSA has previously reported to the Senate and House Intelligence Oversight Committees, NSA does not collect locational information under Section 215 of the Patriot Act. In 2010 and 2011, NSA received samples in order to test the ability of its systems to handle the data format, but that data was not used for any other purposes and was never available for intelligence analysis purposes. In a 25 June, 2013, closed hearing with the Senate Select Committee on Intelligence, NSA promised to notify the Congress before any locational data was collected.
Moreover, as noted in the Foreign Intelligence and Surveillance Court’s most recent opinion — I think it’s called footnote number 5 — on the program, the government would also be required to seek the court’s approval of the production of locational data before acquiring it under this program. I would just say that this may be something that is a future requirement for the country, but it is not right now because when we identify a number, we can give that to the FBI when they get their probable cause, and they can get the locational data that they need. And that’s the reason we stopped in 2011.
It would appear the NSA can claim it does not target Americans’ cell location data because the data of Americans is, according to the agency, being “incidentally” collected. It is not “designed” to target Americans’ location data nor is the massive surveillance directed explicitly at Americans. It just happens to intercept a “substantial amount of information on the whereabouts of domestic cellphones” of Americans.
The Post’s report partially defines the newspeak behind “incidentally” as a “legal term that connotes a foreseeable but not deliberate result.”
However, as an anonymous intelligence lawyer described to the Post, the surveillance tools are deliberately “tuned to be looking outside the United States.” (The lawyer repeated this phrase three times when speaking to the Post for the story.) The agency contends that any data collected outside the United States is not protected by the Fourth Amendment so it can collect any data on Americans if it obtains it from cables, servers, data centers or any other communications link abroad that telecommunications companies might be relying upon.
That means the agency is in a position to know that its technology is collecting US citizens’ data yet, because it is not “targeting” Americans, it thinks it can get away with keeping data that it could not collect if it was explicitly directing the tools at Americans through domestic surveillance.
The NSA is exploiting the globalization of telecommunications to circumvent the US Constitution.
Furthermore, the story from Gellman and Soltani says nothing about what the NSA believes grants it legal authority to engage in this massive collection. Is it authorized by the Foreign Intelligence Surveillance Court (FISC)? Is it operating under Section 215 of the PATRIOT Act? Or is it authorized under Executive Order 12333, which the NSA has used to justify sweeping surveillance programs?
One wonders if the NSA is engaging in “overcollection” or unauthorized surveillance on a scale similar to a program in which the NSA was collecting “electronic communications metadata” or data on the Internet communications of users.
Though the NSA has stated the program has been discontinued, if that is the case, it was stopped after FISC found the NSA had collected “information concerning the identity of the parties and the existence of communications to or from persons in the United States.” The unauthorized surveillance was substantial and the NSA did not explain to the court why its compliance with rules to protect against collection of this sort of information had been so poor.
Judge John Bates found, “NSA generally disregarded the special rules for disseminating United States person information outside of NSA until it was ordered to report such disseminations and certify to the FISC that the required approval had been obtained…The government provided no meaningful explanation why these violations occurred, but it seems likely that widespread ignorance of the rules was a contributing factor.”
What if similar violations of privacy are ongoing in this program? It may be near impossible to know because the program of global cell location data collection may be insulated from oversight by the mere fact that the NSA maintains any Americans’ data that is collected is purely “incidental.”
The American Civil Liberties Union staff attorney Catherine Crump reacted to the story saying, “It is staggering that a location-tracking program on this scale could be implemented without any public debate, particularly given the substantial number of Americans having their movements recorded by the government.”
“The paths that we travel every day can reveal an extraordinary amount about our political, professional, and intimate relationships,” Crump added. “The dragnet surveillance of hundreds of millions of cell phones flouts our international obligation to respect the privacy of foreigners and Americans alike. The government should be targeting its surveillance at those suspected of wrongdoing, not assembling massive associational databases that by their very nature record the movements of a huge number of innocent people.”
One of the most alarming aspects of this program is not the “incidental” collection of Americans but the fact that the NSA is mapping associations of foreign citizens with foreign intelligence targets. Anyone who frequently comes in contact with a “suspected terrorist,” “militant” or “radicalizer” and is seemingly unaware that this person is engaged in activity that has made them a target can become an “associate” in the eyes of the NSA.
A “May 2012 internal NSA briefing” indicates the NSA is collecting somewhere around 27 terabytes data at a pace that is so fast the agency does not have the “ability to ingest, process and store” the data. It has to expand its capacity to collect this much data.
Less than 1 percent of the data will ever be needed. Still, it collects it all. But, this hoarding complex is a huge issue because the NSA cannot possibly know what it has on any alleged terror suspects before they attack if that information is drowning in superfluous data.
Finally, the NSA is not the only agency involved in this massive surveillance on citizens around the world. It has “two unnamed corporate partners” with the code names ARTIFICE and WOLFPOINT. These partners administer NSA’s “physical systems,” also known as “interception equipment.” The “NSA asks nicely for tasking/updates” from a signals intelligence activity designator or “sigad” that goes by the name of STORMBREW.
The corporate partners are not named. However, if one were to guess, AT&T would be a prime suspect. AT&T has a history of being given multi-million dollar contracts to serve the national security state.