by Jonathan Stray, Special to ProPublica.
There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden. But it seems the more we read, the less clear things are. We’ve put together a detailed snapshot of what’s known and what’s been reported where.
What information does the NSA collect and how?
We don’t know all of the different types of information the NSA collects, but several secret collection programs have been revealed:
A record of most calls made in the U.S., including the telephone numbers of the phones making and receiving the call, and how long the call lasted. This information is known as “metadata” and doesn’t include a recording of the actual call (but see below). This program was revealed through a leaked secret court order instructing Verizon to turn over all such information on a daily basis. Other phone companies, including AT&T and Sprint, also reportedly give their records to the NSA on a continual basis. Altogether, this is several billion calls per day.
Email, Facebook posts and instant messages for an unknown number of people, via PRISM, which involves the cooperation of at least nine different technology companies. Google, Facebook, Yahoo and others have denied that the NSA has “direct access” to their servers, saying they only release user information in response to a court order. Facebook has revealed that, in the last six months of 2012, they handed over the private data of between 18,000 and 19,000 users to law enforcement of all types — including local police and federal agencies, such as the FBI, Federal Marshals and the NSA.
Massive amounts of raw Internet traffic Much of the world’s Internet traffic passes through the U.S. even when the sender and receiver are both outside the country. A recently revealed presentation slide notes the U.S.’s central role in internet traffic and suggests domestic taps can be used to monitor foreign targets. A whistleblower claimed that he helped install a network tap in an AT&T facility in San Francisco on NSA orders in 2003. The tap sent the entire contents of high-capacity fiber optic cables into a secret room filled with monitoring equipment. An unknown fraction of the intercepted data are stored in massive databases in case it is useful in the future.
Because there is no automatic way to separate domestic from international communications, this program also captures U.S. citizens’ Internet activity, such as emails, social media posts, instant messages, the sites you visit and online purchases you make.
The contents of an unknown number of phone calls The details are sketchy, but there are several reports that the NSA records the audio contents of some phone calls. This reportedly happens “on a much smaller scale” than the programs above, after analysts select specific people as “targets.” There does not seem to be any public information about the collection of text messages, which would be much more practical to collect in bulk because of their smaller size.
The NSA has been prohibited from recording domestic communications since the passage of the Foreign Intelligence Surveillance Act but at least two of these programs — phone records collection and Internet cable taps — involve huge volumes of Americans’ data.
Does the NSA record everything about everyone, all the time?
No. The NSA routinely obtains and stores as much as it can of certain types of information, such as the metadata from telephone calls made in the U.S. (but not their content) and some fraction of the massive amount of raw data flowing through major Internet cables. It is also possible for the NSA to collect more detailed information on specific people, such as the actual audio of phone calls and the entire content of email accounts. NSA analysts can submit a request to obtain these types of more detailed information about specific people.
Watching a specific person like this is called “targeting” by the Foreign Intelligence Surveillance Act, the law which authorizes this type of individual surveillance. The NSA is allowed to record the conversations of non-Americans without a specific warrant for each person monitored, if at least one end of the conversation is outside of the U.S. It is also allowed to record the communications of Americans if they are outside the U.S. and the NSA first gets a warrant for each case. It’s not known exactly how many people the NSA is currently targeting.
How the NSA actually gets the data depends on the type of information requested. If the analyst wants someone’s private emails or social media posts, the NSA must request that specific data from companies such as Google and Facebook. For information that is already flowing through Internet cables that the NSA is monitoring, or the audio of phone calls, a targeting request instructs automatic systems to watch for the communications of a specific person and save them.
It’s important to note that the NSA probably has information about you even if you aren’t on this target list. If you have previously communicated with someone who has been targeted, then the NSA already has the content of any emails, instant messages, phone calls, etc. you exchanged with the targeted person. Also, your data is likely in bulk records such as phone metadata and internet traffic recordings. This is what makes these programs “mass surveillance,” as opposed to traditional wiretaps, which are authorized by individual, specific court orders.
What does phone call metadata information reveal, if it doesn’t include the content of the calls?
Even without the content of all your conversations and text messages, so-called “metadata” can reveal a tremendous amount about you. If they have your metadata, the NSA would have a record of your entire address book, or at least every person you’ve called in the last several years. They can guess who you are close to by how often you call someone, and when. By correlating the information from multiple people, they can do sophisticated “network analysis” of communities of many different kinds, personal or professional — or criminal.
Phone company call records reveal where you were at the time that a call was made, because they include the identifier of the radio tower that transmitted the call to you. The government has denied that it collects this information, but former NSA employee Thomas Drake said they do. For a sense of just how powerful location data can be, see this visualization following a German politician everywhere he goes for months, based on his cellphone’s location information.