NSA Programs

Signpost Film Productions > NSA Programs

Here you can find more information about the main NSA programs revealed through Edward Snowden, three of which are explained and discussed in our documentary. See also our extensive FAQ page.

Foreign intelligence collected inside the US:

Foreign intelligence collected outside the US:

 


Section 215

Domestic mass surveillance?


The very first document of the Snowden revelations was the Verizon order, 
published by The Guardian on 6 June 2013. With this document, the FISA Court ordered the telecommunications company Verizon to hand over the metadata from its domestic phone calls to the NSA.

This collection of phone call records (from the 3 biggest American telephone companies: AT&T, Verizon and Sprint) was conducted under the legal authority of Section 215 of the USA PATRIOT Act and had its origin in the secret “warrantless wiretapping” program that president George W. Bush authorized right after the 9/11 attacks.

The release of the Verizon also caused confusion because the general public and many reporters were not yet aware of the difference between content and metadata, the latter being data about a call as opposed to its content. Therefore, early news reports erroneously provided the impression that NSA was actually eavesdropping on the conversations themselves:

CNN television item about the Section 215 program


Later it became clear that the NSA had no access to the content of the phone calls and the FISA Court restricted the types of metadata the NSA was allowed to collect: only the date, time, originating and receiving phone numbers and duration of the call, and, since 2008, the IMEI and IMSI number; but no location data.

Once collected, these domestic metadata were not paired with subscriber details, ensuring anonymity. Only when analysts concluded there was a reasonable, articulable suspicion that a number was associated with a designated terrorist organization,  the identity of the subscriber was sought. No pattern-based searches were conducted, explicitly ruling out profiling.

The metadata from Section 215 collection were only used for so-called contact-chaining, which is a method to map which phone numbers had been in contact with each other. For this, NSA used the telephone records from both its domestic and its foreign collection, which reduces the number of American metadata that were eventually analysed:

Contact chaining using data from NSA’s metadata system MAINWAY (graphic: Electrospaces.net)

 

From information provided by NSA officials and through the annual transparency reports from the Office of the Director of National Intelligence (ODNI) we know that:

  • In 2006, just 450 of the 1,8 billion domestic phone records provided daily by AT&T were used for analysis purposes.
  • In 2012, NSA used 288 phone numbers as a “seed” for starting a contact-chaining query in the phone record database. This resulted in 6000 numbers that were actually looked at and a total of twelve “tips” to the FBI that called for further investigation.
  • In 2013, the number of seeds had raised to 423, but this number fell back to 161 in 2014 and 56 in 2015.
  • NSA was only allowed to use the Section 215 program for counter-terrorism purposes.

Although only a tiny number of the total amount of domestic telephone records collected under the authority of Section 215 were analysed, the program can still be considered as potential mass surveillance.

From the numerous programs revealed through Edward Snowden, only Section 215 was successfully brought to US courts. In 2015, one judge decided the program was most likely unconstitutional, while another court said it was not based upon a legitimate interpretation of the Patriot Act, but did not order to stop the program as Congress was already replacing this law.

Replacement of Section 215

In 2015, Section 215 was replaced by the USA FREEDOM Act, which preserves NSA’s ability to analyze links between callers to find terrorists, but keep the bulk records stored at the phone companies, which would be free to dispose of them after 18 months.

Interestingly, under the former Section 215, the NSA got the metadata about landline phone calls from all the 3 biggest telecoms, but only AT&T provided the records about cell phones too, since September 2011. Nowadays under the USA FREEDOM Act, the NSA can request metadata about both landline and mobile calls from all telecom providers.

Additional sources:
– Sergei Boeke, Reframing ‘Mass Surveillance’
 in: Terrorists’ Use of the Internet, IOS Press Books, pp. 307-318, October 2017.
– Timothy H. Edgar, Beyond Snowden, Privacy, Mass Surveillance, and the Struggle to Reform the NSA, Washington DC, August 2017.
– Electrospaces.net:
How NSA contact chaining combines domestic and foreign phone records, February 2016.
– Center for Strategic & International Studies: Fact Sheet: Section 215 of the USA PATRIOT Act, February 2014.
– Privacy and Civil Liberties Oversight Board (PCLOB): Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act (pdf), January 2014.


PRISM

Direct access to internet companies?

 

The second Top Secret NSA program that the public learned about through the Snowden revelations was PRISM, which was disclosed on 6 June 2013 by The Guardian and The Washington Post. For many people, PRISM became almost synonymous with NSA’s internet spying operations as a whole.

Initially, there was confusion about PRISM too: the press reports claimed the program gave NSA “direct access” to the servers of all the big American internet companies like Microsoft, Facebook, Yahoo and Google, which sounded like almost everyone’s data were at risk:

The Guardian’s first news report about the PRISM program

 

Only gradually it became clear that the PRISM program is not about an indiscriminate collection of data in bulk, but that it’s targeted: the NSA requests the stored communications related to specific internet addresses, like usernames and email addresses.

The initial reporting also didn’t make it very clear that the program is not about Americans, but only for foreign targets who are involved in terrorism, espionage, weapons proliferation or cyber attacks. Given that PRISM is focused on individual targets, it can not be considered mass surveillance.

Nevertheless, a report from The Washington Post from July 2014 revealed that through PRISM, still a lot of data from unrelated, innocent people are pulled in too. For internet communications this “bycatch” is quite large due to the technical workings of the internet.

Because PRISM depends on the cooperation of major US internet companies, the collection method is authorized and regulated by the FISA Court. To make sure no data from American citizens or residents are collected, it’s the DITU unit of the FBI that acts as the intermediary that actually picks up the data at the various internet companies:

Slide from the NSA’s PRISM presentation


According to the annual transparency reports from the Office of the Director of National Intelligence (ODNI), PRISM is used to collect data about roughly 100.000 foreign targets. This is a relatively large number, but not even close to entire populations, as Snowden claimed.

In 2012, results from PRISM were cited as a source in 1477 items of the President’s Daily Brief, making it one of the main contributors to this Top Secret intelligence briefing for the US President. But after PRISM and other collection programs had been made public, about 1000 targets took steps to remove themselves from the NSA’s visibility.

 

Additional sources:
– Sergei Boeke, Reframing ‘Mass Surveillance’  in: Terrorists’ Use of the Internet, IOS Press Books, pp. 307-318, October 2017.
– Timothy H. Edgar, Beyond Snowden, Privacy, Mass Surveillance, and the Struggle to Reform the NSA, Washington DC, p. 5 & 163, August 2017.
– Privacy and Civil Liberties Oversight Board (PCLOB): Surveillance Program Operated Persuant to Section 702 FISA (pdf), July 2014.


BOUNDLESSINFORMANT

Eavesdropping on Europeans?

 

In the second half of 2013, Glenn Greenwald cooperated with major newspapers in several European countries for reports about charts from BOUNDLESSINFORMANT. For many people this may sound like just another of the NSA’s numerous data collection programs, but it’s, actually, a visualization tool used for internal information and management purposes.

The media reported that the charts from BOUNDLESSINFORMANT showed or even proved that the NSA collected tens of millions of phone calls from European countries: 70 million from France, 60 million from Spain, 46 million from Italy and 33 million from Norway. A chart for Germany showed the highest number: 552 million, while for the The Netherlands it was just 1,8 million.

 

Just like with the Section 215 program, the general public and many reporters were not yet fully aware of the difference between content and metadata, so the numbers from the BOUNDLESSINFORMANT charts were often seen as the number of phone calls that had actually been listened in to, while in reality the numbers were about the metadata of calls.

Origin of the data

Another misinterpretation was about the origin of the metadata shown in the charts. In the newspaper reports co-written by Glenn Greenwald it was assumed that the NSA collected them from various European countries, but already in August 2013 the German foreign intelligence service BND said that it wasn’t the NSA who collected those data, but they themselves did. The metadata were from crisis regions abroad and subsequently shared with the NSA, where they were counted and presented in the BOUNDLESSINFORMANT visualization tool. 

Chart from BOUNDLESSINFORMANT showing data collected by German BND


A similar explanation was given by Norwegian intelligence, and eventually, also the Dutch government had to admit it was their own military intelligence that collected the 1,8 million metadata during an anti-piracy mission near Somalia. Because the Dutch Minister of Interior, Ronald Plasterk, initially relied on the interpretation from the press reports, he almost had to resign when the truth came out.

In October 2013, NSA director Keith Alexander had also stated: “This is not information that we collected on European citizens. It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations.” So instead of indiscriminate tapping the phone calls of citizens of allied nations, the BOUNDLESSINFORMANT charts show a close intelligence cooperation serving coalition missions.

 

Additional sources:
– Sergei Boeke, Reframing ‘Mass Surveillance’ in: Terrorists’ Use of the Internet, IOS Press Books, pp. 307-318, October 2017.

– Electrospaces.net: Screenshots from BOUNDLESSINFORMANT can be misleading, November 2013.
– IC off the Record: BOUNDLESSINFORMANT (collection of documents and charts)


MYSTIC

Recording everyone’s phone calls?

 

Besides the domestic Section 215 metadata program, there’s one other NSA data collection system that can be considered clear mass surveillance. It’s the MYSTIC program, which started in 2009 to collect intelligence from foreign telephone networks. 

The existence of MYSTIC was first revealed by The Washington Post on 14 March 2014, based on documents provided by Edward Snowden. The report claimed that the NSA had the capability to record all the phone calls from an entire foreign country. However, at the request of US officials, no indications were provided about in which country the system was being utilized.

Given the huge amount of data that results from actual telephone content collection, the NSA could only store it in a rolling buffer of 30 days. Even then analysts were only able to listen to less than 1% of the voice clips.

Front slide of an NSA presentation about MYSTIC


Country X

More details about MYSTIC were published two months later, by the website The Intercept which published internal NSA documents showing that from three countries (Mexico, the Philippines and Kenya) only the metadata of telephone calls were collected.

The actual content of phone calls was collected under a sub-program of MYSTIC, codenamed SOMALGET which at that moment encompassed two countries. One were the Bahamas, but according to the documents, this appeared to have been a “test bed for system deployments, capabilities, and improvements”. Just like The Washington Post, The Intercept did not identify the other country in which MYSTIC’s full capability was employed:

Graphic about the NSA’s MYSTIC program (source: The Intercept)

 

However, within a few days after The Intercept’s report, a crowdsourcing effort made clear that the unnamed “country X” from which the NSA collected nearly all phone calls must have been Afghanistan. Several days later, Wikileaks’ editor in chief Julian Assange also revealed that it was Afghanistan.

The analysis appeared right, as in September 2015, Director of National Intelligence James Clapper said the disclosure of what reporters believed to be the MYSTIC and/or SOMALGET program, led the Afghan government to immediately close down an important intelligence program, that “was the single most important source of force protection and warning for our people in Afghanistan.

 


(updated: 23 October 2018)