NSA Programs

Signpost Film Productions > NSA Programs

Here you can find more information about the main NSA programs that were revealed through Edward Snowden and thee of which are discussed in our documentary. See also our extensive FAQ page.

Foreign intelligence collected inside the US:

Foreign intelligence collected outside the US:

 


Section 215

Domestic mass surveillance?


The very first document of the Snowden revelations was the Verizon order, which was
published by The Guardian on 6 June 2013. With this document, the FISA Court ordered the telecommunications company Verizon to hand over the metadata from its domestic phone calls to the NSA.

It became clear that this collection of phone call records (from the 3 biggest American telephone companies: AT&T, Verizon and Sprint) was conducted under the legal authority of Section 215 of the USA PATRIOT Act

But there was initial confusion because the general public and many reporters were not aware of the difference between content and metadata, the latter being data about a call. Therefore early news reports erroneously provided the impression that NSA was actually eavesdropping on the conversations themselves:

CNN television item about the Section 215 program


Later it became clear that the NSA had no access to the content of the phone calls and the FISA Court restricted the types of metadata the NSA was allowed to collect: only the date, time, originating and receiving phone numbers and duration of the call, and, since 2008, the IMEI and IMSI number; but no location data.

These domestic metadata were not paired with subscriber details, ensuring anonymity. Only when analysts concluded there was a reasonable, articulable suspicion that a number was associated with a designated terrorist organization,  the identity of the subscriber was sought. No pattern-based searches were conducted, explicitly ruling out profiling.

The metadata from Section 215 collection were only used for so-called contact-chaining, which is a method to map which phone numbers had been in contact with eachother. For this, NSA used the telephone records from both its domestic and its foreign collection, which reduces the number of American metadata that were eventually analysed:

Contact chaining using data from NSA’s metadata system MAINWAY (graphic: Electrospaces.net)

 

From information provided by NSA officials and through the annual transparancy reports from the Office of the Director of National Intelligence (ODNI) we know that:

  • In 2006, just 450 of the 1,8 billion domestic phone records provided daily by AT&T were used for analysis purposes.
  • In 2012, NSA used 288 phone numbers as a “seed” for starting a contact-chaining query in the domestic phone record database. This resulted in 6000 numbers that were actually looked at and a total of twelve “tips” to the FBI that called for further investigation.
  • In 2013, the number of seeds had raised to 423, but this number fell back to 161 in 2014 and 56 in 2015.

Although only a tiny number of the total amount of domestic telephone records collected under the authority of Section 215 were analysed, the program can still be considered as potential mass surveillance. 

From the numerous programs revealed through Edward Snowden, only Section 215 was succesfully brought to US courts. In 2015, one judge decided the program was most likely unconstitutional, while another court said it was not based upon a legitimate interpretation of the Patriot Act, but did not order to stop the program as Congress was already replacing this law.

In 2015, Section 215 was replaced by the USA FREEDOM Act, which preserve’s NSA’s ability to analyze links between callers to find terrorists, but keep the bulk records stored at the phone companies, which would be free to dispose of them after 18 months.

Interestingly, under the former Section 215, the NSA got the metadata about landline phone calls from all the 3 biggest telecoms, but only AT&T provided the records about cell phones too, since September 2011. Nowadays under the USA FREEDOM Act, the NSA can request metadata about both landline and mobile calls from all telecom providers.

 

Additional sources:
– Sergei Boeke, Reframing ‘Mass Surveillance’
 in: Terrorists’ Use of the Internet, IOS Press Books, pp. 307-318, October 2017.
– Timothy H. Edgar, Beyond Snowden, Privacy, Mass Surveillance, and the Struggle to Reform the NSA, Washington DC, August 2017.
– Electrospaces.net:
How NSA contact chaining combines domestic and foreign phone records, February 2016.
– Center for Strategic & International Studies: Fact Sheet: Section 215 of the USA PATRIOT Act, February 2014.
– Privacy and Civil Liberties Oversight Board (PCLOB): Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act (pdf), January 2014.


PRISM

Direct access to internet companies?

 

The second Top Secret NSA program that the public learned about was PRISM, which was disclosed on 6 June 2013 by The Guardian and The Washington Post. For many people, PRISM became almost synonymous with NSA’s internet spying operations as a whole.

Initially, there was some confusion about PRISM: the press reports claimed the program gave NSA “direct access” to the servers of all the big American internet companies like Microsoft, Facebook, Yahoo and Google, which sounded like almost everyone’s data were at risk:

The Guardian’s first news report about the PRISM program

 

Only gradually it became clear that the PRISM program is not about an indiscriminate collection of data in bulk, but that it’s very targeted: the NSA requests the stored communications related to specific internet addresses, like user names and email addresses.

The initial reporting also didn’t make it very clear that the program is not about Americans, but only for foreign targets who are involved in terrorism, espionage, weapons proliferation or cyber attacks. Given the focused way that PRISM is used, it can not be considered mass surveillance.

Although PRISM is only used for specific foreign targets, a report from The Washington Post from July 2014 revealed that nonetheless a lot of data from unrelated, innocent people is also pulled in. For internet communications this “bycatch” is quite large and due to technical reasons probably difficult to overcome.

Because PRISM depends on the cooperation of major US internet companies, the collection method is authorized and regulated by the FISA Court. To make sure no data from American citizens or residents are collected, it’s the DITU unit of the FBI that acts as the intermediary that actually picks up the data at the various internet companies:

Slide from the NSA’s PRISM presentation


According to the annual transparancy reports from the Office of the Director of National Intelligence (ODNI), PRISM is used to collect data about roughly 100.000 foreign targets. This is a relatively large number, but not even close to entire populations.

In 2012, results from PRISM were cited as a source in 1477 items of the President’s Daily Brief, making it one of the main contributors to this Top Secret intelligence briefing for the US President. But after PRISM and other programs had been made public, about 1000 targets took steps to remove themselves from the NSA’s visibility.

 

Additional sources:
– Sergei Boeke, Reframing ‘Mass Surveillance’  in: Terrorists’ Use of the Internet, IOS Press Books, pp. 307-318, October 2017.
– Timothy H. Edgar, Beyond Snowden, Privacy, Mass Surveillance, and the Struggle to Reform the NSA, Washington DC, p. 5 & 163, August 2017.
– Privacy and Civil Liberties Oversight Board (PCLOB): Surveillance Program Operated Persuant to Section 702 FISA (pdf), July 2014.


BOUNDLESSINFORMANT

Eavesdropping on Europeans?

 

In the second half of 2013, Glenn Greenwald cooperated with major newspapers in several European countries for reports about charts from BOUNDLESSINFORMANT. For many people this may sound like just another of the NSA’s numerous data collection programs, but actually it’s a visualization tool used for internal information and management purposes.

The media reported that the charts from BOUNDLESSINFORMANT showed or even proved that the NSA collected tens of millions of phone calls from European countries: 70 million from France, 60 million from Spain, 46 million from Italy and 33 million from Norway. A chart for Germany showed the highest number: 552 million, while for the the Netherlands it was not higher than 1,8 million.

 

Just like with the Section 215 program, the general public and many reporters were not yet fully aware of the difference between content and metadata, so the numbers from the BOUNDLESSINFORMANT charts were often seen as the number of phone calls that had actually been listened in to, while in reality the numbers were about the metadata of calls.

Another misinterpretation was about the origen of the metadata shown in the charts. In the newspaper reports co-written by Glenn Greenwald it was assumed that the NSA collected them from various European countries, but already in August 2013 the German foreign intelligence service BND said that it wasn’t the NSA who collected those data, but they themselves did. The metadata were from crisis regions abroad and subsequently shared with the NSA, where they were counted and presented in the BOUNDLESSINFORMANT visualization tool. 

A similar explanation was given by Norwegian intelligence, and eventually, also the Dutch government had to admit it was their own military intelligence that collected the 1,8 million metadata during an anti-piracy mission near Somalia. Because the Dutch interior minister Ronald Plasterk initially also relied on the interpretation from the press reports, he almost had to resign when the truth came out.

In October 2013, NSA director Keith Alexander had also stated: “This is not information that we collected on European citizens. It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations.”

 

Additional sources:
– Sergei Boeke, Reframing ‘Mass Surveillance’ in: Terrorists’ Use of the Internet, IOS Press Books, pp. 307-318, October 2017.

– Electrospaces.net: Screenshots from BOUNDLESSINFORMANT can be misleading, November 2013.
– IC off the Record: BOUNDLESSINFORMANT (collection of documents and charts)


MYSTIC

Recording everyone’s phone calls?

 

MYSTIC is an NSA program used to collect intelligence from foreign telephone networks. The program started in 2009 and consists of several sub-programs.

The existence of MYSTIC was first revealed by The Washington Post on the 14th of  March 2014, based on documents provided by Edward Snowden. Media reports claimed  the NSA had the capability to record all the phone calls from an entire foreign country. However, at the request of US officials, no indications were provided about the country where the MYSTIC system was being utilized.

More details about MYSTIC were published two months later, by the website The Intercept. It appeared that from three countries (Mexico, Philippines, Kenya) only the telephony metadata were collected.

The Bahamas was named as the country from which the actual content of phone calls were recorded, but this appeared to have been a “test bed for system deployments, capabilities, and improvements”. Just like The Washington Post, The Intercept didn’t identify the country in which MYSTIC’s full capability was employed:

Graphic about the NSA’s MYSTIC program (source: The Intercept)

 

However, four days later it was found out that Afghanistan was the country of which the NSA collected nearly all phone calls.

On September 9, 2015, Director of National Intelligence James Clapper said the disclosure of what reporters believed to be the MYSTIC and/or SOMALGET program, led the Afghan government to immediately close down an important intelligence program, that “was the single most important source of force protection and warning for our people in Afghanistan

Just like Section 215, MYSTIC can also be considered mass surveillance, as under this program the NSA was able to collect the content of all phone calls from an entire country. They were stored in a rolling buffer of 30 days, but NSA analysts were only able to listen to less than 1% of the voice clips.