[cryptome] Re: NSA tracking cellphone locations worldwide
- From: <militarywritersassociation@xxxxxxxxx>
- To: <cryptome@xxxxxxxxxxxxx>
- Date: Fri, 6 Dec 2013 07:40:02 -0500
Wonder how many of those 5B intercepts actually get looked at? Can’t be very
many, with 5B more tomorrow....
Ed Schroeder
http://www.militarywritersassociation.wordpress.com
From: Jeremy Compton
Sent: Friday, December 6, 2013 3:05 AM
To: cryptome@xxxxxxxxxxxxx
Subject: [cryptome] Re: NSA tracking cellphone locations worldwide
Thanks for this one, l went online and watched the video clip and read the
article. :)
Regards
Jeremy
> Date: Wed, 4 Dec 2013 14:05:27 -0800
> Subject: [cryptome] NSA tracking cellphone locations worldwide
> From: coderman@xxxxxxxxx
> To: cypherpunks@xxxxxxxxxx; cryptome@xxxxxxxxxxxxx
>
> http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_print.html
>
> """
>
> NSA tracking cellphone locations worldwide, Snowden documents show
>
> By Barton Gellman and Ashkan Soltani, Wednesday, December 4, 12:18 PM
>
> The National Security Agency is gathering nearly 5 billion records a
> day on the whereabouts of cellphones around the world, according to
> top-secret documents and interviews with U.S. intelligence officials,
> enabling the agency to track the movements of individuals — and map
> their relationships — in ways that would have been previously
> unimaginable.
>
> The records feed a vast database that stores information about the
> locations of at least hundreds of millions of devices, according to
> the officials and the documents, which were provided by former NSA
> contractorEdward Snowden. New projects created to analyze that data
> have provided the intelligence community with what amounts to a mass
> surveillance tool.
>
> (Video: How the NSA uses cellphone tracking to find and ‘develop’ targets)
>
> The NSA does not target Americans’ location data by design, but the
> agency acquires a substantial amount of information on the whereabouts
> of domestic cellphones “incidentally,” a legal term that connotes a
> foreseeable but not deliberate result.
>
> One senior collection manager, speaking on condition of anonymity but
> with permission from the NSA, said “we are getting vast volumes” of
> location data from around the world by tapping into the cables that
> connect mobile networks globally and that serve U.S. cellphones as
> well as foreign ones. Additionally, data is often collected from the
> tens of millions of Americans who travel abroad with their cellphones
> every year.
>
> In scale, scope and potential impact on privacy, the efforts to
> collect and analyze location data may be unsurpassed among the NSA
> surveillance programsthat have been disclosed since June. Analysts can
> find cellphones anywhere in the world, retrace their movements and
> expose hidden relationships among individuals using them.
>
> (Graphic: How the NSA is tracking people right now)
>
> U.S. officials said the programs that collect and analyze location
> data are lawful and intended strictly to develop intelligence about
> foreign targets.
>
> Robert Litt, general counsel for the Office of the Director of
> National Intelligence, which oversees the NSA, said “there is no
> element of the intelligence community that under any authority is
> intentionally collecting bulk cellphone location information about
> cellphones in the United States.”
>
> The NSA has no reason to suspect that the movements of the
> overwhelming majority of cellphone users would be relevant to national
> security. Rather, it collects locations in bulk because its most
> powerful analytic tools — known collectively as CO-TRAVELER — allow it
> to look for unknown associates of known intelligence targets by
> tracking people whose movements intersect.
>
> Still, location data, especially when aggregated over time, is widely
> regarded among privacy advocates as uniquely sensitive. Sophisticated
> mathematical techniques enable NSA analysts to map cellphone owners’
> relationships by correlating their patterns of movement over time with
> thousands or millions of other phone users who cross their paths.
> Cellphones broadcast their locations even when they are not being used
> to place a call or send a text.
>
> (Video: Reporter Ashkan Soltani explains NSA collection of cellphone data)
>
> CO-TRAVELER and related tools require the methodical collection and
> storage of location data on what amounts to a planetary scale. The
> government is tracking people from afar into confidential business
> meetings or personal visits to medical facilities, hotel rooms,
> private homes and other traditionally protected spaces.
>
> “One of the key components of location data, and why it’s so
> sensitive, is that the laws of physics don’t let you keep it private,”
> said Chris Soghoian, principal technologist at the American Civil
> Liberties Union. People who value their privacy can encrypt their
> e-mails and disguise their online identities, but “the only way to
> hide your location is to disconnect from our modern communication
> system and live in a cave.”
>
> The NSA cannot know in advance which tiny fraction of 1 percent of the
> records it may need, so it collects and keeps as many as it can — 27
> terabytes, by one account, or more than double the text content of the
> Library of Congress’s print collection.
>
> The location programs have brought in such volumes of information,
> according to a May 2012 internal NSA briefing, that they are
> “outpacing our ability to ingest, process and store” data. In the
> ensuing year and a half, the NSA has been transitioning to a
> processing system that provided it with greater capacity.
>
> The possibility that the intelligence community has been collecting
> location data, particularly of Americans, has long concerned privacy
> advocates and some lawmakers. Three Democratic senators — Ron Wyden
> (Ore.), Mark Udall (Colo.) and Barbara Mikulski (Md.) — have
> introduced an amendment to the 2014 defense spending bill that would
> require U.S. intelligence agencies to say whether they have ever
> collected or made plans to collect location data for “a large number
> of United States persons with no known connection to suspicious
> activity.”
>
> NSA Director Keith Alexander disclosed in Senate testimony in October
> that the NSA had run a pilot project in 2010 and 2011 to collect
> “samples” of U.S. cellphone location data. The data collected were
> never available for intelligence analysis purposes, and the project
> was discontinued because it had no “operational value,” he said.
>
> Alexander allowed that a broader collection of such data “may be
> something that is a future requirement for the country, but it is not
> right now.”
>
> The number of Americans whose locations are tracked as part of the
> NSA’s collection of data overseas is impossible to determine from the
> Snowden documents alone, and senior intelligence officials declined to
> offer an estimate.
>
> “It’s awkward for us to try to provide any specific numbers,” one
> intelligence official said in a telephone interview. An NSA
> spokeswoman who took part in the call cut in to say the agency has no
> way to calculate such a figure.
>
> An intelligence lawyer, speaking with his agency’s permission, said
> location data are obtained by methods “tuned to be looking outside the
> United States,” a formulation he repeated three times. When U.S.
> cellphone data are collected, he said, the data are not covered by the
> Fourth Amendment, which protects Americans against unreasonable
> searches and seizures.
>
> According to top-secret briefing slides, the NSA pulls in location
> data around the world from 10 major “sigads,” or signals intelligence
> activity designators.
>
> A sigad known as STORMBREW, for example, relies on two unnamed
> corporate partners described only as ARTIFICE and WOLFPOINT. According
> to an NSA site inventory, the companies administer the NSA’s “physical
> systems,” or interception equipment, and “NSA asks nicely for
> tasking/updates.”
>
> STORMBREW collects data from 27 telephone links known as OPC/DPC
> pairs, which refer to originating and destination points and which
> typically transfer traffic from one provider’s internal network to
> another’s. That data include cell tower identifiers, which can be used
> to locate a phone’s location.
>
> The agency’s access to carriers’ networks appears to be vast.
>
> “Many shared databases, such as those used for roaming, are available
> in their complete form to any carrier who requires access to any part
> of it,” said Matt Blaze, an associate professor of computer and
> information science at the University of Pennsylvania. “This ‘flat’
> trust model means that a surprisingly large number of entities have
> access to data about customers that they never actually do business
> with, and an intelligence agency — hostile or friendly — can get ‘one
> stop shopping’ to an expansive range of subscriber data just by
> compromising a few carriers.”
>
> Some documents in the Snowden archive suggest that acquisition of U.S.
> location data is routine enough to be cited as an example in training
> materials. In an October 2012 white paper on analytic techniques, for
> example, the NSA’s counterterrorism analysis unit cites two U.S.-based
> carriers to illustrate the challenge of correlating the travels of
> phone users on different mobile networks. Asked about that, a U.S.
> intelligence official said the example was poorly chosen and did not
> represent the program’s foreign focus.
>
> The NSA’s capabilities to track location are staggering, based on the
> Snowden documents, and indicate that the agency is able to render most
> efforts at communications security effectively futile.
>
> Like encryption and anonymity tools online, which are used by
> dissidents, journalists and terrorists alike, security-minded behavior
> — using disposable cellphones and switching them on only long enough
> to make brief calls — marks a user for special scrutiny. CO-TRAVELER
> takes note, for example, when a new telephone connects to a cell tower
> soon after another nearby device is used for the last time.
>
> Side-by-side security efforts — when nearby devices power off and on
> together over time — “assist in determining whether co-travelers are
> associated … through behaviorally relevant relationships,” according
> to the 24-page white paper, which was developed by the NSA in
> partnership with the National Geospatial Agency, the Australian
> Signals Directorate and private contractors.
>
> A central feature of each of these tools is that they do not rely on
> knowing a particular target in advance, or even suspecting one. They
> operate on the full universe of data in the NSA’s FASCIA repository,
> which stores trillions of metadata records, of which a large but
> unknown fraction include locations.
>
> The most basic analytic tools map the date, time, and location of
> cellphones to look for patterns or significant moments of overlap.
> Other tools compute speed and trajectory for large numbers of mobile
> devices, overlaying the electronic data on transportation maps to
> compute the likely travel time and determine which devices might have
> intersected.
>
> To solve the problem of undetectable surveillance against CIA officers
> stationed overseas, one contractor designed an analytic model that
> would carefully record the case officer’s path and look for other
> mobile devices in steady proximity.
>
> “Results have not been validated by operational analysts,” the report said.
>
> Julie Tate contributed to this report. Soltani is an independent
> security researcher and consultant.
> """
>
Other related posts:
