NSA sweeps up hundreds of millions of text messages daily

Filed Under: Featured, Law & order, Privacy

Texting. Image courtesy of Shutterstock.The National Security Agency (NSA) collects hundreds of millions of text messages from around the world every day, according to the latest revelations from Edward Snowden.

Channel 4 and the Guardian newspaper report that NSA spies collect and store around 200 million messages per day for the purposes of extracting metadata including location data, credit card information and contacts.

The Guardian reports that the documents also reveal that British spies were given access to the collected metadata, but not the actual content, of text messages sent to and from British citizens.

According to GCHQ documents the program, codenamed Dishfire, collects “pretty much everything it can” as opposed to merely collecting communications data from current surveillance targets.

The secret program has been in operation from at least May 2008 and, by April 2011, was intercepting 194 million text messages per day. While that number may sound huge, it is only a drop in the ocean when you consider that Paul Lee, head of telecoms research at Deloitte, predicts that 50 billion such messages will be sent every day across the globe in 2014.

A leaked top secret presentation, dubbed "Content Extraction Enhancements For Target Analytics. SMS Text Messages: A Goldmine to Exploit", gives us some idea as to the type of information being collected around the world each day.

For example, Dishfire collected data on over 6 million changes of SIM card, 5,314 instances of travel plans and over 800,000 financial transactions, including bank activity, credit card payments made to individuals and phone to phone money transfers. Dishfire even recorded the geocoordinates for 76,000 sent messages.

Documents shown in the Guardian report suggest that US phone numbers are removed from the database in accordance with US law but others, including those based in the UK, are retained.

To read the content of a message GCHQ requires a warrant, but it is allowed to search for "events" data relating to UK numbers - that is, who is contacting who and when it is happening.

It can also go back and access historical messages sent by and to a valid target, before the target was known to the authorities, once a warrant has been obtained. The Guardian quotes a GCHQ memo:

In contrast to [most] GCHQ equivalents, DISHFIRE contains a large volume of unselected SMS traffic. This makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years before the target was known to be of interest.

A separate GCHQ memo highlights the breadth of Dishfire by asking security analysts to limit their searching to 1,800 phone numbers at a time.

There was no immediate reaction to these revelations from the NSA but a GCHQ statement said:

All of GCHQ's work is carried out in accordance with the strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate and that there is rigorous oversight.

Speaking to Channel 4 news Stephen Deadman, group privacy officer and head of legal for security, privacy and content standards at Vodafone group, commented:

What you're describing sounds concerning to us because the regime that we are required to comply with is very clear and we will only disclose information to governments where we are legally compelled to do so, won't go beyond the law and comply with due process.

We're going to be contacting the Government and are going to be challenging them on this. From our perspective, the law is there to protect our customers and it doesn't sound as if that is what is necessarily happening.

The former Interception Commissioner, Sir Swinton Thomas, said that the practice was “a worry,” before going on to tell Channel 4 news:

Certainly in my time I would take the view that it's not open to our intelligence services to obtain or certainly to use communications or data which would not have been lawful in this country.

It's not dissimilar to the question: Do you use material which you may have reason to believe has been obtained by torture? It's a different area of course, but the concept is very similar.

Image of texting courtesy of Shutterstock.

, ,

You might like

10 Responses to NSA sweeps up hundreds of millions of text messages daily

  1. Anonymous · 630 days ago

    Really, if you are doing nothing wrong. Why would you care?

    • Paul Ducklin · 629 days ago

      For the very simple reason that if you are doing nothing wrong, why should *they* care :-)

    • wrhite · 629 days ago

      When your government agencies secretly choose what is "wrong", (perhaps you are in the "wrong" political party or decide to join the "wrong" union or start dating someone of the "wrong" colour) your argument falls to pieces.

      Do they? You bet! Try asking the Lawrence family, spied on for trying to get justice. Resources that could have been used to find his killer were spent on muckraking.

    • 'Really, if you are doing nothing wrong. Why would you care?'

      I'd imagine a lot of bootlicking Germans and Soviets 'with nothing to hide' made that same vaccuous statement in 1933, and again under the Stasi regime. Ended nicely for them, didn't it?

      By the way, why are you posting anonymously if you're doing nothing wrong? Any skeletons in your closet? Any embarrasing little secrets you'd like to share with us?

    • Thomas · 626 days ago

      It's very simple, Mr. or Ms. Anonymous. Lets say a suspected terrorist, anarchist, or criminal was texting from a restaurant a year ago. Every other phone in that vicinity would be red flagged as a potential accomplice. A week later, the same suspect sends a text from the same restaurant, and all other phones in that vicinity are red flagged. One of those phones was in the restaurant and red flagged the first time, so now they have two instances of that completely innocent phone user being red flagged. A week later the innocent phone user happens to be in the vicinity of another innocent phone user from the first instance, so both are red flagged again. Now they have suspicion of a cell or criminal enterprise between the two innocent phone users, and all other phones are red flagged as well. And over the course of the year, many of the phones are in the vicinity of each other, strictly by coincidence, because these innocent people live, work, or enjoy amenities in that area. During that time, hundreds, if not thousands of innocent phone users could be swept up and linked to the original suspect from the restaurant a year earlier. What if one of them was you? What if over the course of that year you had emailed a friend or two and written about how terrible a terrorist act had been? Now you would be red flagged for having the word "terrorist" in a sent or received email. And if you'd sent or received any emails that mentioned "North Korea", "Cuba", "Ukraine", or any of a couple dozen words that the security people are suspicious of, OOPS, there's some more red flags. But this didn't just start a year ago, it's been going on for many years. How many more red flags would you have received, even though you are presumably innocent, misinformed about anonymity, and don't care? Stick with your delusions, you're better off ignoring reality.

      • Sizzle Bizzle! · 626 days ago

        I've actually put in "keywords" many times into emails, texts, phone calls....... The Feds aren't smashing in my backdoor (oo er!) to get to me and throw me in prison. Stop being so paranoid or think you're so important that they even care about you.... they don't.

        Perhaps they're more interested in my texts about dinner, sex and records. I would be...... I love food, girls and music.... I know and I work in IT... crazy, eh?

  2. Andrew · 629 days ago

    no communication devices are safe from surveillence it all gets looked at

  3. Andrew · 627 days ago

    all this stuff about surveillance makes you want to throw your mobile your laptop your computer away just to keep your privacy why has our world gone so wrong ?

  4. JP · 625 days ago

    I wonder if these are purely SMS's or does it include iMessages?

  5. Sizzle Bizzle · 625 days ago

    Jeez, I think you guys need to start wearing tin foil hats. Get a grip!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.