recommended reading

NSA 'Time Machine' Includes Spying on Americans' Phone Conversations

Francisco Seco/AP File Photo

A top-secret surveillance program housed at the National Security Agency allows agents to listen in to the entirety of an unnamed foreign country's telephone conversations that have taken place within the past month, including those for people not suspected of any wrongdoing, according to new documents from Edward Snowden published Tuesday.

The program, known as MYSTIC, was formed in 2009 and deploys a "retrospective retrieval" tool that allows agents to rewind and play back phone conversations that occurred in the past 30 days, according to a new report in The Washington Post. One official described this "RETRO" tool—for "retrospective retrieval"—as a "time machine" that opens a door "into the past," allowing a replay of the voices on any given call, without the need for prior identification of the person on the line.

Though the program is used in an unknown foreign country (which The Post has refrained from identifying at the request of U.S. officials) and not domestically, the NSA has considered expanding it to other countries—and U.S. citizens are not exempt from the data collection.

"Ubiquitous voice surveillance, even overseas, pulls in a great deal of content from Americans who telephone, visit, and work in the target country," The Post reports. "Present and former U.S. officials ... acknowledged that large numbers of conversations involving Americans would be gathered from the country where RETRO operates."

This is the first known NSA program to capture an entire nation's telephone network, a new revelation that will likely surprise some spying experts and further stoke the roiling international debate over the proper role of government surveillance, which first ignited after Snowden's initial disclosures last June.

In a statement to National Journal, the NSA said it "does not conduct signals intelligence collection in any country, or anywhere in the world, unless it is necessary to advance U.S. national security and foreign policy interests."

"As the president affirmed on 17 January, all persons—regardless of nationality—have legitimate privacy interests in the handling of their personal information," an agency spokesperson said. "Accordingly, all of NSA's operations must be strictly conducted under the rule of law with respect for the fact that routine communications and communications of national security interest increasingly transit the same networks."

But the MYSTIC program, which is depicted in an internal agency slide by a cartoon wizard wielding a phone-topped staff, may be seen as violating President Obama's promise that the government is "not spying on ordinary people who don't threaten our national security," as the surveillance does not require advance identification of the callers.

This type of indiscriminate collection of "every single" phone conversation could soon expand to a number of other foreign countries, if it hasn't already, according to The Post. Last year's secret "black budget" for the intelligence community named five additional countries in which the MYSTIC program provides "comprehensive metadata access and content." A sixth was expected to be added in October.

The NSA's phone-surveillance programs disclosed thus far have typically involved the bulk collection of metadata—that is, the phone numbers, call times, and call durations—and not the content of the conversation itself. The MYSTIC program's ability to listen in on what is actually being said during a phone call appears to be unique.

Of the billions of calls recorded in the foreign country, less than one percent are analyzed, The Post reports. A "rolling buffer" is used to clear out calls more than 30 days old to make room for more recent conversations.

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.