eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Perhaps the most telling comment to come out of the hearings by the House Intelligence Committee regarding the surveillance of phone numbers, first revealed earlier in June, was about haystacks. “In order to find a needle in a haystack,” a witness commented, “first you need a haystack.”
That haystack refers to the metadata from billions of phone call records provided to the National Security Agency by phone companies in the United States. That haystack is also the term used to describe what is perhaps the biggest of big data initiatives undertaken by the intelligence community to uncover terrorist activity that might threaten the U.S.
Those billions of phone call records provide the data that can be analyzed once a suspect phone number is found outside the country. In one situation that was described by FBI Deputy Director Sean Joyce, the NSA determined that a phone in Yemen had been calling a number in San Diego.
The NSA provided the number to the FBI, which then tracked down the owner of that phone and who else had been called. Eventually the FBI got a court order to tap the phone, and in the process uncovered a plot to attack the New York Stock Exchange, and arrested the people involved.
What’s important to understand is that the NSA only keeps the phone metadata, meaning the phone number itself, the number on the other end of the communication and the duration, time and date of the call. All of the other information that’s been speculated about, such as GPS coordinates, cell towers used or the contents of the call itself, are not kept by the NSA in some vast database.
Governing all of this are two parts of the Patriot Act. Part 215 governs the collection of phone information, and while there are a lot of things that could be collected, the NSA only collects the phone call metadata. Other agencies may be collecting other information, but the NSA is the ultimate big data user, and as a result that’s all it collects.
The NSA collects these as a part of the business records of the phone companies, and it gets court orders from the secret Foreign Intelligence Surveillance Court to obtain the records. The court orders give the NSA approximately the same access that other agencies can get with a grand jury warrant.
The other part of the Patriot Act is Part 702, which allows the collection of e-mail and text messages. The FBI is the agency that collects most of the Part 702 data, but it requires a court order to do so.
U.S. Email, Phone Surveillance Details Come to Light in House Testimony
In the case of the San Diego terrorist, for example, the FBI was prohibited from collecting anything without the order from the FISA court. Once it got that order, the FBI was able to see who was communicating with whom and to capture the contents of the email. The feds then used this information to get a wiretap warrant to monitor the actual phone conversations. It was only after the FBI got that information that it was able to arrest the terrorist and subsequently try him.
According to the congressional testimony, the combination of Part 215 and Part 702 resulted in putting an end to more than 50 terrorist attacks in the U.S. since the Patriot Act went into effect after the attacks of Sept. 11, 2001. NSA Director General Keith Alexander said that this information was critical to preventing those attacks and others such as an attempt to bomb the New York City subway system.
Under intense questioning by Rep. Michelle Bachmann (R-Minn), Alexander said the NSA does not keep a database of recorded phone conversations, nor does it keep a database of recorded video. He also said the NSA does not routinely run pattern matching against its database of phone numbers, only doing so when there’s a specific requirement and only when there’s approval from the FISA court.
However, Alexander did not rule out that the FBI might be collecting information such as phone conversations, credit card numbers or emails. He noted that the NSA is only allowed to perform surveillance on what he called “non-U.S. persons” unless there was a court order for some specific action, and he added that normally such actions aren’t handled by the NSA, but rather by other agencies.
What this means to you is that you can be certain that your phone metadata is being recorded by the phone companies and delivered monthly to the NSA, which then stores it. After five years, according to the testimony, it’s erased. You can also be certain that the NSA isn’t tapping your phone, partly because that agency doesn’t have the manpower and partly because the FBI has that responsibility.
What’s more, you can be comfortable knowing that the NSA isn’t reading your email. Again, that’s up to the FBI. This means that instead of worrying about the NSA, you should worry about the FBI, especially if you’re getting phone calls from Yemen.