Skip to main content

NSA expanded bulk collection of internet data under newly uncovered surveillance programs

NSA expanded bulk collection of internet data under newly uncovered surveillance programs


One data stream has processed one trillion records as of December 2012

Share this story

GOOGLE Connie Zhou data center server
GOOGLE Connie Zhou data center server

New reports from The Guardian show that a discontinued NSA program which collected vast amounts of foreign and domestic internet data has been replaced by more expansive programs under the Obama administration. The new surveillance capabilities, implemented by the NSA's Special Source Operations (SSO) directorate, have "doubled" the agency's data intake since being installed, according to a top secret memo obtained by The Guardian.

The newest program, code name "EvilOlive," was introduced in December of 2012 and is aimed at "broadening the scope" of what the NSA can collect under its authority granted by the FISA Amendments Act of 2008. Like the program it replaced, EvilOlive and a second program called "ShellTrumpet" capture sensitive internet metadata — such as email logs, web browsing histories, and IP addresses, which can reveal location information — but not the content of email communications. According to the memo, ShellTrumpet "processed its one trillionth metadata record" in December 2012. The document states that "almost half" of those trillion records were processed in 2012 alone.

"processed its One Trillionth metadata record" in December 2012

According to the leaked documents, the new capabilities have been dubbed the "One-End Foreign (1EF) solution," referring to the requirement that at least one end of the communications being ingested come from outside the United States. The documents say that this solution has dramatically increased the NSA's web traffic intake, allowing "more than 75 percent" of intercepts to be redirected through the agency's filters.

"This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories," the document reads. The massive amount of data suggests a use case for the NSA data center currently being built in Bluffdale, Utah, which author James Bamford exposed in Wired last year.

Two other programs called "MoonLightPath" and "Spinnaret" are set to go online in September 2013

In a separate report, The Guardian has also revealed that mass-collection of internet metadata under the now-defunct Bush era program, code name STELLARWIND, was continued for two years under the Obama administration. The program began shortly after 9/11 as a way to intercept records of communications where at least one end originated outside the US, but claimed new authority to collect information on purely domestic communications, according to a secret Justice Department memo from 2007.

The Washington Post has previously reported that the program's broad scope caused a rebellion within the Bush administration which nearly ended in the resignation of FBI director Robert Mueller and acting attorney general James Comey. The administration halted the extralegal program, which also covered the collection of phone records, but later resumed the surveillance efforts under new authorities and gave retroactive legal immunity to the providers who had cooperated with the NSA. The new disclosures come seven years after the public first learned of the NSA's domestic spying programs, when former AT&T technician Mark Klein revealed that the NSA had installed network routing equipment inside a secret room at an AT&T switching hub in San Francisco.

The NSA documents also reveal the existence of several other new programs, including a joint surveillance operation with an unnamed partner agency used to "query metadata" which was "turned on in Fall 2012." Two other programs called "MoonLightPath" and "Spinnaret" are also set to go online in September 2013. Another entry indicates that "Transient Thurible," a metadata collection effort from British partner agency GCHQ, has been "flowing into NSA repositories since 13 August 2012." In a leaked slide pertaining to GCHQ's surveillance efforts, NSA director Keith Alexander was quoted saying, "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith," referring to GCHQ's Menwith Hill eavesdropping station in north England.

"The National Security Agency has been operating in the shadows for far too long."

Responding to recent reports on PRISM, a large NSA program which pulls data from nine major internet companies, President Obama has reassured that "with respect to the internet and emails, this does not apply to U.S. citizens, and it does not apply to people living in the United States." NSA director Gen. Keith Alexander elaborated at a recent Congressional hearing, saying that the agency can not "specifically target" anyone they have "reasonable suspicion" to believe is a US citizen, and that it must "minimize" the data collected if US persons are caught in the agency's dragnets.

However, guidelines for these procedures, published by The Guardian last week, show that the NSA can retain the data of persons believed to be American citizens under a broad set of circumstances, including when the communications are encrypted, hold foreign intelligence information, or "contain evidence of a crime that has been, is being, or is about to be committed."

"This is further confirmation that the National Security Agency has been operating in the shadows for far too long," says Alex Abdo, a staff attorney for the ACLU, in a statement emailed to The Verge. "Extreme secrecy has facilitated extreme policy — all at the expense of Americans’ constitutional right to be left alone by their government absent specific cause or suspicion. The Obama administration must come clean with the country about the extent to which it believes it may monitor all Americans’ emails and phone calls."