Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

NSA amasses nearly 5 billion cell phone records daily for location-based tracking

The National Security Agency (NSA) is using a sophisticated analytics tool that deciphers sweeping amounts of cell phone location data gleaned from worldwide mobile users, new reports reveal.

According to The Washington Post, which published an article Wednesday about the revelations, the agency collects nearly five billion phone records daily and uses a tool, called “Co-Traveler,” to extract meaningful information about targets by tracking bystanders on cell phones.

The Post obtained the findings via classified documents leaked by former NSA contractor and whistleblower Edward Snowden, and through interviews with U.S. intelligence officials.

“Sophisticated mathematical techniques enable NSA analysts to map cell phone owners' relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths,” The Post wrote. “Cell phones broadcast their locations even when they are not being used to place a call or send a text message.”

The paper revealed that the NSA gains this location-based insight on cell phone users' travels and habits by “tapping into the cables that connect mobile networks globally and that serve U.S. cell phones as well as foreign ones.”

This mass collection helps the agency to identify “co-travelers” – individuals that interact or travel with specific targets on the NSA's radar, the paper explained.

In a graphic depicting how the surveillance system works, The Post showed how mobile device location data can be made evident to the NSA when phones merely connect to cellular networks, or use Wi-Fi signals to “fix their locations.” In addition, built-in GPS receivers aid in this process, as well as the fact that most service providers track phones' locations to provide emergency services, for instance.

NSA's co-traveler analytics system makes use of cell phone location information to compute other data, such as the date, time and location of devices in certain proximity to intelligence targets.

The leaks also brought forth another major finding: that location data is gathered from 10 “sigads,” meaning signals intelligence activity designators. One sigad, dubbed “Stormbrew,” was even revealed to rely on two unnamed “corporate partners” going by the code names “Artifice” and “Wolfpoint.”

The documents also revealed that the NSA can overstep, or at least pinpoint, attempts to hinder surveillance efforts, such as individuals using disposable cell phones or turning devices on only briefly.

“Co-traveler takes note, for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time,” The Post said.

On a domestic level, the agency's tactics are estimated to impact “tens of millions of Americans” traveling abroad each year with their cell phones in tow, the paper found.

UPDATE: On Thursday, Gregg Smith, CEO of Bethesda, Md.-based KoolSpan, a mobile security firm, told SCMagazine.com via email that the spying revelations reinforce how users "can't rely on [the] government or your mobile phone carrier to keep you safe."

Smith added that encryption technologies for mobile devices have become more "mainstream," in part, because of the continued attention on NSA's surveillance tactics.

"Traditionally, the need for ‘secure phones' was reserved for high-level military and government agents, but the times have officially changed and the stakes are high," Smith wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.