Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

NSA Collects the Whole Voice Conversation of an Entire Nation

NSA Headquarters, Ft. Meade, Maryland
NSA Headquarters, Ft. Meade, Maryland

The Washington Post yesterday described a surveillance program called Mystic that uses a search tool called Retro to examine the content of large-scale voice collections. Mystic commenced in 2009, and achieved full operational status in 2011. "In the initial deployment," writes the Post, "collection systems are recording 'every single' conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary."

For thirty days the entire voice content can be searched by Retro (short for 'retrospective retrieval'), a specially developed voice search and retrieval program. Capacity limitations mean that analysts listen to only a fraction of 1% of the calls, but millions of clippings are extracted for further processing and long-term storage. One concern is that the 30-day rolling total storage is also governed more by capacity than policy.

How the surveillance is achieved is not mentioned in the report; and it is noticeable that the UK's GCHQ is not mentioned at all. However, it seems likely that something similar to GCHQ's Tempora system for tapping fiber cable links combined with the satellite interceptions first described by Nicky Hager in his book Secret Power some 18 years ago would be required to intercept the totality of a country's communications.

One of the early Snowden revelations was GCHQ's 'Mastering the Internet' program. The Guardian wrote, "One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fiber-optic cables for up to 30 days so that it can be sifted and analyzed. That operation, codenamed Tempora, has been running for some 18 months." It added, "The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location."

Capacity to store the sheer volume of data they intercept seems to be a problem for both the NSA and GCHQ. This is supported by the early Mystic documents suggesting that it was a one-off program against a single foreign nation. But "last year’s secret intelligence budget named five more countries for which the MYSTIC program provides 'comprehensive metadata access and content,' with a sixth expected to be in place by last October." It is not known whether the initial country targeted is specifically named in the NSA documents, but it is certainly likely that it could be discovered. "At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned."

It is believed that the NSA's new storage facility in Utah is designed to alleviate storage capacity issues. The NSA is "currently in the process of building a state of the art storage center in Utah to provide deep, long-term storage. Vaguely resembling a jelly bean, the facility is believed to have gone online last October," notes the DailyTech. It adds, "But the NSA is also building an even bigger follow-up facility in Baltimore, spending $792M USD."

Security and privacy expert Bruce Schneier warns that the real issue is not just the existing practice but the long term potential. "What's interesting here is not the particular country whose data is being collected; that information was withheld from the article. It's not even that the voice data is stored for a month, and then deleted. All of that can change, either at the whim of the NSA or as storage capabilities get larger. What's interesting is that the capability exists to collect 100% of a country's telephone calls, and the analysis tools are in place to search them."

What’s Hot on Infosecurity Magazine?