NSA ‘Time Machine’ Can Spy on Phone Conversations of Americans Abroad

Jacquelyn Martin/AP

AA Font size + Print

A newly disclosed NSA program can collect ‘100 percent’ of a foreign country’s calls, including from Americans living and working there. Dustin Volz

A top-secret surveillance program housed at the National Security Agency allows agents to listen in to the entirety of an unnamed foreign country’s telephone conversations that have taken place within the past month, including those for people not suspected of any wrongdoing, according to new documents from Edward Snowden published Tuesday.

The program, known as MYSTIC, was formed in 2009 and deploys a “retrospective retrieval” tool that allows agents to rewind and play back phone conversations that occurred in the past 30 days, according to a new report in The Washington Post. One official described this “RETRO” tool—for “retrospective retrieval”—as a “time machine” that opens a door “into the past,” allowing a replay of the voices on any given call, without the need for prior identification of the person on the line.

Though the program is used in an unknown foreign country (which The Post has refrained from identifying at the request of U.S. officials) and not domestically, the NSA has considered expanding it to other countries—and U.S. citizens are not exempt from the data collection. 

Ubiquitous voice surveillance, even overseas, pulls in a great deal of content from Americans who telephone, visit, and work in the target country,” The Post reports. “Present and former U.S. officials … acknowledged that large numbers of conversations involving Americans would be gathered from the country where RETRO operates.”

This is the first known NSA program to capture an entire nation’s telephone network, a new revelation that will likely surprise some spying experts and further stoke the roiling international debate over the proper role of government surveillance, which first ignited after Snowden’s initial disclosures last June.

In a statement to National Journal, the NSA said it “does not conduct signals intelligence collection in any country, or anywhere in the world, unless it is necessary to advance U.S. national security and foreign policy interests.”

As the president affirmed on 17 January, all persons—regardless of nationality—have legitimate privacy interests in the handling of their personal information,” an agency spokesperson said. “Accordingly, all of NSA’s operations must be strictly conducted under the rule of law with respect for the fact that routine communications and communications of national security interest increasingly transit the same networks.”

But the MYSTIC program, which is depicted in an internal agency slide by a cartoon wizard wielding a phone-topped staff, may be seen as violating President Obama’s promise that the government is “not spying on ordinary people who don’t threaten our national security,” as the surveillance does not require advance identification of the callers.

This type of indiscriminate collection of “every single” phone conversation could soon expand to a number of other foreign countries, if it hasn’t already, according to The Post. Last year’s secret “black budget” for the intelligence community named five additional countries in which the MYSTIC program provides “comprehensive metadata access and content.” A sixth was expected to be added in October.

The NSA’s phone-surveillance programs disclosed thus far have typically involved the bulk collection of metadata—that is, the phone numbers, call times, and call durations—and not the content of the conversation itself. The MYSTIC program’s ability to listen in on what is actually being said during a phone call appears to be unique.

Of the billions of calls recorded in the foreign country, less than one percent are analyzed, The Post reports. A “rolling buffer” is used to clear out calls more than 30 days old to make room for more recent conversations.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.