Nonprofit, independent journalism. Supported by readers.


Massive NSA cellphone-tracking program snares some Americans, too

The NSA’s CO-TRAVELER program collects 5 billion cellphone records a day in an effort to find terrorists overseas. Data from Americans are collected ‘incidentally.’

The National Security Agency vacuums up about 5 billion cell phone records each day that it uses to map locations and associations of foreigners – but also inevitably some Americans as well, according to top-secret documents leaked by Edward Snowden, the former NSA contractor.

The NSA’s global cellphone data-collection system, code named CO-TRAVELER, has been one of the agency’s most far flung and prolific technical tools in terms of the sheer amount of data collected, according to The Washington Post, which posted the documents online late Wednesday. The goal is to find terrorists and improve national security.

The CO-TRAVELER system taps into fiber optic cable systems worldwide, capturing cellphone “metadata” as they flow across those lines – data that include the location of the caller and who is being called, not the contents of the phone conversation itself, the Post reported.

Inevitably, the lines monitored by CO-TRAVELER carry the data of at least some Americans’ cell phones, which means those data – as well as data from millions of Americans who travel abroad each year – get hoovered up by the program, the Post added.

Article continues after advertisement

Sifted using complex algorithms, the cellphone data can be used to map the travels of individuals and to reveal associations with others carrying cellphones. The phones do not have to be turned on for such data to be collected, since the phones connect automatically with cell towers several times per minute. The system zeroes in on those who turn their phones off most of the time, turning them on only to make brief calls, according to the Post.

Agency officials contend the cellphone data-collection program meets the letter of the law – that Americans are not targeted and their data are collected only “incidentally.” The courts, they say, have upheld the view that there is no expectation of privacy in the collection of such data.

“There is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States,” Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, told the Post.

But the law is far from settled on the issue of whether collecting phone metadata in bulk and analyzing it is a violation of the First Amendment freedom of association or the Fourth Amendment’s prohibition against unreasonable search and seizure.

“It is staggering that a location-tracking program on this scale could be implemented without any public debate, particularly given the substantial number of Americans having their movements recorded by the government,” Catherine Crump, staff attorney with the American Civil Liberties Union, said in a statement. “The paths that we travel every day can reveal an extraordinary amount about our political, professional, and intimate relationships.”

Much of the justification for the metadata collection derives from Smith v. Maryland, a 1979 case in which the Supreme Court upheld the right of police to target cellphone data to track a suspect’s location, despite lack of a warrant. There was no Fourth Amendment violation, the court said.

But that case, which involved a single suspect already under police scrutiny, is far different from bulk location data collection involving millions of Americans, say legal experts who expect the case to be revisited by the High Court.

“Smith was about our expectation of privacy in information we voluntarily provide to a single third party, on the theory that it’s not problematic to allow the government to know what our phone company knows,” Stephen Vladeck, associate professor at American University’s Washington College of Law and a national security law expert, writes in an e-mail interview.

But the government today claims the authority to collect our data from disparate providers, perhaps even across disparate classes of services, including our phone company, Internet service provider, bank, and supermarket, he writes.

Article continues after advertisement

“When put together, the various data streams provide the government with information on us that we did not provide to any individual third party,” he writes, “and so there’s a fairly strong argument that this is a question … not settled by Smith.”

Earlier this year, NSA officials admitted the agency did run what it called “a pilot project” in 2010 and 2011 to collect “samples” of US cellphone location data. Those data were never used for intelligence analysis and the project was ended because it had no “operational value,” the Post reported.

But such arguments are small assurance, privacy experts say.

“As with other surveillance activities, the NSA claims that its cellphone location program is targeted at foreigners, and Americans’ information is collected only ‘incidentally,’ ” Elizabeth Goitein, codirector of the Brennan Center for Justice’s Liberty and National Security Program. “But the scale of foreign surveillance has become so vast, the amount of information about Americans ‘incidentally’ captured may itself be approaching mass surveillance levels.”

Some lawmakers are trying to limit bulk phone-metadata collection. An amendment to the new defense spending bill would require US intelligence agencies spell out if they have ever collected – or planned to collect – geolocation data for “a large number of United States persons with no known connection to suspicious activity.”

In addition, Sen. Ron Wyden (D) of Oregon has introduced legislation to make it illegal for a service provider to disclose – or for law enforcement to intercept or use – a person’s location data unless a warrant was first received from a judge.

The prospects for the measures in Congress are uncertain. But the Post report suggests Senator Wyden’s bill might have an effect on CO-TRAVELER, which “relies on two unnamed corporate partners” for some of its data collection.