The National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to top-secret documents.<\/p>\n
The untargeted collection and storage of SMS messages \u2013 including their contacts \u2013 is revealed in a joint investigation between the Guardian and the UK\u2019s Channel 4 News based on material provided by NSA whistleblower Edward Snowden.<\/p>\n
The documents also reveal the UK spy agency GCHQ has made use of the NSA database to search the metadata of \u201cuntargeted and unwarranted\u201d communications belonging to people in the UK.<\/p>\n
The NSA program, codenamed Dishfire, collects \u201cpretty much everything it can\u201d, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets.<\/p>\n
The NSA has made extensive use of its vast text message database to extract information on people\u2019s travel plans, contact books, financial transactions and more \u2013 including of individuals under no suspicion of illegal activity.<\/p>\n
An agency presentation from 2011 \u2013 subtitled \u201cSMS Text Messages: A Goldmine to Exploit\u201d \u2013 reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as \u201cPrefer\u201d conducted automated analysis on the untargeted communications.<\/p>\n
![\"An](\"http:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2014\/01\/nsa-dishfire-program-300x225.jpeg\")
<\/a>An NSA presentation from 2011 on the agency’s Dishfire program to collect millions of text messages daily. Photograph: Guardian<\/p><\/div>\n
The Prefer program uses automated text messages such as missed call alerts or texts sent with international roaming charges to extract information, which the agency describes as \u201ccontent-derived metadata\u201d, and explains that \u201csuch gems are not in current metadata stores and would enhance current analytics\u201d.<\/p>\n
On average, each day the NSA was able to extract:<\/p>\n
\u2022 More than 5 million missed-call alerts, for use in contact-chaining analysis (working out someone\u2019s social network from who they contact and when)<\/p>\n
\u2022 Details of 1.6 million border crossings a day, from network roaming alerts<\/p>\n
\u2022 More than 110,000 names, from electronic business cards, which also included the ability to extract and save images.<\/p>\n
\u2022 Over 800,000 financial transactions, either through text-to-text payments or linking credit cards to phone users<\/p>\n
The agency was also able to extract geolocation data from more than 76,000 text messages a day, including from \u201crequests by people for route info\u201d and \u201csetting up meetings\u201d. Other travel information was obtained from itinerary texts sent by travel companies, even including cancellations and delays to travel plans.<\/p>\n
![\"A](\"http:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2014\/01\/nsa-dishfire-300x225.jpeg\")
<\/a>A slide on the Dishfire program describes the ‘analytic gems’ of collected metadata. Photograph: Guardian<\/p><\/div>\n
Communications from US phone numbers, the documents suggest, were removed (or \u201cminimized\u201d) from the database \u2013 but those of other countries, including the UK, were retained.<\/p>\n
The revelation the NSA is collecting and extracting personal information from hundreds of millions of global text messages a day is likely to intensify international pressure on US president Barack Obama, who on Friday is set to give his response to the report of his NSA review panel.<\/p>\n
While US attention has focused on whether the NSA\u2019s controversial phone metadata program will be discontinued, the panel also suggested US spy agencies should pay more consideration to the privacy rights of foreigners, and reconsider spying efforts against allied heads of state and diplomats.<\/p>\n
In a statement to the Guardian, a spokeswoman for the NSA said any implication that the agency\u2019s collection was \u201carbitrary and unconstrained is false\u201d. The agency\u2019s capabilities were directed only against \u201cvalid foreign intelligence targets\u201d and were subject to stringent legal safeguards, she said.<\/p>\n
The ways in which the UK spy agency GCHQ has made use of the NSA Dishfire database also seems likely to raise questions on the scope of its powers.<\/p>\n
While GCHQ is not allowed to search through the content of messages without a warrant \u2013 though the contents are stored rather than deleted or \u201cminimized\u201d from the database \u2013 the agency\u2019s lawyers decided analysts were able to see who UK phone numbers had been texting, and search for them in the database.<\/p>\n
The GCHQ memo sets out in clear terms what the agency\u2019s access to Dishfire allows it to do, before handling how UK communications should be treated. The unique property of Dishfire, it states, is how much untargeted or unselected information it stores.<\/p>\n
\u201cIn contrast to [most] GCHQ equivalents, DISHFIRE contains a large volume of\u00a0unselected<\/i>\u00a0SMS traffic,\u201d it states (emphasis original). \u201cThis makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years\u00a0before<\/i>\u00a0the target was known to be of interest.\u201d<\/p>\n
It later explains in plain terms how useful this capability can be. Comparing Dishfire favourably to a GCHQ counterpart which only collects against phone numbers that have specifically been targeted, it states \u201cDishfire collects pretty much everything it can, so you can see SMS from a selector which is not targeted\u201d.<\/p>\n
The document also states the database allows for broad, bulk searches of keywords which could result in a high number of hits, rather than just narrow searches against particular phone numbers: \u201cIt is also possible to search against the content\u00a0in bulk<\/i>\u00a0(e.g. for a name or home telephone number) if the target\u2019s mobile phone number is not known.\u201d<\/p>\n
Analysts are warned to be careful when searching content for terms relating to UK citizens or people currently residing in the UK, as these searches could be successful but would not be legal without a warrant or similar targeting authority.<\/p>\n
However, a note from GCHQ\u2019s operational legalities team, dated May 2008, states agents can search Dishfire for \u201cevents\u201d data relating to UK numbers \u2013 who is contacting who, and when.<\/p>\n
\u201cYou may run a search of UK numbers in DISHFIRE in order to retrieve only events data,\u201d the note states, before setting out how an analyst can prevent himself seeing the content of messages when he searches \u2013 by toggling a single setting on the search tool.<\/p>\n
Once this is done, the document continues, \u201cthis will now enable you to run a search without displaying the content of the SMS, especially useful for untargeted and unwarranted UK numbers.\u201d<\/p>\n
A separate document gives a sense of how large-scale each Dishfire search can be, asking analysts to restrain their searches to no more than 1,800 phone numbers at a time.<\/p>\n
![\"An](\"http:\/\/www.transcend.org\/tms\/wp-content\/uploads\/2014\/01\/nsa-dishfire2-300x225.jpeg\")
<\/a>