NSA Can Legally Access Metadata of 25,000 Callers Based on a Single Suspect’s Phone
Despite changes to the law, the U.S. National Security Agency can still request metadata from tens of thousands of private phones if they are indirectly connected to the phone number of a suspected terrorist, according to a new analysis. The study is one of the first to quantify the impact of policy changes intended to narrow the agency’s previously unfettered access to private phone records, which was first revealed by Edward Snowden in 2013.
For years before Snowden went public, the U.S. National Security Agency legally obtained metadata not only from suspects’ phones but also from those of their contacts and their contacts’ contacts (and even their contacts’ contacts’ contacts) in order to trace terrorist networks. This metadata included information about whom a user has called, when the call was placed, and how long these calls lasted.
Today, federal rules permit the NSA to recover metadata from phones within "two hops" of a suspect, which means someone who called someone who called the suspect in the past 18 months. Previously, federal regulations were more generous, permitting recovery of metadata from "three hops" away dating back to five years.
A new analysis led by researchers at Stanford University’s Computer Security Laboratory quantifies just what this policy change has meant, discovering that, under the old five-year three-hop rules the NSA could legally recover metadata from about 20 million phones per suspect and “the majority of the entire U.S. population” if it analyzed all its suspects. Now, the stricter 18-month "two hop" rule permits the agency to recover metadata from about 25,000 phones with a single request, according to the Stanford study.