The December 2022 issue of IEEE Spectrum is here!

Close bar

NSA Collecting Cellphone Location Data Worldwide

The U.S. National Security Agency reportedly gathers 5 billion cellphone location records a day

2 min read
NSA Collecting Cellphone Location Data Worldwide
Illustration: Brandon Laufenberg/Getty Images

Millions of Americans who travel abroad every year with their cellphones end up becoming data for a powerful set of surveillance tools used by the National Security Agency, the Washington Post reported yesterday. The NSA gathers almost 5 billion cellphone location records every day and uses the data to search for intelligence targets worldwide, according to the Post.

The NSA feeds the data into an array of analytic tools—known as CO-TRAVELER—that allows the agency to detect suspicious patterns in the date, time, and location of cellphone usage, according to top-secret documents and interviews with U.S. intelligence officials conducted by the Post. The newspaper reports that NSA tools can use cellphone data to track the global movement of individuals and find previously unknown associates of certain people:

"In scale, scope and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programs that have been disclosed since June. Analysts can find cellphones anywhere in the world, retrace their movements and expose hidden relationships among the people using them."

A senior collection manager with the NSA told the Post that the agency collects such location data by tapping cables used to connect mobile networks around the world.

Briefing slides leaked by former NSA contractor Edward Snowden show that the NSA's collection of cellphone location data relies on 10 major signals intelligence activity designators, also known as "sigads." Such entities use unnamed corporate partners to collect data from telephone links, which transfer traffic between the internal networks of cellphone carriers.

The NSA enjoys the equivalent of "one-stop shopping" for data because of the shared databases accessible by many cellphone carriers, said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania, in a interview with the Post:

"This 'flat' trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency—hostile or friendly—can get 'one-stop shopping' to an expansive range of subscriber data just by compromising a few carriers."

NSA officials and lawyers have repeatedly said they do not intentionally collect cellphone location data in bulk from cellphones in the United States. Any cellphone location data of U.S. citizens gathered abroad comes as part of the NSA's focus on looking for threats outside the United States, according to an NSA lawyer interviewed by the Post.

Previously, NSA surveillance efforts were revealed to have secretly tapped into communication links connecting the Internet data servers of tech giants such as Google and Yahoo—revelations that prompted Google, Yahoo, Facebook, and Microsoft to expand their encryption efforts and harden defenses against surveillance.

Such revelations have also prompted outrage and possible legislative action from Congress to lift the veil on NSA surveillance. Last month, the U.S. Senate began debate on a Surveillance Transparency Act that would force the NSA to reveal the breadth of its data collection efforts, how much the surveillance extends to data of U.S. citizens or permanent residents, and whose information is reviewed by government agents. The legislation would also eliminate gag orders that have prevented phone and Internet companies from speaking about orders they receive demanding customer data.

Illustration: Brandon Laufenberg/Getty Images

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less