url of site:
Surveillance Techniques: How Your Data Becomes Our Data
In 2001, NSA published the secret “Transition 2001” report defining our strategy for the 21st century. No longer could we simply access analog communications using conventional means, the new digital world of globally-networked encrypted communications required a dramatic change to our surveillance strategy: NSA would need to “live on the network”.
We’ve turned our nation’s Internet and telecommunications companies into collection partners by installing filters in their facilities, serving them with secret court orders, building back doors into their software and acquiring keys to break their encryption.
Our Domestic Intercept Stations
NSA technicians have installed intercept stations at key junction points, or switches, throughout the country. These switches are located in large windowless buildings owned by the major telecommunication companies and control the domestic internet traffic flow across the nation. A fiber optic splitter is placed on the incoming communication lines and routes the traffic to an NSA intercept station for processing.
View a sample route that internet data traverses from a home in Toronto to the San Francisco Art Institute passing through several NSA intercept stations.
Bulk Collection of U.S. Citizens’ Phone Records
We use our close partnership with the FBI to collect bulk telephone records on an ongoing basis using a Top Secret order from the Foreign Intelligence Surveillance Court (FISA). The metadata we collect from this program gives us information about what communications you send and receive, who you talk to, where you are when you talk to them, the lengths of your conversations, and what kind of device you were using.
The PRISM Program: Our #1 Source of Raw Intelligence
Our partners at the FBI DITU (Data Intercept Technology Unit) extract information from the servers of nine major American internet companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. This important partnership gives us direct access to audio, video, photographs, e-mails, documents and connection logs for each of these systems.
Established in 2007, the Top Secret PRISM program has allowed us to closely track targeted individuals over time. Our ability to conduct live surveillance of search terms has given us important insights into their thoughts and intentions.
This slide lists our information providers and the type of data available to our analysts
This slide illustrates how the collected PRISM data flows through multiple NSA systems and databases
To learn more about the PRISM program, view additional PRISM slides.
Google Cloud Exploitation
The NSA “MUSCULAR” program allows us to conveniently conduct large-scale data gathering outside the jurisdiction of the Foreign Intelligence Surveillance Court by secretly tapping into the communication links between Google’s data centers outside the U.S. The Special Source Operations (SSO) group discovered a clever way around Google’s security measures giving us full access to the rich data Google stores on the cloud for its users.
Our bulk cellphone location tracking program captures almost 5 billion records a day and feeds into a massive 27 terabyte database storing information about the locations of a hundred million devices. By tapping into the cables that connect the mobile networks globally and working with our corporate partners to install intercept equipment, we can apply mathematical techniques that enable our analysts to map cellphone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. This “Co-traveler” program allows us to look for unknown associates of known intelligence targets by tracking people whose movements intersect.
Spying Toolbox: The ANT Catalog
When the data we seek resides in places we cannot access using the above surveillance techniques, we rely on the technical experts in the Tailored Access Operations Group and their specialized tools from the ANT Product Catalog. The categories of available tools are listed below.
Click on an icon above to view the related ANT products
Our Undersea Cable Tapping Strategy
By tapping into the worldwide network of undersea cables, our OAKSTAR, STORMBREW, BLARNEY and FAIRVIEW systems can process data as it flows across the internet. Each system is responsible for different types of intercepted data. For example, the BLARNEY system gathers metadata describing who is speaking to whom and through which networks and devices.
There are two methods employed for tapping into the undersea cable network. A modified nuclear submarine houses the technicians and gear needed to place the physical taps on the undersea cables along strategic points in the network. The second method involves using intercept probes at the point where the cables connect to the landing stations in various countries. These probes capture and copy the data as it flows onward.
View an interactive map of worldwide undersea cables
XKeyscore: Our Real-Time Internet Monitoring Capability
As data flows through our worldwide data collection points, the XKeyscore system indexes and stores this information in a rolling three-day buffer database containing all internet activity passing through each collection site. XKeyscore is a massive distributed Linux cluster with over 700 servers distributed around the world.
The theory behind XKeyscore is simple: People spend a large amount of time on the web performing actions that are anonymous. We can use this traffic to detect anomalies which can lead us to intelligence by itself, or provide a selection path for further inquiries. Examples of anomalous events: Someone searching the web for “suspicious stuff” or someone who is using encryption.
This slide shows a worldwide map of the XKeyscore server locations
This slide shows how metadata is extracted and stored in the XKeyscore database
Tracking Our Surveillance Data: Boundless Informant
The “Boundless Informant” mapping tool provides our analysts the means to track intelligence collection statistics worldwide. Using a color-coded map, we can quickly determine the volume of collection data we have by geographical location. This global heat map assigns each nation a color code based on its surveillance intensity ranging from green (least subjected to surveillance) through yellow and orange to red (most surveillance). With the monthly domestic intelligence collection volume at almost three billion pieces, the United States is assigned the color orange.
Surveillance Data from Other Sources
In addition to our own data collection activities, the Domestic Surveillance Directorate receives a constant flow of information from other sources. For more information about these sources, visit Our Partners page.