11 June 2014

How Many Phone Calls and Emails Does NSA and Its Allies Intercept? A Lot…

June 2014
Peter Koop
electrospaces.blogspot.in

Today it’s exactly one year ago the Snowden-leaks started. Among the many highly classified documents which were disclosed during the past year are various charts that provide us with actual numbers about the amount of data the National Security Agency (NSA) is collecting.

Here we will take a look at those numbers and see what we can learn from them by comparing various sources and from breaking them down into NSA-divisions, countries and collection programs. As still only fragmented parts have been published, this overview cannot provide completeness or full accuracy (estimates are shown as round numbers).

BOUNDLESSINFORMANT

The most detailed numbers about NSA’s data collection are from theBOUNDLESSINFORMANT tool, which is used by NSA officials to view the metadata volumes collected from specific countries or by specific programs.

A worldwide overview is provided by a heat map which was published by The Guardian on June 11, 2013. It displays the figures over a 30-day period ending in March 2013:

NSA worldwide total:

Internet records (DNI):

Telephony records (DNR)

221.919.881.317

97.111.188.358

124.808.692.959

This total of 221 billion telephony and internet records a month equals 2,6 trillion a year and 7,3 billion a day.

The BOUNDLESSINFORMANT worldwide overview for March 2013

NSA volumes and limits

The BOUNDLESSINFORMANT tool seems to be very accurate, but there’s another chart that gives different numbers. It’s from a 2012 presentation for the SIGINT Development conference of the Five Eyes community and shows the volumes and limits of NSA metadata collection. The chart was published by The Washington Post on December 4, 2013 and again in Greenwald’s book ‘No Place To Hide’ on May 13, 2014.

Chart showing the volumes and limits of NSA metadata collection
between January and June 2012

Redactions by Greenwald or the press, explanations added by the author

This chart shows:

- the numbers of telephony metadata which are received by FASCIA, which is NSA’s main ingest processor for telephony metadata;

- the numbers of internet metadata that are transferred to MARINA, which is a huge NSA database that can store internet metadata for up to a year;

- the numbers of internet metadata that had to be deleted because there was apparently not enough storage space.

Except for the deleted metadata, the charts shows ca. 10,4 billion internet metadata (DNI) a day, which makes 312 billion a month or 3,7 trillion a year. There are ca. 4,5 billion telephony metadata (DNR) a day, which makes 135 billion a month or 1,6 trillion a year. If we compare these numbers with those from BOUNDLESSINFORMANT, we see a big difference:

Internet metadata (DNI):

Telephony metadata (DNR

Volumes and Limits

(a month, 1st half 2012)

312.000.000.000

135.000.000.000 

BOUNDLESSINFORMANT

(a month, 1st half 2013)

97.111.188.358

124.808.692.959

There’s a difference of 11 billion telephony metadata between both charts, but an even bigger gap exists between the internet metadata: the Volumes and Limits chart shows 215 billion more than BOUNDLESSINFORMANT. This discrepancy wasn’t noticed in the press reportings, nor in Greenwald’s book, so at the moment there’s no clear explanation for this.

Telephony metadata

After being processed by FASCIA, the telephony metadata go to MAINWAY, which is another huge NSA database that keeps these kind of data for at least five years. In 2006 it was estimated that MAINWAY contained 1,9 trillion (1.900.000.000.000) call detail records.

For comparison: in 2007, AT&T’s Daytona system, which is used to manage its call detail records (CDR’s) supported 2,8 trillion records. In 2012, T-Mobile USA Inc. upgraded to an IBM Netezza 1000 platform with a capacity of 2 petabytes. This is used for loading 17 billion records a day, making 510 billion a month and more than 6 trillion a year. 

If we assume the telecom providers and NSA use “records” in the same sense, than this shows that the telecommunication companies produce far more phone call metadata than NSA collects. As T-Mobile USA alone apparently creates 4 times more records as presented in NSA’s BOUNDLESSINFORMANT tool, the domestic telephone metadata collection under section 215 Patriot Act cannot be included in the numbers we’ve seen so far. 

GCHQ metadata collection

Even more metadata seem to be collected by NSA’s British partner agency GCHQ, which according to this slide from 2011 collects 50 billion metadata per day. This makes 1,5 trillion a month and an astonishing 18 trillion (18.000.000.000.000) a year!

This (partial) slide was published in Greenwald’s book No Place To Hide, but without any further explanation, so we don’t know whether GCHQ is able to actually store everything or has to delete large amounts, like NSA. From the slide itself it seems that the number of 50 billion refers to internet metadata alone, which would make this number even more remarkable.

According to a report by The Guardian, GCHQ also collects 600 million telephony metadata a day, which makes 18 billion a month - a small number compared to the internet metadata this agency receives:

Internet metadata per month:

Telephony metadata per month:

BOUNDLESS

INFORMANT

97 bln.
124 bln. 

Volumes
and Limits

312 bln.

135 bln. 

GCHQ

1500 bln.

18 bln.

NSA collection by country

The main BOUNDLESSINFORMANT interface with the heat map also lists the names of the countries which provide the highest numbers of data. These can be sorted in three different ways: Aggregate, DNI (internet) and DNR (telephony), each resulting in a slightly different top-5. The following aggregated totals (so both DNI and DNR) are known:

NSA worldwide total:

Pakistan:

Afghanistan:

Iran:

Jordan:

India:

Egypt:

United States:

Brazil:

221.919.881.317 (100%)

27.275.944.618 (12%)

24.293.973.693 (11%)

15.834.475.801 (7%)

14.374.155.469 (6%)

12.616.915.557 (5%)

9.064.623.040 (4%)

3.095.553.478 

2.300.000.000 

These numbers indicate from which countries NSA gathers most data, but the exact meaning of the numbers has still not been clarified. We do know that BOUNDLESSINFORMANT counts metadata records, but what these records exactly are (for example: how many records are created by one phone call?), and how they are attributed to a specific country is not clear.

Communications by definition have two ends: the originating and the receiving end. When both ends are in the same country, it’s easy to attribute it to that particular country. But when the originating and the receiving ends are in a different country, how is such a communication registered? Maybe for both countries, although that would make many of them appear in these numbers twice.

United States

Edward Snowden saw the heat map with the 3 billion attributed to the United States as a proof that NSA was conducting domestic surveillance, although the heat map itself cannot provide sufficient evidence for that. The 3 billion could very well relate to foreign communications which are just transiting the US or to the American end of for example phone calls where the other end is a foreign suspect. Somewhat more information could have been provided by the bar charts for the US, but these haven’t been published.

The number of 3.095.553.478 for the United States is the aggregated total. The number of internet records (DNI) for the US is 2.892.343.446, which leaves just 203.210.032 telephony records (DNR) or 0,065% of the aggregated total. In a table this looks like this:

United States total:

Internet records (DNI):

Telephony records (DNR):

3.095.553.478 per month

2.892.343.446 per month

203.210.032 per month

This tiny share for telephone metadata is rather strange given the fact that NSA is collecting all American phone records, but does not so with internet metadata. This seems to indicate that these domestic phone records are not counted by BOUNDLESSINFORMANT and that the internet records are from communications with at least one end foreign. 

NSA divisions

With a BOUNDLESSINFORMANT chart about the NSA’s Special Source Operations(SSO) division published in Greenwald’s book, we can also compare the number of data collected by this division with the total number of NSA data collection. We see that SSO, which is responsible for tapping the world’s main fiber optic cables, accounts for 72% of all data:

NSA worldwide total:

Special Source Operations (SSO):

Other NSA divisions:

221.919.881.317 (100%)

160.168.000.000 (72%)

61.751.000.000 (28%)

This leaves the remaining 28% of the data to be collected by NSA’s other main divisions: Global Access Operations (GAO), which operates mobile collection platforms like satellites, planes, drones and ships, and Tailored Access Operations (TAO), which collects data by hacking into foreign computer networks. The remaining 28% could also encompass data collected by the joint NSA/CIA Special Collection Service (SCS) units and by 3rd Party partner agencies.


BOUNDLESSINFORMANT chart about the SSO division

SSO Collection programs

From the BOUNDLESSINFORMANT chart about Special Source Operations we can see how the total number of data collected by this division breaks down into the 5 biggest collection programs. From other charts we also know the numbers collected by some other programs, and these are added here too:

SSO worldwide total:

DANCINGSOASIS (US-3171):

SPINNERET (US-3180):

MOONLIGHTPATH (US-3145):

INCENSER (DS-300):

? (US-3721):

FAIRVIEW (US-990):

SOMALGET (US-3310):

ACIDWASH:

MUSCULAR (DS-200B):

Other programs in total:

160.168.000.000 (100%)

57.788.148.908 (36%)

23.003.996.216 (14%)

15.237.950.124 (9%)

14.100.359.119 (9%)

13.255.960.192 (8%)

6.142.932.557 

3.000.000.000 

1.050.000.000 

181.280.466 

26.412.000.000 

This listing shows that roughly one third of the data from telecommunication cables are collected by just on single program: DANCINGOASIS. Another third part is intercepted by the programs ranking second, third and fourth, but despite their weight, we still don’t know more about them than just their names. Finally, the last third part of this type of collection is divided into numerous smaller and very small programs, a number of which have been disclosed through the Snowden-documents.

Metadata from a number of big and important SSO collection programs are processed by a system codenamed SHELLTRUMPET. As can be read in the document below, this system processed almost 500 billion metadata records in 2012, which gives an average of 41,6 billion a month, but by the end of 2012 SHELLTRUMPET was already processing 2 billion call detail records a day, which would make 60 billion a month:


As no BOUNDLESSINFORMANT chart about PRISM was published, we do not know the ranking of that famous collection program. Another source (pdf) says that under PRISM, more than 227 million “internet communications” are collected annually, which is ca. 19 million a month, but it is not known whether these “internet communications” are the same kind of records as presented by BOUNDLESSINFORMANT.

Shared by partner agencies

NSA also gets data provided by 3rd Party partner agencies. These are counted by the BOUNDLESSINFORMANT tool too, as we know from charts about a number of European countries:

Germany (US-987LA + US-987LB):

Poland (US-916A):

France (US-985D):

Spain (US-987S):

Italy (US-987A3005):

Norway (US-987F):

Denmark (?):

The Netherlands (US-985Y):

553.044.811

71.819.443

70.271.990

60.506.610

45.893.570

33.186.042

23.000.000

1.831.506

The total number of data received from these eight countries is ca. 859 million a month, which is just a tiny 0,0038% of NSA’s overall collection as counted by the BOUNDLESSINFORMANT tool.

Initially, Glenn Greenwald reported in various European newspapers that these numbers represented the phone calls of European citizens intercepted by NSA. But gradually it came out that his interpretation was wrong.

The charts actually show numbers of metadata that were collected from foreign communications by European military intelligence agencies in support of military operations abroad. These data were subsequently shared with partner agencies, most likely through the SIGDASYS system of the SIGINT Seniors Europe (SSEUR) group, which is led by NSA.

Links and Sources



No comments: