NSA’s Dishfire collected 200m texts per day: one per cent of total SMS traffic
The Guardian newspaper continues to produce startling revelations about the extent of US telecoms surveillance and eavesdropping, through its access to leaked top secret documents from NSA whistleblower Edward Snowden. With the UK’s own GCHQ agency having seemingly unlimited access to this information, circumventing the need for domestic political oversight, it raises major questions about privacy and accountability.
The latest revelations concern the NSA’s Dishfire program, which reportedly collects around 200m text messages per day from phone users in the US and overseas. In fact, the 200m figure is derived from an agency presentation from 2011, which revealed that Dishfire collected an average of 194 million text messages a day in April of that year. So, almost four years on, the daily total must be well in excess of 200m by now.
Even as a number out of context, 200m is huge, but then you have to remember what is the total daily SMS traffic.
In 2011, there were around 16 billion person-to-person SMS texts sent every day (give or take, depending on who is doing the research), a figure that doesn’t include OTT messaging. So, assuming we are talking about US billions, the 200m represents 1.25 percentage point of the total. To be able to collect – and process – just over one SMS message out of every 100 sent is a staggering technical achievement.
Apparently, Dishfire uses an unfocused approach to collection. Rather than limit its net to existing surveillance targets, it instead collects whatever it can. So with the annual volume of SMS messages now remaining flat, and processing capabilities increasing, this one per cent is certain to go far higher – if left unchecked.
Of course, it begs a couple of questions. Such as, how exactly is the NSA getting this traffic (with the full co-operation of telcos, or covertly?), and from where? For the moment, we’ll have to be content with speculation, as not surprisingly no-one is available to comment.
But one question we can answer is what the NSA does with these messages. According to a joint investigation between the Guardian and Channel 4 news, a second NSA program known as ‘Prefer’ conducts automated analysis on the untargeted messages. Here’s what they claim Prefer extracts on an average day:
More than 5m missed-call alerts, for contact-chain analysis (working out someone’s social network from who they contact and when),
Details of 1.6m US border crossings a day, from network roaming alerts,
Over 110,000 names from Vcards (including the ability to save images),
Over 800,000 financial transactions (through text-to-text payments or linking credit cards to phone users),
More than 76,000 separate geolocation data (such as requests for route information or to set up meetings).
The good news for US citizens is that communications from US phone numbers were removed from the database, but those of other countries, including the UK, were not. And given the UK’s apparent free access to the NSA’s database, GCHQ was able to utilise this data in ways not forseen by its political masters. For example, GCHQ apparently analyses the untargeted UK data to identify possible ‘persons of interest’, to develop new targets. All done without legal warrants.
Vodafone commented on the latest revelations, at the request of Channel 4 News. Its privacy officer and head of legal for privacy, security and content standards for the group said:
“It’s the first we’ve heard about it and naturally we’re shocked and surprised. What you’re describing sounds concerning to us because the regime that we are required to comply with is very clear and we will only disclose information to governments where we are legally compelled to do so, won’t go beyond the law and comply with due process. But what you’re describing is something that sounds as if that’s been circumvented. And for us as a business this is anathema because our whole business is founded on protecting privacy as a fundamental imperative.”
Later today, US President Obama is expected to give a speech outlining his response to a recent report from his NSA review panel. There is speculation that the whole Dishfire program will be discontinued, or at least radically changed, and that a little more consideration will be paid to the privacy rights of overseas citizens.
Meanwhile, and although not directly related it is of relevance, news emerges of a new smartphone launch at Mobile World Congress next month. Not just any phone though, this one is designed “to put privacy and control ahead of everything else. Ahead of carriers. Ahead of advertising.”
Designed by the Spanish firm Geekphone (which worked on the first developer model of a Firefox handset), the company says its Blackphone is “the world’s first smartphone which prioritizes the user’s privacy and control, without any hooks to carriers or vendors. It comes preinstalled with all the tools you need to move throughout the world, conduct business, and stay in touch, while shielding you from prying eyes.”
It apparently uses a forked version of Android, called PrivatOS. We’re pretty excited to find out more next month.