STE WILLIAMS

The National Security Agency (NSA) collects hundreds of millions of text messages from around the world every day, according to the latest revelations from Edward Snowden.

Channel 4 and the Guardian newspaper report that NSA spies collect and store around 200 million messages per day for the purposes of extracting metadata including location data, credit card information and contacts.

The Guardian reports that the documents also reveal that British spies were given access to the collected metadata, but not the actual content, of text messages sent to and from British citizens.

According to GCHQ documents the program, codenamed Dishfire, collects “pretty much everything it can” as opposed to merely collecting communications data from current surveillance targets.

The secret program has been in operation from at least May 2008 and, by April 2011, was intercepting 194 million text messages per day. While that number may sound huge, it is only a drop in the ocean when you consider that Paul Lee, head of telecoms research at Deloitte, predicts that 50 billion such messages will be sent every day across the globe in 2014.

A leaked top secret presentation, dubbed “Content Extraction Enhancements For Target Analytics. SMS Text Messages: A Goldmine to Exploit”, gives us some idea as to the type of information being collected around the world each day.

For example, Dishfire collected data on over 6 million changes of SIM card, 5,314 instances of travel plans and over 800,000 financial transactions, including bank activity, credit card payments made to individuals and phone to phone money transfers. Dishfire even recorded the geocoordinates for 76,000 sent messages.

Documents shown in the Guardian report suggest that US phone numbers are removed from the database in accordance with US law but others, including those based in the UK, are retained.

To read the content of a message GCHQ requires a warrant, but it is allowed to search for “events” data relating to UK numbers – that is, who is contacting who and when it is happening.

It can also go back and access historical messages sent by and to a valid target, before the target was known to the authorities, once a warrant has been obtained. The Guardian quotes a GCHQ memo:

In contrast to [most] GCHQ equivalents, DISHFIRE contains a large volume of unselected SMS traffic. This makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years before the target was known to be of interest.

A separate GCHQ memo highlights the breadth of Dishfire by asking security analysts to limit their searching to 1,800 phone numbers at a time.

There was no immediate reaction to these revelations from the NSA but a GCHQ statement said:

All of GCHQ’s work is carried out in accordance with the strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate and that there is rigorous oversight.

Speaking to Channel 4 news Stephen Deadman, group privacy officer and head of legal for security, privacy and content standards at Vodafone group, commented:

What you’re describing sounds concerning to us because the regime that we are required to comply with is very clear and we will only disclose information to governments where we are legally compelled to do so, won’t go beyond the law and comply with due process.

We’re going to be contacting the Government and are going to be challenging them on this. From our perspective, the law is there to protect our customers and it doesn’t sound as if that is what is necessarily happening.

The former Interception Commissioner, Sir Swinton Thomas, said that the practice was “a worry,” before going on to tell Channel 4 news:

Certainly in my time I would take the view that it’s not open to our intelligence services to obtain or certainly to use communications or data which would not have been lawful in this country.

It’s not dissimilar to the question: Do you use material which you may have reason to believe has been obtained by torture? It’s a different area of course, but the concept is very similar.

Follow @Security_FAQs
Follow @NakedSecurity

Image of texting courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/OG6JUm5GwXg/