The Guardian newspaper today reports not just on how the NSA harvests a staggering 200 million text messages worldwide a day, which are analysed for location data, contact networks, and credit card details, but how sister UK spying organization GHCQ uses this information to spy on its own citizens, even ones who are not under suspicion of illegal activity.
Documents obtained by whistle-blower Edward Snowden (which include a 2011 presentation charmingly titled ‘SMS Text Messages: A Goldmine to Exploit’) seem to have an almost unlimited capacity to shock, and the latest ones published by the Guardian in collaboration with Chanel 4 are no exception,
- ‘On average, each day the NSA was able to extract:
- More than 5 million missed-call alerts, for use in contact-chaining analysis (working out someone’s social network from who they contact and when)
- Details of 1.6 million border crossings a day, from network roaming alerts
- More than 110,000 names, from electronic business cards, which also included the ability to extract and save images.
- Over 800,000 financial transactions, either through text-to-text payments or linking credit cards to phone users.’
Individuals’ physical movements were also tracked using an average of 78,000 text messages a day, using information such as requests for directions, meeting setups, itinerary texts send by travel agencies, and texts regarding cancellations and delays to travel plans.
A GHCQ document stated that the program, codenamed DISHFIRE, collects ‘pretty much everything it can.’
While the NSA made strenuous efforts to strip out data relating to US citizens, non-US citizens receive no such protection, and in the UK’s case the NSA shared the data with GCHQ. Under UK law GHCQ researchers are only allowed to access metadata, not the content of messages, although the content of messages is still stored and not deleted,
‘In contrast to [most] GCHQ equivalents, DISHFIRE contains a large volume of unselected SMS traffic. This makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years before the target was known to be of interest.’ (emphasis original) GHCQ memo.
The only thing stopping GHCQ researchers form accessing message content is that they are required to check a box to hide the information from their eyes,
‘You may run a search of UK numbers in DISHFIRE in order to retrieve only events data… [details given on how to select this setting]… this will now enable you to run a search without displaying the content of the SMS, especially useful for untargeted and unwarranted UK numbers.’
Although only metadata’s is allowed to accessed (for now), this still provides a great deal of information to GHCQ,
‘It is also possible to search against the content in bulk (e.g. for a name or home telephone number) if the target’s mobile phone number is not known.’
As usual, a GHCQ spokesman refused to discuss details when questioned over the matter, and insisted that,
‘Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.’