Privacy SOS

The government can go back in time and listen to calls you made before you were a target

Back in May 2013, a former FBI agent went on national television and twice told the American public that "all digital communications" are recorded and retained for posterity by US government agencies. Those comments came just a month before the first Edward Snowden leaks rocked the world. Later that June Glenn Greenwald, the reporter to publish the first of the Snowden leaks, told an audience in Chicago that the NSA collects the content of one billion phone calls per day.

Now we finally have some sense of how that mass of data is decrypted by the all-knowing spy agency. Jeremy Scahill and Josh Begley report for The Intercept:

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

When FBI agent Tim Clemente said on television in May 2013 that the federal government had the ability to go back in time and listen to all of Tamerlan Tsarnaev's phone calls, it wasn't at all clear exactly how the NSA might technically do such a thing. In order for spy agencies to make use of phone calls harvested en masse, they not only have to collect and store every phone call made in the United States. They also have need the encryption keys to unscramble the conversations, to turn the bits of data into something meaningful to intelligence analysts. This latest Snowden leak shows us the NSA and FBI apparently have no problem doing the latter.

As the ACLU's technology expert Chris Soghoian told The Intercept,

Key theft enables the bulk, low-risk surveillance of encrypted communications. Agencies can collect all the communications and then look through them later. With the keys, they can decrypt whatever they want, whenever they want. It’s like a time machine, enabling the surveillance of communications that occurred before someone was even a target.

The US Attorney's office in Massachusetts prosecuting Tamerlan's little brother for the bombings has said in court that the government isn't sure who built the bombs that detonated at the marathon, or where they were built. If Greenwald and Clemente are correct when they say the US national security state sucks up huge quantities of cell phone content every day, the spies, armed with the keys to decrypt those conversations, should be able to go back a listen to all of the Tsarnaevs' phone calls to try to find out what happened.

But even if they use their gargantuan surveillance state to figure out who is responsible for the attacks, it's obvious that their Collect It All approach didn't stop the bombs from exploding back in April 2013.

The surveillance state grows bigger every day, threatening individual security and freedoms and making a mockery out of the rule of law. But in the absence of evidence that NSA surveillance has stopped a single terrorist attack, it's not at all clear what good it does for any of us.

© 2021 ACLU of Massachusetts.