The National Security Agency’s collection of phone data from all of Verizon’s U.S. customers is just the “tip of the iceberg,” says a former NSA official who estimates the agency has data on as many as 20 trillion phone calls and emails by U.S. citizens.
He called his figures “back of the envelope” estimates, adding that they include emails as well as telephone calls.
Mr. Binney, who left the agency in October 2001, said the data were collected under a highly classified NSA program code-named “Stellar Wind,” which was part of the warrantless domestic wiretapping effort — the Terrorist Surveillance Program — launched on orders from President George W. Bush.
The Terrorist Surveillance Program was revealed by The New York Times in 2005, but officials said it only monitored calls between Americans and suspected terrorists abroad. The Bush administration said it based the program’s legal authority on the president’s powers as commander-in-chief.
Congress subsequently amended the law governing wiretapping by spy agencies — the 1978 Foreign Intelligence Surveillance Act (FISA) — to provide legislative authority for the program and require supervision by the special secret court the 1978 act established.
Britain’s Guardian newspaper posted online late Wednesday a copy of the “Top Secret” FISA court order directing telecommunications giant Verizon to hand over “metadata” about every call made or received by all of its customers in the United States. Such metadata include the calling and receiving phone numbers, the time of day and length of the call, and the whereabouts of the two parties.
Mr. Binney noted the order’s serial number, which indicates it is the 80th issued by the FISA court so far this year. The court likely has approved similar orders for the other major U.S. telecom providers, he said, “and they have to be renewed every 90 days.”
The order excludes the actual content of communications, such as the sound of voices on the call or the text of an email.
“On its face, the order reprinted in the [Guardian] article does not allow the Government to listen in on anyone’s telephone calls,” a senior U.S. government official said in an email.
Democrats and Republicans on the congressional intelligence committees defended the order Thursday, asserting that the wide-scale collection of such data had enabled authorities to disrupt at least one terrorist attack and noting that a warrant would still be required to access the actual content of calls.
But Stephen B. Wicker, a professor of electrical and computer engineering at Cornell University, said the practical distinction between the metadata of calls and their content is rapidly disappearing because of technological advances, such as GPS features in mobile phones.
“There is a blurring of the line between content and context,” said Mr. Wicker, whose research focuses on privacy issues in wireless information networks.
Using analytical software, the NSA could use mobile phones’ metadata over time to paint a picture of where their users went, who they talked to and what their habits were, Mr. Wicker said.
“The metadata available is now so fine-grained that it reveals where we’re going, what we’re doing, what our preferences and beliefs might be and who our friends are,” he said.
Federal law and rulings by federal courts have consistently held that metadata, including information about the location of mobile phones, is not covered by the warrant requirements of the U.S. Constitution.
“Unfortunately, technology and the opportunities it presents for surveillance have outpaced our understanding of the Fourth Amendment,” Mr. Wicker said, citing the constitutional ban on unlawful searches and seizures.
In 2003, according to sworn testimony by a former AT&T engineer, the NSA began building a special room at the company’s switching center in San Francisco and at other AT&T switching centers around the country. Equipment in the room enabled NSA to siphon off a copy of every byte of data running through AT&T’s fiber-optic cable network, according to privacy advocates.