Report: NSA Was Granted Order to Snag Millions of Verizon Call Records for 3 Months

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.wired.com/threatlevel/2013/06/nsa-verizon-call-records/

The National Security Agency obtained a court order to collect the
call records of millions of Verizon customers, according to a secret
document obtained by the Guardian.

The sweeping order, issued by the Foreign Intelligence Surveillance
Court, requires Verizon to give the NSA metadata on all calls within
the U.S. and between the U.S. and foreign countries on an “ongoing,
daily basis” for three months.

The data includes the phone numbers of both parties involved in the
calls, the International Mobile Subscriber Identity (IMSI) number for
mobile callers, calling card numbers used in the call, and the time
and duration of the calls. It does not include the name or address of
the subscriber or other account information, nor does it allow the
content of calls to be recorded and collected. It may, however,
include the location of the calls through cell site data.

The classified order was issued to the FBI by the secretive court on
April 25 and allows the government to collect data until July 19 and
hand it over to the NSA. The order came with a gag requirement that
prevents Verizon from disclosing its existence. It covers only
Verizon, and it’s not clear if other phone companies received similar
orders.

The document reveals for the first time that the NSA is continuing to
do massive datamining on millions of U.S. citizens under the Obama
administration — a practice that spawned extensive criticism after it
was first exposed in 2006 as part of a secret Bush Administration
program that began in the wake of the 9/11 terrorist attacks.

The dragnet collection of data would allow the government to build a
massive database of transactional records to map connections and
relationships between callers. Although Verizon is not required to
hand over caller subscriber information under the order, this doesn’t
mean the NSA can’t identify the owners of phone numbers on its own.
Intelligence and data collected from other sources can help match the
names of accountholders to the numbers collected in the sweep.

“From a civil liberties perspective, the program could hardly be any
more alarming,” Jameel Jaffer, deputy legal director for the American
Civil Liberties Union said in a statement. “It’s a program in which
millions of innocent people have been put under the constant
surveillance of government agents. It’s analogous to the FBI
stationing an agent outside every home in the country to track who
goes in and who comes out.”

The law under which the records are being obtained is the “business
records” provision of the controversial Patriot Act, which was passed
following the 9/11 terrorist attacks. Although an amendment to the
Foreign Intelligence Surveillance Act in 2008 allowed the government
to conduct bulk collection of all e-mails, phone calls and text
messages, this involved only communications where one party to the
conversation was thought to be overseas.

The court order for Verizon covers all wholly domestic communications
as well, which may be why authorities used the Patriot Act provision
in this case.

According to the Guardian Senators Ron Wyden (D-Oregon) and Mark Udall
(D-Colorado), members of the Senate Intelligence Committee, have been
trying to warn the public for the last two years about the Obama
administration’s secret and extreme interpretations of the business
records provision to justify stunning levels of domestic surveillance,
but have been unable to do so directly.

USA Today first reported in 2006 that the NSA had been “secretly
collecting the phone call records of tens of millions of Americans,
using data provided by AT&T, Verizon and BellSouth” in order to
produce and analyze calling patterns.

“It’s the largest database ever assembled in the world,” one anonymous
source told the paper at the time, saying that the NSA’s goal was “to
create a database of every call ever made” within the nation’s
borders.

Bell South categorically denied the story at the time, but Verizon and
AT&T delivered carefully parsed statements that left open the question
of whether they had provided the NSA with data.

The recent court order suggests that the collection has continued or
at least resumed under the Obama administration.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.