Surveillance Techniques: How Your Data Becomes Our Data

In 2001, NSA published the secret "Transition 2001" report defining our strategy for the 21st century. No longer could we simply access analog communications using conventional means, the new digital world of globally-networked encrypted communications required a dramatic change to our surveillance strategy: NSA would need to "live on the network".

We've turned our nation's Internet and telecommunications companies into collection partners by installing filters in their facilities, serving them with secret court orders, building back doors into their software and acquiring keys to break their encryption.





Backdoor Searches

Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides us with a bonanza of "incidental" data collected from ordinary Americans communicating with foreigners targeted by this sweeping law. This convenient loophole allows us to peruse this database in our never-ending search for the elusive "needle in a haystack".

Our Domestic Intercept Stations

NSA technicians have installed intercept stations at key junction points, or switches, throughout the country. These switches are located in large windowless buildings owned by the major telecommunication companies and control the domestic internet traffic flow across the nation. A fiber optic splitter is placed on the incoming communication lines and routes the traffic to an NSA intercept station for processing.



View a sample route that internet data traverses from a home in Toronto to the San Francisco Art Institute passing through several NSA intercept stations.









Larger version of map

More information about this map

Bulk Collection of U.S. Citizens' Phone Records

In the past, we used our close partnership with the FBI to collect bulk telephone records on an ongoing basis using a Top Secret order from the Foreign Intelligence Surveillance Court (FISC). The metadata we collected from this program gave us information about what communications you sent and received, who you talked to, where you were when you talked to them, the lengths of your conversations, and what kind of device you were using.



In mid-2015, Congress passed the USA Freedom Act sadly ending this valuable bulk collection program for the time being.

The PRISM Program: Our #1 Source of Raw Intelligence

Our partners at the FBI DITU (Data Intercept Technology Unit) extract information from the servers of nine major American internet companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. This important partnership gives us direct access to audio, video, photographs, e-mails, documents and connection logs for each of these systems.



Established in 2007, the Top Secret PRISM program has allowed us to closely track targeted individuals over time. Our ability to conduct live surveillance of search terms has given us important insights into their thoughts and intentions.





This slide lists our information providers and the type of data available to our analysts

To learn more about the PRISM program, view additional PRISM slides

Google Cloud Exploitation

The NSA "MUSCULAR" program allows us to conveniently conduct large-scale data gathering outside the jurisdiction of the Foreign Intelligence Surveillance Court by secretly tapping into the communication links between Google's data centers outside the U.S. The Special Source Operations (SSO) group discovered a clever way around Google's security measures giving us full access to the rich data Google stores on the cloud for its users.





Cellphone Tracking

Our bulk cellphone location tracking program captures almost 5 billion records a day and feeds into a massive 27 terabyte database storing information about the locations of a hundred million devices. By tapping into the cables that connect the mobile networks globally and working with our corporate partners to install intercept equipment, we can apply mathematical techniques that enable our analysts to map cellphone owners' relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. This "Co-traveler" program allows us to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

Spying Toolbox: The ANT Catalog

When the data we seek resides in places we cannot access using the above surveillance techniques, we rely on the technical experts in the Tailored Access Operations Group and their specialized tools from the ANT Product Catalog. The categories of available tools are listed below.

FBI Aviation Surveillance Operations (FBI Hawk Owl Project)

An FBI fleet of over one hundred specially-modified Cessna planes equipped with sophisticated camera systems in steerable mounts that can provide detailed video, night vision, and infrared thermal imaging quietly fly circular routes daily around many major U.S. cities tracking targets and gathering intelligence. Some of the planes use augmented reality software and sophisticated surveillance technology capable of tracking thousands of cellphones users.





FBI Aerial Surveillance in the Continental U.S.

Zoom in and click on the red map markers to view images of the unusual flight patterns in the FBI's targeted areas. View the map in full-screen mode.

FBI Aerial Surveillance in Hawaii

S. 1595: Protecting Individuals From Mass Aerial Surveillance Act of 2015

In June 2015, a Senate bill was introduced to "protect" our citizens from Mass Aerial Surveillance. We are happy to report that no action has been taken on this bill and we have every confidence that Congress will agree with us that mass surveillance "IS" protection for our citizens. You can track the progress of this ill-advised bill below.

Our Undersea Cable Tapping Strategy

By tapping into the worldwide network of undersea cables, our OAKSTAR, STORMBREW, BLARNEY and FAIRVIEW systems can process data as it flows across the internet. Each system is responsible for different types of intercepted data. For example, the BLARNEY system gathers metadata describing who is speaking to whom and through which networks and devices.



There are two methods employed for tapping into the undersea cable network. A modified nuclear submarine houses the technicians and gear needed to place the physical taps on the undersea cables along strategic points in the network. The second method involves using intercept probes at the point where the cables connect to the landing stations in various countries. These probes capture and copy the data as it flows onward.

XKeyscore: Our Real-Time Internet Monitoring Capability

As data flows through our worldwide data collection points, the XKeyscore system indexes and stores this information in a rolling three-day buffer database containing all internet activity passing through each collection site. XKeyscore is a massive distributed Linux cluster with over 700 servers distributed around the world.



The theory behind XKeyscore is simple: People spend a large amount of time on the web performing actions that are anonymous. We can use this traffic to detect anomalies which can lead us to intelligence by itself, or provide a selection path for further inquiries. Examples of anomalous events: Someone searching the web for "suspicious stuff" or someone who is using encryption.



This slide shows a worldwide map of the XKeyscore server locations

Tracking Our Surveillance Data: Boundless Informant

The "Boundless Informant" mapping tool provides our analysts the means to track intelligence collection statistics worldwide. Using a color-coded map, we can quickly determine the volume of collection data we have by geographical location. This global heat map assigns each nation a color code based on its surveillance intensity ranging from green (least subjected to surveillance) through yellow and orange to red (most surveillance). With the monthly domestic intelligence collection volume at almost three billion pieces, the United States is assigned the color orange.





Learn more about the Boundless Informant program

Surveillance Data from Other Sources

In addition to our own data collection activities, the Domestic Surveillance Directorate receives a constant flow of information from other sources. For more information about these sources, visit Our Partners page.