Arik Hesseldahl

Recent Posts by Arik Hesseldahl

What the NSA Wants to Know About You and Your Phone

So, now we know. We know beyond a shadow of a doubt that the U.S. government is tracking phone calls made by American citizens within domestic borders and to parties outside the country.

Strangely, it took a British newspaper to reveal this fact. The Guardian reported yesterday that it had obtained a copy of an order from the secret Foreign Intelligence Surveillance Court to the telecom giant Verizon. The order directed the company to hand over what it describes as “telephony metadata” to both the FBI, America’s national law enforcement agency, and the National Security Agency, the super-secret agency tasked with both protecting the sensitive official communications of government officials and spying on the communications of other countries.

The order by the secret FISA Court (calling it a “court” is charitable; it exists in a secret, secure room on the top floor of the the Washington, D.C., headquarters of the U.S. Department of Justice) gives those agencies unfettered access to the calling records of customers on Verizon’s network but within a curiously limited framework of time — between the dates of April 25 and July 19 of this year.

So what is telephony metadata? First and foremost, it’s not recordings or transcripts of phone conversations. Rather it is information about calls. The order describes it like so:

Telephony metadata includes comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call. Telephony metadata does not include the substantive content of any communication, as defined by 18 U.S.C. § 2510(8), or the name, address, or financial information of a subscriber or customer

Let’s sort through what each of these things are. The information being collected includes the number of the phone making the call and the number of the phone receiving it, when the call was made and how long the conversation took place. Essentially, the FBI and NSA are being furnished with an incomplete copy of the phone bill of all Verizon customers.

What else is covered under the phrase “telephony metadata”? The IMSI, or International Mobile Subscriber Identity, is a number that associates a phone with a wireless network. Think of it as a Social Security number for your phone. If someone wants to track you by way of your mobile phone, having that number makes the job incrementally easier for anyone with the technical means to do it. (To do it, you would need a piece of equipment called an IMSI catcher, which you can buy.) For that reason, the IMSI number is rarely transmitted on the network itself. Instead, a TMSI, or Temporary Mobile Subscriber Identity number, is randomly generated in its place and assigned to your phone when it joins a wireless network.

IMSI numbers are used to identify phones when they pop up on wireless networks, and as such they can be used to determine a phone’s location. Gather enough information on a particular IMSI number and you can tell with a fair degree of accuracy where the person carrying the phone has been. So there’s a pretty good chance that the FBI and NSA have not only been tracking who you’ve been calling and when, but where you were when you made the calls. Creeped out yet?

This brings us to the second unique number covered in the court order: The IMEI, or International Mobile Station Equipment Identity. In the arcane lingo of radio communications, your phone is a “mobile station,” and it has a unique serial number. It’s easy to look up: Dial *#06# on most phones and the number just appears on the screen. If you have an iPhone, you can also find it in the phone information screen on iTunes when it’s connected to your computer. The IMEI number is specific to your phone, and it has some practical uses: When your phone is reported lost or stolen, the carrier marks the number as “disabled,” so it can’t make any more calls.

So, what might be the logical reasons that these agencies want this information in the first place? Laying aside the limited time range involved — April 25 to July 19 — the most obvious use is pattern recognition and correlation. Wireless phones have become quite literally the most useful indicator of human behavior the world has ever seen. They go everywhere we do and in a sense know us better than we know ourselves, because they create, whether we intend them to or not, an irrefutable record of data that can be used to understand our patterns and habits.

This information can then be analyzed for variances and other interesting correlations. It’s essentially a “big data” problem. Huge troves of data are mined and analyzed for the purpose of finding useful patterns. It’s a fashionable phrase used in business and technology circles, and is meant to convey the idea that there is meaning and understanding lurking within an otherwise meaningless and massive collection of information. Now that we live in an age where data storage is inexpensive and computing power all but limitless, finding that meaning and achieving that understanding is simply a matter of will.

Clearly, the will exists, or the court order would not have been sought or granted. But will implies intent, and we can only guess at that intent. Officials in all branches of federal government have a long history of overstepping their legal authority and of abusing outright the powers granted them by their boss.

That boss, by the way, is us.

At this, it’s worth reminding ourselves what the boss’s policy is. It’s contained within the Fourth Amendment to the Constitution:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

There’s not a lot of wiggle room there. It would seem an explanation is in order. The problem is that the government has given itself secret authority to interpret the law as it sees fit. In 2012, two U.S. senators, Ron Wyden of Oregon and Mark Udall of Colorado (Democrats both), warned about this in a letter to Attorney General Eric Holder, sharply criticizing the Obama Administration’s use of “secret law” and “secret legal interpretations” of certain sections of the U.S. Patriot Act. (I’ve embedded it below.)

As the senators say in the letter: “There is now a significant gap between what Americans think the law allows and what the government secretly claims the law allows.”

If it seems like the government is behaving in an arbitrary and capricious manner, it probably is. Perhaps it’s time to look in on the hired help.

Senators Ron Wyden, Mark Udall Letter to Attorney General Holder

Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik