‘NSA Gone Wild’ in the Bahamas, Mexico, Kenya, the Philippines and more

Despite President Obama’s repeated promises that the United States government is not listening to your calls, it appears that analysts have been using a surveillance program that does just that—if you happen to be calling the Bahamas or another, unknown country.

NSA collecting all cell metadata in five countries

The National Security Agency has been monitoring the entire telecommunications systems of five countries, recording and storing all calls made in two of those countries. According to a report published Monday by The Intercept, an NSA program called SOMALGET enables the NSA to collect and store the content of billions of phone calls. A 2012 NSA memo describes SOMALGET as “a family of collection systems . . . deployed against entire networks” in order to collect both “full take metadata” and “full take audio” from an nation’s telecommunications system. SOMALGET is a subprogram of a broader NSA Special Source Operation program called MYSTIC, which uses pre-existing telecoms infrastructure—the data collection systems telcos use for legitimate business purposes—to amass metadata from the telecommunications networks in Mexico, Kenya, the Philippines, the Bahamas and another country (not named by The Intercept for due to a credible threat of increased violence). SOMALGET is apparently only employed in the Bahamas and the unnamed country.

All bulk collection, whether of billing records and metadata or the actual content of calls, is inherently disproportionate, violates user privacy, and chills free expression. Access sees this news as further indication that the NSA is out of control and that swift new legislative reforms are urgently needed.

Out of oversight = out of control data mine 

As operated in the Bahamas, SOMALGET collects data by piggybacking on Drug Enforcement Administration telecommunications “intercepts.” The DEA requests these intercepts (ostensibly legal wiretaps) to facilitate international investigations. Obliging host countries—like the Bahamas—contract with private firms that install and maintain the equipment which enables DEA access. The NSA has evidently used these intercepts to collect considerably more information than was originally disclosed to the host country. Calls recorded by SOMALGET are stored for approximately thirty days, “depending on space, power, and observed activity levels.” This enables NSA analysts to follow up on “tentative analytic conclusions derived from metadata” by retrieving recorded phone calls. As of 2012, the NSA’s data warehouse could store five billion call events and had “the capacity to expand well beyond” its target communications.

SOMALGET has enabled the bulk collection and storage of call content, allowing analysts to retrieve content collected before an individual was under any suspicion. While previous reports have indicated that the NSA only collects call content from specific targets, the Agency has in fact employed a dragnet program for all call content in at least two countries, one of which, according to the State Department, poses “little to no threat” to Americans as a source of “terrorism, war, or civil unrest.”

Disturbingly, unlike other NSA programs which operate pursuant to the limited procedural protections in the Foreign Intelligence Surveillance Act, MYSTIC operates under Executive Order 12333, which was not mandated by Congress and does not provide for judicial oversight of any kind. Executive Order 12333 gives the Obama Administration carte blanche to create its own guidelines concerning the NSA’s use of information without the oversight of a FISA Court.

These new revelations underscore the pressing need for greater transparency and multibranch oversight of American surveillance initiatives. By abusing infrastructure installed for legitimate business purposes or limited criminal surveillance, the NSA provides a strong disincentive for international cooperation. Moreover, these programs violate the fundamental freedoms of hundreds of millions of innocent individuals, including Access team members in Kenya and the Philippines.

Access calls for an end to surveillance programs like MYSTIC and SOMALGET, which are essentially designed to violate privacy rights and vacuum up user data. These programs contravene international law and human rights standards as embodied in the International Principles on the Application of Human Rights to Communications Surveillance. Access urges Congress to implement reforms beyond the tepid measures contained in the version of the USA FREEDOM Act passed by the House of Representatives, which does nothing to meaningfully stem surveillance on users abroad. Access will continue to push for reform of the United States’ surveillance programs, especially Executive Order 12333 and the unchecked, unaccountable, and non-transparent surveillance of international users it allows.