A new Snowden leak reveals that the NSA and major US mobile phone carriers colluded to gather the location of millions of people around the world, including Americans in the USA, people not suspected of any crime, in order to data-mine them and ascribe guilt to people based on whether they were in proximity to suspected terrorists.
The program, called CO-TRAVELLER, tracks at least "hundreds of millions" of devices on "a planetary scale, and comprises at least 27 terabytes of data. According to an NSA document, they are gathering location data more quickly than they can store it, and have been building out more capacity at speed.
Less than one percent of the Snowden documents have been made public to date. Snowden was tasked by his employer with consolidating training and briefing materials from the NSA, and so he had access to enormous amounts of sensitive details on the NSA's internal programs.
According to top-secret briefing slides, the NSA pulls in location data around the world from 10 major “sigads,” or signals intelligence activity designators.NSA tracking cellphone locations worldwide, Snowden documents show [Barton Gellman and Ashkan Soltani/Washington Post]
A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.”
STORMBREW collects data from 27 telephone links known as OPC/DPC pairs, which refer to originating and destination points and which typically transfer traffic from one provider’s internal network to another’s. That data include cell tower identifiers, which can be used to locate a phone’s location.
The agency’s access to carriers’ networks appears to be vast.
“Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This ‘flat’ trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one-stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.”