Feeds

NSA spies recorded an entire COUNTRY'S phone calls for a MONTH: Report

Targeted surveillance? Pull the other one

Providing a secure and efficient Helpdesk

The NSA is recording all of the voice calls in one unnamed country and keeping those recordings for 30 days at a time as part of a previously undisclosed rolling wiretap programme, according to leaks recently published in WSJ.

Millions of voice "cuts" are extracted for long time storage as part of a system called MYSTIC that's been running since 2009, according to the latest tranche of leaked documents from NSA whistleblower Edward Snowden.

Analysts have been able to use a search tool called RETRO (retrospective retrieval) to query data on the vast system and replay the content of calls.

The Washington Post, which first published this latest information, is acting on a request from US officials to withhold anything that might identify the country where the system is being employed – or the other six countries where its use is planned.

MYSTIC is rare, if not unique, in focusing on the content of voice communications. Most of the agency's previously disclosed operations have focused on either call metadata or the data mining of electronic communications through programmes such as PRISM.

Handling and transmitting bulky voice files acted as a major snag in putting together MYSTIC, at least in its early days. Around a year after MYSTIC went live, a programme officer wrote that the project "has long since reached the point where it was collecting and sending home far more than the bandwidth could handle," the Washington Post reports.

Similar capacity ceilings have cropped up across a range of NSA collection programs, a factor that explains the spy agency's move to cloud-based collection systems and the construction of a massive “mission data repository” at a new facility in Utah, the Washington Post adds.

An indiscriminate bulk content collection programme, even one that operates in a limited number of foreign countries, sits uncomfortably with a January reassurance by President Obama that the "United States is not spying on ordinary people who don’t threaten our national security”.

Christopher Soghoian, principal technologist for the American Civil Liberties Union, said that history suggests the MYSTIC program is only to "expand to more countries, retain data longer and expand the secondary uses” over the next couple of years or so. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.