Shortly after the earliest articles sourced to Edward Snowden appeared, Americans newly aware of the cell phones in their pockets started wondering: Would the NSA ever collect the location data that all of us generate? The possibility proved worrisome to the public and privacy experts alike. A surveillance state that routinely tracked our movement would feel dystopian and enable abuse, as various TV, web, and print commentators noted.
Even Congress seemed to be concerned. A letter signed by 26 senators declared that NSA bulk collection of phone records has a significant impact on privacy.* "This is particularly true if these records are collected in a manner that includes cell phone locational data, effectively turning Americans' cell phones into tracking devices," it stated. "Has the NSA collected or made plans to collect Americans’ cell-site location data in bulk?"
Now we know that the answer is yes.
"The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world," the Washington Post reported on December 4, noting "a vast database that stores information about the locations of at least hundreds of millions of devices." Many Americans are affected by the tactic (emphasis added throughout):
The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.
One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data are often collected from the tens of millions of Americans who travel abroad with their cellphones every year.
A subsequent Post article notes that the NSA is also "using commercially gathered information to help it locate mobile devices around the world, the documents show," explaining, "many smartphone apps running on iPhones and Android devices, and the Apple and Google operating systems themselves, track the location of each device, often without a clear warning to the phone's owner." Back in October, we also found out that the NSA had "once tested whether it could track Americans' cell phone locations," and that in doing so, the secretive agency even acquired some "samples" of location data, which it may still have.
Put simply, everyone who feared that the NSA collects location data on Americans was correct. But they didn't learn that back when they expressed those fears.
Quite the contrary. On multiple occasions, Obama Administration officials spoke about the collection of cell-phone location data in ways that were often technically accurate but wildly deceptive. In so doing, they succeeded in confusing the surveillance debate and creating the inaccurate impression that location data wasn't being collected.
This is a review of their deceptions.
Fooling the Wall Street Journal
One of the earliest successes at leading the public astray came in a June 16, 2013, Wall Street Journal article:
The National Security Agency sweeps up data on millions of cellphones and Internet communications under secret court orders. But as it mounts a rigorous defense of its surveillance, the agency has disclosed new details that portray its efforts as tightly controlled and limited in scope, while successful in thwarting potential plots. On Sunday, officials said that though the NSA is authorized to collect "geolocational" information that can pinpoint the location of callers, it chooses not to. A secret court order that was made public earlier this month directed Verizon Communications Inc. to turn over to the NSA "comprehensive communications routing information." Under this authority, NSA would have the ability to collect data on locations of calls placed or received, a U.S. official said Sunday.
Other major phone companies including AT&T and Sprint also operate under similar orders, former officials say.
As part of this program, however, the NSA chooses not to collect such data as the nearest cellphone tower used to place or receive a mobile call, U.S. officials said. In a statement released this weekend, the Office of the Director of National Intelligence said the NSA program doesn't collect "any cell phone locational information." Such information has been found to be of value to criminal investigators, who can use it to link suspects with crime scenes. However, the U.S. official said the data doesn't provide sufficient intelligence value to justify the resources that would be required to use it.
The U.S. officials were sufficiently misleading with their statements that the WSJ reporters led their readers astray in the lede, where they neglected to include the seemingly unimportant but actually crucial caveat, "as part of this program." That caveat made what their sources told them technically accurate. The NSA apparently wasn't collecting location data as part of its Section 215 bulk-metadata-collection program (the one revealed in that initial Glenn Greenwald story about the NSA getting phone records on all Verizon customers)—it was collecting location data under different programs that had yet to be revealed.
Had the reporters known the truth, they may not have contextualized the story with language about an NSA surveillance effort that is "tightly controlled or limited in scope," and they certainly wouldn't have included the highly misleading line from the official who implied that location data wasn't collected because the resources required didn't justify it. When he said that, massive resources were being expended to collect location data!
Misleading Americans on Capitol Hill
On June 18, General Keith Alexander, the head of the NSA, spoke publicly about the Snowden revelations for the first time. He complained that the debate about NSA surveillance was being fueled "by incomplete and inaccurate information, with little context provided on the purpose of these programs, their value to our national security and that of our allies, and the protections that are in place," implying that he would provide a much needed corrective. Addressing the purpose of his testimony before Congress that day, he said that "we will provide additional detail and context on these two programs to help inform that debate," and soon gave the floor to Deputy Attorney General James Cole.
Let me go through a few of the features of this. First of all, it's metadata. These are phone records. These—this is just like what you would get in your own phone bill. It is the number that was dialed from, the number that was dialed to, the date and the length of time. That's all we get under 215. We do not get the identity of any of the parties to this phone call. We don't get any cell site or location information as to where any of these phones were located. And, most importantly, and you're probably going to hear this about 100 times today, we don't get any content under this. We don't listen in on anybody's calls under this program at all.
Again, this is technically accurate. Cole limited his remarks to data collected under Section 215. At the same time, the context of his testimony was a nation and a legislature upset at revelations of sweeping NSA spying that they didn't know about—and a desire to clarify just how far the secret agency goes in its surveillance. In order to obscure those questions, Alexander and Cole proceed as if everyone is gathered because of an intense and narrow focus on Section 215, which just happened to be the first program that the Snowden leaks made public. The average American watching the hearing on television or hearing a soundbite on the news would understandably conclude from the words spoken that the NSA was not collecting Americans' cell-phone location data.
Misleading Words From the Department of Justice
On June 24, the Los Angeles Times headline seemed definitive enough: "NSA does not collect cellphone location data, officials say." Here's how it begins:
The U.S. Justice Department has told a court in Florida that the government does not secretly track the location of Americans' cellphones as part of its massive phone surveillance dragnet, but asking experts to believe that assertion has proved to be another matter. The basic privacy question raised in the recent revelations—has the government been tracking American phone users?—remains muddied by a vaguely worded, top-secret court order and an ensuing series of carefully worded denials. The Justice Department's response—declining to release secret tracking data on phone locations because it purportedly doesn't have it—almost immediately raised new questions.
His client's phone company, MetroPCS, didn't keep phone location data dating back to 2010, so Louis, citing the leaked court order, said the NSA might be the only entity that still held the old records and thus had an obligation to turn them over. The government's response to Lewis' request, filed with the court last Wednesday, says the NSA does not have such a capability: The agency didn't collect location data under the phone surveillance program, so there were no records to turn over, the court filing said.
"The program described in the classified [Foreign Intelligence Surveillance Act court] order cited by the defense did not acquire such data," the filing stated, adding that "the government has no reason to believe" location data were being held by the government that could be turned over for the criminal case.
Once again, the government statement was sufficiently misleading to cause the newspaper to inadvertently misrepresent the truth in its paraphrase: The government didn't state that location data wasn't being held, just that it wasn't being held under Section 215. DOJ was able to sidestep the request in court in part because the Florida lawyer cited the wrong program when asking for the records. And once again, Americans reading about the story and as yet unaware of programs beyond Section 215 thought, maybe our location date is secure after all.
James Clapper Misleads in a Letter
On July 26, Director of National Intelligence James Clapper wrote a letter to Senator Ron Wyden in which he addressed the civil-libertarian's concerns, including questions about the NSA tracking Americans' location data.