Meet 'Boundless Informant,' the NSA's Secret Tool for Tracking Global Surveillance Data

New insights into the security agency's tracking of phone and computer information from around the world

[optional image description]

Screenshot of NSA slidedeck obtained by The Guardian

What does the NSA know, and how does it know it?

Just one of the many, many questions that has emerged again, and that has remained largely unanswered again, this week. And under the umbrella of that extensive question mark have been more discrete mysteries: How, actually, does the National Security Agency process the information it collects? How does it distinguish between international surveillance and domestic? And to what extent, when it comes to the surveillance it's been engaged in, does the agency convert the metadata it gathers into simply, you know, data?

New revelations published by (surprise!) The Guardian may shed some light on those questions. The NSA, Glenn Greenwald and Ewan MacAskill report, "has developed a powerful tool for recording and analyzing where its intelligence comes from." And that, in turn, they claim, raises questions about the agency's "repeated assurances to Congress that it cannot keep track of all the surveillance it performs on American communications."

The documents in question provide evidence of a data-mining tool with the Orwellian nickname of "Boundless Informant." The tool, according to a factsheet The Guardian obtained, "allows users to select a country on a map and view the metadata volume and select details about the collections against that country." It was designed, per one document, "to give NSA officials answers to questions like, 'What type of coverage do we have on country X' in 'near real-time by asking the SIGINT [signals intelligence] infrastructure.'"

The metadata includes information the NSA has collected from both computer and telephone networks.

According to a snapshot of a Boundless Informant heatmap that Greenwald and MacAskill obtained, which assigns each nation a color code based on how extensively it is subjected to NSA surveillance, the NSA collected 97 billion pieces of intelligence from computer networks worldwide in March 2013 alone.

[optional image description]
Snapshot, obtained by The Guardian, of Boundless Informant data. As Greenwald and MacAskill note, "the color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance)." The "2007" date in the image "relates to the document from which the interactive map derives its top secret classification, not to the map itself." Click here for a larger version. (The Guardian)

The country where the largest amount of intelligence was gathered was, unsurprisingly, Iran: Boundless Informant shows more than 14 billion reports in that period. The second-largest collection came from Pakistan, with 13.5 billion reports. Jordan -- which is, yes, one of America's closest Arab allies -- had 12.7 billion reports. Egypt came in fourth (7.6 billion reports), and India in fifth with 6.3 billion.

And when it comes to the U.S.? "The Boundless Informant documents show the agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013."

Again, as is the case with the phone-tracking and computer-monitoring programs that have come to light this week, the focus of Boundless Informant seems to be metadata rather than content. The point seems to be (again) pattern recognition and social network identification rather than direct eavesdropping.

Yet "other documents seen by The Guardian further demonstrate that the NSA does in fact break down its surveillance intercepts," Greenwald and MacAskill report, "which could allow the agency to determine how many of them are from the U.S." And "the level of detail includes individual IP addresses" -- which aren't direct proxies for individual users, but can contain users' location and other identifying information. 

Furthermore, as The New York Times notes in today's detailed report on NSA data-mining, "United States laws restrict wiretapping and eavesdropping on the actual content of the communications of American citizens but offer very little protection to the digital data thrown off by the telephone when a call is made." Those data were less of a concern in the past. Today, though, as the Times puts it, "if it is scanning for a foreign politician's Gmail account or hunting for the cellphone number of someone suspected of being a terrorist, the possibilities for what NSA calls 'incidental' collection of Americans are far greater."

In that sense, it's significant that the news of the Boundless Informant program, as The Guardian notes, "comes amid a struggle between the NSA and its overseers in the Senate over whether it can track the intelligence it collects on American communications." Particularly given the fact that, per the leaked documents, "the team responsible for Boundless Informant assured its bosses that the tool is on track for upgrades."

The NSA's position has been that "it is not technologically feasible" to track the intelligence collected on American communications. Which is a position that the agency continues to hold. As NSA spokeswoman Judith Emmel told The Guardian:

NSA has consistently reported -- including to Congress -- that we do not have the ability to determine with certainty the identity or location of all communicants within a given communication. That remains the case.