Wednesday, January 28, 2015

13 ways the NSA spies on us

Over the last year, through the revelations of Ed Snowden and independent reporting by others, we've learned more and more about the National Security Agency's spying programs. Indeed, there have now been so many revelations that it can be hard to keep them straight. So here's a handy guide to the most significant ways the NSA spies on people in the United States and around the world.

1. The NSA collects every American's phone records


(Chris Goldberg)

This was one of the first programs revealed by Snowden and it continues to be one of the most controversial. The Patriot Act allows the NSA to obtain business records that are relevant to terrorist investigations. The government claims that this gives it the power to obtain records — phone number dialed, time and duration of call — about every domestic phone call in the United States. In January the Obama administration proposed changes to require judicial oversight of access to the database.

2. The PRISM program lets the NSA access private user data on leading online services


(Danja Vasiliev)

A slide disclosed by Snowden lists 9 major internet companies — Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple — as participating in the PRISM program. The program allows the NSA to get private information such as emails, Facebook messages, and stored documents. It's not known how carefully these information requests are scrutinized.

3. The NSA engages in offensive hacking operations


(Katie Dalton)

Tailored Access Operations is the NSA's elite hacking unit. While some other NSA programs collect information in bulk, TAO engages in targeted attacks on high-value targets. It is believed that the NSA has a large library of exploits, allowing it to hack into a wide variety of consumer gadgets and business IT systems.

4. The NSA taps long-distance internet connections


(Barta IV)

The NSA works with countries around the world to tap into underseas fiber optic cables carrying vast quantities of fiber optic data. There's also evidence that the NSA has been tapping into fiber optic cables in the United States.

5. The NSA intercepted data flowing within Google and Yahoo data centers


(Robert Scoble)

When you log into GMail, you'll see a "lock" icon indicating that communications between your computer and Google's server is protected by encryption. But until recently, Google didn't employ encryption when it moved data between its own servers. The NSA tapped into these connections and harvested large quantities of user data. Yahoo was also targeted.

6. The NSA spies on foreign leaders


German Chancellor Angela Merkel (Sean Gallup/Getty Images)

Recently there has been growing tension between the United States and Germany over charges that the NSA spied on the cell phone of German chancellor Angela Merkel. And she's not the only world leader who has allegedly been targeted by the US government. Brazilian president Dilma Rousseff and Mexican president Enrique Peña Nieto have also reportedly had their phone calls or emails intercepted. Documents released by Snowden suggest that at least 35 world leaders have been targeted by the NSA.

7. The NSA spies on millions of ordinary people overseas

The NSA has tapped into communications systems in Brazil and Germany — and likely other countries as well — to collect information about ordinary peoples' phone calls and emails.


Rio de Janiero (Terry Dunn)

8. The NSA tracks cell phone locations around the world


(Jerry Wong)

The NSA spies on cell phone networks around the world, collecting 5 billion records per day about the locations of users' cell phones. The agency isn't allowed to deliberately target cell phone users in the United States, but some American cell phone records are collected "incidentally."

9. From 2001 to 2011, the NSA collected vast amounts of information about Americans' internet usage


(Richard Masoner)

In 2001, the Bush administration began collecting data about Americans' internet usage. The data collected included the sender and recipients of emails, as well as information about which websites a user browsed. The program operated for two years under President Obama but was shut down in 2011.

10. The NSA has undermined the security of encryption products


(John O'Shea)

Over the last decade, the NSA has persuaded technology companies to modify their products to make them "exploitable" — that is, vulnerable to targeted attacks by the NSA.

11. The NSA uses tracking cookies to choose hacking targets


(Jeramey Jannene)

Most commercial websites have "tracking cookies," small bits of data that are stored on a user's computer to help with ad targeting. Documents released by Snowden shows that the NSA uses these cookies to identify users as hacking targets.

12. The NSA has cracked a popular standard for encrypting cell phone communications


(Raging Wire)

Most cell phone communications are encrypted to protect the privacy of users. But the NSA has cracked one of the most popular encryption standards, called A5, allowing them to intercept the contents of cell phone communications.

13. The NSA can record every phone call in a certain, unspecified, country and store it for 30 days



The Washington Post has reported that an NSA program allows the agency to record every phone call in an unspecified country, and store them for 30 days for later analysis. The Post didn't identify the country, but the Intercept has reported that the program is being used in the Bahamas.

Update: I modified #13 to include the Intercept's reporting about the phone program being used in the Bahamas.

Get Vox in your inbox!

By signing up, you agree to our terms.

Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot username?

We'll email it to you.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Try another email?

Forgot username?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.