After PRISM, 'Boundless Informant' tool comes to light
Meet the U.S. National Security Agency's global intelligence tracking tool, Boundless Informant, the latest intelligence secret exposed by leaked information.
The stream of leaks revealing the U.S. National Security Agency's secrets carries on with the public outing of a powerful intelligence tracking tool.
In a fresh wave of documents obtained by The Guardian, the details of the NSA's data mining tool "Boundless Informant" are laid out for the world to see.
Whereasis involved in the collection of data, Boundless Informant focuses on organizing and indexing metadata. The tool categorizes communications records rather than the content of a message itself, such as a text message or phone call.
A leaked fact sheet (PDF) explains that almost 3 billion pieces of intelligence had been collected from U.S. computer networks in the 30-day period ending with March of this year, as well as indexing almost 100 billion pieces worldwide. Countries are ranked based on how much information has been taken from mobile and online networks, and color-coded depending on how extensively the NSA is spying on a country.
Users of the tool are able to select a country on Boundless Informant's "heat map" to view details including the metadata volume and different kinds of NSA information collection.
Iran is top of the surveillance list, with more than 14 billion data reports categorized by the tracking tool in March, with Pakistan coming in close second at 13.5 billion reports. Jordan, Egypt, and India are also near the top.
Levels of country-specific surveillance are color-coded depending on severity; green the least and moving through yellow and orange to red if a country is under heavy surveillance.
Example use cases include "How many records (and what type) are collected against a particular country?" and "Are there any visible trends for the collection?"
The other leaked document (PDF) says the tool is designed to give NSA officials answers to questions including what coverage the agency has on specific countries, how data collection compares in different regions, and how many records are being produced.
Both documents were protectively marked as "top secret" and "NOFORN" (which means not authorized for viewing by non-U.S. citizens).
According to the documents, Boundless Informant is hosted on corporate servers and leverages open-source FOSS technology. Raw data is analyzed and processed in the cloud. The level of data categorized can also be broken down to determine which intercepts originate from the U.S., and this detail includes IP addresses -- which can be tracked back to determine a user's country of origin, state, and city.
In a March hearing last year, NSA Director General Keith Alexander denied that the U.S. government spies on its citizens. When asked by Rep. Hank Johnson (R-Ga.) if the NSA has the technological capacity to identify citizens based on the content of their e-mails, Alexander said:
No, no, we don't have the technical insights in the United States. In other words, you have to have something to intercept or some way of doing that either by going to a service provider with a warrant or you have to be collecting in that area. We're not authorized to do that nor do we have the equipment in the United States to collect that kind of information.
The exposure of the NSA's internal Boundless tracking tool -- which is likely used only by the intelligence agency -- may cause some to doubt Alexander. The NSA has maintained its position and denies spying on U.S. citizens; a representative for the agency telling The Guardian:
NSA has consistently reported -- including to Congress -- that we do not have the ability to determine with certainty the identity or location of all communicants within a given communication. That remains the case. The continued publication of these allegations about highly classified issues, and other information taken out of context, makes it impossible to conduct a reasonable discussion on the merits of these programs.
The original version of this story appeared as "Boundless Informant: US gov't collects 100 billion surveillance records a month" on ZDNet.