Skip to content ↓ | Skip to navigation ↓

Some are starting to consider Edward Snowden as the NSA’s old, boring uncle. His leaks grimly pass around secrets of the NSA: online surveillance disclosures, the MonsterMind program and privacy invasion of international governments. And still revelations about the NSA’s classified activities continue to tumble out.

The latest? The National Security Agency is supplying data to two dozen US government agencies courtesy of a “Google-like” search engine designed to share 850 billion records about emails, cellphone locations, Internet chats and phone calls, according to classified documents provided to The Intercept by none other than Edward Snowden.

The tool, called ICREACH, includes millions of records on innocent US citizens (not accused of any wrongdoing), as well as private communications of foreigners. While a multitude of NSA programs have been exposed for collecting large data of communications, and the NSA has admitted sharing some of the collected information with domestic agencies, no one had a clue about the scoop and insights of its sharing.

The particular NSA-built search engine lets the agency share a trove of metadata records not just with others in the CIA and NSA but also with government and domestic law enforcement agencies, such as the DEA and FBI.

The database includes records obtained through Executive Order 12333, which a State Department Official purported as the main program used by the NSA to collect its data; it is not subject to Congress oversight.

Started in 2007, ICREACH was originally intended to internally share data collected from several networks, for tracking suspect’s movements, reveal political or religion affiliations and associate networks.

However, according to a memo from 2010, the program has been accessible to nearly a thousand analysts working in more than 23 US government agencies that carry out intelligence work.

While analysts cannot access the content of phone calls or emails, the metadata in itself may be enough to put together a piece of a suspect’s present, past and potential future patterns.

ODNIThe NSA also notes the collected data includes protocols and formats that can be used to render the information for systems and people. So, the Google-like search engine acts as a portal for analysts to gather information from various databases to get an idea of a citizen’s activities.

The system can handle upwards of 5 billion records every day and the saved metadata has information concerning when and to whom phone calls are made or emails are sent. It may also reveal GPS location of a citizen’s device.

Those using ICREACH enter selectors, such as a phone number or an email address, and then are redirected to a page that includes relevant data – emails sent to a particular address or phone call records in a particular month.

Director of National Intelligence spokesman, Jeffrey Anchukaitis, declined to comment on a multitude of questions from The Intercept about the scope and size of ICREACH, but stated that information sharing has turned into “a pillar of the post-9/11 intelligence community” as a part of the endeavor to prevent valuable data from getting “stove-piped in any single office or agency.”

While the NSA estimated making more than 850 billion records available on ICREACH, the intelligence community’s “Black Budget” for 2013 reveals that the NSA sought new sources of funds to upgrade the search engine to provide analysts with a wider range of sharable data.

Last year in December, President Obama’s hand-picked surveillance review group said that as a general rule, the government should not be allowed to store and collect all undigested, mass and non-public personal information about citizens to enable data-mining and queries for the purpose of foreign intelligence.

Part of report by US President’s Review Group on Intelligence and Communications Technologies

It also recommended that personal information about US citizens should be removed when detected unless it is required to prevent harm to others or holds foreign intelligence value.

One of the five members of the review panel, Peter Swire, told The Intercept he could not state whether the review group received briefing on programs like ICREACH, but said the review group was concerned that the need to share had extended too far among agencies.

Let’s not forget – this is a story about the National Security Agency, the intelligence body responsible for not only gathering foreign intelligence but also tasked with protecting US government information systems.

There are clearly serious questions which need to be asked about whether the authorities have overstepped their remit and invaded individuals’ civil liberties and rights to privacy.

But one also has to continue to question the competence of an organization, which through lax security, allowed its secrets and confidential files to spill out into the public domain in the first place.

Many of us may now be enlightened by the facts that are now available to us but if the NSA and other intelligence agencies can’t keep their own secrets out of the newspapers, what does that say about their ability to secure the sensitive information they might hold about you or me?


Related Articles:


picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

10 Ways Tripwire Outperforms Other Cybersecurity Solutions
  • Guest

    Thank god for the NSA. Has anyone one in this community heard of ISIS?

    • Mike

      Yes I've heard of them, aren't they that terrorist group, financed by the Saudi's, and supported by the CIA and Mossad?.

  • Spencer N. Heath

    This is never going to stop…well, at least not short of a complete restructuring of the machinery of the U.S. political state. The whole thing is "legal" because executive orders are legal. The presidency was never supposed to have that much power. Congress abdicated its own power and gave it to the President.

    If people want real security, they're going to have to stop believing in the myth that they can entrust it to a political state.

  • Chris

    I've stopped caring about internet privacy long ago. It's a done deal and can't be undone. I've been on the net since modems were available and it was OK to put a mailto: address on your home page because you wanted people to contact you. I get hundreds of Spam emails a day and filter them out like everyone else.

    I don't much care who watches what I am doing on the net – I work in security too – and frankly there's such a massive amount of data from billions of people to sift through they are not going to focus on me unless there's some reason to do so.

    That's life these days.


    • Mike

      But it's good to be informed, isn't It? I would hate to think that people like Assange and Snowden have been wasting their time.

    • Gabriel

      Unfortunately, I have to agree with you.

  • Coyote

    To the guest… Isn't Isis a mobile company? I seem to think that. Then again, maybe it was a school? Or perhaps it is a girl's name? Ah yes, there we go: it is all of the above and more (yes, really). Oh, you mean THAT Isis? /Yawn. You know they changed their name some time ago, right? Even then, it is irrelevant to the NSA entirely.

    As for the NSA, the entire episode of Snowden has bored me to tears. Who did not know NSA did this type of thing, really? Who did not know they had a problem with encryption algos being too strong? Someone who hasn't been around in security for very long, that's who. And besides that, what country does not spy, that is capable of spying? Exactly. The only thing the leaks show is the extent they're willing to go (but again: is anyone actually surprised ?) to obtain the information they supposedly (but don't, not for their usual claim) need. Regardless, anyone who has a problem with it is welcome to not connect to PUBLIC networks. That isn't 100% but it is some. But there goes their phones (mobile or not), the Internet, … but well, that's life isn't it? It isn't fair and it isn't meant to be fair (nor should it be).

  • DoktorThomas™

    Perhaps, the above have never read "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…" This unalienabe right cannot be legally compromised by one pretending to act in an official capacity as a government agent/employee–elected or not. If dumb ass citizens allow traitors to violate this right, or any other right, then maybe shooting citizens from drones will be legal too. (Better read that again.)
    Much of what US governments do is illegal, despite paperwork purporting it "to be the law." NSA is an organization of lawless traitors. The Dumbmander in Chief is no exception. Have doubts? Go to law school. Read a couple thousand additional non-fiction books. Then present your argument. I dare anyone to find the phrase "national security" as a right of government in the founding documents.
    Lies from anyone's mouth are still lies, no matter what his/her credentials. That most people are too dumb to connect the dots doesn't mean government transgression are okay or acceptable. They are not. To understand the future of the stupidly unconcerned, study Germany, 1930-1947.
    What Snowden demonstrates in detail is that at every level the US government is as bad or worse than every other government that has existed on the plant. The power of words is seldom in the minutia. The real thrust is elsewhere (thinking required). Note: read the Constitution section about throwing out bad government.
    Historical Note: All communications world wide, not on paper, have been recorded and stored by the US government since before infamous president Truman signed the questionable law. Spying, like physical brutality, isn't legal just because some officials have gotten away with it for awhile. You can delude yourself about it all you want until you are the lucky recipient–then it will matter, quite personally.
    If this spying on innocents is so important to security why did the Twin Towers, which were attacked or bombed five times before 9/11, escape the watchful eye these Constitutional violators? Because the the data alone, like the agency and its employer, is feeble, empty and meaningless, but still illegal. Your stalwart apathy undermines your freedoms. Another free nation will never exist on this planet. Rome is burning… Is that your fiddle?

<!-- -->