In HBO’s The Wire, drug dealers rely on cheap “burner” phones, which are used for a short time and then thrown away, to thwart police efforts to record their calls. The idea of a temporary, anonymous phone number has also caught on in the app world as witnessed by investors’ recent decision to pour $2 million into a startup called Burner.
It will come as little surprise, then, to learn that the NSA appears to be probing burner use as part of its controversial efforts to collect and surveil American phone records. The revelation comes via the Just Security blog, where Julian Sanchez describes how the NSA collected information that resembles a “fingerprint” of burner use: records of when a phone went online, and when it stopped being used; total number of calls; and the ratio of unique contacts to calls (emphasis mine):
this is the kind of information you would want if you were trying to identify disposable prepaid “burner” phones being used by a target who routinely cycles through cell phones as a countersurveillance tactic. The number of unique contacts and call/contact ratio would act as a kind of rough fingerprint—you’d assume a phone being used for dedicated clandestine purposes to be fairly consistent on that score—while the first/last call dates help build a timeline: You’re looking for a series of phones that are used for a standard amount of time, and then go dead just as the next phone goes online.
Sanchez gleaned the information from written testimony by NSA Director Keith Alexander, who described a “background process” that involves repeated queries to a massive database of phone records collected by the phone carriers at the request of the spy agency.
Under the law, the NSA is only supposed to search the database when it can demonstrate to America’s secret spy court that it has a “reasonable, articulable suspicion” to do so. The agency, however, has been reprimanded by the court on multiple occasions for prevaricating and plunging into the data without proper legal permission. Last month, the government admitted it has a test project that uses the database to track people’s location.
As Sanchez points out, news that the NSA is using the phone database to look for patterns of burner use would have fewer civil liberties implications than some of the agency’s other activities; however, the revelation shows again how the agency will use the metadata it has amassed for new or unexpected ways — and that there is a lack of clear rules for how it can or can’t probe the metadata.
For those curious about the implications for counter-surveillance, it would seem that the app-based Burner (which provides a series of short-term phone number on a user’s existing mobile phone) would be easier to track than a disposable burner phone like the ones on The Wire — but that’s just speculation on my part. (Update: Burner founder Greg Cohn offers a helpful technical clarification and explanation of his company’s policies below).
The once-secret Keith Alexander testimony dates from 2009 and was released in September as part of a document package that was published in response to freedom of information requests by two advocacy groups, the EFF and the ACLU.