Release Date: 2014-05-19

Document Date: 2012-05-01

Description: This May 2012 memo from the NSA’s International Crime and Narcotics division describes the operation of the MYSTIC system in the Bahamas and another, unnamed, country: see the Intercept article Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas, 19 May 2014.

Document: (S//SI//REL) Iiitro: Here in S2F, we've had gr eat success
using systems that buffer hill-take audio collection for a
nominal 30 days — diese systems have led to real
breakthroughs in target discovery — and we wanted to alert
other analysts to their potential. Collectors: please take note
of how beneficial these types of collectors can be to
analysts, as compared to more traditional models.

computer center


(S//SI//REL) SOMALGET is a family of collection systems which greatly facilitate and
make possible remarkable new ways of performing both target development1 and target
discovery.2 Significant analytic breakthroughs and successes in both areas have been
made b^I^malysts in die two countries where SOMALGET accesses currently exist
(i.e., and die Bahamas).

(U) How It Works:

(S//SI//REL) SOMALGET collection systems foiward full-take metadata in real time
and buffer fidl-take audio for nominally 30 days.3 It makes possible die selection of
audio content against die buffered data after die fact, in near real-time, or up to 30 days
later. This ability is dubbed "retrospective retrieval." The power of retrospective
retrieval in facilitating target development or discovery lies in its ability to permit die
analyst to selectively retrieve audio content and immediately validate his/her tentative
analytic conclusions derived from metadata.

• (TS//SI//REL) SOMALGET access to Bahamian GSM communications has led to
die discovery of international narcotics ti affickers and special-interest alien
smugglers. This access — togedier widi our use of mediods diat take advantage of
targets' behavioral patterns4 — have allowed our S2F analysts to gain a firm
understanding of die targets' activities even when diese contacts occurred prior to
dieir discovery.

(U) More to Come?

(S//SI//REL) These successes, which depend on access to buffered audio files diat may
be associated widi selectors not tasked to die collection asset in question, argue in
favor of a collection methodology for telephony that may be viewed as analogous to
XKEYSCORE. That is, we buffer certain calls that MAY be of foreign intelligence
value for a sufficient period to permit a well-informed decision on whether to
retrieve and return specific audio content Widi proper engineering and coordination,
diere is little reason diis capability cannot expand to odier accesses (besides
^^^^^^|and die Bahamas), provided compatible hardware and interfaces are
developed and deployed.5

(U) Notes:

1. (U) Target development = die process by which an analyst can extend his/her
knowledge of a known target by observing elements of metadata diat relate to diat

2. (U) Target discovery = die process whereby an analyst can discover targets by
observing metadata as it relates to behaviors characteristic of his/her target set,
regardless of whether or not die newly discovered selectors are related to known

3. (S//SI//REL) The nominal "30 days storage" actually varies depending upon on
space, power, and observed activity levels.

4. (TS//SI//REL) Observing diat targets tend to use prepaid calling cards in an attempt
to mask die destination of telephone calls, S2F focused on mobile identifiers in number
ranges diat represent newly activated accounts. We have also used SMS text messages
to identify and retrieve audio of interest.

5. (S//SI//REL) Storage capacity is directly related to die amount of disk storage diat
can be deployed. When deployed against entire networks, as SOMALGET is, die back-
end database and processing required for interactive search and retrieval of cuts also
requires enterprise-class data warehousing and high-performance processing to manage
die vast amount of data captured. Currently diis warehouse dynamically manages
roughly 5 billion call events, widi die capacity to expand well beyond our current target
communications. This retrospective retrieval infrastructure is web based and is already
in place. As noted, widi proper engineering and coordination, diere is little reason diis
capability cannot expand to odier accesses, provided compatible hardware and
interfaces are developed and deployed.


Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh