The National Security Agency (NSA) is one of the intelligence agencies that constitute the US intelligence community. Within the US Department Of Defense (DOD), the NSA is responsible for the global monitoring, collection and also processing of information used for foreign intelligence and counterintelligence purposes. Originating as a unit designed to decipher coded information in WW2, it has since evolved to conduct worldwide, global data interception and analysis, also known as SIGINT. Although its inner workings have been exposed in recent years through leaks and exposure by former employees such as Edward Snowden, many of its operations are highly secretive and remain a mystery.
1 Symbolism and History of the NSA
1.1 Symbols of the NSA
The NSA uses several symbols with one being its seal and the other being the flag of the NSA.
1.1.1 Seal of the NSA
The insignia, or seal, of the NSA, consists of several items all of which have a meaning. These are:
- Eagle – Represents the agency’s national mission
- Shield – Features the colours of the flag of the United States
- Key – Taken from the emblem of Saint Peter and represents security
- Circular shape – Represents eternity

[Source]
1.1.2 Flag of the NSA
The flag of the NSA consists of the seal of the agency on a light blue background.

1.2 History of the NSA
The NSA has a history going back over a century to its forerunners’ founding in the later stages of WW1. Since then it has undergone many mission scope changes as well as growing into a vast and powerful organisation. It is dedicated to information capture and analysis both domestically and internationally.
1.2.1 Formation of the Cable and Telegraph Section
On 28 April 1917, three weeks after the United States declared war on Germany in WW1, a code and cypher decryption unit known as the Cable and Telegraph Section was formed.
Headquartered in Washington D.C. it was relocated several times throughout the army’s organisational structure. In July 1918 it absorbed the cryptanalysis functions of the US Navy and it was also moved to New York on 20 May 1919.
[Source]
1.2.2 Formation of the Black Chamber
After the US Army cryptographic section, known as MI-8, was disbanded the government created the Cipher Bureau also known as the Black Chamber. It was the US’s first peacetime cryptanalytic organisation.
Although it produced and sold codes for commercial use its true mission was to decipher the diplomatic communications of foreign nations. For example, the Black Chamber aided American negotiators at the Wahington Naval Conference by decrypting the traffic of several delegations at the Conference such as the Japanese.
The Black Chamber was also successful in persuading several large US communications companies such as Western Union to provide them with access to the cable traffic of foreign embassies and consulates.
Although it was initially successful, it was shut down in 1929 by the US Secretary of State, Henry L. Stimson, who stated that
“Gentlemen do not read each other’s mail”.
1.2.3 Formation of the NSA Post-WW2
The Signal Intelligence Service (SIS) was established during World War II with the primary objective of intercepting and decoding the communications of the Axis powers.
Following the war’s conclusion, the SIS underwent a reorganisation and was transformed into the Army Security Agency (ASA), which subsequently came under the direction of the Director of Military Intelligence.
On May 20, 1949, the United States consolidated its cryptologic operations under a unified entity known as the Armed Forces Security Agency (AFSA). This agency was initially formed within the US Department of Defense and operated under the authority of the Joint Chiefs of Staff.
The primary responsibility of the AFSA was to oversee the communications and also the electronic intelligence efforts of the Department of Defense, excluding those conducted by U.S. military intelligence units.
The AFSA encountered significant challenges in centralising communications intelligence and also struggled to effectively collaborate with civilian agencies that had overlapping interests, including the Department of State, the Central Intelligence Agency (CIA), and the Federal Bureau of Investigation (FBI).
1.2.4 Post-1951
In December 1951, President Harry S. Truman commissioned a panel to examine the shortcomings of the AFSA in meeting its objectives. The findings of this investigation prompted enhancements and also ultimately resulted in the agency’s rebranding as the National Security Agency (NSA).

On 24 October 1952, the National Security Council released a memorandum that amended the National Security Council Intelligence Directive (NSCID) 9. Additionally, on the exact same day, President Truman issued a second memorandum advocating for the creation of the National Security Agency (NSA).
The formal establishment of the NSA occurred through a memorandum on 4 November 1952, authored by Secretary of Defense Robert A. Lovett, which rebranded the Armed Forces Security Agency (AFSA) as the NSA and also assigned the new agency the responsibility for all communications intelligence.
The existence of the NSA was unknown to the public as President Trumans memo was a classified document and therefore the NSA was referred to by the US intelligence community as
“No Such Agency”.
[Source, source, source, source, source, source]
1.2.5 NSA During the Vietnam War
The NSA played a key role during the US involvement in the Vietnam War. It provided evidence to US politicians of North Vietnamese involvement in the Gulf of Tonkin incident. However, this ‘evidence’ is believed o of have been falsified by agency analysts.

An undercover operation, designated “MINARET,” was established by the National Security Agency (NSA). Designed to surveil the telephone communications of Senators Frank Church and Howard Baker, alongside influential figures in the civil rights movement, such as Martin Luther King Jr., as well as notable American journalists and athletes who voiced opposition to the Vietnam War.
However, this project was deemed controversial and an internal NSA review concluded that the MINARET project was
“disreputable if not outright illegal”.
The NSA was also involved in the creation of the NESTOR device system. This was a family of secure voice systems with around 30,000 devices created. However, the North Vietnamese were able to exploit a variety of technical problems which allowed them to intercept US communications.
1.2.6 Church Committee Hearings and Controversies from 1975-1978
Following the Watergate scandal in which the Nixon administration planted listening devices at the Democratic National Committee (DNC) HQ, a congressional inquiry in 1975 was held.
Known as the Church Committee, and spearheaded by Senator Frank Church, it uncovered that the National Security Agency (NSA), also in partnership with the United Kingdom’s signals intelligence agency, Government Communications Headquarters (GCHQ), had systematically monitored the international communications of notable anti-Vietnam War figures. This includes Jane Fonda and Dr. Benjamin Spock amongst others.

The NSA maintained records of these individuals in a confidential filing system, which was subsequently destroyed in 1974.
Subsequent to President Richard Nixon’s resignation, multiple inquiries were initiated regarding the alleged improper use of resources belonging to the FBI, CIA, and NSA.
Senator Frank Church revealed activities that had not been previously disclosed, including a CIA operation, sanctioned by President John F. Kennedy’s administration, aimed at the assassination of Fidel Castro. Additionally, the investigation brought to light the NSA’s surveillance efforts involving wiretaps on specific American citizens.
Following the hearings conducted by the Church Committee, the Foreign Intelligence Surveillance Act of 1978 was enacted with the intention of curbing the implementation of mass surveillance within the United States.
[source, source, source, source]
1.2.7 NSA During the 1980s
In 1986, following the Berlin discotheque bombing, the National Security Agency (NSA) monitored communications from the Libyan government. The White House claimed that the NSA’s interception yielded “irrefutable” proof of the Libyan Government’s involvement in the attack.
This was emphasised by U.S. President Ronald Reagan as the rationale for the subsequent bombing of Libya by the United States.
1.2.8 NSA During the 1990s
In 1999, the European Parliament conducted an extensive multi-year investigation, culminating in a report titled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information,’. This showed that the NSA had been involved in economic espionage activities.
[Source]
1.2.9 NSA During the GWOT 2001-2005
Following the September 11 attacks, the National Security Agency (NSA) initiated the development of new information technology systems. These were designed to manage the influx of data generated by emerging technologies such as the Internet and mobile phones. This initiative, referred to as ThinThread, incorporated sophisticated data mining functionalities. A notable feature of ThinThread was its “privacy mechanism,”. This ensured that data collected through surveillance was encrypted, requiring a warrant for decryption.
The research conducted within this framework may have influenced the technological advancements seen in subsequent systems. However, the ThinThread project was ultimately terminated when Michael Hayden, the former Director of the NSA, opted for an alternative system called Trailblazer, which lacked the privacy safeguards inherent in ThinThread.

Trailblazer Project
Launched in 2002, the Trailblazer Project involved collaboration among several corporations. This included Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and also Litton Industries.
Internal complaints from NSA whistleblowers regarding significant issues with Trailblazer prompted investigations by Congress. It also prompted investigations by the Inspectors General of the NSA and the Department of Defense. Consequently, the project was discontinued in early 2004.
In 2005, a new initiative named Turbulence emerged. Characterised by its development in smaller, cost-effective “test” components rather than a singular, large-scale system like Trailblazer. Turbulence also featured offensive cyber-warfare capabilities, including the capacity to deploy malware onto remote systems.
By 2007, the U.S. Congress expressed concerns about Turbulence, noting that it exhibited similar bureaucratic challenges as those also encountered with Trailblazer.
2 Mission of the NSA
The NSA has multiple missions which include the international collection and also the domestic collection of data. This also includes the analysis of said information which is subsequently provided to other US intelligence agencies.
The NSA also has control of several tools and programs (more below) which allow it to effectively execute its mission.
2.1 International Data Collection Mission
The NSA has extensively collaborated with its international partners and equivalents. This includes the UK Government Communications Headquarters (GCHQ), the Communications Security Establishment Canada (CSEC), the Australian Signals Directorate (ASD) and also the Government Communications Security Bureau (GCSB) of New Zealand.
This group of agencies, alongside the NSA, are believed to be capable of monitoring a large proportion of the world’s transmitted telephone, fax, internet and also data traffic.
[Source]
2.1.2 SEXINT
The NSA was also involved in the practice of planning to blackmail people with SEXINT. This form of intelligence is effectively centred around a target’s sexual activity and preferences. However, the people that the NSA had monitored for this had not committed any crime. They were neither charged with any crime, and 6 people were being monitored.
[Source]
2.1.3 Real-Time Regional Gateway
The Real-Time Regional Gateway is a data collection initiative. It was initiated by the National Security Agency (NSA) in Iraq in 2005 during the Iraq War. This program focused on the systematic gathering of electronic communications, their storage, and also in-depth analysis.
It played a crucial role in revealing information about Iraqi insurgents who had managed to evade less comprehensive intelligence methods.
Glenn Greenwald of The Guardian suggests that the “collect it all” strategy, promoted by NSA director Keith B. Alexander, serves as a model for the extensive global mass archiving of communications that the NSA has been engaged in since 2013.
The Real-Time Regional Gateway played a pivotal role in dismantling Iraqi insurgent networks and markedly decreasing the monthly fatalities caused by improvised explosive devices (IEDs) by the end of 2008.
Journalist and author Shane Harris noted that the RT-RG ultimately served as a crucial factor in achieving victory in the Iraq War and that it was
“a rare example of successful collaboration within the byzantine federal bureaucracy”.
2.1.4 Counter-Terrorism Mission Aligned Cell
The Counter-Terrorism Mission Aligned Cell (CT MAC) was a secret unit created by the NSA in order to concentrate the agency’s resources to find hard-to-locate terrorist targets.
The CT MAC was responsible for the tracking of Hassan Ghul, an al-Qaeda operative. He was captured in 2004 and helped to expose Osama Bin Ladens courier network. Although he was released, after spending two years in a secret CIA prison, his emails and communications were tapped by the NSA using cyber espionage tools.
These tools allowed the CIA to track Ghul after his release. They also provided vital insights into the Bin Laden courier network.
Ghul was eventually killed in a CIA drone strike in Pakistan’s tribal belt in October 2012.
[Source]
2.1.5 NSA Spying on Foreign Companies and Governments
The National Security Agency (NSA) has conducted extensive surveillance on various entities. This includes the European Union, the United Nations, and additionally multiple other governments. It also even included other allied nations and trading partners across Europe, South America, and Asia.
In June 2015, WikiLeaks released documents revealing that the NSA had engaged in espionage against French corporations.
In July 2015, WikiLeaks released documents revealing that the National Security Agency (NSA) had been conducting surveillance on federal ministries in Germany since the 1990s. This included the interception of communications from Chancellor Angela Merkel’s mobile phones, as well as those of her predecessors.
[Source, source, source, source, source, source]
2.1.6 Boomerang Routing
Boomerang routing refers to the phenomenon where an Internet transmission begins and ends within the same country but passes through another country during its transit.
For example, research conducted by the University of Toronto indicates that around 25% of domestic Internet traffic in Canada could potentially be monitored by NSA surveillance. This was due to the boomerang routing practices employed by Canadian Internet service providers.
[Source]
2.1.7 Hardware Implanting by the NSA
The NSA is also heavily involved with the physical implanting of tracking and access devices onto computers and servers. One of the units within the agency, known as Tailored Access Operations or Computer Network Operations, intercepted routers, servers and other network hardware in order to install firmware on them before they arrived.
Computers confiscated by the NSA as a result of interdiction frequently undergo modifications involving a physical device referred to as Cottonmouth. This device is designed to be inserted into the USB port of a computer, thereby facilitating remote access to the targeted system.
As outlined in the implant catalogue of the NSA’s Tailored Access Operations (TAO) group, the installation of Cottonmouth enables the NSA to create a network bridge. This bridge permits the agency to upload exploit software onto the altered computers. It also facilitates the transmission of commands and data between both hardware and software implants.
2.2 Domestic Data Collection Mission
The NSA is also heavily involved in the domestic collection and analysis of electronic data. Through Executive Order 12333 its mission is to collect information that constitutes
“foreign intelligence and counterintelligence”.
The National Security Agency (NSA) has stated that it depends on the Federal Bureau of Investigation (FBI) to gather intelligence regarding foreign activities occurring within the United States. Concurrently, the NSA has stated that it limits its own operations within the country to the embassies and diplomatic missions of foreign governments.
[Source]
2.2.1 Patriot Act
George W. Bush, who served as president during the terrorist attacks of 11 September 2001, enacted the Patriot Act shortly after to implement anti-terrorism security protocols.
Specifically, Titles 1, 2, and 9 conferred authority for actions to be undertaken by the National Security Agency (NSA). These provisions facilitated enhanced domestic security measures against terrorism, established surveillance protocols, and also improved intelligence capabilities.
On March 11, 2004, President Bush authorized a new directive. This permits extensive surveillance of Internet records, in addition to existing phone record surveillance. This directive enabled the president to bypass certain legal restrictions, including those imposed by the Foreign Intelligence Surveillance Act
This was designed to safeguard civilians from widespread surveillance.
3 Organisation of the NSA
3.1 Organisational Structure of the NSA
The NSA is a vast organisation with many sub-departments which oversee various forms of signals and additionally, electronics intelligence and analysis.
Its structure is as follows:

3.2 NSANet
NSANet, an acronym for National Security Agency Network, serves as the official intranet of the NSA. This sophisticated computer network is characterised by its high level of security. It utilises fibre-optic and also satellite communication channels that are largely isolated from the public Internet.
It facilitates access for NSA personnel, as well as civilian and military intelligence analysts globally, to the agency’s systems and databases.
Access to NSANet is stringently regulated and monitored. For instance, every keystroke is documented, activities undergo random audits, and any downloading or printing of documents from the network is recorded.
3.3 Main Watch Facilities of the NSA
The NSA operates several main watch facilities which allow it to operate through several different areas and regions.
These are:
3.3.1 National Security Operations Center (NSOC)
The National Security Operations Center (NSOC), also referred to as Directorate K, functions as a division of the United States National Security Agency (NSA). It is tasked with overseeing ongoing operations and delivering timely signals intelligence (SIGINT) reports relevant to the United States SIGINT System (USSS).
It operates continuously, 24 hours a day and 7 days a week. The NSOC serves as a comprehensive operations centre that ensures complete situational awareness throughout the NSA/CSS enterprise.
This includes monitoring foreign Signals Intelligence and Information Assurance, while also remaining attuned to national security information requirements. It also involves observing global developments as they occur.
3.3.2 National Cybersecurity Threat Operations Center (NCTOC)
The National Security Agency’s Cybersecurity Threat Operations Center (NCTOC) functions as the central hub for the agency’s cybersecurity operations. By utilizing specialized knowledge regarding adversarial motives and additionally their techniques, the NCTOC formulates and executes strategic defensive strategies aimed at protecting the nation’s essential cyber infrastructures.
Teams within the NCTOC collaborate closely with U.S. Cyber Command, acting as the primary defence force for the unclassified Department of Defense Information Network (DoDIN).
[Source]
3.3.3 Special Collection Service
The Special Collection Service (SCS) is a joint NSA-CIA program and team. It is specifically centred around the placing of high-tech bugs and listening devices in hard-to-reach places.
3.4 Employee Count of the NSA
The number of NSA employees is officially classified. However, in 2012, the NSA had an estimated 30,000 employees working at its main headquarters, Fort Meade and its other facilities.
A 2013 Der Spiegel article stated that the agency had an estimated 40,000 employees. Additionally, it was revealed that 1,000 system administrators worked for the NSA.
4 Facilities of the NSA
The NSA operates a wide array of facilities both domestically and internationally.
These are as follows:
4.1 Headquarters (HQ) of the NSA
The headquarters of the NSA is located at Fort Meade in the state of Maryland. Described as a “modern boxy structure” that appears similar to “any stylish office building” it is covered in one-way dark glass and also copper shielding. This prevents the interception of communications data going into and out of the building.
[Source]
4.2 Utah Data Center (UDC)
The Utah Data Center (UDC) is a data storage facility for the US intelligence community. It is designed to store data in the amount of exabytes or potentially larger amounts (an exabyte is 1000000 terabytes). Its precise mission is classified and the NSA also leads operations at the facility.
4.4 Domestic Facilities
4.4.1 Friendship Annex (FANX)
The Friendship Annex, referred to as FANX or FANEX, is a facility complex operated by the National Security Agency (NSA) situated in Linthicum, Maryland, in proximity to the Baltimore Washington International Airport (BWI).
Established during the 1970s, the complex comprises several buildings and fulfils various functions. This includes serving as a cyber espionage station, an electronic intelligence processing centre, and a television studio for the NSA Broadcast Network. Additionally, it functions as the main campus for the National Cryptologic School.
[Source, source, source, source]
4.4.2 Texas Cryptology Center
The Texas Cryptology Center, also known as the NSA Texas Cryptologic Center (TCC) or NSA Texas (NSAT), is a satellite campus located at the Lackland Air Force Base, San Antonio, Texas. Operated by the NSA, the TCC conducts signals intelligence, cyber warfare and also cybersecurity.
[Source]
4.4.3 Georgia Cryptologic Center
The Georgia Cryptologic Center (GCC), also known as NSA Georgia (NSAG), is primarily focused on the interception and signals intelligence derived from intercepts from Europe, the Middle East, and North Africa. The facility is also known by the codename
“Sweet Tea”.
4.4.4 Hawaii Cryptologic Center
The Hawaii Cryptologic Center also known as NSA Hawaii (NSAH) is primarily focused on the provision of signals intelligence related to US policy and security in the Indo-Pacific region.
[Source]
4.4.5 NSA Colorado
NSA Colorado (NSAC) is situated within the Aerospace Data Facility Colorado (ADF-C). At this facility, the NSA alongside the National Reconnaissance Office and also the National Geospatial-Intelligence Agency-Denver, produce intelligence to support the US government and its allies.
NSAC oversees the technical SIGINT collection and processing, SIGINT mission management and a cryptological centre. It is also involved in electronic intelligence (ELINT) analysis.
[Source]
4.4.5 Multiprogram Research Facility
The Multiprogram Research Facility (MRF) is located at the Oak Ridge National Laboratory in Oak Ridge, Tennessee. This facility serves the U.S. National Security Agency (NSA) in the design and construction of supercomputers intended for cryptanalysis and various other classified initiatives.
The facility also contains the classified segment of the High Productivity Computing Systems (HPCS) project. This segment is funded by the Defense Advanced Research Projects Agency (DARPA).
4.4.6 Other facilities
The NSA also operates several other facilities in other locations such as in Alaska and Utah. they are known as NSA Alaska (NSAA) and NSA Utah (NSAU).
[Source]
4.5 International Facilities
The NSA also runs and operates at several international facilities either in part or wholly running operations at these facilities.
These are:
4.5.1 Pine Gap
Pine Gap serves as a collaborative satellite intelligence and signals intelligence surveillance facility. Operated jointly by the United States and additionally by Australia, it is located approximately 18 kilometres (11 miles) to the southwest of Alice Springs. This installation is integral to the intelligence operations and military operations of the United States on a global scale.
The facility is managed in part by the Central Intelligence Agency (CIA), the National Security Agency (NSA), and also the National Reconnaissance Office (NRO) of the United States. It contributes to the NSA’s worldwide interception and surveillance initiatives, including the ECHELON program.
The National Reconnaissance Office designates Pine Gap as the Australian Mission Ground Station (AMGS) in classified contexts. However, the National Security Agency refers to its functions at the site under the unclassified term RAINFALL.
4.5.2 GCHQ Bude
GCHQ Bude, officially referred to as GCHQ Composite Signals Organisation Station Morwenstow, and commonly abbreviated as GCHQ CSO Morwenstow, serves as a satellite ground station and signals intelligence facility operated by the UK Government.
It is located on the northern coast of Cornwall, specifically at Cleave Camp, which is also close to the village of Morwenstow.
The establishment of GCHQ Bude was a collaborative project between the British and American governments aimed at creating a satellite station capable of monitoring intercepted signal traffic across various regions, including Europe, the Middle East, and also Africa.
The majority of the infrastructure and technological investments were financed by the National Security Agency (NSA), while the operational expenses, such as staff salaries, were covered by GCHQ, which also supplied the land for the facility. The intelligence gathered at the Bude satellite station is shared and jointly analysed by both the NSA and GCHQ.
[Source]
4.5.3 European Cryptologic Center (ECC)
The European Cryptologic Center (ECC) of the agency is located within a United States military facility in Griesheim, close to Frankfurt, Germany.
According to a 2011 report from the NSA, the ECC is tasked with overseeing the “most extensive analysis and productivity in Europe,” concentrating on a range of priorities that encompass Africa, Europe, the Middle East, and additionally, counterterrorism initiatives.
[Source]
4.5.4 Consolidated Intelligence Center (CIC)
The Consolidated Intelligence Center is an NSA facility located in Wiesbaden, Germany. This facility is reportedly able to monitor the internet traffic which flows through Germany.
[Source]
5 Programs, Collection Tools and Data Bases used by the NSA
The NSA uses a wide variety of programs, collection tools and databases which store intercepted signals intelligence (SIGINT). This information is either analysed by the employees at the NSA or passed over to relevant operational bodies and other agencies.
The programs which there is information about are as follows but not limited to:
ONEROOF
ONEROOF is the main tactical Signals Intelligence (SIGINT) database used in Afghanistan by the NSA and it consists of raw and unfiltered intercepted data such as emails and telephone calls.
[Source]
NUCLEON
NUCLEON is a global telephone content database which consists of intercepted telephone calls.
[Source]
XKEYSCORE
XKEYSCORE is a vast database which according to the NSA whistle-blower Edward Snowden allows the NSA to search a database for
“the metadata as well as the content of emails and other internet activity, such as browser history”.
It also has the capability to search by
“name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used”.
It allows the NSA to target a specific person with invasive electronic surveillance without a warrant.
AIRGAP
AIRGAP is a tool which allows the NSA to assign priority missions to determine gaps in SIGINT.
[Source]
HOMEBASE
HOMEBASE is a tactical tasking tool used by the NSA which is used for digital network identification.
[Source]
SNORT
SNORT is a database or repository which contains computer network attack techniques and also coding.
[Source]
WIRESHARK
WIRESHARK is a database which contains a repository of malicious network signatures used by hackers.
[Source]
TRAFFICTHIEF
TRAFFICTHIEF is a platform allowing NSA operatives to view raw SIGINT for data analysis.
[Source]
BANYAN
BANYAN is a tactical geospatial correlation database used by the NSA.
[Source]
OILSTOCK
OILSTOCK is a tool used by the US Air Force and Navy which allows these forces to track ships in real-time.
[Source]
MAINWAY
MAINWAY is a telephone metadata collection database which contains the metadata for hundreds of billions of telephone calls which are made through the largest telephone carrier networks in the US such as AT&T, Verizon and T-Mobile.
ASSOCIATION
ASSOCIATION is a tactical SIGINT database which contains social network data which is analysed by the NSA and its operatives.
[Source]
MESSIAH/WHAMI
MESSIAH/WHAMI is an electronic intelligence (ELINT) processing and analytical database used by the NSA.
[Source]
MARINA
MARINA is an internet metadata collection database which is also used by the NSA. According to Edward Snowden it
“tracks a user’s browser experience, gathers contact information/content and develops summaries of target … [o]f the more distinguishing features, Marina has the ability to look back on the last 365 days’ worth of DNI metadata seen by the SIGINT collection system, regardless whether or not it was tasked for collection”.
PINWALE
PINWALE is an internet data content database which is searchable by NSA analysts. It effectively operates as a collection and retrievable system which contains information such as emails.
SURREY
SURREY is one of the main requirements databases used by the NSA, where targets and also individuals selected for surveillance are “validated” by NSA managers.
[Source]
PROTON
PROTON is a SIGINT database that contains time-sensitive targets and counterintelligence information.
[Source]
OCTAVE/CONTRAOCTAVE
OCTAVE/CONTRAOCTAVE is a collection mission tasking tool used by the NSA.
[Source]
WRANGLER
WRANGLER is a database which contains raw electronic intelligence (ELINT) data which has been intercepted by the NSA.
[Source]
ANCHORY
ANCHORY is one of the main repositories of finished NSA signals intelligence (SIGINT) reports which dates back three years or less.
[Source]
AQUADOR
AQUADOR is a merchant ship tracking tool, similar in scope to OILSTOCK.
[Source]
Dishfire
Dishfire is a global surveillance collection system and also a database run by the NSA and GCHQ. It collects and contains hundreds of millions of text messages sent on a daily basis from around the globe.
ECHELON
ECHELON is a SIGINT collection and analysis network operated by the five signatory states to the Five Eyes intelligence sharing network.
These states which primarily operate it are:
- United States
- United Kingdom
- Canada
- Australia
- New Zealand
Created in the late 1960s in order to monitor the diplomatic and military communications of the Soviet Union and its allies it has since greatly expanded.
According to documents provided by Edward Snowden, there are multiple intercept stations within the ECHELON network operated primarily by the United States and also in joint collaboration by the US and the host nation. These are as follows:
- Operated by the US
- Jointly-Operated with the US as a 2nd party
Boundless Informant
Boundless Informant (BOUNDLESSINFORMANT) is a data analysis and also a data visualisation tool used by the NSA. It allows for summaries to be provided to NSA managers of the data collection activities, also including metadata.
Its existence was disclosed by Edward Snowden and it additionally ran directly contrary to the assurance of the NSA to the US Congress that it did not collect any data on American citizens.
MYSTIC
MYSTIC is a program used by the NSA since 2009 to collect metadata and the content of phone calls from several countries and was used in several countries such as:
- Mexico
- Phillippines
- Kenya
- Bahamas
- Afghanistan
Bullrun
BULLRUN is a program used by the NSA to crack the encryption of online communications and data.
[Source]
RAMPART-A
RAMPART-A is the codename for a global SIGINT partnership whose aim is to
“gain access to high-capacity international fibre-optic cables that transit at major congestion points around the world”
It has several partners, both second and third-party members, which are given access to the network. This includes:
- Second Parties
- Australia
- Canada
- New Zealand
- UK
- Third Parties
- Algeria
- Austria
- Belgium
- Croatia
- Czech Republic
- Denmark
- Ethiopia
- Finland
- France
- Germany
- Greece
- Hungary
- India
- Israel
- Italy
- Japan
- Jordan
- Korea
- Macedonia
- Netherlands
- Norway
- Pakistan
- Poland
- Romania
- Saudi Arabia
- Singapore
- Spain
- Sweden
- Taiwan
- Thailand
- Tunisia
- Turkey
- UAE
PRISM Program
The PRISM Program is a codename given to a program under which the NSA collects internet data and also communications from various US internet companies.
PRISM collects stored internet communications from companies such as Google and Apple and can also order these companies to turn over data which matches court-approved terms.
The NSA can use the PRISM program to target communications which were encrypted and can also collect stored data on telecommunications filtering systems.
6 Controversies Regarding NSA Operations
Due to the global mission scope and monitoring of internet data, emails, phone calls and communications, there have been several controversies regarding the operations of the NSA.
6.1 Warrantless Wiretapping
According to a 2005 article by The New York Times, pressure from the White House and additionally, an executive order from George Bush, meant that the NSA had been tapping phone calls made by US citizens to individuals outside of the USA.
This had been done without approval or warrants from the US Foreign Intelligence Surveillance Court. This is a secret court created for the purpose of approving such actions under the Foreign Intelligence Surveillance Act (FISA).
[Source]
6.2 Edward Snowden
Edward Snowden, a former contractor for American intelligence contractor Booz Allen Hamilton, disclosed in 2013 the existence of extensive covert information-collection initiatives undertaken by the National Security Agency (NSA).

Specifically, Snowden provided evidence illustrating how the U.S. government was accumulating vast quantities of personal data, including communications, emails, phone locations, and web browsing histories of American citizens, all without their consent.
A significant reason for Snowden’s decision to unveil this information was his concern regarding the potential emergence of a surveillance state, which he believed could arise from the systems being established by the NSA.
On 20 May 2013, Snowden flew to Hong Kong and in early June he also provided documents disclosing the existence of global surveillance networks to several journalists.
On 21 June 2013 the US Department of Justice (DOJ) unsealed charges against Snowden and two days after this he flew to Moscow, Russia where he was also restricted to the airport due to his cancelled passport.
He was subsequently given the right of asylum by Russian authorities and in October 2020 he was given permanent residency in Russia. In September 2022 he was granted Russian citizenship by Russian President Vladimir Putin.
[Source, source, source, source, source]
6.3 Lawsuits Against the NSA
There have been several lawsuits against the NSA which include but is not limited to:
- 17 January 2006 – the Center for Constitutional Rights (CCR) filed a lawsuit against the Bush presidency which challenged the NSA’s surveillance within the US without securing a warrant first. [Source]
- August 2006 – The American Civil Liberties Union (ACLU) filed a lawsuit regarding the NSA warrantless surveillance program alleging it was illegal, US District Court Judge Anna Diggs Taylor agreed. However, on 6 July 2007, the 6th Circuit Court of Appeals vacated the decision stating that the ACLU lacked standing to bring the suit. [Source]
- September 2008 – the Electronic Frontier Foundation (EFF) filed a lawsuit against the NSA which alleged an “illegal and unconstitutional program of dragnet communications surveillance”. [Source]
6.3.1 Evidence Illegally Obtained by the NSA
A 2005 IRS training document, exposed in 2013, showed that the NSA had provided intercepted communications and information including wiretaps, both foreign and domestic, to the IRS and DEA. These were then illegally used to launch criminal investigations into US citizens.
[Source]
6.4 AT&T Internet Monitoring
Mark Klein, a former AT&T employee alleged that his company had cooperated with the NSA in installing a specific hardware, known as Narus, to replace the FBI Carnivore program. This would allow the NSA to monitor network communications between US citizens.
[Source]
6.6 Congressional Oversight Over the NSA
The Intelligence Committees of both the US House and Senate exercise the primary oversight over the NSA, however, other members of Congress have been denied access to the information and data regarding the activities of the NSA.
The US Foreign Intelligence Surveillance Court, which is the secret court charged with regulating the activities of the NSA is believed to be incapable of investigating the activities of the NSA. It has also been reported that the NSA breaks its own rules several thousands of times every year.
6.7 Responsibility for Ransomware Attacks
EternalBlue is a computer exploit software which was developed by the NSA and was also used in the WannaCry Ransomware attack in May 2017. The exploit had been known to the NSA but the agency had not disclosed it to Microsoft as they believed they could use it as a defence mechanism against cyber attacks.
Edward Snowden stated that if the NSA had
“privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”
[Source]
6.8 Denmark-NSA Collaborative Surveillance in 2021
It was revealed in May 2021, that the NSA and the Danish Defence Intelligence Service had collaborated to wiretap other EU members and leaders which led to widespread backlash and a demand for an explanation from both the Danish and American governments.
7 Conclusion
The NSA is a vast intelligence agency which due to its global surveillance of signals and electronic intelligence has garnered several controversies. Its activities have been widely exposed by actors such as Edward Snowden and court cases which allege that its global surveillance is both illegal and unconstitutional. From its founding, it has gathered intelligence on both US and international citizens and its data has been used to track terrorists and international criminals such as Hassan Ghul, the al-Qaeda operative who was captured in 2004 and who helped to expose Osama Bin Laden’s courier network. It is poised to continue to provide vital signals intelligence to the wider US intelligence community for the foreseeable future.