Black Echo

SOMALGET Full-Call Audio Retention Program

SOMALGET was not just a call-records system. It was a buffered full-audio system. In the public record, it appears as the layer of the MYSTIC architecture that let analysts move from metadata to voice content after the call had already happened, turning whole-network telephony collection into a rolling replay capability.

SOMALGET Full-Call Audio Retention Program

SOMALGET is best understood as the audio-buffering layer inside a larger mobile-network surveillance architecture.

That matters immediately.

Because people often hear the name and assume it was just another metadata program.

It was not.

In the strongest surviving public documents, SOMALGET appears as a family of collection systems that did two things at once:

  • forwarded full-take metadata in real time
  • and buffered full-take audio for a nominal period of 30 days

That is exactly what made it so significant.

SOMALGET was not just about knowing that a call happened. It was about retaining the ability to go back and hear it later.

Quick profile

  • Topic type: historical record
  • Core subject: SOMALGET as a full-call audio buffering and retrospective retrieval system
  • Main historical setting: from the broader MYSTIC program’s 2009 establishment through the 2014 public disclosures
  • Best interpretive lens: not a metadata-only telephony system, but a workflow joining whole-network metadata with temporary voice-content retention
  • Main warning: SOMALGET and MYSTIC are related but not interchangeable terms

What this entry covers

This entry is not only about a codename.

It covers a workflow:

  • what SOMALGET was,
  • how it fit inside MYSTIC,
  • what “retrospective retrieval” meant,
  • why the system mattered for target development and target discovery,
  • how the Bahamas became the clearest public case,
  • and why SOMALGET stands apart from the better-known domestic Section 215 telephony metadata program.

So this page should be read as an entry on how bulk telephony collection crossed from records into replayable voice content.

What SOMALGET actually was

The key leaked internal note is unusually direct.

It says:

  • SOMALGET is “a family of collection systems”
  • it forwards full-take metadata in real time
  • it buffers full-take audio for nominally 30 days
  • and it allows audio to be selected after the fact, near real time or up to 30 days later

That matters enormously.

Because it gives the program a precise public shape.

SOMALGET was not primarily defined by indefinite archival storage. It was defined by temporary but full-spectrum retention long enough to make later listening operationally useful.

Retrospective retrieval was the real breakthrough

The same internal note says the ability to select audio later was called “retrospective retrieval.”

That phrase matters because it reveals the system’s real logic.

Traditional targeted telephony surveillance assumes you identify the person first, then collect their calls. SOMALGET reversed that order.

It allowed the system to:

  • collect first,
  • suspect later,
  • and listen after suspicion emerged.

That is why the note calls retrospective retrieval powerful for target development and target discovery. It let analysts test or confirm ideas they only formed after a call had already happened.

Why metadata and audio had to be joined

This is the most important conceptual point in the entire page.

SOMALGET was not simply “store all audio.” The leaked explanation says retrospective retrieval was valuable because it let an analyst retrieve audio content and immediately validate tentative analytic conclusions derived from metadata.

That matters enormously.

Because the real innovation was the bridge between:

  • metadata, which suggests patterns
  • and audio, which can confirm meaning

That is the system’s core workflow: metadata first, voice second.

SOMALGET was part of MYSTIC, but not the same thing

The public record makes this distinction very clear.

A separate leaked MYSTIC slide says MYSTIC was an SSO program established in 2009 for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless and mobile communications. It says the overt purpose was legitimate commercial service for the telecoms themselves, while the covert mission was the provision of SIGINT.

That matters because MYSTIC was the larger architecture.

SOMALGET was one specialized capability inside it: the part that made buffered full-call audio and later replay possible.

Why the mobile-network architecture mattered

The MYSTIC slide is revealing in another way.

It says the systems were overtly installed on target networks. That matters because it suggests the collection environment was not merely ad hoc interception from outside.

It implies embedded access to the target telecom infrastructure itself.

That is a very different kind of capability from a narrow lawful intercept against a pre-identified selector. It is much closer to network-level strategic access.

And that is exactly why SOMALGET could operate against whole-network voice traffic.

The Washington Post captured the broader public meaning

The Washington Post’s March 2014 reporting did not name SOMALGET yet, but it described the wider voice-interception capability later tied to the same ecosystem.

It said the NSA had built a system capable of recording 100 percent of a foreign country’s telephone calls, storing them in a 30-day rolling buffer and allowing users to retrieve “audio of interest that was not tasked at the time of the original call.” A senior manager reportedly compared the system to a “time machine.”

That matters because it gives the public-language equivalent of the internal phrase “retrospective retrieval.”

The machine stored the recent past long enough to be searched after it became interesting.

Why the “time machine” phrase stuck

The phrase stuck because it captured the political shock of the disclosure.

Many surveillance debates are about the breadth of collection. SOMALGET and the broader MYSTIC/RETRO reporting changed the debate by emphasizing time.

The key revelation was not merely that many calls were collected. It was that the intelligence system could revisit them after the fact.

That matters because it shifts surveillance from a live interception model to a rolling memory model.

The 30-day figure needs to be read carefully

The leaked internal note says the audio was buffered for nominally 30 days. But it also adds an important caveat: the actual storage period varied depending on space, power, and observed activity levels.

That matters because the “30 days” figure is a useful headline, but not a perfectly fixed engineering truth.

The broader point is stronger: the system was designed to keep full audio long enough to make retrospective use feasible.

Whether the exact duration drifted slightly does not change that core fact.

SOMALGET was designed for whole-network deployment

The leaked document is also clear on scale.

It says that when deployed against entire networks, as SOMALGET was, the back-end database and processing required for interactive search and retrieval demanded enterprise-class data warehousing and high-performance processing to manage the volume captured.

That matters enormously.

Because it shows that SOMALGET was not a boutique wiretap.

It was an industrialized capability. The architecture presumed massive ingestion and serious computational support.

The Bahamas became the clearest public example

The most specific public case is the Bahamas.

The leaked SOMALGET note says that access to Bahamian GSM communications led to the discovery of international narcotics traffickers and special-interest alien smugglers. It adds that analysts were able to use target behavioral patterns to understand activities even when relevant contacts occurred before the targets had been discovered.

That matters because it shows the operational payoff the system was designed to produce.

Not simply monitoring known suspects, but discovering targets retrospectively from the trace they had already left in the buffered system.

Why the Bahamas example matters so much

The Bahamas case matters because it makes the abstract workflow concrete.

It shows how analysts could:

  • observe metadata behavior patterns,
  • identify likely suspicious activity,
  • then retrieve the buffered audio of prior calls to validate the lead

That is the operational meaning of retrospective retrieval.

It is also why the public disclosure was so politically explosive. The system did not depend on advance individualized suspicion in the ordinary sense.

The public record points to at least two current SOMALGET accesses

The same leaked note says that, at the time it was written, analysts had already made major breakthroughs in the two countries where SOMALGET accesses currently existed — one redacted and the Bahamas.

That matters because it tells us the Bahamas was not the sole deployment at that moment.

But it also forces caution.

The primary leaked note publicly visible today redacts one of those countries. Later reporting and advocacy summaries made additional claims about other countries, but the clearest primary-document wording preserves that partial uncertainty.

That is the right way to state it.

A separate leaked SSO MYSTIC charts PDF adds another useful detail.

It identifies US-3310A1/A2 / BASECOAT (Bahamas) and ties it to MYSTIC reporting. That matters because it gives the Bahamas operation a site-level label inside the broader architecture.

This is useful historically because it shows how the public record moved from:

  • broad claims about whole-country call buffering to
  • named site identifiers within the larger MYSTIC environment

That makes the Bahamas example more than rumor. It becomes a mapped node in the leaked archive.

SOMALGET blurred the line between discovery and collection

The internal note says the system supported both:

  • target development
  • and target discovery

That distinction matters.

Target development means learning more about a person or selector already under scrutiny. Target discovery means finding new targets by looking for behaviors characteristic of the target set, whether or not those selectors were previously known.

That is a very different intelligence posture from ordinary targeted surveillance. It is much more exploratory.

And SOMALGET’s buffered audio made that exploration much more powerful.

The XKEYSCORE analogy is one of the most revealing lines

Near the end of the leaked note, the authors argue in favor of a telephony collection methodology that “may be viewed as analogous to XKEYSCORE.”

That matters because it reveals how insiders themselves were thinking about the system.

The analogy is not exact. But the logic is familiar: buffer broad data first, then search and retrieve specific material later once an analyst has enough reason.

That is one of the clearest reasons SOMALGET matters historically. It shows the XKEYSCORE-style logic moving into the telephony-content world.

Why this was different from the Section 215 domestic metadata program

This distinction is crucial.

Official U.S. government material on the Section 215 bulk telephony metadata program said plainly that it did not include the private content of any person’s telephone calls, only technical data such as numbers dialed and time and duration. That official clarification matters because it shows how different SOMALGET was.

SOMALGET’s defining feature was exactly what Section 215 excluded: voice content.

So even though both programs involved telephony and bulk methods, they should not be collapsed into the same category.

Why the metadata-content distinction matters so much

Metadata is powerful. But content is different.

Metadata can reveal:

  • networks,
  • patterns,
  • frequency,
  • timing,
  • and some behavioral structure.

Buffered call audio can reveal:

  • identity confirmation,
  • language,
  • intent,
  • relationships,
  • tone,
  • and actionable detail

That matters because SOMALGET crossed the line from structural telephony knowledge into replayable human conversation.

That is why it occupies a more controversial place in the Snowden archive than a mere records program would.

The system also points to a shift in surveillance philosophy

SOMALGET suggests a broader shift away from a purely “collect only what is already selected” philosophy.

Instead, it reflects a logic of:

  • collect a broad temporary universe,
  • keep it just long enough,
  • and allow analysts to decide later which pieces deserve attention

That matters because it changes the meaning of bulk telephony collection.

The point is no longer only to monitor the present. The point is to build a brief but searchable past.

Why the public record is still incomplete

For all that the leaked note reveals, there are still hard limits to what can be said.

The public record does not fully establish:

  • the total number of SOMALGET deployments,
  • the complete country list,
  • the full retention practices for audio clips selected out of the rolling buffer,
  • or the exact later evolution of the system after the 2014 disclosures

That matters because the page should be precise.

SOMALGET is well documented in outline. It is not completely documented in scope.

Why this belongs in the NSA section

A reader could place SOMALGET under:

  • telephony surveillance,
  • MYSTIC,
  • bulk collection,
  • or Snowden-era foreign surveillance.

That would all make sense.

But it also belongs squarely in declassified / nsa.

Why?

Because SOMALGET reveals something central about NSA history: the agency’s telephony capabilities abroad were not limited to routing records or targeted live taps. They included the capacity, at least in some deployments, to buffer and later replay large volumes of whole-network call audio.

That is core NSA history.

Why it matters in this encyclopedia

This entry matters because SOMALGET Full-Call Audio Retention Program explains one of the starkest surveillance ideas disclosed in the Snowden archive.

It is not only:

  • a telephony page,
  • a metadata page,
  • or a Bahamas page.

It is also:

  • a workflow page,
  • a retrospective-listening page,
  • a temporary-memory page,
  • a metadata-to-content page,
  • and a cornerstone entry for understanding how overseas bulk telephony collection moved beyond call records into buffered voice access.

That makes it indispensable.

Frequently asked questions

What was SOMALGET?

SOMALGET was a family of collection systems that forwarded full-take telephony metadata in real time and buffered full-take audio for a nominal 30-day period.

Was SOMALGET the same thing as MYSTIC?

No. MYSTIC was the broader embedded mobile-network collection architecture. SOMALGET was one capability within that environment, focused on buffered audio and retrospective retrieval.

What is “retrospective retrieval”?

It was the ability to retrieve and listen to call audio after the call had already happened — either near real time or up to around 30 days later — based on later-developed analytic suspicion or metadata findings.

Was SOMALGET only a metadata program?

No. That is exactly the point. Its defining feature was access to buffered call audio, not just call records.

How was SOMALGET different from the Section 215 domestic phone-records program?

Official U.S. material said the Section 215 telephony metadata program did not include call content. SOMALGET’s key feature was the temporary retention of call content.

What country is most clearly linked to SOMALGET in the public record?

The Bahamas. The leaked SOMALGET note explicitly discusses Bahamian GSM access, and other leaked MYSTIC charts identify a Bahamas site under the codename BASECOAT.

Did SOMALGET store audio forever?

The strongest leaked document describes a nominal 30-day buffer, not permanent universal storage. But selected clips could still be pulled, processed, and in some cases moved onward for longer-term handling.

Why is SOMALGET historically important?

Because it revealed a model of surveillance in which an intelligence agency could temporarily retain virtually all call audio on a foreign network and decide later which conversations to hear.

Suggested internal linking anchors

  • SOMALGET full-call audio retention program
  • SOMALGET NSA history
  • SOMALGET MYSTIC relationship
  • SOMALGET retrospective retrieval
  • SOMALGET full-take audio 30 days
  • SOMALGET Bahamas GSM access
  • SOMALGET metadata-to-audio workflow
  • SOMALGET declassified history

References

  1. https://www.eff.org/files/2014/05/21/20140519-intercept-somalget.pdf
  2. https://www.eff.org/files/2014/05/21/20140519-intercept-mystic.pdf
  3. https://www.eff.org/files/2014/05/21/20140519-intercept-sso_mystic_charts.pdf
  4. https://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html
  5. https://www.brennancenter.org/sites/default/files/publications/Overseas_Surveillance_in_an_Interconnected_World.pdf
  6. https://epic.org/wp-content/uploads/2021/12/Obama-administration-white-paper-on-NSA-surveillance-oversight.pdf
  7. https://pace.coe.int/en/files/21583/html
  8. https://www.amnestyusa.org/wp-content/uploads/2017/04/ai-pi_two_years_on_from_snowden_final_final_clean.pdf
  9. https://www.statewatch.org/news/2014/may/usa-nsa-data-surveillance-data-pirates-of-the-caribbean-the-nsa-is-recording-every-cell-phone-call-in-the-bahamas/
  10. https://www.accessnow.org/nsa-gone-wild-in-the-bahamas-mexico-kenya-the-philippines-and-more/
  11. https://abcnews.go.com/blogs/headlines/2014/05/ah-bahamas-sun-sand-and-the-nsa-recording-your-cell-calls
  12. https://www.tribune242.com/news/2015/apr/16/us-agrees-stick-law-use-surveillance/
  13. https://www.pbs.org/newshour/world/report-nsa-system-capable-recording-entire-countrys-phone-calls
  14. https://www.reuters.com/article/technology/u-s-nsa-records-all-calls-in-targeted-foreign-nation-report-idUSL2N0MF1RH/

Editorial note

This entry treats SOMALGET as a memory system, not just a collection system. That is the right way to read it.

What made SOMALGET historically important was not simply that it collected telephony content. It was that it buffered that content long enough to change the order of surveillance itself. Under this model, suspicion did not always have to come first. Analysts could see patterns in metadata, form a hypothesis, and then go back into the recent past to hear the calls that might confirm it. That turns a foreign mobile network into something more than a live tap. It becomes a temporary archive of voices — searchable just long enough to make late suspicion operationally useful.