Details of the program are held in the highest tiers of secrecy, known as exceptionally controlled information, with only a few NSA staffers having access to the program and its data.
There were four known versions, according to a 2013 book, released just months before the first documents published from the cache of documents leaked by whistleblower Edward Snowden. Ragtime-A is said to involve the US-based collection of foreign-to-foreign counterterrorism data; Ragtime-B collects foreign government data that travels through the US; and Ragtime-C focuses on the nuclear counterproliferation effort.
The document seen by ZDNet, dated November 2011, shows the Ragtime program has eleven variants, including the four that were already known. The document alludes to Ragtime-BQ, F, N, PQ, S, and T.
The eleventh version refers to Ragtime-USP. "USP" is a common term used across the intelligence community to refer to "US person," like a US citizen or lawful permanent resident.
Americans are generally protected from government surveillance under the Fourth Amendment. A few exceptions exist, such as if the secretive Washington DC-based Foreign Intelligence Surveillance Court, which authorizes the government's spying activities, issues a warrant based on probable cause, such as if there is evidence of an American working for a foreign power.
Ragtime dates back to 2002, according to a previously-leaked document. The program forms part of a wider collection of systems and databases under the STELLARWIND umbrella of warrantless surveillance programs, launched under the authority of then-president George W. Bush in response to the September 11, 2001 terrorist attacks. After a series of leaks in 2008 detailing the scope and breadth of STELLARWIND's domestic collection capability, Congress limited the government's surveillance powers.
Changes to the law had an immediate impact on the Ragtime program. Although the government was barred from collecting new metadata on Americans under Ragtime-P, the NSA retained the data. Analysts with clearance were still permitted to search the database.
Only a fraction of NSA staffers have the appropriate security clearance to access Ragtime's databases. One previously leaked document says analysts must have special "need to know" clearance to access the data, and any information relating to Ragtime is restricted from being shared to foreign intelligence partners. The exception is Ragtime-C, which the new document implies a level of co-operation from the UK government.
The data stored in Ragtime's databases is so sensitive that their very existence is compartmentalized. The clearance level for each Ragtime version, according to the document, is "unpublished," in an effort to ensure that the programs themselves aren't widely known about across the agency.
The NSA said in internal security guidance that unpublished classification markings are set for some programs "due to sensitivity and restrictive access controls."
When reached, an NSA spokesperson declined to comment on Ragtime, or its purpose.
"In accordance with longstanding policy, the National Security Agency will neither confirm nor deny that any of the purported information referenced in the article has any connection to NSA or the US government," a spokesperson said. "The National Security Agency is focused on the protection of the United States, its citizens, and our allies through around-the-clock pursuit of valid foreign intelligence targets."
"The Foreign Intelligence Surveillance Act makes clear that, except in limited circumstances, NSA must obtain a court order, based on probable cause, from the Foreign Intelligence Surveillance Court to conduct electronic surveillance targeting a US person," the spokesperson added.
News of the leak comes just weeks before Congress has to pass reforms or a reauthorization of the US government's surveillance laws.
Lawmakers have until the end of the year to pass a bill to ensure powers under the Foreign Intelligence Surveillance Act are put back in the law books, or the NSA risks losing those powers at the end of the annual intelligence cycle. These are the same powers that authorized the controversial PRISM program, which collects data from servers of internet giants, the massive bulk collection of internet traffic, and the government's computer and network hacking powers.