Newly exposed NSA tool, XKeyscore, sees ‘nearly everything we do online’


The only thing US surveillance needs to read the contents of your email, with no prior authorization whatsoever, is your email address.

The only thing US surveillance needs to read your private Facebook chat or private messages is your user name and a date range.

In fact, according to newly revealed documents given to The Guardian by Edward Snowden, one program, called XKeyscore, enables the National Security Agency (NSA) to see “nearly everything a user does on the internet”.

The NSA’s training materials boast about XKeyscore being its “widest-reaching” system for squeezing intelligence from the internet, The Guardian reported on Wednesday.

On that same day, senior US intelligence officials testified to the Senate judiciary committee amidst the raging debate over mass surveillance.

The Guardian once again turned to documents revealed by whistleblower Edward Snowden to detail XKeyscore.

Those documents depict how XKeyscore allows NSA analysts to search, with no prior authorization, through vast databases of emails, online chats and browsing histories of millions of individuals.

In early June, The Guardian had revealed that the NSA collects telephone records of millions of Verizon’s US customers under a top-secret order issued on April 25 by the secret Foreign Intelligence Surveillance Court (FISA) to the Federal Bureau of Investigation (FBI).

In alerting the media regarding the phone records collection, amidst other things, Snowden in early June had made statements—published by The Guardian in this video interview—that initially sparked controversy but which have now been illuminated by the newly revealed documents.

To wit:

"Any analyst at any time can target anyone [depending on an agent's authorities]... I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email".

At the time, US officials vehemently denied that claim.

Mike Rogers, the Republican chairman of the House intelligence committee, said this of Snowden’s assertion:

"He's lying. It's impossible for him to do what he was saying he could do."

The Guardian’s account of the Xkeyscore program, if it bears out, would prove that Snowden most certainly was not lying.

While US law requires the NSA to obtain a Fisa warrant to target a “US person”, no such warrant is necessary for intercepting communications between Americans and foreign surveillance targets.

But regardless of legal authority, Xkeyscore puts a dead simple interface in front of analysts that gives them the technology to enable the type of wiretapping Snowden describes, if not the legal authority.

The only thing the analysts needs, The Guardian reports, is identifying information such as an email address or an IP address.

Beyond email or IP address, the documents show that intelligence analysts can search by name, telephone number, keywords, the language in which the internet activity was conducted, or the type of browser used.

The Guardian describes one slide from a 2012 document entitled “plug-ins” that details the various fields of information that can be searched.

From The Guardian:

[The slide] includes 'every email address seen in a session by both username and domain', 'every phone number seen in a session (eg address book entries or signature block)' and user activity – 'the webmail and chat activity to include username, buddylist, machine specific cookies etc'."

The program can search within email bodies, webpages and documents, including the “To, From, CC, BCC lines” and the ‘Contact Us’ pages on websites”.

Beyond email, analysts can search HTTP activity by keyword, which gives its analysts what the NSA calls “nearly everything a typical user does on the internet”, whether it’s searching terms on Wikipedia, interacting on Facebook or Twitter, or reading the news on CNN.

The amounts of data collected by the NSA with this program is “staggeringly large”, The Guardian says.

In fact, XKeyscore is continually engorged by ongoing data collection to such an extent that it can only be stored for a brief time: three to five days, with metadata staying around for 30 days. The documents claim that at some sites, the amount of data collected per day—20+ terabytes—can only be stored for as little as 24 hours.

One slide shows the agency’s method for handling it all: a multitiered system of four separate programs, with one each dedicated to storing metadata, “content selected from dictionary tasked items,” user activity metadata, and “unique data from beyond user activity from front end full take feeds”.

It is this last subset that is by far the largest, and it is stored in XKeyscore. The Guardian reports that in 2012, there were at least 41 billion total records collected and stored in XKeyscore for a single 30-day period.

In response to revelations about XKeyscore, the NSA told The Guardian that its activities are “focused and specifically deployed against—and only against—legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests.”

Its statement continues:

"XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system.

"Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks … In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring."

"Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.

"These types of programs allow us to collect the information that enables us to perform our missions successfully – to defend the nation and to protect US and allied troops abroad."

Snowden, when interviewed by The Guardian in June, portrayed those limitations and that oversight as, basically, window dressing.

He said:

"It's very rare to be questioned on our searches... and even when we are, it's usually along the lines of: 'let's bulk up the justification'."

What do you think?

Are we sick of PRISM yet, or do we still have room for outrage?

UPDATE: Criticism has immediately greeted the XKeyscore revelations.

Writing for The Week, US journalist Marc Ambinder claims that The Guardian’s Glenn Greenwald misunderstood the function and the power of the tool.

Ambinder says XKeyscore is not top-secret, though collection of bulk data is perhaps classified.

Furthermore, he says, XKeyscore is not used for surveillance, and is, rather, simply a search tool for NSA databases that hold data collected through other means.

He writes:

I quibble with the Guardian's description of the program as "TOP SECRET." The word is not secret; its association with the NSA is not secret; that the NSA collects bulk data on foreign targets is, well, probably classified, but at the SECRET level. Certainly, work product associated with XKEYSCORE is Top Secret with several added caveats. Just as the Guardian might be accused of over-hyping the clear and present danger associated with this particular program, critics will reflexively overstate the harm that its disclosure would reasonably produce.

The NSA, for its part, has put out an unsurprisingly “nothing to see here, folks” press release about XKeyscore.

Some commenters are deeming Snowden hyperbolic.

Others have put out a potentially helpful guide (or opinionated spin, depending on your take) to translating the NSA’s legalistic declarations.

If there really is nothing to see here, folks, my apologies for swallowing The Guardian’s interpretation of XKeyscore.

Your thoughts, as always, are welcome in the comments below.

Image of Email icon in opened envelope courtesy of Shutterstock.