In early June, former NSA contractor Edward Snowden revealed PRISM to the world. The secret NSA program allows the agency to collect communications from major tech companies. Various programs revealed since then have all been about streamlining that data collection. The latest leak, however, shows that the NSA has far more power than previously thought.
The Guardian reports today that it has obtained slides that detail a NSA program called XKeyscore. The program, much like PRISM, allows the agency to collect the Internet communications of foreign and domestic targets. What makes this latest leak so worrisome, however, is that it seems to be held to even less oversight than the other surveillance programs.
Before we get into that, let's take a look at what XKeyscore is. According to training documents obtained by The Guardian, the NSA says XKeyscore can snoop on "nearly everything a typical user does on the Internet." It does this through a collection of 700 servers around the world that pick up pretty much everything anybody does online. Analysts can then enter something as simple as an email address or an IP address, and be looking through everything the NSA has on that person.
So, what kind of information can XKeyscore pick up? Through the use of plug-ins, NSA analysts can obtain the following information:
In the above document, you see that XKeyscore really can see everything you do online. It picks up every email address, every file, every Web site and even every online chat a target engages in during an online session. The analyst can then go through these files one by one looking for specific information. In fact, the documents show that it's as simple as looking through emails for a subject line.
Another tool revealed in the leak is called the DNI Presenter. It allows an analyst to read through Facebook chats or private messages using XKeyscore. All they have to do is enter the Facebook user name and a date range to see every message and chat during that time.
The NSA can also search for people based on search terms entered into specific Web sites. The example shows how an analyst could search for anybody looking for "Musharraf" on BBC. It's pretty obvious that it can also be used to look for those searching for specific keywords on Google, Bing or any other search engine.
All of this data collection has led to the NSA storing billions of "call events" in its database. A NSA report from 2007 said it had stored 850 billion "call events" and 150 billion Internet records, with one to two billion more records being added each day. The NSA can't hold all that data in one database so it separates the interesting data from the incidental data, and stores it in a separate server that can hold on to it for up to five years.
So, what kind of oversight is this program subject to? Well, the NSA isn't required to obtain a warrant from the FISA court to do searches of its database. In fact, the analyst can conduct searches on anybody as long as they know some identifying information.
In its defense, the NSA told The Guardian that its "activities are focused and specifically deployed against - and only against - legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests." The agency also said that "allegations of widespread, unchecked analyst access to NSA collection data are simply not true. ... In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring."
That all sounds well and good, but is XKeyscore actually effective? The NSA certainly seems to think so:
Others might not be as easily convinced.