The Latest Leak

Greenwald reports new details on a surveillance system known as XKeyscore, which, according to NSA PowerPoint slides, allows an analyst to search a user’s emails, chats, and browser history after obtaining an email, IP address, or enough metadata:

[T]raining materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA’s “widest reaching” system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers “nearly everything a typical user does on the internet”, including the content of emails, websites visited and searches, as well as their metadata.

As usual, Ambers provides a thorough walkthrough:

XKEYSCORE is not a thing that DOES collecting; it’s a series of user interfaces, back end databases, servers and software that selects certain types of metadata that the NSA has ALREADY collected using other methods. XKEYSCORE, as D.B. Grady and I reported in our book, is the worldwide base level database for such metadata. XKEYSCORE is useful because it gets the “front end full take feeds” from the various NSA collection points around the world and importantly, knows what to do with it to make it responsive to search queries. As the [NSA’s PowerPoint] presentation says, the stuff itself is collected by some entity called F6 and something else called FORNSAT and then something with the acronym SSO. …

I should probably refrain from being more specific. FORNSAT simply means “foreign satellite collection,” which refers to NSA tapping into satellites that process data used by other countries. And SSO — Special Source Operations — refers to the branch of NSA’s Signals Intelligence Division that taps cables, finds microwave paths, and otherwise collects data not generated by F6 or foreign satellites. Basically, everything else. The presentation suggests that the NSA collects internet traffic from 150 sites — specific facilities — worldwide.

Drum considers its implications for domestic surveillance “murky” so far:

Greenwald suggests that this validates Snowden’s statement in an earlier interview that “I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email.” But that’s not clear at all.

X-KEYSCORE appears to be a database search tool, not a real-time surveillance tool, nor does it appear to give anyone “authority” to wiretap a U.S. citizen. Rather, it hoovers up tremendous volumes of foreign communications, which can then be searched by NSA analysts. As Greenwald points out, there are known “compliance problems” with NSA’s surveillance programs, since communications by U.S. persons with foreign targets end up in the same database and can therefore end up on an analyst’s desktop. The NSA’s minimization procedures are supposed to prevent such “inadvertent” targeting of U.S. persons, but as Greenwald reported earlier, there are plenty of exceptions to this rule.

Charles Johnson is also skeptical of Glenn’s portrayal of the system:

Greenwald, searching for “warrant” immediately brings up the most important point, buried in the tenth paragraph under tons of exaggeration and hyperbole:

Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a ‘US person’, though no such warrant is required for intercepting the communications of Americans with foreign targets. But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.

That’s right — once again, Greenwald is not documenting any actual wrongdoing. It’s a very deliberate rhetorical trick he uses over and over — conflating the ability to do something with actually doing it, and glossing over the fact that there are very serious legal consequences in store for anyone who actually does abuse these systems.

Shane Harris wonders if the PowerPoint obtained by Snowden – which was created in 2008 – is overselling the capabilities of the actual system:

The proponents of a particular tool or program frequently create promotional materials like the XKeyscore presentation to encourage analysts to use their technology, and to promote interest among lawmakers who control the NSA’s budget. This was true of a slide presentation describing the PRISM system revealed earlier by the Guardian and the Washington Post, the official told Foreign Policy. It had “made the rounds” of intelligence agencies and offered exaggerated claims about PRISM’s capabilities, such that it was the biggest contributor of information to the president’s daily intelligence briefing. This official strongly disputed that PRISM was so extraordinary.

The XKeyscore presentation claims that “over 300 terrorists [were] captured using intelligence generated from” the tool. It also claims to be able to search more deeply in different data sets than other NSA data miners. But if there is more to be said about how precisely XKeyscore can do this, it’s either not in the document or is contained on the handful of slides that have been blacked out.

Derek Mead notes that at the very least, “the existence of the program contradicts claims by government officials that the NSA doesn’t have the capability to tap emails in real time”:

It’s not clear if the system is still in use, but the system’s scalability is yet another reason the NSA’s Utah data center is of concern. Also not clear is what legal checks the system has. The materials boast that an analyst can easily do a thorough search of an individual’s online history with a lone piece of identification—say an email, or an IP address. As Glenn Greenwald notes, the NSA is required to get a court order from the secret FISA court to spy on Americans, but regardless, XKeyscore appears to offer (or have offered) an incredible ability to access user data with little difficulty.