According to the Guardian, the NSA refers to XKeyscore as having access to “nearly everything a user does on the Internet.”
The U.S. National Security Agency’s self-proclaimed “widest-reaching” surveillance program allows the agency to search through Internet users’ emails, chats and browser histories without a warrant, the Guardian reported.
Through the Guardian, Snowden had previously revealed two of the agency’s spying operations. The first, known as PRISM, uses warrants obtained from a secret court to access Americans’ information from Facebook, Google and other Silicon Valley companies. The second, an international surveillance program called FAIRVIEW, taps into submarine cables to intercept online communications.
According to the Guardian, the NSA refers to XKeyscore as having access to “nearly everything a user does on the Internet.” Through XKeyscore, agents can query Internet users’ emails, browser histories and chats, often in real time.
It is unclear from the Guardian report how exactly the databases XKeyscore queries are compiled.
One possible contributor is the aforementioned FAIRVIEW program. According to former NSA senior executive turned whistleblower, Thomas Drake, FAIRVIEW’s focus is phone calls and messaging “from the main Internet backbone links.”
In the broadest sense, XKeyscore deals with what the NSA calls Data Network Intelligence (DNI), which refers to all intelligence obtained from computer networks.
A presentation published by the Guardian sheds light on how exactly agents use XKeyscore to exploit DNI.
In a slide titled “Finding Targets,” agents are told to “Look for anomalous events…E.g. Someone whose language is out of place for the region they are in. Someone who is using encryption. Someone searching the web for suspicious stuff.”
Once agents decide on a “target”, they go through a few simple drop-down menus to justify the surveillance. The fields include “Foreign Source ID,” where they select from options such as “this person has stated that he is located outside the U.S.” or “Phone number is registered in a country other than the U.S.”
By justifying that the target is outside of the U.S., the agency is able to circumvent many of the legal surveillance safeguards in place to protect American citizens. For example, to extract American’s information through the aforementioned PRISM program, the agency must obtain a warrant from the secretive Foreign Intelligence Surveillance Court. (FISC is itself criticized for issuing warrants too freely.) In the case of XKeyscore, agents need to fill out only only a small questionnaire before accessing Internet user data.
Snowden told the Guardian that, as a contractor for the NSA, he was authorized to use XKeyscore, suggesting that not only agents and NSA employees but also third party contractors have the ability to search through massive amounts of personal Internet information.
With regards to the PRISM program, 850,000 people–almost 1 in 200 adult, working Americans–were given access by the NSA to Internet users’ information.
The NSA’s willingness to share XKeyscore data was made apparent earlier this month. The German magazine Der Spiegel revealed that the agency gave German intelligence organizations access to XKeyscore. Whether or not they had access to the entire NSA database of Internet user activity is unclear.
According to the Guardian, agents can access Internet user data in real time, giving credence to one of Snowden’s statements made in an interview aired by the Guardian in early June: “I, sitting at my desk, [could] wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email,” he claimed.
Snowden’s accusation had previously been refuted by NSA officials.
Earlier in the week, Glenn Greenwald, the Guardian reporter who has worked with Snowden to leak the classified documents, challenged the agency to deny the claims under oath. Greenwald was apparently basing his assertions on the then-unpublished XKeyscore documents.
One of the NSA slides published by the Guardian, titled “Success stories,” claimed that, “Over 300 terrorists captured using intelligence gathered from XKeyscore.” The juxtaposition of this slide next to those explaining how to wiretap Internet users illustrates the tradeoff of privacy for security argued for by the Obama administration.
“I think it’s important to recognize that you can’t have 100 percent security and also then have 100 percent privacy,” President Obama said in June.
Illustration by Fernando Alfonso III