It’s been a rough couple of weeks for the National Security Agency. Early this month, a federal appeals court ruled that the bulk collection of metadata by the NSA is not, in fact, authorized by the infamous Section 215 of USA Patriot Act. U.S. Circuit Judge Gerard Lynch called the extent of the NSA’s metadata program “staggering” and “an unprecedented contraction of the privacy expectations of all Americans.”
Section 215, which the NSA has cited to justify its spying programs, is set to expire by a sunset provision at midnight on June 1, but the second bit of bad news for the agency came this week when the Department of Justice ordered the metadata program shut down by Friday if Congress takes no further action to renew the provision.
Combined with the passing of the dubious USA Freedom Act (which looks like it should end NSA spying but doesn’t really), it would seem as if the surveillance state former NSA contractor Edward Snowden warned about was finally coming to an end.
And while it does appear increasingly likely that Section 215 will not be renewed by Congress, the scope of NSA activities this change will affect is smaller than you might think. The bulk collection of phone metadata is certainly one of the larger spying operations conducted by the agency, but many activities not cited by Section 215 will remain in place, continuing to breach even the most conservative definition of privacy.
1) XKeyscore: The NSA can see your entire Web history
What the metadata program actually does is rather limited compared to the XKeyscore program. According to the Electronic Frontier Foundation, metadata can reveal “your political and religious affiliations, your friends and relationships, even whether you have a health condition or own guns,” all by analyzing your phone’s location and who you’ve been calling or texting.
While that might sound terrifying, XKeyscore encompasses even more data than that—and on a much larger scale.
According to slides Snowden leaked to the Guardian’s Glenn Greenwald, XKeyscore covers “nearly anything a typical user does on the Internet.” The program allows NSA agents to look through the Web browser history, email, chatroom records, and social media activity of any American or foreigner targeted by the agency.
As Snowden himself explained, the program allows any agent to track the complete Internet activity of anyone “from you or your accountant, to a federal judge or even the president” using just a personal email address.
2) Federal agents can view your financial history at will
While all banks and credit unions must report suspicious activity to the Treasury Department’s Financial Crimes Enforcement Network (or FinCEN), it used to require a case-by-case justification by a court for agencies like the NSA or the Central Intelligence Agency to review any particular individuals bank records.
However, starting in 2013, the Obama administration began creating a system that automatically reports even inconspicuous financial activity to a massive database available to government spies. While originally intended to bust money launderers, the program is “justified” for any combination of uses—from apprehending terrorists or thwarting cyberattacks.
Despite these good intentions, the wholesale access to millions of Americans’ bank account information is a a breach of privacy that is not going anywhere anytime soon.
3) The NSA can open your mail and hack anything it finds
According to Germany’s Der Spiegel, the NSA’s largest unit of hackers is the Tailored Access Operations (TAO) unit, a group Gizmodo characterizes as “premier hacking ninja squad.” The TAO is primarily interested in opening up devices to make spying easier and less noticeable.
One of the ways this is conducted, according to the Snowden leaks, is by intercepting packages in the mail that contain storage devices and implanting a backdoor or bug into them. Typically, NSA activities are hidden by the shadowy nature of the digital world, and intercepting real packages in the real world feels somehow even creepier than watching a person’s entire internet history.
4) Telescreens: The NSA and its British friends watch people through webcams
One of the creepier programs that will stick around—no matter what Congress does this week—is the NSA’s ability to turn on the webcams of unsuspecting users and record their actions. Last year, a report from the Guardian alleged that the NSA helped its British counterpart, the GCHQ, spy on thousands of Yahoo users through their webcams between 2008 and 2012, capturing even explicit sexual content.
The program incited outrage from tech companies and lawmakers, with a group of five senators terming it “a breathtaking lack of respect for the privacy and civil liberties of law-abiding citizens.” Republican presidential candidate and outspoken NSA critic Sen. Rand Paul (R-Ky.) even campaigned on the program, selling an “NSA Spy Cam Blocker” branded with his Paul 2016 logo.
5) The NSA can access your computer even if it’s offline
Typically, you’d imagine a computer disconnected from the Internet were no different than some other appliance in your home, no more susceptible to NSA surveillance than your toaster.
But according to the New York Times, the NSA has devised a rather peculiar trick to analyze the content of offline computers using radio waves. Dubbed Quantum, the program relies on “a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers.” Those radio waves are then analyzed by a relay station that could be miles from the target.
While the program has reportedly never been put into practice at home (though used on Russian, Chinese, and Iranian computers), it’s yet more proof the NSA will obtain any information it needs no matter the practical or legal roadblocks.
6) The NSA’s World of Spycraft
The NSA is not limited to the realms of reality. In 2013, the Internet had a field day when the New York Times and ProPublica reported that the NSA had taken a particular interest in online gaming, spying on gamers through World of Warcraft, Second Life, and Xbox Live. Security experts have long worried such digital playgrounds could be used as cover for terrorists to plan attacks, but one is left to wonder if certain NSA employees just wanted an excuse to level their Draenei Hunter through Northrend while on the clock.
Pete Singer of the Brookings Institution was likewise skeptical of the usefulness of the program, telling the Times: “There are far more effective and easier ways [to plan a terrorist attack] than putting on a troll avatar.”
7) Hacking the apps on your smartphone
Just this week, amid the plausible death of Section 215, the latest attempt by the NSA to spy on everyday Americans was publicized by Glenn Greenwald’s the Intercept. According to the site, the NSA attempted to work with five other countries to surreptitiously open backdoors into smartphones by hacking apps on the Google Play Store. The governments of the U.S., Canada, the United Kingdom, New Zealand, and Australia used the previously mentioned XKeyscore system to find what phones were accessing which apps and install “man-in-the-middle” exploits that would allow spyware to be installed on a smartphone without the owner’s knowledge.
Operations like the one against the Play Store were never held against the NSA’s reliance on Section 215 for justification. In fact, most of these programs have been met with little to no comment at all from the NSA or the Obama administration entirely.
As I’ve previously written, the core existential structure of the NSA as an agency has been built around the mass collection of data from American citizens for decades. They’ve built the largest datacenter in the nation and have no intention of pulling it down simply because Congress failed to save them. NSA spying in one form or another is the new normal until it’s directly approached by legislation or courts, not passively by deadlines and inaction.
Gillian Branstetter is a social commentator with a focus on the intersection of technology, security, and politics. Her work has appeared in the Washington Post, Business Insider, Salon, the Week, and xoJane. She attended Pennsylvania State University. Follow her on Twitter @GillBranstetter.
Photo via Ecotrust Canada/Flickr (CC BY 2.0) | Remix by Max Fleishman