XKeyScore —How the NSA Can See Everything You Do Online
A slide from the latest leaked NSA document, describing a massive surveillance tool called XKeyScore.
CREDIT: The Guardian
Britain's Guardian newspaper has published yet another document supposedly leaked from the National Security Agency by former NSA contractor Edward Snowden.
And, boy, is it a doozy.
The document — a PowerPoint-style presentation — describes a program called XKeyScore that NSA analysts can use to search virtually all electronic communication in the U.S. and worldwide.
As the Guardian's Glen Greenwald points out, the existence of XKeyScore appears to confirm that the NSA is able to search through the emails, online conversations, browser histories and other online communications of billions of foreigners (non-U.S. persons) without a warrant.
MORE: See also: Can You Hide Anything from the NSA?
Using XKeyScore, analysts can query this enormous database by searching with an email address, a phone number, a website URL, a social media account or an IP address.
One example of XKeyScore's possible usage as outlined in the documents is to gather the IP addresses of anyone who visits a certain website.
The analysts do not need to get a warrant before querying XKeyScore. Instead, when outlining the parameters of their searches, analysts are asked to fill in a little field marked "justification." This justification is not reviewed before the search is processed.
To be clear, the NSA is not supposed to perform any kind of surveillance on U.S. persons and there's no evidence that they do. There's a huge difference between surveilling a U.S. person, which is not permitted, and surveilling a foreigner, which U.S. law permits and international law only vaguely addresses. XKeyScore seems to be used to surveil foreigners. However, any data on a U.S. person gathered "accidentally" as part of investigating a non-U.S. person can be used in an investigation.
Apparently this program is what Snowden was referring to when he said on June 10 that "I, sitting at my desk, could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email."
With XKeyScore, the NSA has access to databases of information so vast that their own systems — XKeyScore consists of 700 servers across 150 sites worldwide — can't support it. So XKeyScore has an important caveat: it can only store this information for up to three to five days.
Analysts are allowed to move any data they deem important to other bases, including one named Pinwale, where it can be stored for up to five years.
Additionally, it's already been revealed that the NSA works with corporations such as Microsoft and Verizon to gain access to conversation data, so it's likely they can still acquire data after it's been deleted from the XKeyScore servers.
The XkeyScore documents detail an extensive and worldwide surveillance program. However, it's important to note that XKeyScore doesn't appear to be breaking any laws. It may bend them, and it may give analysts a shocking amount of leeway, but there's nothing inherently illegal about the program.
This newest leak's timing is uncanny: four government officials related to surveillance are on the Senate floor today (July 31) to answer questions about the NSA's programs and how they are used.
The newest leaked document can be found on the Guardian's website.