One of the slides from the 2008 presentation on the NSA's XKeyscore tool, as leaked by Edward Snowden (Source: NSA)
In another revelation caused by intelligence analyst Edward Snowden's leaks to journalist Glenn Greenwald, the Guardian reports on a tool the National Security Agency developed to collect almost all user activity on the Internet, all without a court order of any kind, called XKeyscore:
XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
This tool backs up Snowden's earlier claims that he could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email" address. One example of XKeyscore's power is the ability to read emails, just by using the personal email address:
To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
The analyst then selects which of those returned emails they want to read by opening them in NSA reading software.
The Guardian later released a full slideshow discussing the tool from 2008, which showed that the NSA could even check a user's history on Google Maps using XKeyscore. While the sheer amount of data makes it impossible to store everything from long periods of time, XKeyscore makes up for this by allowing NSA agents to transfer the data to more permanent agency databases. The agency claims the service has been responsible for the capture of 300 terrorists by 2008 through XKeyscore, though to what extent they mean by that remains vague.
Of those 900-odd requests, which spanned 1,319 individual accounts, 67 percent of them were at least partially fulfilled by Twitter. Around 56 percent of those requests came in the form of subpoenas (which do not require a judge’s sign-off and request things like the email address associated with an account and IP logs), 23 percent from search warrants and around 11 percent as a result of court orders (which do require a judge’s signature).
While the government has tried to make up for the trouble by releasing previously classified information regarding a secret court order on phone records from Verizon, it comes as bit of a weak bone to throw at everyone. Still, these revelations make it increasingly apparent that the government is intent on gathering whatever data people have for increasingly vague purposes. This does not bode well for anyone.