Glenn Greenwald, over at The Guardian, has just released screenshots of an NSA app called XKeyscore. This latest leak provides some insight into tools used by the NSA in their domestic spying program. According to the screenshots from an NSA training slide deck, analysts can search by email address, IP address, telephone number, keywords, language, and browser in use. As one slide points out, pretty much anything an average internet user does is done via http, so naturally that's what the NSA is interested in.
Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets. But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
As one slide indicates, the ability to search HTTP activity by keyword permits the analyst access to what the NSA calls "nearly everything a typical user does on the internet."
Can you imagine having this much information at your fingertips?
Update: In addition to being able to search by email address, IP address, telephone number, keywords, language, and browser in use, it is now known that XKeyscore can run a search for exploitable computers and determine who VPN connections belong to.
Ars Technica is reporting:
This capability essentially turns X-Keyscore into a sort of passive port scanner, watching for network behaviors from systems that match the profiles of systems for which the NSA’s TSO has exploits constructed, or for systems that have already been exploited by other malware that the TSO can leverage. This could allow the NSA to search broadly for systems within countries such as China or Iran by watching for the network traffic that comes from them through national firewalls, at which point the NSA could exploit those machines to have a presence within those networks.
Other slides in the set of documents explain how X-Keyscore could be used to track down VPN sessions and determine who they belong to from selected countries. The program could also be used to capture metadata on the use of PGP encryptions in e-mails and encrypted Word documents for later decryption. While X-Keyscore keeps a "buffer" of all the Internet traffic it traps at its tap locations for about three days, metadata on traffic can be kept for up to 30 days, allowing the NSA to trace and store information on who created documents passing across the Internet. "No other system performs this on raw unselected bulk traffic," the document states—implying that searches can be made across traffic that hasn't been specifically tagged for monitoring.
While the NSA maintains that they only use this functionality when they are allowed to, there is a great deal of concern right now over what constitutes "being allowed."