XKeyscore

The Guardian: NSA’s XKeyscore program has nearly limitless access to all Internet activity

The Guardian has detailed new revelations from NSA-leaker Edward Snowden about a program known as XKeyscore that has been described as the agency’s “widest-ranging” tool for online data collection.

PowerPoint training materials obtained by The Guardian show how analysts could use the system to mine sprawling agency databases consisting of a vast reservoir of data. At least 41 billion records were collected and stored in a single 30-day period in 2012, according to the report, which also says XKeyscore collects more than 20 terabytes of information daily, including emails, chats, social media interactions, and even browsing histories—all in real-time.

XKeyscorewww.guardian.co.uk
Searching emails was as easy as filling in a search field.

For example, with little more than an email address, the agency would be able to search “every email address seen in a session by both username and domain,” “every phone number seen in a session (eg address book entries or signature block)”, and “the webmail and chat activity to include username, buddy list, machine specific cookies etc.”

The PowerPoint documents also reveal that agents would have the ability to search through any individual’s email as long as they had an address. This would include “searches within bodies of emails, webpages and documents,” including “To, From, CC, BCC lines” and even the “Contact Us” pages on websites.

This adds validity to Snowden’s often disregarded claim that “I, sitting at my desk could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.”

Far beyond email

XKeyscorewww.guardian.co.uk
A simple search field for finding Facebook communicaitons.

Beyond email, the technology would give the NSA the ability to rummage through social media activity. For example, authorities would have the ability to monitor Facebook chats by simply searching a Facebook user name and a date range into a simple search screen.

US authorities claim that no warrant is needed to intercept communications of non-US Citizens or if the communication is between an American and a foreign target. However, according to the report, analysts had—in the least—the technological ability to access any information from US persons, provided they had some identifying information such as an email or IP address without prior authorization.

Snowden’s leaks were hardly the first allegations of mass electronic surveillance, however the Prism leaks, along with these latest allegations, show how monitoring of the virutal world are far more extensive than most people could possibly imagine.

Subscribe to the Security Watch Newsletter

Comments