XKEYSCORE is a secret NSA program that indexes data slurped up from covert fiber-taps, hacked systems, and smartphones, including “full take” data and metadata.
XKEYSCORE has been known since last July, when Glenn Greenwald disclosed its existence in a blockbuster Guardian article.
In a thorough, fascinating followup published in the Intercept, Greenwald and colleagues present a detailed look at the system as it stood in 2013, when it consolidated data from 150 field sites. The service uses your Google cookies and cookies from other services to link your activities across multiple sites and forums, making it possible to search for individual users who use different online identities for different purposes.
In its internal documents, the NSA describes how XKEYSCORE is used to spy on world leaders, including the UN General Secretary Ban Ki-moon, whose briefings prior to a meeting with Barack Obama were intercepted and analyzed.
The writers have promised more details on XKEYSCORE shortly.
Screenshots of the XKEYSCORE web-based user interface included in slides show that analysts see a prominent warning message: “This system is audited for USSID 18 and Human Rights Act compliance.” When analysts log in to the system, they see a more detailed message warning that “an audit trail has been established and will be searched” in response to HRA complaints, and as part of the USSID 18 and USSID 9 audit process.
Because the XKEYSCORE system does not appear to prevent analysts from making queries that would be in violation of these rules, Opsahl concludes that “there’s a tremendous amount of power being placed in the hands of analysts.” And while those analysts may be subject to audits, “at least in the short term they can still obtain information that they shouldn’t have.”
During a symposium in January 2015 hosted at Harvard University, Edward Snowden, who spoke via video call, said that NSA analysts are “completely free from any meaningful oversight.” Speaking about the people who audit NSA systems like XKEYSCORE for USSID 18 compliance, he said, “The majority of the people who are doing the auditing are the friends of the analysts. They work in the same office. They’re not full-time auditors, they’re guys who have other duties assigned. There are a few traveling auditors who go around and look at the things that are out there, but really it’s not robust.”
XKEYSCORE: NSA’s Google for the World’s Private Communications [Morgan Marquis-Boire, Glenn Greenwald, and Micah Lee/The Intercept]