Edward Snowden dropped maybe his biggest bombshell yet today, by pulling back the curtain on the NSA's XKeyscore system, which the agency's training documents boast can collect "nearly everything a typical user does on the Internet." That includes everything from the contents of emails and Facebook messages to web browsing and search histories, Glenn Greenwald writes in the Guardian. The training slides detail how any analyst can garner such data by filling out a simple form that isn't reviewed by any court—there are even drop-down menus from which to select a justification.
This can be done with almost any identifying information, be it email address, IP address, phone number, or even browser type. This range of options is necessary, the training documents explain, because "a large amount of time spent on the web is performing actions that are anonymous." The searches are all performed on the XKeyscore database, which hoovers up unfathomable quantities of data—some sites send more than 20 terabytes to it every day. More tidbits from the report:
- This explains Snowden's claim that he could spy on President Obama himself if he had the right email address—the system provides analysts with the technical ability to do that.
- Of course, it's not legal for the NSA to use this to spy on domestic American communications, but it's technically possible, and searches are almost never questioned, Snowden says. "And even when we are, it's usually along the lines of: 'let's bulk up the justification.'"
- While most of the data in the XKeyscore database is deleted after only a few days—or in some cases as little as 24-hours—anything analysts deem "interesting" can be shifted to another database and saved for up to five years.
- This isn't the first the public has heard of XKeyscore. Germany is reportedly using it as well.