海角大神

What is XKeyscore, and can it 'eavesdrop on everyone, everywhere'?

XKeyscore is apparently a tool the NSA uses to sift through massive amounts of data. Critics say it allows the NSA to dip into people's 'most private thoughts' 鈥� a claim key lawmakers reject.

Top-secret documents leaked to The Guardian newspaper have set off a new round of debate over National Security Agency surveillance of electronic communications, with some cyber experts saying the trove reveals new and more dangerous means of digital snooping, while some members of Congress suggested that interpretation was incorrect.

The NSA's collection of "metadata"聽鈥� basic call logs of phone numbers, time of the call, and duration of calls 鈥� is now well-known, with the Senate holding a hearing on the subject this week. But the tools discussed in the new Guardian documents apparently go beyond mere collection, allowing the agency to sift through the haystack of digital global communications to find the needle of terrorist activity.

The concern is that the capabilities could be misused or misdirected at innocents. In revealing the NSA metadata program, leaker Edward Snowden told the Guardian in June: "I, sitting at my desk, could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal e-mail."

Rep. Mike Rogers (R) of Michigan, chairman of the House intelligence committee, rejected that claim. 鈥淚t's impossible for him to do what he was saying he could do."

But the new Guardian leak appears to indicate something at least close to such capability. The program, called XKeyscore, is the 鈥渨idest-reaching鈥� Internet surveillance system, according to one of several analyst 鈥渢raining鈥� documents, which included a 32-slide presentation leaked to The Guardian. An analyst has to enter only an individual e-mail address 鈥� along with a 鈥渏ustification鈥� inserted into another field on the screen 鈥� to get a trove of personal e-mail sorted by time period, say analysts who reviewed the slides for the Monitor.

The program can also apparently determine which computers visited a website and when, as well as searching chats, usernames, buddy lists, and cookies. One slide in an XKeyscore document features corporate logos of a number of familiar online social media companies, saying the program lets analysts see 鈥渘early everything a typical user does on the Internet.鈥�

Another slide illustrates how an analyst can use the program to search 鈥渨ithin bodies of e-mail, WebPages and documents.鈥� Analysts using XKeyscore can also use a NSA tool called DNI Presenter "to read the content of Facebook chats or private messages,鈥� according to the Guardian article.

鈥淲hat stands out about XKeyscore is the ease with which an NSA analyst can dip into people's lives, their most private thoughts,鈥� says James Bamford, an NSA critic who has written several books detailing the agency鈥檚 inner workings.

In addition, the amount of information that XKeyscore searches and stores is massive. During a 30-day period in 2012, it collected and stored about 41 billion total records, one slide document asserts. That is a testament to the NSA鈥檚 growing capability to collect data, leading to the need for a huge new data storage facility in Bluffdale, Utah, which should begin operations this fall.

鈥淚 don鈥檛 think they have the capacity to figure out everything they want to keep, so they鈥檙e storing it all, so they can go back and get it,鈥� says William Binney, a former NSA mathematician turned whistle-blower who worked for the agency for four decades.

The implications of having all that data to search with a powerful tool like XKeyscore are large, Mr. Bamford says.

鈥淵ou just fill in an e-mail address or whatever, then how much data you want 鈥� a week, a month 鈥� then up pops all my e-mail,鈥� he says. 鈥淚t鈥檚 basically what [author George] Orwell warned about. This agency now has the capability, basically, to eavesdrop on everyone, everywhere. And that鈥檚 basically what鈥檚 happening.鈥�

Such comments are drawing exasperated responses from government officials and lawmakers with oversight responsibilities.

鈥淎s we've explained, and the intelligence community has explained, allegations of widespread, unchecked analyst access to NSA collection data are false," White House spokesman Jay Carney said Thursday.

Testifying before Congress, NSA officials have said they have 鈥渕inimization procedures鈥� to properly handle material on Americans that is caught up in the electronic search.

鈥淟ook, it's just not possible for analysts to just go tromping around through people's e-mails,鈥� says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. 鈥淭he idea that you have people just sitting there and reading e-mails is just silly. There are minimization procedures and audits and other mechanisms that prevent this. Yes, they collect a lot of data, but there has to be some reason and authorization to read it.鈥�

NSA officials and lawmakers were quick to throw cold water on the leaked document and the Guardian report. 聽聽聽聽聽聽聽聽

鈥淎llegations of widespread, unchecked analyst access to NSA collection data are simply not true,鈥� the NSA said in statement Thursday. 鈥淎ccess to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks.鈥�

Representative Rogers and Rep. Dutch Ruppersberger of Maryland, the top Democrat on the House intelligence committee, joined a group of lawmakers meeting with President Obama Thursday on the issue.

"The latest in the parade of classified leaks published today is without context and provides a completely inaccurate picture of the program," the two congressmen said in a joint statement.

Officials have also noted the program's success at finding terrorists. One of the new leaked documents, the 32-slide presentation, asserts that by 2008, 300 terrorists had been captured using intelligence from Xkeyscore.

Still, the NSA and its backers in Washington remain under fire, with polls showing public concern over the surveillance programs growing. But to other experts who have been watching surveillance trends, the idea of global surveillance by the US and others is nothing new 鈥� even if it has now reached worrying levels, with the leaked documents showing Xkeyscore sitting alongside other programs with operational code names like Marina, Pinwale, Trafficthief, about which little is known.

鈥淣othing I鈥檝e seen so far that Edward Snowden has released is a surprise for people that work in the industry, even though I am concerned about it,鈥� says Jonathan Logan, a network security consultant who co-authored a 2009 study on global digital espionage. 鈥淭he good thing about this [Snowden] release is that we finally can point to an outside source confirming what we鈥檝e been saying for the last 15 years.鈥�