New leaks say NSA can see all your online activities
Posted on 31 July 2013.
If you have followed the unfolding of the NSA surveillance scandal, you have probably heard the mantra "It's only metadata!" repeated many times by US politicians bent on minimizing the fallout.

Many credible and respectable sources have eloquently explained to the public why even metadata collection is dangerous, but now the US intelligence establishment stands to lose the little amount of credibility it still has as new documents leaked by former government contractor Edward Snowden and published by The Guardian prove that no, it's not just metadata that the NSA gets its hands on.

The news outlet has a new program name for us to remember: XKeyscore.

Described by the NSA as its "widest-reaching" system for mining intelligence from the Internet, it apparently allows their analysts to root through huge databases filled with emails, online chats and browsing histories of millions and millions of individuals, without having to ask authorization or by doing so perfunctorily, knowing that permission will be granted practically every time.

The difference between Prism and XKeyscore is not only in the fact that the former collects metadata and the latter metadata and all of those things mentioned about - while Prism allows analysts to go through stored data, XKeyscore (and other NSA systems) apparently allows them to see what a specific individuals does on the Internet in real time.

"Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets," explains Glenn Greenwald.

"But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst."

The leaked documents show how simple is for the analysts to submit a request for access to data via an online search form that requires only a short justification for the search, and also show that the analysts read emails via special reading software.

These revelations substantiate Snowden's earlier claims that even he, as a employee of Booz Allen Hamilton, was able and could be authorized to use XKeyscore to access any email account for which he knew the email address.

The documents also reveal the existence of DNI Presenter, a tool used by the NSA to peruse email content as well as the content of Facebook chats or private messages, and the ability of analysts to analyze individuals' internet browsing activities and to discover the IP addresses of all the visitors to a website they are interested in.

"The XKeyscore system is continuously collecting so much internet data that it can be stored only for short periods of time. Content remains on the system for only three to five days, while metadata is stored for 30 days," Greenwald pointed out. "To solve this problem, the NSA has created a multi-tiered system that allows analysts to store 'interesting' content in other databases, such as one named Pinwale which can store material for up to five years."

The NSA has reacted to these revelations by saying that "access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring."

"NSA's activities are focused and specifically deployed against and only against legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests."

But it's inevitable that while collecting data on foreign targets they also collect communications of many Americans that come into contact with them, and not to mention that communication between two US citizens can travel on foreign systems and is collected if it does.

The biggest issue in all this - well, at least for Americans - is that it seems clear that there is no critical or real oversight over what analysts and the entire NSA are allowed to do, and the intelligence community and head honchos keep claiming the opposite.

Given their latest track record in responding to questions made by legislators that should, after all, be able to be informed about what the executive branch is doing, I'm inclined to consider these latest leaked documents as genuine as some of the first one leaked are officially turning out to be.









Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //