Editorial: Can NSA XKeyScore Operatives Access All Your Data?

There is a very good article on The Guardian at the moment that exposes more detail about NSA data collection (see here) but I would question some of the conclusions. The headline makes it seem like XKeyscore is collecting all internet activity on every user but this is not the case. The term used by the NSA material, “nearly everything a typical user does on the internet”, means that they collect nearly all the types of data an internet user generates: browsing history, email, chat, social media etc. Not that they collect all the information in those data classes for all users.

The XKeyscore database collects data from various sources including prism, ISP taps etc. It can hold the data usually for only 3 days or so before it has to be rolled off to make room for new data.

When Snowden says all he needs is an email and he can access all the data for any individual, he has to be exaggerating. For a start pop email accounts download mail from the server onto the end user’s computer which is protected behind a home or business hardware firewall – NSA will not be able to access this data just by “filling in an online form”. Also people with their own domains may or may not be hosted on ISP’s for which NSA have onsite ‘taps’. Users whose email address on social media is different to their personal email address will not be so easily connected – for example the address max@xxxxxx.net.au has no connection with the user’s facebook page.

What Snowden is talking about is the user whose online identity is connected through various cloud providers – for example one email address that forms the basis of their webmail (example gmail which includes email, browsing history etc), facebook, dropbox and so on. For those users, through Prism, an almost complete online history is recoverable. For other online users there will be varying levels of data able to be recovered.

XKeyscore seems to be a data collation program, bringing together data from various NSA sources, as opposed to an overarching data collection mechanism laid over the internet as Snowden and the Guardian article seem to be inferring.

Other than this exaggeration on the part of Snowden, and on the part of the Guardian in the way they have headlined the article, there is some high quality information and is well worth a read.


Leave a comment

Your email address will not be published. Required fields are marked *