The news: Newly leaked source code has revealed just what the NSA considers justification for storing your web browsing data indefinitely — and it probably didn’t come from Edward Snowden.
Lena Kampf, Jacob Appelbaum and John Goetz (who are all associated with the Tor Project) wrote on the German site Tagessschau that they have seen the “deep packet inspection” rules used in the NSA’s XKeyScore program to determine which targets are worthy of deep surveillance. The rules are much broader than the NSA would like you to believe; for example, the NSA targets anyone who searches for information online about Tails or Tor. Anyone using Tor is also flagged for long-term surveillance. People deemed worthy of such intensive surveillance never have their data removed from NSA servers.
What is the NSA trying to do? Their main goal seems to be separating the technological know-hows from folks who wouldn’t know what an Onion router was if it hit them in the face. After making this distinction, the NSA will keep track of the former group, in case they ever become a potential threat. For example, the NSA is apparently keeping tabs on an anonymous email service hosted at MIT’s Computer Science and Artificial Intelligence Laboratory. BetaBoston notes that it’s not entirely clear whether XKeyScore was properly filtering out users from the “Five Eyes” nations (Australia, Canada, New Zealand, United Kingdom and the United States) that officially aren’t subject to surveillance.
As BoingBoing’s Cory Doctorow writes:
“More importantly, this shows that the NSA uses “targeted surveillance” in a way that beggars common sense. It’s a dead certainty that people who heard the NSA’s reassurances about “targeting” its surveillance on people who were doing something suspicious didn’t understand that the NSA meant people who’d looked up technical details about systems that are routinely discussed on the front page of every newspaper in the world.”
How does Snowden factor in here? Experts believe that this particular document leak was the work of a second source, and not Snowden. One told BoingBoing that they had surveyed the initial treasure trove of Snowden docs and did not see this particular file.
“The existence of a potential second source means that Snowden may have inspired some of his former colleagues to take a long, hard look at the agency’s cavalier attitude to the law and decency,” writes Doctorow.
However, the identity of the source (if it’s not Snowden) has yet to be revealed. Hopefully it will stay that way, considering Snowden’s revelations about online privacy got him in a pretty sticky situation.