On July 3, 2014, the German public broadcaster NDR published a report that included an excerpt of source code from the NSA’s “computer network exploitation system” XKeyscore. The investigation, conducted by Jacob Appelbaum and other members of the Tor Project along with German reporters, provided a glimpse into some of the NSA’s mass surveillance technology, including what types of privacy tools they target and what they think about the people who use them.
Revelation of the NSA’s global surveillance activities, including domestic surveillance on US citizens, was exposed in the 2013 Edward Snowden leaks, but the practice has long been denied. If the leaked source code is to be believed, the NSA has been using XKeyscore to actively target anyone who not only uses these privacy tools, but anyone who might want to learn more about them.
According to the report:
"Merely visiting privacy-related websites is enough for a user's IP address to be logged into an NSA database.” Within the source code are instructions for the system to monitor users who visited the Tor Project website from non-Five Eyes countries, essentially anyone not browsing from the US, UK, Canada, Australia or New Zealand.
A common way to prevent users connecting to the Tor network is by blocking access to publicly known Tor bridges. The Tor Project provides information about unlisted bridges. Sending an email to request access to a Tor bridge would also automatically flag your email address. In the example below, XKeyscore will look for email coming from the address "firstname.lastname@example.org” and extract the URLs of the Tor bridges. What appears to be happening is that XKeyscore was actively used to intercept requests for the Tor bridge addresses and storing this information for future monitoring.
The same is true for people using or simply looking for information about TAILS, an operating system designed to protect user privacy and anonymity. Comments in the NSA’s XKeyscore source code describe TAILS as “a comsec mechanism advocated by extremists on extremist forums. TAILS is a “live” operating system. The snippet below shows how keyword searches for “tails" and "linux” or “USB” or “secure desktop” could get you flagged. Another way to end up in the NSA database would be to visit the Linux Journal or the Tails site. According to the XKeyscore rules, merely visiting these sites could get you added to the NSA’s tracking list.
The NSA also actively surveilled Tor directory servers in Germany and elsewhere, as well as any connections to an anonymous email service hosted at MIT signified by the IP address (22.214.171.124) in the code snippet below.
Cory Doctrow on BoingBoing writes that one possible reason to target Tor and Tails users was to "separate the sheep from the goats” in order to narrow the focus on people who know “how to be private” and those who don’t. The NSA could then focus its energy on collecting as much information as possible from the savvier group for future analysis, regardless of whether or not anyone in that group was under suspicion.
Another area of speculation arising from the publication of the XKeyscore source code is whether or not Edward Snowed is was the actual source of the code leak, or if there are other leakers within the NSA. Security expert Bruce Schneier’s analysis of the source code and possible release date argues for a source other than Snowden’s original leak.
Why is this wrong and why should anyone care? The folks at the EFF probably summed it up best, "It isn’t suspicious to buy curtains for your home or lock your front door. So merely reading about curtains certainly shouldn’t qualify you for extra scrutiny.” In fact, the more ubiquitous the use of encryption and privacy tools like Tor becomes, the more effective it is for everyone. As far was we know the NSA hasn’t yet compromised Tor or GPG encryption. The number of people using these tools regularly is very low, and the XKeyscore source code depends on being able to sort out the “sheep from the goats” if we’re all goats, mass surveillance become a technical impossibility.
For more information check out the following:
- The original report (in English) from NDR
- Bruce Schneier’s analysis of the XKeyscore rules leak and the possibility of a second leaker
- The EFF explains why privacy is a right and wanting to learn about tools to protect your privacy shouldn’t be considered a suspicious activity
- Cory Doctrow’s article about the report on BoingBoing
- A technical analysis of the XKeyscore code from Robert Graham of Erratasec