It may sound like a videogame, but it's deadly serious; it collects and aggregates virtually everything a user does on the Internet and by telephone. The NSA is very proud of it, although they admit that sometimes, on very rare occasion...well, mistakes can be made. But they're totally unintentionals.
In a letter this week to senator Ron Wyden, director of national intelligence James Clapper acknowledged that NSA analysts have exceeded even legal limits as interpreted by the NSA in domestic surveillance.
Acknowledging what he called "a number of compliance problems", Clapper attributed them to "human error" or "highly sophisticated technology issues" rather than "bad faith".
However, Wyden said on the Senate floor on Tuesday: "These violations are more serious than those stated by the intelligence community, and are troubling."
XKeyscore stores between 1 and 2 billion call events and internet transactions each day, and renders them accessible to a variety of proprietary search techniques including wildcard and partial queries. It collects so much data that they're broken into smaller, more manageable blocks and stored in the Marina and Pinwale subsystems for later examination. If you've been wondering why they're building that massive set of server farms outside Salt Lake City (now almost operational), wonder no more:
"At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours."
Clearly, they want to retain it for longer; preferably on the order of five or more years.
And don't think that switching to an "incognito" window in your browser's going to afford you any privacy or anonyminity; they'll still grab your data. In point of fact, about the only way to obtain some degree of either involves installing IP spoofing software on your home system/network. That's not as difficult to accomplish today as it was half a dozen years ago, but you can still screw it up without even half trying. Which means: you think you have private and secure transmission, but you don't.
So what's the big deal? You're not uploading/downloading child porn, so hey. Well, no - but if you have labored on plans for, say, a new business paradigm and want to send it to your partners over VPN, NSA will snag it before they receive it. Oh, probably harmless enough - until you go to patent or trademark and find that an Edward Snowden type's beat you to it.
Suddenly, things get a lot more real.
