Feeds

Snowden's XKeyscore revelations challenged

Job ads for latest NSA horror ran in 2010

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Edward Snowden's latest revelations about NSA snooping, the Xkeyscore program, have quickly been called into question.

While The Guardian correctly identifies XKeyscore as being a search tool for NSA databases (providing what the outlet's Glenn Greenwald writes is an “ability to query the databases at any time”, which is pretty much what a database is for), Greenwald also conveys the impression that XKeyscore trawls all of America's communications in real time.

That interpretation of XKeyscore is now being disputed by American journalist Marc Ambinder. Writing for The Week, he professes the opinion that Greenwald has misunderstood the function and the power of the tool.

Ambinder, co-author with DB Grady (nom-de-plume of David Brown) of the January 2013 book Deep State: Inside the Government Secrecy Industry, says he and Grady had already documented XKeyscore. From their research, he says, it's clear that the program exists, is not as deep a secret as Greenwald believes – and that it's an organisational and search tool rather than a collection tool.

“XKeyscore is not a thing that DOES collecting; it's a series of user interfaces, backend databases, servers and software that selects certain types of metadata that the NSA has ALREADY collected using other methods. XKeyscore, as D.B. Grady and I reported in our book, is the worldwide base level database for such metadata”, Ambinder writes.

Ambinder also writes: “I quibble with the Guardian's description of the program as 'TOP SECRET.' The word is not secret; its association with the NSA is not secret; that the NSA collects bulk data on foreign targets is, well, probably classified, but at the SECRET level.”

The Register notes that XKeyscore's existence and some of its nature was described in 2010 in recruitment advertising on the K-Bar List, which describes itself as “a free veterans' employment network”.

Those advertisements describe XKeyscore as being “deployed worldwide” and “incorporated into production architecture and used by analysts on a 24/7/365 basis”. Signal intelligence experience was on the “preferred list”, since applicants had to have “experience working with DNI [digital network information – Ed] SIGINT systems and an understanding of SIGINT data flow”. Applicants needed TS/SCI (top secret / sensitive compartmented information) clearance. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.