Value Online Privacy? NSA Classifies You as an 'Extremist,' Collects More Than Metadata


Just yesterday the federal Privacy and Civil Liberties Board released its report insisting that the National Security Agency's (NSA) operates a perfectly legal operation collecting mass amounts of metadata on Internet users. At Forbes, Gregory McNeal were quick to call it "a big victory for the NSA, and a seeming rebuke to critics of the agency." Well, any good P.R. points the agency scored were likely undone today. A German publication got its hands on the top secret source code of XKeyscore, one of the mass surveillance systems exposed by whistle blower Edward Snowden last year, and suggests that the NSA is watching us a lot more closely than it admits.

Here are some major points from DasErste.de:

With the source code can be proven beyond reasonable doubt for the first time that the NSA is reading not only so-called metadata, that is, connection data. If emails are sent using the Tor network, then programming code shows that the contents – the so-called email-body – are evaluated and stored. Two servers in Germany—in Berlin and Nuremberg—are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA. Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal—the Original Magazine of the Linux Community," and calls it an "extremist forum."

One of the most important takeaways, tech security expert Bruce Schneier highlights, is the "very disturbing" fact that "this isn't just metadata; this is 'full take' content that's stored forever." 

Linux users aren't the only "extremists" in the NSA's eyes. The agency also engages in long-term surveillance of people who use – or even simply search for – anonymity-protecting tools like Tails and Tor.

One of the two German servers being spied on belongs to Sebastian Hahn, a computer science student at the University of Erlangen. He's an important figure in the Tor Project because

his server is not just a node, it is a so-called Directory Authority. There are nine of these worldwide, and they are central to the Tor Network, as they contain an index of all Tor nodes. A user's traffic is automatically directed to one of the directory authorities to download the newest list of Tor relays generated each hour.

What is XKeyscore?

Snowden succinctly explained the system earlier this year:

You could read anyone's email in the world, anybody you've got an email address for. Any website: You can watch traffic to and from it. Any computer that an individual sits at: You can watch it. Any laptop that you're tracking: you can follow it as it moves from place to place throughout the world. It's a one-stop-shop for access to the NSA's information. …

You can tag individuals… Let's say you work at a major German corporation and I want access to that network, I can track your username on a website on a form somewhere, I can track your real name, I can track associations with your friends and I can build what's called a fingerprint, which is network activity unique to you, which means anywhere you go in the world, anywhere you try to sort of hide your online presence, your identity.

An NSA representative responded to today's revelation, assuring, expectedly, that "such tools have stringent oversight and compliance mechanisms built in at several levels. The use of XKeyscore allows the agency to help defend the nation and protect U.S. and allied troops abroad."

Who leaked the information?

The most likely guess would be Snowden, but the writers of the report don't acknowledge any input from him. Schneier, who is very familiar with the Snowden documents, says it's not his work. "I think there's a second leaker out there," he writes. 

NEXT: Ethan Roberts on Seniority-Based School Staffing

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I dropped my sub to Linux Journal — does that make me a good guy, bad guy, double agent, or double bad guy?

    1. You are now on the same worst-list as Nikki.

      1. Evan. I just agree… Patrick`s report is impressive… last tuesday I bought a great Volkswagen Golf GTI after I been earnin $8978 this-last/5 weeks an would you believe $10,000 last-munth. it’s realy the easiest-job Ive ever done. I began this 3 months ago and immediately got me over $73 per-hr. I went to this website works33.com
        (Go to site and open “Home” for details)

  2. I maybe old fashioned, but I fondly recall the days of yore when metadata was still just called what it is – data.

    1. Also, I may be old fashioned……


  3. Good. Being an extremist user of such privacy software myself let me just say… burn this fucking government to the ground.

  4. Funny that there are so few comments on this article. I suspect a lot of the resident sharp wits, God love them, sobered up real quick when struck with the thought that maybe the NSA has built a ‘fingerprint’ on them.

    Hey guys, it’s too late. Either big brother is watching you already, or he isn’t. Not commenting on one article isn’t going to change that.

    1. “Who leaked the information?

      The most likely guess would be Snowden, but the writers of the report don’t acknowledge any input from him. Schneier, who is very familiar with the Snowden documents, says it’s not his work. “I think there’s a second leaker out there,” he writes.”

      I wonder if we might have ourselves a Snow(den)ball Effect here?

      It seems reasonable to assume that there will be more and more of these leakers, as the scope, severity, and repugnance of these NSA programs becomes fully evident.

      1. The “Snow(den)ball Effect.” Personally, I hope so.

    2. Hey, if you’re not doing anything that’s forbidden by Government Almighty, which we all know, LOVES us, then just WHAT is there to worry about?!?!?
      Scienfoology Song? GAWD = Government Almighty’s Wrath Delivers

      Government loves me, This I know,
      For the Government tells me so,
      Little ones to GAWD belong,
      We are weak, but GAWD is strong!
      Yes, Guv-Mint loves me!
      Yes, Guv-Mint loves me!
      Yes, Guv-Mint loves me!
      My Nannies tell me so!

      GAWD does love me, yes indeed,
      Keeps me safe, and gives me feed,
      Shelters me from bad drugs and weed,
      And gives me all that I might need!
      Yes, Guv-Mint loves me!
      Yes, Guv-Mint loves me!
      Yes, Guv-Mint loves me!
      My Nannies tell me so!

      DEA, CIA, KGB,
      Our protectors, they will be,
      FBI, TSA, and FDA,
      With us, astride us, in every way!
      Yes, Guv-Mint loves me!
      Yes, Guv-Mint loves me!
      Yes, Guv-Mint loves me!
      My Nannies tell me so!

      1. Happy ungrateful colonists day, y’all!!!

        1. Very happy ungrateful colonists’ day to you, SQRLSY One.

  5. Nothing says ENEMY OF THE STATE a commoner attempting to seek out a little speck of privacy. ?

  6. ? ? Nothing says ENEMY OF THE STATE LIKE a commoner attempting to seek out a little speck of privacy. ? ?

    *Damn you Reason! Why won’t you spend the extra one trillionth of a penny a post to let me edit/delete?!!??

    1. Nothing says ENEMY OF THE STATE LIKE a commoner attempting to seek out a little speck of privacy.

      I found a little nook at my place that is out of site of the TV.

  7. The Privacy and Civil Liberties Board.

    What more needs to be said?

    1. Just that 2+2=5. Oh, and that the organization responsible for invading countries that pose no threat to us is called the Department of Defense

  8. So basically, if you use any kind of encryption or privacy software, you are an extremist. If your organization uses that sort of software it is an extremist organization.

    Okay. Last I checked the NSA and a sizable portion of the US government use privacy and/or encryption software to keep their classified secrets safe. Doesn’t it therefore mean that the US government is an extremist organization?

    If the US government is an extremist organization, then all subdivisions of it are also extremist organizations. Suddenly, I do believe I understand where the NSA got its rationale for spying on Congress.

    Are we a rogue state yet?

  9. If a linux user is an extremist, what does that make a linux consultant?

    I always assumed I didnt have a file because it was paranoid to assume otherwise, but now I guess maybe I do.

  10. I think that privacy is one of the necessities in the modern world. I for example use this coursework writing service and I don’t want to someone know my real name.

  11. Very informative article. I learned a lot from it.

  12. Hey guys. With so many high tech tools at its disposal, it would have been just bizare if NSA didn’t do big data (or metadata) analysis.Characterizing Linux as a source of evil is ofcourse another story. Anyway, this is our reality and we should adapt to the new facts. ?????????? The milk is spilt and I can see no reason crying over it

  13. Ok, it’s a fact that our world becomes more and more Orwellian but this doesnt mean that we can’t figure out something to turn it on our advantage..

  14. If you intend and want to clean your house you must deal with us because we are a wonderful company the best cleaning company in Riyadh we work in order to get the money and reputation so we mastered the cleaning operations that we do
    Cleaning Company in Riyadh
    Cleaning Company of mosques in Riyadh

  15. Is there any possibility to have full access to your digital file and to know what ‘s your profile like? I dont think so. The digital era is here to stay. The only thing we can certainly do is to “behave” in a sense that we can leave a self censored trace of ourselves that wont create any annoyance..think about it

  16. Privacy is a birth right and every person in the country owns it at the moment they are born. Nobody should know whether I’m using some cheap blender or high-end best masticating juicer on the market. This is my business and nobody should know it.

Please to post comments

Comments are closed.