Friday, 4 July 2014

The NSA may have another leaker on its hands

People hold masks depicting Edward Snowden during the NETmundial: Global Multistakeholder Meeting on the Future of Internet Governance in Sao Paulo April 23, 2014. The meeting will be held in Sao Paulo from April 23 to 24 where new global guidelines on Internet governance will be discussed. REUTERS/Nacho Doce

Edward Snowden has done a lot of damage to the National Security Agency by disclosing dozens of its most sensitive internet surveillance programs—but there may be a lot more to come from someone following in his footsteps.


German public broadcaster Das Erste revealed yesterday the existence of a previously undisclosed NSA program called XKeyscore, which automatically logs the online identities of anyone who even searches the web for tools that might keep their activities anonymous. Experts who are familiar with Snowden’s leaked documents say that this information is from a new source.


“I do not believe that this came from the Snowden documents,” wrote security expert Bruce Schneier, who had access them through his work with the Guardian. “I also don’t believe the TAO catalog came from the Snowden documents,” he said, referring to the “tailored access operations” that the NSA uses to gain access to certain priority targets. “I think there’s a second leaker out there.”


XKeyscore logs the IP address of anyone searching for “privacy-enhancing software tools” like the TOR Project, free software that can ensure online anonymity that is used by millions of people a day.


“The NSA is making a concerted effort to combat any and all anonymous spaces that remain on the internet,” wrote Lena Kampf, Jacob Appelbaum and John Goetz, who are all associated with the TOR Project. “Merely visiting privacy-related websites is enough for a user’s IP address to be logged into an NSA database.”


The IP addresses and any surveillance data gathered through XKeystroke is kept indefinitely. “This isn’t just metadata; this is ‘full take’ content that’s stored forever,” wrote Schneier, who called it “very disturbing.” Users may also be tagged for surveillance by receiving emails or reading news articles—like this one, for example—that discuss TOR and other privacy tools.


It’s scary stuff for anyone concerned about the scope of NSA surveillance—but the silver lining may be the suggestion that there is an NSA source out there besides Snowden who has decided that the public has a right to know what’s happening.


New NSA chief Michael Rogers told the New York Times in an interview last week that he was ultimately not that alarmed by long-term effects of the Snowden leaks. “You have not heard me as the director say, ‘Oh, my God, the sky is falling,’” he told the paper.  But if there are other leakers coming out of the woodwork, he might want to check again.




The NSA may have another leaker on its hands

No comments:

Post a Comment