Thought the NSA's PRISM spying program was bad? You ain't seen nothing yet. New documents leaked to the Guardian by Edward Snowden reveal the existence of another program, XKeyscore, which reportedly collects "nearly everything a user does on the internet."
Among other things, XKeyscore allegedly allows NSA analysts to dig up your browsing history, Facebook chats, and e-mails. The program isn't just limited to those items, however. Indeed, it seems that pretty much any HTTP activity can be probed. For example, the Guardian explains, "The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies."
As you'd expect, the amount of data involved is huge. The NSA can't store everything indefinitely, but some content can be retained for as long as five years:
The XKeyscore system is continuously collecting so much internet data that it can be stored only for short periods of time. Content remains on the system for only three to five days, while metadata is stored for 30 days. One document explains: "At some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours."
To solve this problem, the NSA has created a multi-tiered system that allows analysts to store "interesting" content in other databases, such as one named Pinwale which can store material for up to five years.
As with PRISM, the NSA is in principle legally forbidden from using XKeyscore to target U.S. citizens without a warrant. Only foreigners and Americans who communicate with "foreign targets" are free game. The NSA told the Guardian, "XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system. . . . Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law."
However, according to the Guardian, NSA's internal documents reveal that attempts to segregate U.S. and foreign communications are "imperfect." Also, the paper adds, "[A]ll communications between Americans and someone on foreign soil are included in the same databases as foreign-to-foreign communications, making them readily searchable without warrants."