What's XKEYSCORE?
The NSA's global metadata search engine
If you regularly search LinkedIn profiles for national security information, you'll find hundreds of highly compensated individuals who worked for NSA and who list, as one of their skills, the fluency in XKEYSCORE. Glenn Greenwald's publication today of one of the training presentation PowerPoints is sufficient to give us all that skill. (Marc Ambinder: now proficient in advanced web and document production, French, and XKEYSCORE.)
I quibble with the Guardian's description of the program as "TOP SECRET." The word is not secret; its association with the NSA is not secret; that the NSA collects bulk data on foreign targets is, well, probably classified, but at the SECRET level. Certainly, work product associated with XKEYSCORE is Top Secret with several added caveats. Just as the Guardian might be accused of over-hyping the clear and present danger associated with this particular program, critics will reflexively overstate the harm that its disclosure would reasonably produce.
XKEYSCORE is not a thing that DOES collecting; it's a series of user interfaces, backend databases, servers and software that selects certain types of metadata that the NSA has ALREADY collected using other methods. XKEYSCORE, as D.B. Grady and I reported in our book, is the worldwide base level database for such metadata. XKEYSCORE is useful because it gets the "front end full take feeds" from the various NSA collection points around the world and importantly, knows what to do with it to make it responsive to search queries. As the presentation says, the stuff itself is collected by some entity called F6 and something else called FORNSAT and then something with the acronym SSO.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Deciphered, F6 means a Special Collection Service site located in a U.S. embassy or consulate overseas. The stuff is shunted by these sites to the SCS's headquarters in Beltsville, Maryland, because the F6 sites are located in countries where it would be impossible to use regular telephonic or fiber optic cables to send it back to HQ. I should probably refrain from being more specific. FORNSAT simply means "foreign satellite collection," which refers to NSA tapping into satellites that process data used by other countries. And SSO — Special Source Operations — refers to the branch of NSA's Signals Intelligence Division that taps cables, finds microwave paths, and otherwise collects data not generated by F6 or foreign satellites. Basically, everything else. The presentation suggests that the NSA collects internet traffic from 150 sites — specific facilities — worldwide.
Much of the presentation instructs analysts to query their targets carefully because there's so much stuff that the NSA can't even retain it all. I should amend that sentence to add that there are so many different types of data, too, that asking for "all the Internet traffic associated with Pakistan" is going to blow some circuits. Fortunately, the program is set up to allow analysts to look at slices of data that XKEYSCORE has structured. If the NSA needs to figure out the new virtual private networks that the Haqqani network is using in Pakistan, an analyst can task XKEYSCORE to provide it with a list of VPNs that the collection systems have picked up within a particular timeframe. The analyst will then use other databases and tools to figure out where and when the VPN came online, who might be using it, and what subset of other internet data he or she needs to see.
Before the FISA Amendments Act was passed, an analyst presumably would not have to justify, in advance, the foreignness of a particular target or search query. After, every time he or she begins a new query, he or she has to convince the system that the target is foreign. Maybe the phone number associated with the internet data has an overseas prefix. The person stores media outside the U.S. A Google search indicates that the person lives in Geneva. Enough of these boxes have to be checked to provide a 51 percent foreignness threshold, after which the analyst can continue his or her work without any other paperwork. If that threshold isn't met, another NSA group would take over; the NSA has suggested that analysts who are allowed to do queries on U.S. persons have entirely different reporting and supervisory architectures than most other NSA analysts. XKEYSCORE is used by everybody, however. Garbage in, garbage out. User activity metadata (including bulk data collected on U.S. persons) is stored in the MARINA database; content read or tasked is retained in the PINWALE database; and for specific and regular targets — maybe the SVR Resident in Washington — the TRAFFICTHIEF database allows an analyst to quite richly paint a portrait of that person's internet activities in real or near-real time, IF NSA has the data.
A guess about the content part of this: if the NSA analyst is up on a foreign target (one that's met the threshold), he or she will need to shave down the amount of non-user activity data — realtime web sessions, sites cached — that the person has visited. Keyword searches are used to send this slice of data to the analyst. The PINWALE database incorporates and houses this content.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Marc Ambinder is TheWeek.com's editor-at-large. He is the author, with D.B. Grady, of The Command and Deep State: Inside the Government Secrecy Industry. Marc is also a contributing editor for The Atlantic and GQ. Formerly, he served as White House correspondent for National Journal, chief political consultant for CBS News, and politics editor at The Atlantic. Marc is a 2001 graduate of Harvard. He is married to Michael Park, a corporate strategy consultant, and lives in Los Angeles.
-
2024: the year of distrust in science
In the Spotlight Science and politics do not seem to mix
By Devika Rao, The Week US Published
-
The Nutcracker: English National Ballet's reboot restores 'festive sparkle'
The Week Recommends Long-overdue revamp of Tchaikovsky's ballet is 'fun, cohesive and astoundingly pretty'
By Irenie Forshaw, The Week UK Published
-
Congress reaches spending deal to avert shutdown
Speed Read The bill would fund the government through March 14, 2025
By Peter Weber, The Week US Published
-
How do you solve a problem like Facebook?
The Explainer The social media giant is under intense scrutiny. But can it be reined in?
By Peter Weber Published
-
Microsoft's big bid for Gen Z
The Explainer Why the software giant wants to buy TikTok
By Amrita Khalid Published
-
Apple is about to start making laptops a lot more like phones
The Explainer A whole new era in the world of Mac
By Navneet Alang Published
-
Why are calendar apps so awful?
The Explainer Honestly it's a wonder we manage to schedule anything at all
By Navneet Alang Published
-
Tesla's stock price has skyrocketed. Is there a catch?
The Explainer The oddball story behind the electric car company's rapid turnaround
By Jeff Spross Published
-
How robocalls became America's most prevalent crime
The Explainer Today, half of all phone calls are automated scams. Here's everything you need to know.
By The Week Staff Published
-
Google's uncertain future
The Explainer As Larry Page and Sergey Brin officially step down, the company is at a crossroads
By Navneet Alang Published
-
Can Apple make VR mainstream?
The Explainer What to think of the company's foray into augmented reality
By Navneet Alang Published