In a shocking story on the German site Tagesschau (Google translate), Lena Kampf, Jacob Appelbaum and John Goetz report on the rules used by the NSA to decide who is a “target” for surveillance.
You can read more at Boing Boing.
The investigation discloses the following:
Two servers in Germany – in Berlin and Nuremberg – are under surveillance by the NSA.
Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
Among the NSA’s targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.
The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called “the Linux Journal – the Original Magazine of the Linux Community”, and calls it an “extremist forum”.
The authors of the Tagesschau story have seen the “deep packet inspection” rules used to determine who is considered to be a legitimate target for deep surveillance, and the results are bizarre.
According to the story, the NSA targets anyone who searches for online articles about Tails — like this one that we published in April, or this article for teens that I wrote in May — or Tor (The Onion Router, which we’ve been posted about since 2004). Anyone who is determined to be using Tor is also targeted for long-term surveillance and retention.
Bruce Schneier thinks there may be a second leaker.
I do not believe that this came from the Snowden documents. I also don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there.
EDITED TO ADD (7/3): More news stories. Thread on Reddit. I don’t expect this to get much coverage in the US mainstream media.
Hacker News and Slashdot threads. ArsTechnica and Wired articles.
There is also the live blog [in German] of William Binney in front of the German Parliament.
There is also another post on reddit. After reading all of these links the last few days, I’m probably on the NSA’s list now too.
The facts also bear out that all this surveillance to protect us is useless. You are eight times more likely to be killed by a police officer and 6 times more likely to die from hot weather than a terrorist attack.
Feel free to download Tor.
Read/download the XKeyscore rules.