Is THIS What Wyden Meant by “Allowing the NSA to Deliberately Search for Records of Particular Americans”?

A month ago, I noted that after Ron Wyden and Mark Udall criticized Keith Alexander for suggesting the NSA could not deliberately search the records of specific Americans, the NSA Director withdrew the white sheet implying such a claim.

The latest report from Glenn Greenwald, describing how XKeyscore allows analysts — with no court review or other oversight — to review already collected information by indexing on metadata.

The purpose of XKeyscore is to allow analysts to search the metadataas well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a “selector” in NSA parlance) associated with the individual being targeted.

Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.

One document notes that this is because “strong selection [search by email address] itself gives us only a very limited capability” because “a large amount of time spent on the web is performing actions that are anonymous.”

The NSA documents assert that by 2008, 300 terrorists had been captured using intelligence from XKeyscore.

Analysts are warned that searching the full database for content will yield too many results to sift through. Instead they are advised to use themetadata also stored in the databases to narrow down what to review.

A slide entitled “plug-ins” in a December 2012 document describes the various fields of information that can be searched. It includes “every email address seen in a session by both username and domain”, “every phone number seen in a session (eg address book entries or signature block)” and user activity – “the webmail and chat activity to include username, buddylist, machine specific cookies etc”.


One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications. Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:

Now, one of the graphics included with the story has a drop down menu recording how the analyst decided the target of this collection was outside the US. That is, it should exclude US persons and others located within the US. So I’m not convinced this is what Wyden and Udall referred to (unless there’s a way to get to targets’ interlocutors I can’t immediately identify).

But if analysts can access information this easily I can understand why the Senators would be so concerned.


34 replies
  1. klynn says:

    If I were the lawyer for the Americam Friends Service Committee, with how members attending peace meetings have been treated across the country since 9-11, I would be eyeing this article and calling the ACLU…The government needs to be held accountable for tagging non-violent, absolute pacifists as a terror/national threat. Pull down menu that has legal and targeted justifications. What click on the menu did absolute pacifists fall under?

  2. Lefty665 says:

    “Analysts are warned that searching the full database for content will yield too many results to sift through. Instead they are advised to use the metadata also stored in the databases to narrow down what to review.”

    Pretty traditional use of traffic analysis as a guide. Figure out who you’re interested in before starting to wade through content.

    Worth noting that presumes, despite the public dancing and dissembling, that they’ve got all the content. Bet we have not yet learned what “all” means either. Wyden’s been hinting at that recently.

    Also goes to the suggestions that everybody send lots of emails with lots of key words to overwhelm NSA. The spooks figured out how to avoid that morass long ago.

  3. P J Evans says:

    The next time the spooks get called before congress, they should be required to demonstrate how this works … with the phones, e-mails, etc of the members of the committee. And TV cameras recording it from both sides of the terminal.

  4. Clark Hilldale says:

    From the Greenwald piece:

    An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.

    An analyst can monitor such Facebook chats by entering the Facebook user name and a date range into a simple search screen.

    On Facebook, the company that threatens the wrath of god upon anyone violating their TOS.

    Also, the program name XKeyscore sounds like it might generate some type of score for everybody along the lines of a credit score which might aim to rank folks in terms of dangerousness, subversiveness, or plain salaciousness.

  5. jerryy says:

    @Lefty665: “Figure out who you’re interested in before…” Yeah, it does seem they are looking at individuals to pin accusations on. If they wanted context, they are ignoring the usual factor analysis techniques (*1) to get that goups of folks are annoyed.

    This pull-down menu approach also reflects back on their recent pr lies, er stuff, about how they cannot serve foia email requests. A system able to do analysis based on point and click selection has horsepower behind it. 50,000 employees are nothing to search through with a system like that. (Just think how many email accounts Google or Yahoo manage — 50,000 would be child’s play). Actually if their system is as antiquated as they are claiming, the searching would be straight forward using the built in tools those email servers have.(*2)


    (2) Algorithmically it is along the lines of foreach email account on the machine-archive, foreach email message stored there, compare message to requested parameteres, if found save copy, next, next. done. Email servers have had capabilities like this since their humble beginnings. Note: the mail transfer agents (the internet / intranet part that moves email between the separate machines also have similar capabilites.)

  6. Snoopdido says:

    @Snoopdido: Especially for Emptywheel’s continual noting of the US (and other) government’s Iran obsession, see the slide on page 16 of the XKeyscore presentation.

  7. Lefty665 says:

    @Clark Hilldale: “or plain salaciousness”

    Believe that’s got a separate “tool” the WKeyscore – for Weiner

    @jerryy Considering the scope of what they’ve accomplished, claiming inability to look at their own emails because the system is so antiquated was pretty much a thumb in the eye. “And if you believe that, would you believe that we can’t search our voice mails because we don’t have enough soup cans and string?”

  8. Clark Hilldale says:

    From p.15 of slideshow:

    ● How do I find a cell of terrorists that has no
    connection to known strong-selectors?

    ● Answer: Look for anomalous events

    ● E.g. Someone whose language is out of place for the region they are in

    ● Someone who is using encryption

    ● Someone searching the web for suspicious stuff

    Sounds like a pretty wide driftnet…

  9. grayslady says:

    For me, after reading that drop-down menu of rationales for why it was “okay” to spy on a person’s activity (i.e., we think the person is outside the U.S.), the key quote of Greenwald’s article was this one:

    “Some searches conducted by NSA analysts are periodically reviewed by their supervisors within the NSA. “It’s very rare to be questioned on our searches,” Snowden told the Guardian in June, “and even when we are, it’s usually along the lines of: ‘let’s bulk up the justification’.””

  10. Clark Hilldale says:


    Wonder what they consider suspicious?

    Probably the universe of things that a typical cleared, authoritarian follower IC employee might find suspicious would be extensive.

  11. bsbafflesbrains says:

    What controls and checks keep any of the 50k employees from just taking data for their own uses? Say someone like Snowden who is not altruistic but rather mercenary or god forbid money motivated.

  12. orionATL says:

    three emptywheel posts over two days have mentioned aaron swartz, bradley manning, and edward snowden.

    all three have exposed injustices, lies, and illegal conduct by american government and corporate leaders;

    all three have been brutally mistreated by the obama administration’s national police and law forces.

    these three young men aree genuine american heroes,

    not the penny-a-hundred “heroes” routinely and obsequiously celebtated by our corporate media. by the media corporations’ definition of “hero”, ralph cramden would be a hero because he wore a bus driver’s uniform.

    a genuine hero is one who takes a severe personal risk, up to and including death, for the benefit of others, as manning, swartz, and snowden have done.

    where has our president been all the while?

    assiduously working to protect government illegality and its agents from exposure or punishment while simultaneously publicly faking concern with joblessness, the economy, civil rights.

  13. TarheelDem says:

    @Lefty665: My suspicion is that “all the content” means the cumulative content from three-hop searches on targets over whatever time the system has been running. But that’s just a SWAG.

  14. Stewart Penketh says:

    Emptywheel says, “Leave a Reply Your email address will not be published.”

    Thanks. Knowing that makes me feel so safe.
    Now we know why Cheney never used e-mail.

  15. Lefty665 says:

    @TarheelDem: I’m not sure you understand the scope. The three hop searches are conducted on data they already have. Those searches do not gather much data, they are selecting among the bits and bytes (yottas of them) that have already been collected, saved, and are being added to 24/7.

    What I was wondering about was what sources in addition to all voice, email, web traffic, blog entries, financial and public records are being collected?

    For example, is your car reporting your location, is it squawking what you say? Is the mic on your phone, land or cell, your tablet, or your computer a bug? Same with cameras on those devices. Are the contents of your hard drive being collected? None of those things are terribly hard to do if you have national technical means at your disposal, or beyond consideration if you have been assigned a mission.

    How far has data collection gone? What are the plans for data that is not currently collected, if any? Is it like an overdue book and the librarian is on the way to retrieve it? That would be my guess.

    Assign the spooks a mission and they want all the data they can get. Always have, always will.

    The issue is that Duhbya turned the NSA from foreign collection to domestic. Hayden rolled over and complied. Alexander moved the decimal point on what they were able to collect. BO has done his best to hide it all, or to put a legal face on what got out. A supine congress has been a willing accessory to shredding the constitution.

    We owe Snowden a huge debt. Understanding how profoundly we’ve been had is essential to calculating the size of that debt.

  16. emptywheel says:

    Btw: Sorry for not providing more comment on the new docs. I was being eliminated for jury duty all morning.

    Can you believe it took until the very last peremptory challenge for the prosecutor to get rid of me?

  17. Snoopdido says:

    The AP reports on today’s SJC hearing – With 3 ‘hops,’ NSA gets millions of phone records –

    “So what has been described as a discrete program, to go after people who would cause us harm, when you look at the reach of this program, it envelopes a substantial number of Americans,” said Sen. Dick Durbin of Illinois, the No. 2 Democrat in the Senate.

    John Inglis, the NSA’s deputy director, conceded the point but said NSA officials “try to be judicious” about conducting hop analysis.

    “And so while, theoretically, 40 times 40 times 40 gets you to a large number, that’s not typically what takes place,” he said. “We have to compare the theory to the practice.”

    Such reassurances have done little to quell the sharp criticism from both parties over the once-secret program.”

  18. M.Black says:


    We owe Snowden a huge debt. Understanding how profoundly we’ve been had is essential to calculating the size of that debt.

    Astutely observed, perfectly expressed.

  19. DownBoyDown says:

    One of the fields in both the Email and HTTP search forms for XK shown in today’s [Jul31] Guardian article is labeled Miranda Number:

    Anybody know what a Miranda Number is?

  20. JohnJ says:

    I have been frustrated for years trying to convince people that the Authoritarian Followers get a lot of their payoff in this kind of personal information access. There is no logic, to them, in putting the legal controls at any level lower than the agency door. I grew up around people with access, I can’t remember any of them feeling the rules were for them to follow, just the pubic and the public figure heads.

  21. Jessica says:

    Snoopdido: “Especially for Emptywheel’s continual noting of the US (and other) government’s Iran obsession, see the slide on page 16 of the XKeyscore presentation.”

    Wow. Just, wow.

  22. klynn says:

    EW, I read Glenn’s article. I may have missed this information in the piece…Who developed XKeyscore? If developed outside our walls, I imagine the developer has access too…

Comments are closed.