Marc Ambinder writes: XKEYSCORE is not a thing that DOES collecting; it’s a series of user interfaces, backend databases, servers and software that selects certain types of metadata that the NSA has ALREADY collected using other methods. XKEYSCORE, as D.B. Grady and I reported in our book, is the worldwide base level database for such metadata. XKEYSCORE is useful because it gets the “front end full take feeds” from the various NSA collection points around the world and importantly, knows what to do with it to make it responsive to search queries. As the presentation says, the stuff itself is collected by some entity called F6 and something else called FORNSAT and then something with the acronym SSO.
Deciphered, F6 means a Special Collection Service site located in a U.S. embassy or consulate overseas. The stuff is shunted by these sites to the SCS’s headquarters in Beltsville, Maryland, because the F6 sites are located in countries where it would be impossible to use regular telephonic or fiber optic cables to send it back to HQ. I should probably refrain from being more specific. FORNSAT simply means “foreign satellite collection,” which refers to NSA tapping into satellites that process data used by other countries. And SSO — Special Source Operations — refers to the branch of NSA’s Signals Intelligence Division that taps cables, finds microwave paths, and otherwise collects data not generated by F6 or foreign satellites. Basically, everything else. The presentation [published by The Guardian] suggests that the NSA collects internet traffic from 150 sites — specific facilities — worldwide.
Much of the presentation instructs analysts to query their targets carefully because there’s so much stuff that the NSA can’t even retain it all. I should amend that sentence to add that there are so many different types of data, too, that asking for “all the Internet traffic associated with Pakistan” is going to blow some circuits. Fortunately, the program is set up to allow analysts to look at slices of data that XKEYSCORE has structured. If the NSA needs to figure out the new virtual private networks that the Haqqani network is using in Pakistan, an analyst can task XKEYSCORE to provide it with a list of VPNs that the collection systems have picked up within a particular timeframe. The analyst will then use other databases and tools to figure out where and when the VPN came online, who might be using it, and what subset of other internet data he or she needs to see. [Continue reading…]