Have you ever wondered if you’re on an NSA observation list? Turns out that if you’ve even thought about it (or online privacy in general), you’re probably more likely to be on one. A few concerning news updates regarding mass surveillance by the NSA within the past week, including revelations from an analysis of the XKeyscore data collection system, have given us an idea of who might be among the NSA’s “targeted” individuals.
Are You on the List?
In previous documents, interviews, and other now-public materials, the NSA has stated that, while they can collect data from nearly anyone, they only target a small number of people who could be engaged in suspicious activity. Exactly what constitutes suspicious activity has never been very clear, but it’s safe to assume that anyone trying to get in touch with a terrorist organization, buy drugs online, or be in another way clearly intending to break the law, would be a target.
Turns out that a lot of things can get you on the list, including visiting a number of privacy-related websites, or even running searching for privacy-related tools. For example, a recent analysis of an alleged piece of XKeyscore code revealed that people would be targeted for surveillance if they searched for articles on TAILS, a secure operating system. The code states that TAILS is “advocated by extremists on extremist forums.” (I wonder if they know that it’s also advocated as a very secure Linux distro by tech writers on MakeUseOf.)
Unsurprisingly, searches for Tor also land people on the targeted surveillance list. Other apps that make an appearance include “HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion as well as its predecessor MixMaster.” (daserste.de)
It’s reasonable to assume that VPNs, encryption software, and other security-related apps and services will also earn you a spot on the surveillance list.
If this is the case, it seems likely that a huge number of MakeUseOf readers are already being monitored, and many more will be on the list before long.
How Do We Know About XKeyscore?
Hearing something like this might make you wonder about the source of the information that has a lot of security experts riled up. The XKeyscore program was first detailed in Edward Snowden’s revelations, and has been profiled a number of times since then (here’s a good overview of XKeyscore from The Guardian). In short, it’s a system that allows NSA employees to search a massive database of collected information, including e-mail, and allows for the monitoring of real data, not just meta-data.
The XKeyscore code that’s making waves at the moment was first published in a German publication called Taggeschau, though they declined to state where the information came from. There was nothing to indicate that the code came from documents released last year by Snowden, leading a number of leading privacy and security experts to speculate that there is now a second NSA leaker.
— Glenn Greenwald (@ggreenwald) July 4, 2014
After the XKeyscore code was released, it was analyzed by a number of experts and some of the results were published in Taggeschau in a review by Jacob Applebaum, John Goetz, Lena Kampf, and others. Since this publication, other experts have weighed in. Errata Security posted an interesting review of the code, stating that it might not be real code at all—that it could have been compiled from snippets of older code, or possibly from a training manual. So everything has to be taken with a grain of salt at the moment.
What Does This Mean For You?
In short, it means that you’re probably on an NSA targeted surveillance list, especially if you’re a regular reader of MakeUseOf or if you’ve run searches for privacy-related tools or articles. And while this doesn’t mean that your phones are tapped or that there’s a black van sitting outside your house, it’s very concerning from a privacy point of view.
Although searching for privacy tools will likely get you added to an NSA list, we still recommend using them, even if you have nothing to hide. Just because you get put on a list for searching for Tor doesn’t mean that the NSA can see what you’re up to while you’re using it. And even if you’re on the TAILS list, it’s still a great secure operating system.
If you’re not sure why you should care about online privacy, or what to do about it, you can check out this recently published article on the Don’t Spy on Us Day of Action that reiterates all of the reasons why mass surveillance is bad and a number of things that you can do to make a difference, including using encryption tools, supporting privacy-focused organizations, and spreading the word.
And don’t forget to check out all of the tips presented by our Security Matters section: encrypt your e-mails with PGP, encrypt your Facebook chats, learn the essentials of smartphone security, and more.
What do you think about these revelations? Are you surprised by the XKeyscore code? Do you think it’s a real code snippet, or something else? What do you think we’ll see in the coming weeks? Share your thoughts below!
Image credit: Mike Mozart via Flickr.