Yesterday I noted that the Guardian was presenting slides from a 2008 training manual for XKEYSCORE, a metadata search tool used by the NSA, while Guardian columnist Glenn Greenwald was clearly pulling slides from something else (he did not post it in full) to substantiate and illustrate his column making broad claims beyond what the 2008 slides supported.
Today I did some more Googling, and it turns out XKEYSCORE — at least its existence — isn’t that huge of a secret. In fact, large defense contractors advertise openly for it. SAIC is hiring XKEYSCORE support technicians with surprisingly minimal skills:
•High School diploma or equivalent with 3- 4+ years of related experience installing, configuring, integrating, and testing software which run on Red Hat Enterprise Linux (RHEL).
•Software Integration experience with scripting languages (Java, C and Bourne shell).
•Familiar with VMware ESXi 3.5, 4.1, and 5.0.
•Currently possess an active TS/SCI with Polygraph security clearance.
ADDITIONAL PREFERRED QUALIFICATIONS:
•Bachelor’s degree in a relevent technical disciplne.
•Ability to be mobile, work, and travel independently.
•Excellent interpersonal, verbal, and written communication skills with the ability to successfully interact with internal and external customers.
Simply put, most techie people who’ve worked fairly low-level IT jobs would qualify for that — the big stickler is the polygraph requirement on a TS/SCI clearance (which is time consuming and expensive).
In fact, this is a great example of how clearances are, in effect, union cards in the government — with one, a person of surprisingly low education and experience can gain access to incredibly sensitive information and programs; without one even extremely well educated, highly experienced people are essentially frozen out of mission-critical job roles.
But moreover it is the description itself of XKEYSCORE that bears further examination. It turns out Marc Ambinder actually wrote about this program in his recent book, and he provides more details:
I quibble with the Guardian‘s description of the program as “TOP SECRET.” The word is not secret; its association with the NSA is not secret; that the NSA collects bulk data on foreign targets is, well, probably classified, but at the SECRET level. Certainly, work product associated with XKEYSCORE is Top Secret with several added caveats. Just as the Guardian might be accused of over-hyping the clear and present danger associated with this particular program, critics will reflexively overstate the harm that its disclosure would reasonably produce.
XKEYSCORE is not a thing that DOES collecting; it’s a series of user interfaces, backend databases, servers and software that selects certain types of metadata that the NSA has ALREADY collected using other methods. XKEYSCORE, as D.B. Grady and I reported in our book, is the worldwide base level database for such metadata. XKEYSCORE is useful because it gets the “front end full take feeds” from the various NSA collection points around the world and importantly, knows what to do with it to make it responsive to search queries. As the presentation says, the stuff itself is collected by some entity called F6 and something else called FORNSAT and then something with the acronym SSO.
He goes into much more detail that, once again, calls into question the analytic and rhetorical judgment being exercised by Greenwald. As Ambinder notes, because this presentation is from 2008, it is also from before the FISA Amendments Act, which instituted the requirement that analysts must reasonably assume the “foreigness” of a collection target to justify collection, to ensure that the involvement of any American citizens’ data is minimized. The manual is hopelessly out of date in that regard, since it was drafted under a very different legal framework governing analyst conduct.
Moreover, this discussion about technical capability versus legal remit is incredibly important to the discussion. Even Senator Ron Wyden, in noting that the intelligence community “misled Congress about the usefulness” of mass collection programs, is not actually identifying systemic abuses or failure of oversight audits within the system. Greenwald, in his writing, even specifically said that these programs provide the possibility of abuse, but could not substantiate any claims that abuse actually occurs.
Without being too delicate, this is sort of a tautology. People have the technical capability to do all sorts of dreadful things all the time. The reason we have laws is to protect ourselves from the technical capability of others, including our own government. The FBI has the capability to invade anyone’s home and shoot on sight. They don’t because laws prohibit that (I am not defending the shortcoming of the law, which is clearly inadequate – but that’s a problem of the law and not of the capability).
More prosaically, the federal government has the technical means to do all sorts of dreadful things — after all, they have access to your financial records, medical records, tax records (and therefore all of your sources of income), and your family history. Yet for some reason they don’t — because laws are designed to prevent abuse. The laws to do this are not perfect, and things slip through, but that does not invalidate the reason laws exist in the first place.
This is kind of an issue of maturity: either you realize that laws are an imperfect but mostly effective way of preventing abuse of one person’s ability to infringe on the rights of another, or you don’t. If you don’t, that’s fine as far as it goes, but it points to a much deeper problem underneath the debate about the NSA and surveillance: whether you actually believe government — and the laws is passes and enforces — serves any legitimate function at all. And that is a debate I’m sure most people would dread to see shouted out in public.