If you care about online privacy, then the NSA cares about you…about spying on you. At least that is the gist of a story that privacy experts believe originated from a second NSA leaker. You may not have the required "balls of steel to operate a Tor exit node," but a new report based on a NSA-flavored leak shows that using Tor at all, or simply visiting privacy-related websites like the Tor Project (The Onion Router), Tails (The Amnesic Incognito Live System) and the Linux Journal paints a bull’s-eye on your back and marks you as a “target” for surveillance.
Thanks to Edward Snowden, we know the NSA program XKeyscore is devoted to collecting “nearly everything a user does on the Internet.” But now XKeyscore rules have been leaked, “top secret NSA source code” rules that decide who gets targeted for indefinite surveillance….and that means you if you care about online privacy. The story by Jacob Appelbaum, John Goetz, Lena Kampf first appeared in German on Tagesschau, but researchers then did an English version write-up about the investigation into the NSA targeting the privacy-conscious:
Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.
The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
Boing Boing’s Cory Doctorow said
More importantly, this shows that the NSA uses "targeted surveillance" in a way that beggars common sense. It's a dead certainty that people who heard the NSA's reassurances about "targeting" its surveillance on people who were doing something suspicious didn't understand that the NSA meant people who'd looked up technical details about systems that are routinely discussed on the front page of every newspaper in the world.
Tor was originally created by the U.S. Navy, but has become a tool to circumvent censorship and is also used by journalists and “individuals in abusive relationships to help protect their privacy and physical safety." Although the rule for monitoring the Tor Project's website was tweaked to supposedly avoid collecting info on people believed to be located within “Five Eyes” countries – Australia, Canada, New Zealand, the U.K. and the U.S. – “Five Eyes” are not excluded in other rules.
Tails “software is used by journalists, human rights activists, and hundreds of thousands of ordinary people who merely wish to protect their privacy,” but a comment in the NSA’s XKeyscore source code describes Tails as "a comsec mechanism advocated by extremists on extremist forums." The report added that other privacy-centric services are also monitored, including HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, Privacy.li and MixMinion.
After discussions with technical experts who worked on Snowden leaks, Doctorow noted:
One expert suggested that the NSA's intention here was to separate the sheep from the goats -- to split the entire population of the Internet into "people who have the technical know-how to be private" and "people who don't" and then capture all the communications from the first group.
Bruce Schneier added, “It's hard to tell how extensive this is. It's possible that anyone who clicked on this link -- with the embedded torproject.org URL above -- is currently being monitored by the NSA. It's possible that this only will happen to people who receive the link in e-mail….Whatever the case, this is very disturbing.”
Although the source for the code was not revealed, the report says former NSA experts "are convinced that the same code or similar code is still in use today." Additionally, both Doctorow and Schneier believe the information came from a second NSA leaker, possibly the same source leaked the TAO catalogue. Back in January, after Jacob Appelbaum’s To Protect and Infect [pdf] presentation, we looked at 17 exploits the NSA uses to hack PCs, routers and servers for surveillance. At that time, Appelbaum said, “If you work for the NSA, I’d like to encourage you to leak more documents. I’ll be available until I am assassinated to answer questions.”
In response to this news about XKeyscore rules, the NSA claimed "the communications of people who are not foreign intelligence targets are of no use to the agency." That hardly rings true in light of the Washington Post’s investigation into actual NSA-intercepted communications; the Post found nine of 10 account holders “were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.” So that makes the NSA’s newest statement appear to be no more than government-sponsored word games…surprise, surprise, or not so much at all.