Today, I learned that my IP address is being tracked by the NSA, and that – as a law-abiding citizen – it’s likely both the metadata and the actual content of my internet traffic is being analyzed and stored as well.
I know this because of a stunning investigation just published in Germany, which may have been furthered by a second, secret whistleblower, rather than documents released by Edward Snowden.
In this investigation, Jacob Appelbaum, Lena Kampf and John Goetz reveal some of the actual source code and rules for XKeyscore, one of the NSA’s most powerful and comprehensive deep-packet inspection programs. In short, XKeyscore can analyze and store both the metadata and the full internet content of individuals being targeted.
So who is being targeted? According to the investigation, anyone globally who has done an internet search for any number of popular privacy software tools – including Tor and Talis – as well as anyone who has visited either of those sites or been determined to utilize their programs.
Not only are IP addresses automatically tracked by XKeyscore for anyone who might have done so much as search for a web privacy tool, but XKeyscore’s code reveals that the metadata and the actual content of emails and web traffic may be analyzed and stored as well.
Like millions of Americans, I have searched for and used a number of popular privacy programs, including Tor, which I use daily. (Tor is a volunteer-operated initiative, funded by the US government, which annonymizes the internet traffic of users, and is particularly important for journalists and human rights activists.) And like millions of Americans, it’s now clear that my IP address is being tracked by the NSA, and based on the XKeyscore rules published in the investigation, there is a very good chance that deep-packet analysis and storage of my emails and the content of my web traffic has occurred as well.
In advance of the publication of the investigation, which found servers in Germany to be under NSA surveillance, German public television broadcasters NDR and WDR asked the NSA how it could legally justify its actions, which includes the penetration of a US-funded privacy tool in Tor:
NDR and WDR wanted to know from the NSA how it justified attacking a service funded by the U.S. government, under what legal authority Tor Network users are monitored, and whether the German government has any knowledge of the targeting of servers in Germany.
Instead of addressing the questions repeatedly posed to them, the NSA provided the following statement: “In carrying out its mission, NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes – regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no use to the agency.”
As with everything else, the NSA has predictably chosen to deny what is occurring, and for good reason: it may be unconstitutional. Chief Justice John Roberts, writing the majority opinion in last week’s Riley v. California case, had this to say on the significance of a person’s private digital data:
An Internet search and browsing history … could reveal an individual’s private interests or concerns – perhaps a search for certain symptoms of disease, coupled with frequent visits to WebMD.
This was written in the context of justifying why police must get a warrant to search a arrestee’s cell phone, noting that private data on a cell phone is protected by the Fourth Amendment because of its expansiveness. The ruling was a gigantic win for digital privacy advocates, and clearly sets up the potential for NSA surveillance to be challenged in our nation’s highest court, since digital privacy is now constitutionally protected. Indeed, Robert’s opinion indicates that the NSA should be worried about such a possibility.
The question which remains is this: will the metadata surveillance and deep-packet inspection of private internet data done on U.S. citizens who are not suspected of having committed a crime be categorized as unwarranted searches, as such searches of physical cell phones by law enforcement have been so deemed?
Or will so-called privacy protections built into such surveillance protect NSA surveillance and analysis from constitutional challenges? That remains an open question.
However, what has become clear is that the NSA tracks and analyzes the private data of those, like myself, who are not engaging in criminal activity, but instead simply wishing to maintain some semblance of digital privacy.
Rather ironic, no? For trying to protect my own privacy rights, I am being targeted. And there’s a good chance you are, too.
David Harris-Gershon is author of the memoir What Do You Buy the Children of the Terrorist Who Tried to Kill Your Wife?, published recently by Oneworld Publications.
Follow him on Twitter @David_EHG.