For the last couple of weeks, sections of the cyber security community have been absorbed by questions of greater import that those of the round ball. Is Edward Snowden the only whistleblower, or does the National Security Agency now face a second leaker? If so, what do they know? And what does it mean for the surveillance debate?

The speculation began after German television network Das Erste reported on XKeyscore, a system used by the NSA and its Five Eyes intelligence partners — and approved partner nations, including Germany and Sweden — to filter the massive inflow of raw communications intercepts to find the nuggets of interest. It’s a search engine, in other words — except that according to previously revealed presentations, it can also operate in real time, with each installation sifting through 10 gigabits per second of data that’s being channeled into it from anywhere.

Invest in the journalism that makes a difference.

EOFY Sale. A year for just $99.

SAVE 50%

XKeyscore runs at multiple locations around the world, including three sites operated by Britain’s NSA partner agency, Government Communications Headquarters, under the codename TEMPORA. That presumably includes the highly secret Middle East stations in Oman that, The Register revealed, “tap into various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf” and elsewhere.

Until now, most discussion has been about the potential capabilities of XKeyscore. It’s obvious why an intelligence agency might want to intercept communications in and out of Iraq or Yemen, say, but how much of that can be read? The Das Erste report now reveals how the NSA is using XKeyscore in practice. The researchers, who include Tor Project members Jacob Appelbaum, Aaron Gibson and Leif Ryge, had access to what is supposedly some of XKeyscore’s targeting code. It indicates that the NSA has been looking for people who not only download and use the Tor privacy tool, the Tails secure operating system and the like, but also those who just read about them:

* Two servers in Germany — in Berlin and Nuremberg — are under surveillance by the NSA.

* Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.

Personally, I’d suspected that the NSA might target individual Tor and Tails users. An argument can be made that it’s worth taking a quick look at anyone using these tools to make sure they’re not up to something bad, just as the police might stop a young adult with a mountain bike, hoodie and satchel because he’s dressed like a drug courier, before filing him under “mostly harmless”. An argument can also be made that this is inappropriate, of course. But the targeting of people who simply read about such tools — perhaps including you, right now — seems over the top. Watch this space.

But the report raises another question. So far, pretty much every news item about NSA leaks has mentioned Edward Snowden — for search engine optimisation if nothing else. This one doesn’t. That’s led to speculation that there’s a second leaker, a fact apparently confirmed by Boing Boing‘s Cory Doctorow and supported by high-profile cryptographer Bruce Schneier.

According to security analyst James Turner, spokesperson for the Australian Information Security Association (AISA), we shouldn’t be surprised. As he told Crikey by email on Monday:

“Who knows how many leaks happened before Snowden actually declared his? We have no idea how much information has already been handed across by other leakers to other intelligence agencies, or even private sector organisations … And the NSA does not have answers to these questions, either.

“It puts the NSA on the back foot as it struggles to identify who else has leaked, when they leaked, and what they leaked… The idea of a second whistleblower starts the speculation of who else is coming forward, and it normalises Snowden’s actions. It’s the principle that Derek Sivers talks about: what makes a leader is actually their first follower.

“The more whistleblowers that come forward the more the public discussion will become … about the culture of the organisation that did not tolerate oversight, questioning or dissent. We’ve learnt through history that this kind of behaviour is dangerous. I wouldn’t be surprised if within 12 months there is a public inquiry into the culture and leadership at the NSA.”

Yet in Australia, there’s a rush to give the intelligence agencies more power with less oversight. As I said, watch this space.

Save this EOFY while you make a difference

Australia has spoken. We want more from the people in power and deserve a media that keeps them on their toes. And thank you, because it’s been made abundantly clear that at Crikey we’re on the right track.

We’ve pushed our journalism as far as we could go. And that’s only been possible with reader support. Thank you. And if you haven’t yet subscribed, this is your time to join tens of thousands of Crikey members to take the plunge.

Peter Fray
Peter Fray
SAVE 50%