An article in Ars Technica reveals that the NSA can do a lot more than just store people’s metadata for a while. The NSA actually has the capability to passively scan the Internet for computers with vulnerabilities that it knows how to exploit. It can also look for computers that may have already been in exploited in ways that the NSA can use to its own advantages. It goes still further than this.
The XKEYSCORE system that was revealed via the leaks provided by Edward Snowden was already known to be far more powerful than was ever stated publically before the leaks. It’s powers, however, extend to being able to track VPN usage from some nations and to being able to get metadata that the NSA could later use to break PGP encryption. According to the article, the NSA usually keeps this data for 30 days, making it possible for them to go through that data later, if they choose. According to the documents leaked by Snowden, a user could look at all the VPN connections started up from a given nation and use that data to determine the user of that connection.
The system can also go through many major document types and look for author information. This, of course, can be used on the data that the NSA stores, making it possible for them to scan for author information after they’ve had the data collected for some time.
The top secret documents boast that no other system can do this on bulk traffic. That, of course, means that the data is simply gathered and scanned through at random and that it is not a targeted search of data known to belong to someone who is under surveillance.
What it Means
The NSA can scan an entire nation for machines that it can exploit. It can scan an entire nation for VPN connections starting up and go through that data to find out who is using those connections. It can also scan emails and other documents for information that it can use to decrypt any PGP encryption with which they have been provided.
This information goes far beyond the metadata that the NSA first claimed that was its only target. With the NSA having recently opened up a huge new datacenter, there’s no doubt that they are sorting through this type of data now, without warrants, transparency or accountability.